Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Anti Malware Doctor endgültig entfernen (https://www.trojaner-board.de/98013-anti-malware-doctor-endgueltig-entfernen.html)

xRaptoRxGG 24.04.2011 11:24

Anti Malware Doctor endgültig entfernen
 
Hallo Miteinander,

dies ist mein erster Post und mein erstes Thema da ich den "Anti Malware Doctror" auf meinem Laptop habe/hatte.

Zuerst bin ich nach dieser http://www.trojaner-board.de/83172-a...entfernen.html Anleitung vorgegangen und habe unten gelesen, dass der Trojaner nicht ganz weg sein könnte da ich immernoch zwischendurch einige Fehlermeldungen bekomme.

Jetzt hab ich mich mit dieser http://www.trojaner-board.de/95965-w...entfernen.html Anleitung beschäftigt und glaube, einen zu brauchen der mir mit den Logfiles weiter hilft.

Vielen Dank im Voraus.

Ich hoffe mein Verhalten war den Boardregeln angemessen.

Wird hier einem auch mal geholfen?

M-K-D-B 26.04.2011 11:12

:hallo:

Mein Name ist M-K-D-B und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Bitte arbeite solange mit mir mit, bis ich dir sage, dass wir hier fertig sind.
  • Solltest du mir nicht innerhalb von 5 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
  • Für Benutzer von Windows Vista und Windows 7 gilt: Alle Programme mit Rechtsklick "Als Administrator ausführen" starten.




Schritt # 1: Load.exe ausführen
Downloade Dir bitte Load.exe

Das Tool benötigt eine aktive Internetverbindung, aber keinen offenen Browser
Sollte deine Firewall meckern, die Anwendung bitte zulassen.
  • Speichere die Datei am Desktop.
  • Schließe bitte alle laufenden Programme sowie Browser und sichere gegebenfalls offene Dokumente.
  • Starte die Load.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool wird nun einige Tools auf deinem Desktop laden.
Sobald der Download beendet ist, startet sich TFC.exe. Drücke den Start Button in TFC.
TFC wird alle offenen Programme schließen. Sichere alle offenen Dokumente bevor du Start drückst
Sollte TFC den Rechner nicht neu starten wird Load.exe den Rechner neu starten.
Nach dem Neustart wird sich automatisch die Anleitung.html ( zu finden auf dem Desktop ) öffnen. Darin wird die Anweisung der Tools beschrieben.





Schritt # 2: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
  • das Logfile von Defogger,
  • das Logfile von GMER und
  • die beiden Logfiles von OTL (OTL.txt und Extras.txt).

xRaptoRxGG 26.04.2011 23:24

OTL EXTRAS Logfile:
OTL Logfile:
Code:

OTL Extras logfile created on: 24.04.2011 12:10:44 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Gökhan Gürel\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
952,00 Mb Total Physical Memory | 200,00 Mb Available Physical Memory | 21,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 48,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 5,37 Gb Free Space | 7,72% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 0,08 Gb Free Space | 0,12% Space Free | Partition Type: NTFS
 
Computer Name: GÖKHANGÜREL-PC | User Name: Gökhan Gürel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-3665531956-1048049180-3051706973-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1451C412-E212-469D-963E-203DD1CFEB05}" = rport=445 | protocol=6 | dir=out | app=system |
"{1DD353AB-9FEA-4861-AA39-E61C026CA40E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{24E6C9D9-685F-4C45-8F16-985C122822C2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{258AE4BE-F063-407D-9E67-229E527C136A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2BADE237-EBC4-4E14-8333-EAE22491397C}" = lport=6112 | protocol=6 | dir=in | name=wciii 6112 |
"{439B5AC8-9ADC-47D8-840B-EB8DDBF94D7E}" = lport=445 | protocol=6 | dir=in | app=system |
"{49F5D437-07F2-4D88-914D-76F7BAD7B681}" = rport=138 | protocol=17 | dir=out | app=system |
"{4E1D8C7B-E8ED-4ACB-9914-C236DD632672}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{597B088D-D95E-4F50-BBB2-F5781CCBE44E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5A2CCD5E-9FAA-418F-B846-9FA9E2F1F122}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5CA111DC-74D6-44DB-84B9-D45F432F7B80}" = lport=6113 | protocol=6 | dir=in | name=wciii 6113 |
"{5CD8B400-36DE-4C9A-BCFC-FDD146606D0B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5E7E46A8-D3A3-40DF-B28D-D2571FE9E2BD}" = lport=6116 | protocol=6 | dir=in | name=wciii 6116 |
"{5F6E628E-3204-4F2D-9BCF-AFAEB60CBB1A}" = lport=138 | protocol=17 | dir=in | app=system |
"{6B309508-A613-4B91-A0EE-659CD6A23CB4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{71DB7BBC-957A-4B45-891B-410E273006E9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7213BE3E-FF45-426E-B90A-D51B0BB46BA0}" = lport=6114 | protocol=6 | dir=in | name=wciii 6114 |
"{79BAE974-D46E-42D6-B08F-7A4EF2F9B719}" = lport=6118 | protocol=6 | dir=in | name=wciii 6118 |
"{838B6577-FBAE-4D09-AB04-03E20068C1A5}" = lport=6117 | protocol=6 | dir=in | name=wciii 6117 |
"{88002A36-8E50-4939-A5A4-1248935882E8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{896B56F8-0C5D-4980-BBE9-4A11937FBA9B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9701CE72-9C09-47FA-AF59-58B41F4C5325}" = lport=137 | protocol=17 | dir=in | app=system |
"{A5FE2DE2-CDDD-4EF0-9ADD-8F7023B5C6C6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD0BC489-D2D6-48CA-BCDC-37334E0EF348}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B737825E-265F-455A-9521-76D00F609254}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC98501C-4646-4088-9228-3A523E4AD4B2}" = rport=139 | protocol=6 | dir=out | app=system |
"{C30E6250-CCEB-47AC-AF21-338B57DCCBB6}" = lport=6119 | protocol=6 | dir=in | name=wciii 6119 |
"{C532C692-976A-48C4-B478-3C73FEF767B3}" = lport=139 | protocol=6 | dir=in | app=system |
"{E1267A1C-CA09-4DF5-B746-F0B8B70BB27F}" = rport=137 | protocol=17 | dir=out | app=system |
"{F8E55AD6-114D-4227-98C1-F42AA9E0CA6C}" = lport=6115 | protocol=6 | dir=in | name=wciii 6115 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010E1948-8967-43C2-A361-F02DE426D049}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{0145FD7A-0D3B-444D-9DFC-E31231260404}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{041258C5-46FF-4930-8554-1575033F13BB}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{09DE9771-B740-4411-BC56-BEF213FEF593}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1654011D-DF0B-4584-B7FC-C1B9D35204C8}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{1DBE9FAD-B084-4447-93AA-BE2DDBF60462}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{25C159E5-BA03-4D7D-AE97-052F0C82519F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{2CDCD8E7-9145-4466-BD45-FE7BD05B0FF5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2FB0550F-C930-4478-8F7C-2B8677505F05}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{321D68F6-EFD5-4310-9151-233139B8F289}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3671050F-184C-4014-A25F-01982329DA42}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3A88EDFC-C670-44D2-B769-3F9B957BAB4D}" = protocol=6 | dir=out | app=system |
"{3A9CFDD2-91FB-412A-948B-75AD4DF64A83}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{3E41AF68-945F-410D-B389-011B0FE21B58}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{3FC4CBD6-41E1-4350-B512-4EBC275470BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4491D6C4-ED71-4998-A362-EE3173294832}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{47489154-018C-448B-B459-70A62D534650}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{475D8E22-6107-403C-83C9-1328D582EE53}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{48DCF6B7-9E8A-4443-BF65-C32FAEB4D5B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48DD435B-06D9-46BD-A848-C4276BC3143C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{496D62F6-D29F-4410-979C-599E7BB1A391}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{4D1A27E1-8E99-433C-80DE-0DE926ABDD6E}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{51292651-B47B-4F40-BB68-97A05ADDDC87}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53583FF2-E850-403D-9102-07657908A43B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{545130B5-97FD-45A6-B17B-B05F2F166190}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5BA04F23-EE01-40DF-A2C8-B1E7F89B3846}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{651CFB77-31E5-49B0-A7A6-1CFEB9DAA360}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{662D53E8-08D9-4C18-A9E3-78A4D1178D7A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{68B555B6-3487-4150-9CCC-F42AFE2E0BE3}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{773C13BC-4712-4FE6-A23F-4B630F21459C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe |
"{7FC14EA8-465A-40D9-A69A-9AFA66CC3CA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F9FC7F5-1C26-452D-830B-983A671BBCA9}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{931A74F7-49BD-423D-A70B-51BCA84BF234}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe |
"{A1F0A157-58DB-44C7-9B6A-61705B11B760}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{A7C97A7C-E44D-4743-AAB4-7F2D4CDD51F0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B352C36B-B9FF-4565-A4CC-9B913F56348C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{B56F3BC7-F1C6-4112-8676-0E4B73CE7F9B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B6EDF804-6125-4672-A0DB-C2C2D7130FD1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B74280C0-2D32-471A-9A4B-8FFC6FC598FA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{BEFD1A8C-3788-4AC7-8A04-0EE3FB812E6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C03D6FD8-8B8B-4BD7-B668-4668EF28ACC7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{C7B42F14-88F0-4C25-9120-9C553657D0E7}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{D604EDAE-DF03-4AF9-B221-3677DC0A30F2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{E20B0277-86AA-477D-B1D5-FF6883BE68A3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{F1DDB615-F088-474A-810E-B6D61AA9C16C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FBD88422-4C49-4F8B-81F7-E6FAA4E2000F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{FF87AC28-3F8A-4B61-9296-991EE30A46E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{C1CD1C21-B798-42BC-94C7-E7DA7CDBCE6B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{CA0637B9-C850-4F21-BC0F-845B1094AA5C}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{F70D284D-06DD-4D43-A49C-F28F4C460C4E}C:\users\gökhan gürel\desktop\leecher.exe" = protocol=6 | dir=in | app=c:\users\gökhan gürel\desktop\leecher.exe |
"UDP Query User{7163784E-C48E-4BDC-9205-172925FBF50C}C:\users\gökhan gürel\desktop\leecher.exe" = protocol=17 | dir=in | app=c:\users\gökhan gürel\desktop\leecher.exe |
"UDP Query User{E866CFE2-38C6-421A-B6EB-4F1741126425}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{F9EA3F1D-687B-4BE3-A116-CAFB7489A9DD}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{141A7ECB-AA8E-4C16-85FE-6FFF804799CF}" = Buchungssatzpauker-B IKR 2.50 (Shareware)
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 22
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{548AF5C1-54E3-4B74-A3E5-D5E6CB7D487C}" = O2Micro Flash Memory Card Reader Driver (x86)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{9D0BDD42-6564-4E1B-963A-4977A6271DB4}" = Winklers Lernprogramm 2027
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{C1A80F67-656F-4DF3-A6C4-DE18A47477C5}_is1" = ICQ Away Reader 1.4
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Burning Studio 2009_is1" = Ashampoo Burning Studio 2009
"AviSynth" = AviSynth 2.5
"Boilsoft AVI to VCD SVCD DVD Converter_is1" = Boilosft AVI to VCD SVCD DVD Converter 3.81
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"Canon iP4700 series Benutzerregistrierung" = Canon iP4700 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"JDownloader" = JDownloader
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mp3tag" = Mp3tag v2.45a
"PokerStars.net" = PokerStars.net
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RouterControl" = RouterControl 1.92
"Uninstall_is1" = Uninstall 1.0.0.1
"Videora iPhone Converter" = Videora iPhone Converter 6
"VLC media player" = VLC media player 1.0.1
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.04.2011 10:16:59 | Computer Name = GökhanGürel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 14.04.2011 10:16:59 | Computer Name = GökhanGürel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 14.04.2011 10:17:00 | Computer Name = GökhanGürel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 14.04.2011 10:17:03 | Computer Name = GökhanGürel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 14.04.2011 10:17:03 | Computer Name = GökhanGürel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 14.04.2011 10:17:04 | Computer Name = GökhanGürel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 14.04.2011 10:17:05 | Computer Name = GökhanGürel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 14.04.2011 10:17:07 | Computer Name = GökhanGürel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 14.04.2011 10:17:15 | Computer Name = GökhanGürel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 14.04.2011 10:17:17 | Computer Name = GökhanGürel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ System Events ]
Error - 24.04.2011 05:02:25 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 24.04.2011 05:02:25 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 24.04.2011 05:02:25 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 24.04.2011 05:02:25 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 24.04.2011 05:02:25 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 24.04.2011 05:02:25 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 24.04.2011 05:02:25 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 24.04.2011 05:02:25 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 24.04.2011 05:02:25 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 24.04.2011 05:04:23 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7032
Description =
 
 
< End of report >

--- --- ---

--- --- ---




OTL logfile created on: 26.04.2011 23:47:25 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Gökhan Gürel\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

952,00 Mb Total Physical Memory | 111,00 Mb Available Physical Memory | 12,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 31,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 14,56 Gb Free Space | 20,91% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 0,08 Gb Free Space | 0,12% Space Free | Partition Type: NTFS

Computer Name: GÖKHANGÜREL-PC | User Name: Gökhan Gürel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\GKHANG~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Users\Gökhan Gürel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\RouterControl\RouterControl.exe (Mirko Böer)
PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\RacAgent.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\Programme\Common Files\Megatech\MProtect\MPServ.exe ()
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Users\Gökhan Gürel\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msshsq.dll (Microsoft Corporation)
MOD - C:\Windows\System32\duser.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (o2flash) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (Megatech-Software-Protection) -- C:\Programme\Common Files\Megatech\MProtect\MPServ.exe ()
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH)
DRV - (TpChoice) -- C:\Windows\System32\drivers\TpChoice.sys (Alps Electric Co., Ltd.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1008&m=extensa_5230
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1008&m=extensa_5230

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1008&m=extensa_5230
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "spiegel-online.de"
FF - prefs.js..extensions.enabledItems: {300350ba-cad8-4c5e-a98b-302ecc608f5e}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {54534D75-A690-4284-9111-F301A308E9E6}:1.9.1


FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.22 20:58:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.22 20:58:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.26 16:17:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.22 20:54:09 | 000,000,000 | ---D | M]

[2009.04.07 01:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Extensions
[2011.04.26 23:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions
[2010.08.31 18:29:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.28 19:35:31 | 000,000,000 | ---D | M] (Raid Rush Community Toolbar) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{300350ba-cad8-4c5e-a98b-302ecc608f5e}
[2010.10.16 20:36:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.28 19:35:31 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\engine@conduit.com
[2011.04.23 18:37:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.24 10:38:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.04.22 20:58:25 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.04.22 20:58:26 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2009.06.23 19:38:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2010.10.24 10:38:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\GöKHAN GüREL\APPDATA\LOCAL\{54534D75-A690-4284-9111-F301A308E9E6}
File not found (No name found) -- C:\USERS\GöKHAN GüREL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9E1JLB.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\USERS\GöKHAN GüREL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9E1JLB.DEFAULT\EXTENSIONS\{300350BA-CAD8-4C5E-A98B-302ECC608F5E}
File not found (No name found) -- C:\USERS\GöKHAN GüREL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9E1JLB.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
File not found (No name found) -- C:\USERS\GöKHAN GüREL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9E1JLB.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.08 08:07:41 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.08 08:07:41 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.08 08:07:41 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.08 08:07:41 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.08 08:07:41 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RouterControl] C:\Programme\RouterControl\RouterControl.exe (Mirko Böer)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gökhan Gürel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1edf9e42-2111-11df-8593-001d72dd38e9}\Shell\AutoRun\command - "" = aNVYBn.EXE
O33 - MountPoints2\{1edf9e42-2111-11df-8593-001d72dd38e9}\Shell\oPEn\CommANd - "" = AnVyBN.EXe
O33 - MountPoints2\{1edf9e47-2111-11df-8593-001d72dd38e9}\Shell - "" = AutoRun
O33 - MountPoints2\{1edf9e47-2111-11df-8593-001d72dd38e9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{1edf9e5e-2111-11df-8593-001d72dd38e9}\Shell\AutoRun\command - "" = RECYCLERS\runmgr.exe
O33 - MountPoints2\{1edf9e5e-2111-11df-8593-001d72dd38e9}\Shell\open\command - "" = RECYCLERS\runmgr.exe
O33 - MountPoints2\{3ef58160-3069-11df-bcc3-001d72dd38e9}\Shell - "" = AutoRun
O33 - MountPoints2\{3ef58160-3069-11df-bcc3-001d72dd38e9}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3ef58162-3069-11df-bcc3-001d72dd38e9}\Shell - "" = AutoRun
O33 - MountPoints2\{3ef58162-3069-11df-bcc3-001d72dd38e9}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{56cc05e8-3067-11df-8237-001d72dd38e9}\Shell - "" = AutoRun
O33 - MountPoints2\{56cc05e8-3067-11df-8237-001d72dd38e9}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{66a167c2-e4d2-11de-8ad6-001d72dd38e9}\Shell - "" = AutoRun
O33 - MountPoints2\{66a167c2-e4d2-11de-8ad6-001d72dd38e9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{6bec9fc4-2d34-11de-85d2-001d72dd38e9}\Shell - "" = AutoRun
O33 - MountPoints2\{6bec9fc4-2d34-11de-85d2-001d72dd38e9}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{6bec9fc4-2d34-11de-85d2-001d72dd38e9}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{6bec9fc4-2d34-11de-85d2-001d72dd38e9}\Shell\install\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{87963c58-ff47-11de-b299-001d72dd38e9}\Shell - "" = AutoRun
O33 - MountPoints2\{87963c58-ff47-11de-b299-001d72dd38e9}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{9b4b3500-331b-11de-9b7d-001d72dd38e9}\Shell\AutoRun\command - "" = jcomkm.exe
O33 - MountPoints2\{9b4b3500-331b-11de-9b7d-001d72dd38e9}\Shell\explore\Command - "" = jcomkm.exe
O33 - MountPoints2\{9b4b3500-331b-11de-9b7d-001d72dd38e9}\Shell\open\Command - "" = jcomkm.exe
O33 - MountPoints2\{fc5083e7-2116-11df-868e-001d72dd38e9}\Shell - "" = AutoRun
O33 - MountPoints2\{fc5083e7-2116-11df-868e-001d72dd38e9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011.04.26 23:43:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.26 23:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.04.26 23:41:50 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.04.26 22:52:02 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Gökhan Gürel\Desktop\Erunt-setup.exe
[2011.04.26 22:52:02 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\TFC.exe
[2011.04.25 17:01:10 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011.04.25 16:30:38 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\Sunbelt Software
[2011.04.25 16:29:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\{EBDD7DE0-D012-47DF-859B-DB1061E2D512}
[2011.04.25 16:28:50 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2011.04.25 16:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011.04.25 16:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011.04.25 15:47:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011.04.25 15:47:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011.04.25 15:47:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011.04.25 14:41:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.04.25 14:36:22 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\Ucsohi
[2011.04.25 14:36:22 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\Obliw
[2011.04.25 12:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.04.25 12:43:53 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011.04.25 12:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.04.25 12:40:35 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Gökhan Gürel\Desktop\spybotsd162.exe
[2011.04.25 12:32:55 | 123,916,352 | ---- | C] (Lavasoft ) -- C:\Users\Gökhan Gürel\Desktop\Ad-Aware902Install.exe
[2011.04.24 12:08:32 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\OTL.exe
[2011.04.23 19:04:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.04.23 18:43:33 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\Malwarebytes
[2011.04.23 18:43:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.23 18:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.23 18:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.23 18:43:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.23 18:43:23 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.23 17:42:00 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\VA_-_Kontor_House_Of_House_Vol.10-3CD-2010-MOD
[2011.04.23 17:41:50 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Chris_Brown-Yeah_3x_(Clean_Version)-WEB-2011-RECA
[2011.04.23 17:31:15 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\xmldm
[2011.04.23 17:31:14 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\kock
[2011.04.23 17:27:16 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\{54534D75-A690-4284-9111-F301A308E9E6}
[2011.04.23 17:25:33 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\55EF921B3F01E13BF6CA0EAAFBEEBEC3
[2011.04.23 17:07:13 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Usher--More-Promo_CDS-2010-WUS
[2011.04.22 21:18:09 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\DDMSettings
[2011.04.22 20:57:27 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine
[2011.04.22 20:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011.04.22 20:56:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared
[2011.04.22 20:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011.04.20 18:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.04.20 18:15:38 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.04.20 18:15:26 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.04.20 17:53:03 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.04.20 12:50:05 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\DJ Antoine - WOW (320)
[2011.04.20 08:40:45 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Lernzettel
[2011.04.01 17:45:01 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\PokerStars.NET
[2011.04.01 17:44:48 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
[2011.04.01 17:44:28 | 000,000,000 | ---D | C] -- C:\Programme\PokerStars.NET
[2011.03.31 19:47:12 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\CDU
[2011.03.31 19:44:55 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Warez Seiten
[2011.03.31 17:57:55 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\Karteikartentrainer
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2008.10.15 09:06:59 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp files -> C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.04.26 23:42:16 | 000,000,917 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.04.26 23:41:52 | 000,000,737 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\NTREGOPT.lnk
[2011.04.26 23:41:52 | 000,000,718 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\ERUNT.lnk
[2011.04.26 23:30:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.26 23:30:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.04.26 23:30:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.26 23:30:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.26 23:20:50 | 175,245,713 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.26 22:52:15 | 000,301,568 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\g2m3e4r.exe
[2011.04.26 22:52:12 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Gökhan Gürel\Desktop\Erunt-setup.exe
[2011.04.26 22:52:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\OTL.exe
[2011.04.26 22:52:06 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\TFC.exe
[2011.04.26 22:49:36 | 000,377,260 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Load.exe
[2011.04.26 22:44:42 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CABC6CDF-19C7-4765-9CEB-B0201A34F566}.job
[2011.04.25 17:23:30 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.25 17:23:30 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.25 17:23:30 | 000,149,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.25 17:23:30 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.25 16:29:30 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.04.25 15:52:17 | 002,306,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.25 12:41:26 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Gökhan Gürel\Desktop\spybotsd162.exe
[2011.04.25 12:39:17 | 123,916,352 | ---- | M] (Lavasoft ) -- C:\Users\Gökhan Gürel\Desktop\Ad-Aware902Install.exe
[2011.04.23 18:43:27 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.23 18:38:39 | 001,006,778 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\iExplore.exe
[2011.04.23 18:38:18 | 001,006,778 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\rkill.com
[2011.04.23 17:27:20 | 000,000,000 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\Rsagikufevori.bin
[2011.04.23 17:27:19 | 000,000,120 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\Glezeqo.dat
[2011.04.20 18:17:08 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.20 18:01:16 | 000,000,680 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\d3d9caps.dat
[2011.04.16 14:25:34 | 005,148,967 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Sergey_Romanov_aka_Elektro_Violine_-_Qadro_Electro....mp3
[2011.04.12 22:06:05 | 000,162,816 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.01 17:44:49 | 000,000,894 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\PokerStars.net.lnk
[1 C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp files -> C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.04.26 23:42:16 | 000,000,917 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.04.26 23:41:52 | 000,000,737 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\NTREGOPT.lnk
[2011.04.26 23:41:52 | 000,000,718 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\ERUNT.lnk
[2011.04.26 22:52:03 | 000,301,568 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\g2m3e4r.exe
[2011.04.26 22:48:31 | 000,377,260 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Load.exe
[2011.04.25 23:45:32 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011.04.25 17:02:57 | 175,245,713 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.04.25 16:29:30 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.04.23 18:43:27 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.23 18:38:36 | 001,006,778 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\iExplore.exe
[2011.04.23 18:07:42 | 001,006,778 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\rkill.com
[2011.04.23 17:27:20 | 000,000,000 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Local\Rsagikufevori.bin
[2011.04.23 17:27:19 | 000,000,120 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Local\Glezeqo.dat
[2011.04.20 18:17:08 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.16 14:24:30 | 005,148,967 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Sergey_Romanov_aka_Elektro_Violine_-_Qadro_Electro....mp3
[2011.04.01 17:44:49 | 000,000,894 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\PokerStars.net.lnk
[2010.11.07 13:21:18 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.02.20 17:07:10 | 000,000,619 | ---- | C] () -- C:\Windows\eReg.dat
[2010.02.13 21:54:44 | 000,003,084 | ---- | C] () -- C:\Windows\wininit.ini
[2010.02.13 21:54:14 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2010.01.27 21:38:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.17 19:25:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 19:25:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.07.12 10:50:14 | 000,000,680 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Local\d3d9caps.dat
[2009.06.22 13:15:34 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.06.15 21:03:30 | 000,000,067 | ---- | C] () -- C:\Windows\AVIConverter.INI
[2009.05.10 18:18:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MPDLL.DLL
[2009.05.10 18:18:04 | 000,000,085 | ---- | C] () -- C:\Windows\megapfad.ini
[2009.04.20 04:07:40 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.04.20 01:18:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.04.07 01:40:00 | 000,000,127 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Roaming\default.rss
[2009.04.05 11:09:34 | 000,162,816 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.04 21:45:00 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.04.03 22:49:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.15 08:55:26 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.10.15 08:55:26 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.10.15 08:55:26 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008.10.14 23:19:42 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.10.14 23:19:42 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.10.14 23:19:42 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.10.14 23:19:42 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.05.26 10:41:20 | 000,685,712 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.05.26 10:41:20 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.05.26 10:41:20 | 000,149,980 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.05.26 10:41:20 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.05.26 01:06:07 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.05.26 01:02:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.05.26 01:02:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.05.14 10:29:02 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.05.14 10:29:02 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.05.14 10:29:01 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 002,306,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,642,704 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,121,592 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011.04.23 18:26:15 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\55EF921B3F01E13BF6CA0EAAFBEEBEC3
[2009.04.25 19:39:46 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Ashampoo
[2009.06.03 12:52:53 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Buhl Data Service GmbH
[2009.04.20 01:08:17 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DAEMON Tools
[2009.04.20 01:08:40 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DAEMON Tools Lite
[2009.04.20 01:08:17 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DAEMON Tools Pro
[2010.10.16 20:35:59 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.04.04 16:26:42 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\eSobi
[2011.04.25 12:36:53 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\ICQ
[2009.04.20 04:07:47 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\InterVideo
[2011.03.31 18:05:13 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Karteikartentrainer
[2011.04.23 17:31:14 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\kock
[2009.10.14 19:53:49 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\LG Electronics
[2009.04.17 01:04:13 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Mp3tag
[2011.04.25 16:59:47 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Obliw
[2010.11.09 21:27:49 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Red Kawa
[2010.08.16 19:39:58 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\RouterControl
[2009.07.01 13:26:14 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\soul.im
[2010.10.18 19:19:33 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\TeamViewer
[2011.04.25 18:27:53 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Ucsohi
[2010.03.15 21:22:34 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Vodafone
[2011.03.31 19:49:13 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\WindSolutions
[2011.04.23 17:31:15 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\xmldm
[2011.04.26 23:29:19 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.04.26 22:44:42 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CABC6CDF-19C7-4765-9CEB-B0201A34F566}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2009.04.03 21:39:38 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.04.03 21:38:11 | 000,000,000 | ---D | M] -- C:\Acer
[2008.10.15 09:07:07 | 000,000,000 | ---D | M] -- C:\Book
[2011.04.25 15:56:19 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.04.03 21:33:10 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.04.29 20:36:02 | 000,000,000 | ---D | M] -- C:\Downloads
[2009.11.21 15:31:13 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2009.04.03 21:40:46 | 000,000,000 | ---D | M] -- C:\Elements
[2008.05.14 09:39:56 | 000,000,000 | ---D | M] -- C:\Intel
[2009.11.07 12:25:12 | 000,000,000 | -H-D | M] -- C:\LG3G
[2010.04.13 22:55:26 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 04:43:50 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.04.26 23:41:50 | 000,000,000 | R--D | M] -- C:\Programme
[2011.04.25 16:29:32 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.04.03 21:33:10 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.04.25 14:43:10 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.10.25 19:10:39 | 000,000,000 | ---D | M] -- C:\test
[2009.04.03 21:36:48 | 000,000,000 | R--D | M] -- C:\Users
[2010.02.13 22:43:51 | 000,000,000 | ---D | M] -- C:\WESTWOOD
[2011.04.26 23:43:06 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >


< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.1

xRaptoRxGG 26.04.2011 23:28

Danke schonmal im Voraus!

M-K-D-B 27.04.2011 09:59

Hallo xRaptoRxGG,




Schritt # 1: Fragen & Hinweise
Bitte beantworte mir folgende Fragen:
  • Wozu sind diese Seiten gut?
    Zitat:

    C:\Users\Gökhan Gürel\Desktop\Warez Seiten
    Ich möchte dich hiermit auf folgendes hinweisen: Cracks, Keygens und andere illegale Software
  • Leider hast du den unteren Teil des OTL.txt Logfiles vergessen zu kopieren:
    Zitat:

    ...
    [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
    [2009.04.1
  • Bitte achte darauf, dass du immer das komplette Logfiles kopierst und einfügst. So ersparen wir uns unnötige Logfiles. :)




Schritt # 2: Störende Programme
  • Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt.
  • Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind):
  • Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung.




Schritt # 3: Add-ons in Firefox entfernen
  • Starte Firefox
  • Klicke auf Extras -> Add-ons
  • Entferne die folgenden Add-ons (sofern sie vorhanden sind):
    • Raid Rush Community Toolbar
    • Conduit Engine
  • Zum Abschluss musst du Firefox schließen und neu starten, damit die Entfernung abgeschlossen werden kann.
  • Kontrolliere, ob die genannten Erweiterungen auch entfernt wurden.
  • Schließe Firefox wieder.




Schritt # 4: Fix mit OTL
Code:

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..extensions.enabledItems: {300350ba-cad8-4c5e-a98b-302ecc608f5e}:3.3.3.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
[2011.03.28 19:35:31 | 000,000,000 | ---D | M] (Raid Rush Community Toolbar) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{300350ba-cad8-4c5e-a98b-302ecc608f5e}
[2011.03.28 19:35:31 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\engine@conduit.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
[2011.04.23 17:31:15 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\xmldm
[2011.04.23 17:31:14 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\kock
[2011.04.23 17:25:33 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\55EF921B3F01E13BF6CA0EAAFBEEBEC3
[2011.04.23 17:27:20 | 000,000,000 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\Rsagikufevori.bin
[2011.04.23 17:27:19 | 000,000,120 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\Glezeqo.dat

:files
C:\USERS\Gökhan Gürel\APPDATA\LOCAL\{54534D75-A690-4284-9111-F301A308E9E6}

:Commands
[purity]
[resethosts]
[emptytemp]

  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread




Schritt # 5: Stoppen von Treibern mit Defogger
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
    Vista User: Bitte mit Rechtsklick "als Administrator starten".
  • Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
  • Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
  • Defogger fordert nun zum Neustart auf. Bestätige dies mit OK.
  • DeFogger erstellt nun ein Logfile auf dem Desktop (defogger_disable).
Poste bitte den Inhalt der Logfile in Deiner nächsten Antwort.
Wenn wir die Bereinigung beendet haben, starte bitte defogger erneut und klicke den Re-enable Button.





Schritt # 6: GMER Rootkitscan
Bitte
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
  • keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
  • nichts am Rechner arbeiten,
  • nach jedem Scan den Rechner neu starten.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter
    (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
    Vista und Win7 User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei:
    • IAT/EAT
    • Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
    • Show all (sollte abgehackt sein)
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!





Schritt # 7: Benutzerdefinierter Scan mit OTL
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:

netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%PROGRAMFILES%\*.
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\ProgramData\{EBDD7DE0-D012-47DF-859B-DB1061E2D512} /S
C:\Users\Gökhan Gürel\AppData\Roaming\Ucsohi /S
C:\Users\Gökhan Gürel\AppData\Roaming\Obliw /S
/md5start
explorer.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread




Schritt # 8: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
  • die Beantwortung der gestellten Frage,
  • das Logfile des OTL-Fix,
  • das Logfile von Defogger,
  • das Logfile von GMER und
  • das neue Logfile von OTL.

xRaptoRxGG 27.04.2011 19:26

Die gewünschten Dinge hab ich entfernt aber mein Laptop stürzt bei dem Neustart immer ab(blauer Bildschirm mit anschließendem Neustart).

Soll ich trotzdem mit den Schritten weitermachen oder anders vorgehen?

M-K-D-B 27.04.2011 19:36

Hallo xRaptoRxGG,


Zitat:

Die gewünschten Dinge hab ich entfernt...
Von welchen Dingen sprichst du hier? Sprichst du von Schritt # 3 oder Schritt # 4?

Zitat:

...aber mein Laptop stürzt bei dem Neustart immer ab(blauer Bildschirm mit anschließendem Neustart).
Bei einem Neustart von Firefox oder bei einem Windows Neustart?

Welche Fehlermeldung erscheint auf dem blauen Bildschirm? Notiere dir die Datei, die Probleme verursacht und den genauen Fehlercode und berichte.

xRaptoRxGG 27.04.2011 19:48

Ich meine Schritt 2 und 3.

Bei einem Windowsneustart.

Ich mach dannn jetzt ein neuversuch und notiere mir die Daten.

xRaptoRxGG 27.04.2011 20:01

Hat geklappt, ich hoffe das ist das richtige Dokument, dass gesucht ist.


All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: {300350ba-cad8-4c5e-a98b-302ecc608f5e}:3.3.3.2 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Folder C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{300350ba-cad8-4c5e-a98b-302ecc608f5e}\ not found.
Folder C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\engine@conduit.com\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Folder C:\Users\Gökhan Gürel\AppData\Roaming\xmldm\ not found.
Folder C:\Users\Gökhan Gürel\AppData\Roaming\kock\ not found.
Folder C:\Users\Gökhan Gürel\AppData\Roaming\55EF921B3F01E13BF6CA0EAAFBEEBEC3\ not found.
File C:\Users\Gökhan Gürel\AppData\Local\Rsagikufevori.bin not found.
File C:\Users\Gökhan Gürel\AppData\Local\Glezeqo.dat not found.
========== FILES ==========
File\Folder C:\USERS\Gökhan Gürel\APPDATA\LOCAL\{54534D75-A690-4284-9111-F301A308E9E6} not found.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gökhan Gürel
->Temp folder emptied: 237814 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 15021022 bytes
->Flash cache emptied: 456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1048576 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 16,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04272011_204915

Files\Folders moved on Reboot...
C:\Users\Gökhan Gürel\AppData\Local\Temp\RtkBtMnt.exe moved successfully.
File\Folder C:\Windows\temp\TMP000000465AF8E120532AC241 not found!

Registry entries deleted on Reboot...

M-K-D-B 27.04.2011 20:13

Hallo xRaptoRxGG,

Zitat:

ich hoffe das ist das richtige Dokument, dass gesucht ist.
Du hast mir das Logfile des OTL-Fix gepostet. Aber die Einträge wurden anscheinend schon vorher entfernt.

Kam beim letzten Neustart kein blauer Bildschirm mit einer Fehlermeldung? Ich wollte, dass du mir davon die genaue Fehlermeldung postest.

Schau mal bitte unter C:\_OTL\Moved Files\ und poste mir die Inhalte aller Textdateien (Logfiles), die du dort findest.

Vielen Dank.

xRaptoRxGG 27.04.2011 20:17

Nein, beim letzten mal ist es nicht abgestürzt aber beim Hochfahren hat es ungewöhnlich lange gedauert.

Hier alle Textdokumente die in dem Ordner sind:

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: {300350ba-cad8-4c5e-a98b-302ecc608f5e}:3.3.3.2 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Folder C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{300350ba-cad8-4c5e-a98b-302ecc608f5e}\ not found.
Folder C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\engine@conduit.com\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
C:\Users\Gökhan Gürel\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Gökhan Gürel\AppData\Roaming\kock folder moved successfully.
C:\Users\Gökhan Gürel\AppData\Roaming\55EF921B3F01E13BF6CA0EAAFBEEBEC3 folder moved successfully.
C:\Users\Gökhan Gürel\AppData\Local\Rsagikufevori.bin moved successfully.
C:\Users\Gökhan Gürel\AppData\Local\Glezeqo.dat moved successfully.
========== FILES ==========
C:\USERS\Gökhan Gürel\APPDATA\LOCAL\{54534D75-A690-4284-9111-F301A308E9E6}\chrome\content folder moved successfully.
C:\USERS\Gökhan Gürel\APPDATA\LOCAL\{54534D75-A690-4284-9111-F301A308E9E6}\chrome folder moved successfully.
C:\USERS\Gökhan Gürel\APPDATA\LOCAL\{54534D75-A690-4284-9111-F301A308E9E6} folder moved successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gökhan Gürel
->Temp folder emptied: 237814 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 13451244 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 13,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04272011_195555

xRaptoRxGG 27.04.2011 20:17

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: {300350ba-cad8-4c5e-a98b-302ecc608f5e}:3.3.3.2 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Folder C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{300350ba-cad8-4c5e-a98b-302ecc608f5e}\ not found.
Folder C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\engine@conduit.com\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Folder C:\Users\Gökhan Gürel\AppData\Roaming\xmldm\ not found.
Folder C:\Users\Gökhan Gürel\AppData\Roaming\kock\ not found.
Folder C:\Users\Gökhan Gürel\AppData\Roaming\55EF921B3F01E13BF6CA0EAAFBEEBEC3\ not found.
File C:\Users\Gökhan Gürel\AppData\Local\Rsagikufevori.bin not found.
File C:\Users\Gökhan Gürel\AppData\Local\Glezeqo.dat not found.
========== FILES ==========
File\Folder C:\USERS\Gökhan Gürel\APPDATA\LOCAL\{54534D75-A690-4284-9111-F301A308E9E6} not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gökhan Gürel
->Temp folder emptied: 237814 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17610348 bytes
->Flash cache emptied: 456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 524288 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 18,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04272011_200953

Files\Folders moved on Reboot...
C:\Users\Gökhan Gürel\AppData\Local\Temp\RtkBtMnt.exe moved successfully.
File\Folder C:\Windows\temp\TMP0000000D6503FD7C96C4BC27 not found!

Registry entries deleted on Reboot...

xRaptoRxGG 27.04.2011 20:18

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: {300350ba-cad8-4c5e-a98b-302ecc608f5e}:3.3.3.2 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Folder C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{300350ba-cad8-4c5e-a98b-302ecc608f5e}\ not found.
Folder C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\engine@conduit.com\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Folder C:\Users\Gökhan Gürel\AppData\Roaming\xmldm\ not found.
Folder C:\Users\Gökhan Gürel\AppData\Roaming\kock\ not found.
Folder C:\Users\Gökhan Gürel\AppData\Roaming\55EF921B3F01E13BF6CA0EAAFBEEBEC3\ not found.
File C:\Users\Gökhan Gürel\AppData\Local\Rsagikufevori.bin not found.
File C:\Users\Gökhan Gürel\AppData\Local\Glezeqo.dat not found.
========== FILES ==========
File\Folder C:\USERS\Gökhan Gürel\APPDATA\LOCAL\{54534D75-A690-4284-9111-F301A308E9E6} not found.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gökhan Gürel
->Temp folder emptied: 237814 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 15021022 bytes
->Flash cache emptied: 456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1048576 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 16,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04272011_204915

Files\Folders moved on Reboot...
C:\Users\Gökhan Gürel\AppData\Local\Temp\RtkBtMnt.exe moved successfully.
File\Folder C:\Windows\temp\TMP000000465AF8E120532AC241 not found!

Registry entries deleted on Reboot...

M-K-D-B 27.04.2011 20:27

Hallo xRaptoRxGG,



Zitat:

Nein, beim letzten mal ist es nicht abgestürzt...
Ok. Sollte es wieder auftreten, so notiere dir die Fehlermeldung und poste sie mit deiner nächsten Antwort. :)


Zitat:

...aber beim Hochfahren hat es ungewöhnlich lange gedauert.
Das ist bei einem Fix mit OTL nichts Ungewöhnliches. :daumenhoc


Die folgende Frage hast du mir noch nicht beantwortet:
Zitat:

C:\Users\Gökhan Gürel\Desktop\Warez Seiten
Wozu sind diese Seiten gut?



Arbeite die folgenden Schritte nacheinander ab und poste mir die gewünschten Logfiles:




Schritt # 1: Stoppen von Treibern mit Defogger
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
    Vista User: Bitte mit Rechtsklick "als Administrator starten".
  • Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
  • Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
  • Defogger fordert nun zum Neustart auf. Bestätige dies mit OK.
  • DeFogger erstellt nun ein Logfile auf dem Desktop (defogger_disable).
Poste bitte den Inhalt der Logfile in Deiner nächsten Antwort.
Wenn wir die Bereinigung beendet haben, starte bitte defogger erneut und klicke den Re-enable Button.





Schritt # 2: GMER Rootkitscan
Bitte
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
  • keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
  • nichts am Rechner arbeiten,
  • nach jedem Scan den Rechner neu starten.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter
    (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
    Vista und Win7 User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei:
    • IAT/EAT
    • Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
    • Show all (sollte abgehackt sein)
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!





Schritt # 3: Benutzerdefinierter Scan mit OTL
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:

netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%PROGRAMFILES%\*.
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread




Schritt # 4: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
  • die Beantwortung der gestellten Frage,
  • das Logfile von Defogger,
  • das Logfile von GMER und
  • das neue Logfile von OTL (OTL.txt).

xRaptoRxGG 27.04.2011 21:03

Also "Warez Seiten" ist einfach nur eine html Datei die ich inzwischen schon gelöscht habe.

Beim Ausführen von Schritt 1 ist mein Laptop wieder abgestürzt.

Hier ein Foto:hxxp://www.xup.in/dl,11533431/Foto.JPG/%5D%5Bimg%5Dhxxp://www0.xup.in/exec/ximg.php?fid=11533431

xRaptoRxGG 27.04.2011 21:16

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:11 on 27/04/2011 (Gökhan Gürel)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-

xRaptoRxGG 28.04.2011 11:00

Mal ne andere Frage....

Wie muss ich denn vorgehen, wenn der Rechner abstürzt?

Muss ich dann alle Schritte von neu ausführen oder einfach weiter machen?


Vielen Dank nochmal!

M-K-D-B 28.04.2011 18:35

Hallo xRaptoRxGG,


Zitat:

Muss ich dann alle Schritte von neu ausführen oder einfach weiter machen?
Führe bitte Schritt # 2 und # 3 meines letzten Posts aus und poste die entsprechenden Logfiles.


Zitat:

Wie muss ich denn vorgehen, wenn der Rechner abstürzt?
Leider weiß ich momentan nicht, woher dieser Bluescreen kommt.
Seit wann genau erhältst du diese Fehlermeldung? Erst seit du hier um Hilfe gebeten hast oder auch schon vorher?
Wann trat dieser Fehler das erste Mal auf?

Ich muss mich bezüglich dieses Fehlers erst bei anderen Mitgliedern des Teams kundig machen. Vielleicht können sie uns weiterhelfen.

xRaptoRxGG 28.04.2011 18:56

Es ist schon vorher aufgetreten aber ich ich hab vorher auch schon einige Maßnahmen ergriffen und spybot, add aware, malwarebytes & co installiert und mehrmals ausgeführt.

xRaptoRxGG 28.04.2011 21:00

Wärend des scans habe ich nen
Schwarzen Bildschirm bekommen. Ich warte mal einfach ab. Wie soll ich denn vorgehen wenn ein Scan mit gamer auch nicht klappt?

M-K-D-B 29.04.2011 10:24

Hallo xRaptoRxGG,




Zitat:

Wie soll ich denn vorgehen wenn ein Scan mit gamer auch nicht klappt?
Das mit den Scans von GMER und OTL stellen wir vorerst zurück.


Zur Analyse der Bluescreens gehe bitte wie folgt vor:


Hochladen von Dateien
  • Klicke auf den folgenden Link: Trojaner-Board Upload Channel
  • Klicke auf Durchsuchen
  • Kopiere unter Dateinamen
    Code:

    C:\Windows\Minidump
    hinein und drücke Enter.
  • Wähle die erste .dmp Datei aus und klicke auf Öffnen.
  • Wiederhole diesen Vorgang gegebenenfalls, wenn sich mehrere .dmp Dateien im Ordner Minidump befinden.
  • Unter Link zum Thema im Forum gib folgendes ein:
    Code:

    http://www.trojaner-board.de/98013-anti-malware-doctor-endgueltig-entfernen.html
  • Gib deinen Benutzernamen ein.
  • Klicke abschließend auf Hochladen.
Sollten sich mehr als 3 .dmp Dateien im Ordner Minidump befinden, lade die ersten drei Dateien hoch und starte anschließend einen neuen Upload.

xRaptoRxGG 29.04.2011 17:46

Ich drehe noch durch....

der sagt ich hätte keine Berechtigung obwohl ich als einziger User (Admin) angemeldet bin... ist das etwa eine Manipulation vom trojaner?

Kannst du mir noch sagen (oder zeigen wo ich es lesen kann) was ich am Laptop nicht machen darf während der Infizierung.

M-K-D-B 29.04.2011 19:15

Hallo xRaptoRxGG,


Zitat:

Kannst du mir noch sagen (oder zeigen wo ich es lesen kann) was ich am Laptop nicht machen darf während der Infizierung.
Lies dir dazu nochmal meinen ersten Post durch. Dort findest du schon einige Hinweise. Meinst du etwas Spezielles?


Zitat:

der sagt ich hätte keine Berechtigung obwohl ich als einziger User (Admin) angemeldet bin... ist das etwa eine Manipulation vom trojaner?
Das hat wohl eher etwas mit der Benutzerkontensteuerung zu tun.

Starte deinen Rechner im abgesicherten Modus auf.

Öffne nun den Ordner C:\Windows\Minidump.
Packe alle .dmp Dateien mit Winrar in ein Archiv.

Starte deinen Rechner im normalen Modus neu auf und lade das komplette Archiv über den Uploadchannel (wie in meinem letzten Post beschrieben) hoch. :)

xRaptoRxGG 29.04.2011 19:33

Ja mit etwas speziellem meine ich z.B. es zu vermeiden Passwörter zu benutzen, OnlineBanking oder ähnliches. Immerhin hab ich nen Trojaner drauf.


Archiv ist hochgeladen aber es sind einige .dmp Dateien...

Danke!

M-K-D-B 30.04.2011 13:10

Hallo xRaptoRxGG,


Zitat:

a mit etwas speziellem meine ich z.B. es zu vermeiden Passwörter zu benutzen, OnlineBanking oder ähnliches. Immerhin hab ich nen Trojaner drauf.
Da hast du natürlich Recht. Online-Banking ist auf diesem Rechner bis auf weiteres nicht zu empfehlen.
Solltest du dringende Einkäufe oder Überweisungen tätigen müssen, führe diese bitte von einem anderen Computer (welcher nicht infiziert ist) durch.

Die .dmp Dateien, die du uns geschickt hast, reichen nur bis zum 27.08.2010. Du hattest ja auch vor kurzem diese Bluescreens.
Kontrolliere bitte, ob du wirklich alle .dmp Dateien ins Archiv gepackt hast. Fahre zusätzlich bitte wie folgt vor:


Schritt # 1: Benutzerdefinierter Scan mit OTL
Code:

C:\Windows\Minidump /S
  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Nichts und danach den Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread




Schritt # 2: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
  • das Logfile von OTL (OTL.txt).

xRaptoRxGG 01.05.2011 10:42

Das sind definitiv alle .dmp Dateien aus dem Ordner.OTL Logfile:
Code:

OTL logfile created on: 01.05.2011 11:14:45 - Run 4
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Gökhan Gürel\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
952,00 Mb Total Physical Memory | 280,00 Mb Available Physical Memory | 29,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 50,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 14,21 Gb Free Space | 20,40% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 0,08 Gb Free Space | 0,12% Space Free | Partition Type: NTFS
 
Computer Name: GÖKHANGÜREL-PC | User Name: Gökhan Gürel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Custom Scans ==========
 
 
< C:\Windows\Minidump /S >

< End of report >

--- --- ---

M-K-D-B 01.05.2011 20:26

Hallo xRaptoRxGG,




Schritt # 1: Fragen beantworten
Bitte beantworte mir folgende Fragen:
  • Eine Ursache für diese Bluescreens könnte ein Treiber von GMER sein. Hast du dieses Programm ausgeführt?
  • Vielleicht auch schon bevor du hier um Hilfe gebeten hast?
    Ich bitte dich, GMER bis auf weiteres nicht mehr zu verwenden!
    Solltest du erneut eine Fehlermeldung bekommen, poste sie mir. Versuche alle Schritte abzuarbeiten und berichte, wie dein Rechner läuft.




Schritt # 2: Fix mit OTL
Code:

:OTL

:Commands
[emptytemp]

  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread




Schritt # 3: aswMBR.exe ausführen
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Klicke auf Scan
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.





Schritt # 4: Benutzerdefinierter Scan mit OTL
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%PROGRAMFILES%\*.
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\ProgramData\{EBDD7DE0-D012-47DF-859B-DB1061E2D512} /S
C:\Users\Gökhan Gürel\AppData\Roaming\Ucsohi /S
C:\Users\Gökhan Gürel\AppData\Roaming\Obliw /S
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread




Schritt # 5: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
  • die Beantwortung der gestellten Fragen,
  • das Logfile des OTL-Fix,
  • das Logfile von aswMBR und
  • das Logfile von OTL (OTL.txt).

M-K-D-B 01.05.2011 21:28

Hallo xRaptoRxGG,


deine Partionen
Zitat:

Drive C: | 69,65 Gb Total Space | 5,37 Gb Free Space | 7,72% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 0,08 Gb Free Space | 0,12% Space Free | Partition Type: NTFS
stoßen an ihre Grenzen.

Als Erstes sollten wir deinen Computer aufräumen:
Deinstalliere bzw. lösche alle Programme und Dateien, die du nicht mehr benötigst. Du hast beispielsweise Spybot-Search & Destroy und Ad-Aware erwähnt. Diese kannst du ebenso bedenkenlos wieder deinstallieren. Aber das ist nur ein Anfang.

Solltest du viele persönliche Dateien besitzen, die du nicht löschen kannst/magst, so empfehle ich dir, dich nach einer externen Festplatte oder einem neuen Rechner umzusehen.

Ich bitte um Rückmeldung für das weitere Vorgehen. Vielen Dank. :)

xRaptoRxGG 01.05.2011 21:54

Antwort: Gmer habe ich vorher nicht benutzt




All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gökhan Gürel
->Temp folder emptied: 1248118 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 132267117 bytes
->Flash cache emptied: 1073 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2117170 bytes
RecycleBin emptied: 58490 bytes

Total Files Cleaned = 129,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05012011_220227

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP00000003298627D5F3BEA3AF not found!

Registry entries deleted on Reboot...

xRaptoRxGG 01.05.2011 22:08

aswMBR version 0.9.5.232 Copyright(c) 2011 AVAST Software
Run date: 2011-05-01 23:05:04
-----------------------------
23:05:04.207 OS Version: Windows 6.0.6002 Service Pack 2
23:05:04.229 Number of processors: 1 586 0xF0D
23:05:04.232 ComputerName: GÖKHANGÜREL-PC UserName: Gökhan Gürel
23:05:21.825 Initialize success
23:05:49.280 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:05:49.284 Disk 0 Vendor: Hitachi_HTS542516K9SA00 BBCOC31P Size: 152627MB BusType: 3
23:05:51.320 Disk 0 MBR read successfully
23:05:51.329 Disk 0 MBR scan
23:05:51.333 Disk 0 TDL4@MBR code has been found
23:05:51.337 Disk 0 MBR hidden
23:05:51.345 Disk 0 MBR [TDL4] **ROOTKIT**
23:05:51.354 Disk 0 trace - called modules:
23:05:51.367 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85f57730]<<
23:05:51.373 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859bdaa0]
23:05:51.384 3 CLASSPNP.SYS[86faa8b3] -> nt!IofCallDriver -> [0x85fe4298]
23:05:51.395 \Driver\atapi[0x853f6090] -> IRP_MJ_CREATE -> 0x85f57730
23:05:51.402 Scan finished successfully
23:06:26.339 Disk 0 MBR has been saved successfully to "C:\Users\Gökhan Gürel\Desktop\MBR.dat"
23:06:26.447 The log file has been saved successfully to "C:\Users\Gökhan Gürel\Desktop\aswMBR.txt"

xRaptoRxGG 01.05.2011 22:33

Ich kann den letzten Logfile nicht posten.

Ist er vielleicht zu lang?

Egal wie ich versuche es zu posten kommt erscheint dieser Fehler:


Fehler: Verbindung unterbrochen


Die Verbindung zum Server wurde zurückgesetzt, während die Seite geladen wurde.


* Die Website könnte vorübergehend nicht erreichbar sein, versuchen Sie es bitte
später nochmals.

* Wenn Sie auch keine andere Website aufrufen können, überprüfen Sie bitte die
Netzwerk-/Internetverbindung.

* Wenn Ihr Computer oder Netzwerk von einer Firewall oder einem Proxy geschützt wird,
stellen Sie bitte sicher, dass Firefox auf das Internet zugreifen darf.

M-K-D-B 01.05.2011 22:43

Hallo xRaptoRxGG,


Zitat:

Zitat von xRaptoRxGG (Beitrag 651131)
Ich kann den letzten Logfile nicht posten. Ist er vielleicht zu lang?

Du kannst versuchen, die Datei als Anhang anzufügen oder das Logfile auf zwei Teile aufzuteilen.


Bitte beachte meinen letzten Post an dich.




Wie wir jetzt weiter vorgehen:

1) Du schaffst richtig viel Platz auf deinem Computer (wie in meinem letzten Post beschrieben).
2) Wir kümmern uns um die Beseitung der Infektionen.

Sollten Fragen auftauchen, so zögere nicht, sie zu stellen. :daumenhoc

xRaptoRxGG 02.05.2011 10:39

OTL logfile created on: 01.05.2011 23:10:59 - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Gökhan Gürel\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

952,00 Mb Total Physical Memory | 124,00 Mb Available Physical Memory | 13,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 53,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 14,46 Gb Free Space | 20,76% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 0,08 Gb Free Space | 0,12% Space Free | Partition Type: NTFS

Computer Name: GÖKHANGÜREL-PC | User Name: Gökhan Gürel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\GKHANG~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Users\Gökhan Gürel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\RouterControl\RouterControl.exe (Mirko Böer)
PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\Programme\Common Files\Megatech\MProtect\MPServ.exe ()
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Users\Gökhan Gürel\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\SysHook.dll (Acer Inc.)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (o2flash) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (Megatech-Software-Protection) -- C:\Programme\Common Files\Megatech\MProtect\MPServ.exe ()
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH)
DRV - (TpChoice) -- C:\Windows\System32\drivers\TpChoice.sys (Alps Electric Co., Ltd.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1008&m=extensa_5230
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1008&m=extensa_5230

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1008&m=extensa_5230
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "spiegel-online.de"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94


FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.22 20:58:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.22 20:58:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.26 16:17:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.22 20:54:09 | 000,000,000 | ---D | M]

[2009.04.07 01:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Extensions
[2011.04.29 18:35:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions
[2010.08.31 18:29:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.16 20:36:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.23 18:37:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.24 10:38:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.04.22 20:58:25 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.04.22 20:58:26 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2009.06.23 19:38:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2010.10.24 10:38:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\GöKHAN GüREL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9E1JLB.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\USERS\GöKHAN GüREL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9E1JLB.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.08 08:07:41 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.08 08:07:41 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.08 08:07:41 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.08 08:07:41 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.08 08:07:41 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

Hosts file not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [4E3E0230AEBB4E96] File not found
O4 - HKCU..\Run: [RouterControl] C:\Programme\RouterControl\RouterControl.exe (Mirko Böer)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gökhan Gürel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1edf9e42-2111-11df-8593-001d72dd38e9}\Shell\AutoRun\command - "" = aNVYBn.EXE
O33 - MountPoints2\{1edf9e42-2111-11df-8593-001d72dd38e9}\Shell\oPEn\CommANd - "" = AnVyBN.EXe
O33 - MountPoints2\{1edf9e47-2111-11df-8593-001d72dd38e9}\Shell - "" = AutoRun
O33 - MountPoints2\{1edf9e47-2111-11df-8593-001d72dd38e9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{1edf9e5e-2111-11df-8593-001d72dd38e9}\Shell\AutoRun\command - "" = RECYCLERS\runmgr.exe
O33 - MountPoints2\{1edf9e5e-2111-11df-8593-001d72dd38e9}\Shell\open\command - "" = RECYCLERS\runmgr.exe
O33 - MountPoints2\{3ef58160-3069-11df-bcc3-001d72dd38e9}\Shell - "" = AutoRun
O33 - MountPoints2\{3ef58160-3069-11df-bcc3-001d72dd38e9}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3ef58162-3069-11df-bcc3-001d72dd38e9}\Shell - "" = AutoRun
O33 - MountPoints2\{3ef58162-3069-11df-bcc3-001d72dd38e9}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{56cc05e8-3067-11df-8237-001d72dd38e9}\Shell - "" = AutoRun
O33 - MountPoints2\{56cc05e8-3067-11df-8237-001d72dd38e9}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{66a167c2-e4d2-11de-8ad6-001d72dd38e9}\Shell - "" = AutoRun
O33 - MountPoints2\{66a167c2-e4d2-11de-8ad6-001d72dd38e9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{6bec9fc4-2d34-11de-85d2-001d72dd38e9}\Shell - "" = AutoRun
O33 - MountPoints2\{6bec9fc4-2d34-11de-85d2-001d72dd38e9}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{6bec9fc4-2d34-11de-85d2-001d72dd38e9}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{6bec9fc4-2d34-11de-85d2-001d72dd38e9}\Shell\install\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{87963c58-ff47-11de-b299-001d72dd38e9}\Shell - "" = AutoRun
O33 - MountPoints2\{87963c58-ff47-11de-b299-001d72dd38e9}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{9b4b3500-331b-11de-9b7d-001d72dd38e9}\Shell\AutoRun\command - "" = jcomkm.exe
O33 - MountPoints2\{9b4b3500-331b-11de-9b7d-001d72dd38e9}\Shell\explore\Command - "" = jcomkm.exe
O33 - MountPoints2\{9b4b3500-331b-11de-9b7d-001d72dd38e9}\Shell\open\Command - "" = jcomkm.exe
O33 - MountPoints2\{fc5083e7-2116-11df-868e-001d72dd38e9}\Shell - "" = AutoRun
O33 - MountPoints2\{fc5083e7-2116-11df-868e-001d72dd38e9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {17052482-DBDC-7730-7743-E53C20E965EB} - Browser Customizations
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {74A68C95-2811-BD6E-B680-24DD4A461C21} - Java (Sun)
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


========== Files/Folders - Created Within 30 Days ==========

[2011.05.01 23:02:32 | 000,575,488 | ---- | C] (AVAST Software) -- C:\Users\Gökhan Gürel\Desktop\aswMBR.exe
[2011.04.28 19:17:14 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.04.28 15:09:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2011.04.27 19:55:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.04.27 18:59:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\OTL.exe
[2011.04.27 18:59:49 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\TFC.exe
[2011.04.27 18:59:48 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Gökhan Gürel\Desktop\Erunt-setup.exe
[2011.04.26 23:43:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.26 23:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.04.26 23:41:50 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.04.25 17:01:10 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011.04.25 16:30:38 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\Sunbelt Software
[2011.04.25 16:29:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\{EBDD7DE0-D012-47DF-859B-DB1061E2D512}
[2011.04.25 16:28:50 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2011.04.25 16:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011.04.25 16:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011.04.25 15:47:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011.04.25 15:47:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011.04.25 15:47:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011.04.25 14:41:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.04.25 14:36:22 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\Ucsohi
[2011.04.25 14:36:22 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\Obliw
[2011.04.25 12:43:53 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011.04.25 12:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.04.25 12:40:35 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Gökhan Gürel\Desktop\spybotsd162.exe
[2011.04.25 12:32:55 | 123,916,352 | ---- | C] (Lavasoft ) -- C:\Users\Gökhan Gürel\Desktop\Ad-Aware902Install.exe
[2011.04.23 19:04:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.04.23 18:43:33 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\Malwarebytes
[2011.04.23 18:43:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.23 18:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.23 18:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.23 18:43:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.23 18:43:23 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.23 17:42:00 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\VA_-_Kontor_House_Of_House_Vol.10-3CD-2010-MOD
[2011.04.23 17:41:50 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Chris_Brown-Yeah_3x_(Clean_Version)-WEB-2011-RECA
[2011.04.23 17:07:13 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Usher--More-Promo_CDS-2010-WUS
[2011.04.22 21:18:09 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\DDMSettings
[2011.04.22 20:57:27 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine
[2011.04.22 20:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011.04.22 20:56:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared
[2011.04.22 20:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011.04.20 18:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.04.20 18:15:38 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.04.20 18:15:26 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.04.20 17:53:03 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.04.20 12:50:05 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\DJ Antoine - WOW (320)
[2011.04.20 08:40:45 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Lernzettel
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2008.10.15 09:06:59 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp files -> C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp -> ]

xRaptoRxGG 02.05.2011 10:43

========== Files - Modified Within 30 Days ==========

[2011.05.01 23:06:26 | 000,000,512 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\MBR.dat
[2011.05.01 23:02:46 | 000,575,488 | ---- | M] (AVAST Software) -- C:\Users\Gökhan Gürel\Desktop\aswMBR.exe
[2011.05.01 22:58:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.01 22:58:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.01 22:58:39 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.05.01 22:57:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.01 22:57:49 | 124,120,161 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.05.01 22:00:19 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011.05.01 22:00:19 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011.05.01 11:15:21 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CABC6CDF-19C7-4765-9CEB-B0201A34F566}.job
[2011.04.29 18:31:48 | 000,109,566 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\screen.jpg
[2011.04.28 19:17:09 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.04.27 22:21:04 | 000,301,568 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\35xnhg1c.exe
[2011.04.27 21:53:52 | 002,052,388 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Foto.JPG
[2011.04.27 21:41:23 | 000,000,020 | ---- | M] () -- C:\Users\Gökhan Gürel\defogger_reenable
[2011.04.27 21:37:18 | 000,050,477 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Defogger.exe
[2011.04.27 19:36:29 | 000,000,737 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\NTREGOPT.lnk
[2011.04.27 19:36:29 | 000,000,718 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\ERUNT.lnk
[2011.04.27 19:00:03 | 000,301,568 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\g2m3e4r.exe
[2011.04.27 19:00:01 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Gökhan Gürel\Desktop\Erunt-setup.exe
[2011.04.27 19:00:00 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\TFC.exe
[2011.04.27 18:59:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\OTL.exe
[2011.04.26 22:49:36 | 000,377,260 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Load.exe
[2011.04.25 17:23:30 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.25 17:23:30 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.25 17:23:30 | 000,149,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.25 17:23:30 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.25 16:29:30 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.04.25 15:52:17 | 002,306,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.25 12:41:26 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Gökhan Gürel\Desktop\spybotsd162.exe
[2011.04.25 12:39:17 | 123,916,352 | ---- | M] (Lavasoft ) -- C:\Users\Gökhan Gürel\Desktop\Ad-Aware902Install.exe
[2011.04.23 18:43:27 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.23 18:38:39 | 001,006,778 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\iExplore.exe
[2011.04.23 18:38:18 | 001,006,778 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\rkill.com
[2011.04.20 18:17:08 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.20 18:01:16 | 000,000,680 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\d3d9caps.dat
[2011.04.16 14:25:34 | 005,148,967 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Sergey_Romanov_aka_Elektro_Violine_-_Qadro_Electro....mp3
[2011.04.12 22:06:05 | 000,162,816 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp files -> C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.05.01 23:06:26 | 000,000,512 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\MBR.dat
[2011.04.29 18:31:47 | 000,109,566 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\screen.jpg
[2011.04.28 19:17:59 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.04.28 19:17:59 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.04.27 22:20:43 | 000,301,568 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\35xnhg1c.exe
[2011.04.27 21:53:37 | 002,052,388 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Foto.JPG
[2011.04.27 21:40:59 | 000,000,020 | ---- | C] () -- C:\Users\Gökhan Gürel\defogger_reenable
[2011.04.27 21:37:05 | 000,050,477 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Defogger.exe
[2011.04.27 18:59:49 | 000,301,568 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\g2m3e4r.exe
[2011.04.26 23:41:52 | 000,000,737 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\NTREGOPT.lnk
[2011.04.26 23:41:52 | 000,000,718 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\ERUNT.lnk
[2011.04.26 22:48:31 | 000,377,260 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Load.exe
[2011.04.25 23:45:32 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011.04.25 17:02:57 | 124,120,161 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.04.25 16:29:30 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.04.23 18:43:27 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.23 18:38:36 | 001,006,778 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\iExplore.exe
[2011.04.23 18:07:42 | 001,006,778 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\rkill.com
[2011.04.20 18:17:08 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.16 14:24:30 | 005,148,967 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Sergey_Romanov_aka_Elektro_Violine_-_Qadro_Electro....mp3
[2010.11.07 13:21:18 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.02.20 17:07:10 | 000,000,619 | ---- | C] () -- C:\Windows\eReg.dat
[2010.02.13 21:54:44 | 000,003,084 | ---- | C] () -- C:\Windows\wininit.ini
[2010.02.13 21:54:14 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2010.01.27 21:38:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.17 19:25:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 19:25:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.07.12 10:50:14 | 000,000,680 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Local\d3d9caps.dat
[2009.06.22 13:15:34 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.06.15 21:03:30 | 000,000,067 | ---- | C] () -- C:\Windows\AVIConverter.INI
[2009.05.10 18:18:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MPDLL.DLL
[2009.05.10 18:18:04 | 000,000,085 | ---- | C] () -- C:\Windows\megapfad.ini
[2009.04.20 04:07:40 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.04.20 01:18:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.04.07 01:40:00 | 000,000,127 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Roaming\default.rss
[2009.04.05 11:09:34 | 000,162,816 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.04 21:45:00 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.04.03 22:49:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.15 08:55:26 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.10.15 08:55:26 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.10.15 08:55:26 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008.10.14 23:19:42 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.10.14 23:19:42 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.10.14 23:19:42 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.10.14 23:19:42 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.05.26 10:41:20 | 000,685,712 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.05.26 10:41:20 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.05.26 10:41:20 | 000,149,980 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.05.26 10:41:20 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.05.26 01:06:07 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.05.26 01:02:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.05.26 01:02:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.05.14 10:29:02 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.05.14 10:29:02 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.05.14 10:29:01 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 002,306,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,642,704 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,121,592 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2009.04.25 19:39:46 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Ashampoo
[2009.06.03 12:52:53 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Buhl Data Service GmbH
[2009.04.20 01:08:17 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DAEMON Tools
[2009.04.20 01:08:40 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DAEMON Tools Lite
[2009.04.20 01:08:17 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DAEMON Tools Pro
[2010.10.16 20:35:59 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.04.04 16:26:42 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\eSobi
[2011.04.25 12:36:53 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\ICQ
[2009.04.20 04:07:47 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\InterVideo
[2011.03.31 18:05:13 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Karteikartentrainer
[2009.10.14 19:53:49 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\LG Electronics
[2009.04.17 01:04:13 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Mp3tag
[2011.04.25 16:59:47 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Obliw
[2010.11.09 21:27:49 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Red Kawa
[2010.08.16 19:39:58 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\RouterControl
[2009.07.01 13:26:14 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\soul.im
[2010.10.18 19:19:33 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\TeamViewer
[2011.04.25 18:27:53 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Ucsohi
[2010.03.15 21:22:34 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Vodafone
[2011.03.31 19:49:13 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\WindSolutions
[2011.05.01 22:03:34 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.05.01 11:15:21 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CABC6CDF-19C7-4765-9CEB-B0201A34F566}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2009.04.03 21:39:38 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.04.03 21:38:11 | 000,000,000 | ---D | M] -- C:\Acer
[2008.10.15 09:07:07 | 000,000,000 | ---D | M] -- C:\Book
[2011.04.25 15:56:19 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.04.03 21:33:10 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.04.29 20:36:02 | 000,000,000 | ---D | M] -- C:\Downloads
[2009.11.21 15:31:13 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2009.04.03 21:40:46 | 000,000,000 | ---D | M] -- C:\Elements
[2008.05.14 09:39:56 | 000,000,000 | ---D | M] -- C:\Intel
[2009.11.07 12:25:12 | 000,000,000 | -H-D | M] -- C:\LG3G
[2010.04.13 22:55:26 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 04:43:50 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.04.26 23:41:50 | 000,000,000 | R--D | M] -- C:\Programme
[2011.04.28 15:09:10 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.04.03 21:33:10 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.10.15 15:48:59 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin
[2011.04.25 14:43:10 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.10.25 19:10:39 | 000,000,000 | ---D | M] -- C:\test
[2009.04.03 21:36:48 | 000,000,000 | R--D | M] -- C:\Users
[2010.02.13 22:43:51 | 000,000,000 | ---D | M] -- C:\WESTWOOD
[2011.05.01 22:57:49 | 000,000,000 | ---D | M] -- C:\Windows
[2011.04.27 19:55:55 | 000,000,000 | ---D | M] -- C:\_OTL

< %PROGRAMFILES%\*.exe >

< %PROGRAMFILES%\*. >
[2009.04.03 21:39:32 | 000,000,000 | ---D | M] -- C:\Programme\Acer
[2008.10.14 23:32:22 | 000,000,000 | ---D | M] -- C:\Programme\Acer Inc
[2008.10.14 23:33:08 | 000,000,000 | ---D | M] -- C:\Programme\Acer Incorporated
[2008.05.26 00:59:52 | 000,000,000 | ---D | M] -- C:\Programme\Activation Assistant for the 2007 Microsoft Office suites
[2011.03.14 18:49:08 | 000,000,000 | ---D | M] -- C:\Programme\Adobe
[2008.10.14 23:22:47 | 000,000,000 | ---D | M] -- C:\Programme\Apoint2K
[2009.04.21 07:05:53 | 000,000,000 | ---D | M] -- C:\Programme\Apple Software Update
[2009.04.25 19:30:04 | 000,000,000 | ---D | M] -- C:\Programme\Ashampoo
[2010.11.08 01:15:41 | 000,000,000 | ---D | M] -- C:\Programme\AviSynth 2.5
[2009.06.15 21:03:25 | 000,000,000 | ---D | M] -- C:\Programme\Boilsoft AVI Converter
[2011.04.20 17:53:07 | 000,000,000 | ---D | M] -- C:\Programme\Bonjour
[2008.05.14 09:42:55 | 000,000,000 | ---D | M] -- C:\Programme\Broadcom
[2011.02.02 18:52:13 | 000,000,000 | ---D | M] -- C:\Programme\Buchungssatzpauker-B IKR 2.50 (Shareware)
[2010.01.27 19:00:29 | 000,000,000 | ---D | M] -- C:\Programme\Canon
[2010.01.27 18:53:56 | 000,000,000 | -H-D | M] -- C:\Programme\CanonBJ
[2011.04.22 20:57:27 | 000,000,000 | ---D | M] -- C:\Programme\Common Files
[2008.10.14 23:14:02 | 000,000,000 | ---D | M] -- C:\Programme\CONEXANT
[2008.10.14 23:25:17 | 000,000,000 | ---D | M] -- C:\Programme\COREL
[2009.04.20 01:07:14 | 000,000,000 | ---D | M] -- C:\Programme\DAEMON Tools Lite
[2009.04.20 00:59:10 | 000,000,000 | ---D | M] -- C:\Programme\DAEMON Tools Pro
[2009.05.11 08:46:54 | 000,000,000 | ---D | M] -- C:\Programme\DAMN NFO Viewer
[2011.04.22 20:58:31 | 000,000,000 | ---D | M] -- C:\Programme\DivX
[2009.12.01 18:05:45 | 000,000,000 | ---D | M] -- C:\Programme\DVDVideoSoft
[2010.02.20 16:57:38 | 000,000,000 | ---D | M] -- C:\Programme\EA Games
[2011.04.27 19:36:56 | 000,000,000 | ---D | M] -- C:\Programme\ERUNT
[2009.04.04 16:34:27 | 000,000,000 | ---D | M] -- C:\Programme\eSobi
[2009.04.03 21:33:10 | 000,000,000 | -HSD | M] -- C:\Programme\Gemeinsame Dateien
[2010.03.17 00:25:34 | 000,000,000 | ---D | M] -- C:\Programme\Hornet Demo
[2009.06.21 22:47:38 | 000,000,000 | ---D | M] -- C:\Programme\ICQ Away Reader
[2011.04.15 21:12:28 | 000,000,000 | ---D | M] -- C:\Programme\ICQ7.2
[2010.06.08 20:54:27 | 000,000,000 | -H-D | M] -- C:\Programme\InstallShield Installation Information
[2008.05.14 09:40:01 | 000,000,000 | ---D | M] -- C:\Programme\Intel
[2011.04.25 15:48:34 | 000,000,000 | ---D | M] -- C:\Programme\Internet Explorer
[2008.10.14 23:28:16 | 000,000,000 | ---D | M] -- C:\Programme\InterVideo
[2011.04.20 18:15:38 | 000,000,000 | ---D | M] -- C:\Programme\iPod
[2011.04.20 18:17:00 | 000,000,000 | ---D | M] -- C:\Programme\iTunes
[2010.10.24 10:38:13 | 000,000,000 | ---D | M] -- C:\Programme\Java
[2011.04.12 21:23:40 | 000,000,000 | ---D | M] -- C:\Programme\JDownloader
[2008.10.14 23:24:52 | 000,000,000 | ---D | M] -- C:\Programme\Launch Manager
[2011.04.25 16:28:50 | 000,000,000 | ---D | M] -- C:\Programme\Lavasoft
[2009.10.14 19:43:53 | 000,000,000 | ---D | M] -- C:\Programme\LG Electronics
[2009.10.24 14:23:16 | 000,000,000 | ---D | M] -- C:\Programme\LG PC Suite 2
[2011.04.23 18:43:27 | 000,000,000 | ---D | M] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.01.31 15:42:51 | 000,000,000 | ---D | M] -- C:\Programme\Maxis
[2009.09.17 21:38:02 | 000,000,000 | ---D | M] -- C:\Programme\MegaCAD_3D_2007
[2009.11.28 10:45:05 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft
[2006.11.02 14:35:51 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Games
[2010.04.13 23:06:24 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Office
[2010.01.05 00:56:17 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Small Business
[2011.03.25 19:38:40 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft SQL Server
[2011.01.26 18:13:58 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft.NET
[2011.04.25 15:48:35 | 000,000,000 | ---D | M] -- C:\Programme\Movie Maker
[2011.05.01 23:07:07 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox
[2009.11.29 14:37:52 | 000,000,000 | ---D | M] -- C:\Programme\Mp3tag
[2006.11.02 14:35:51 | 000,000,000 | ---D | M] -- C:\Programme\MSBuild
[2009.04.03 22:07:34 | 000,000,000 | ---D | M] -- C:\Programme\MSXML 4.0
[2008.05.26 01:03:30 | 000,000,000 | ---D | M] -- C:\Programme\NewTech Infosystems
[2008.10.14 23:20:49 | 000,000,000 | ---D | M] -- C:\Programme\O2Micro Flash Memory Card Driver
[2011.04.01 17:45:47 | 000,000,000 | ---D | M] -- C:\Programme\PokerStars.NET
[2009.10.17 17:01:31 | 000,000,000 | ---D | M] -- C:\Programme\ProtectDisc Driver Installer
[2009.12.13 14:41:13 | 000,000,000 | ---D | M] -- C:\Programme\QS
[2010.12.17 19:37:05 | 000,000,000 | ---D | M] -- C:\Programme\QuickTime
[2008.10.14 23:19:39 | 000,000,000 | ---D | M] -- C:\Programme\Realtek
[2010.11.08 01:15:26 | 000,000,000 | ---D | M] -- C:\Programme\Red Kawa
[2006.11.02 14:35:51 | 000,000,000 | ---D | M] -- C:\Programme\Reference Assemblies
[2010.11.03 15:52:17 | 000,000,000 | ---D | M] -- C:\Programme\RouterControl
[2009.05.03 11:52:37 | 000,000,000 | ---D | M] -- C:\Programme\SCWA-Software
[2010.02.24 18:08:04 | 000,000,000 | R--D | M] -- C:\Programme\Skype
[2011.05.01 22:57:49 | 000,000,000 | ---D | M] -- C:\Programme\Spybot - Search & Destroy
[2011.02.12 16:27:01 | 000,000,000 | ---D | M] -- C:\Programme\TeamViewer
[2006.11.02 14:58:18 | 000,000,000 | -H-D | M] -- C:\Programme\Uninstall Information
[2009.04.07 01:43:34 | 000,000,000 | ---D | M] -- C:\Programme\VideoLAN
[2010.02.24 18:02:58 | 000,000,000 | ---D | M] -- C:\Programme\Warcraft III
[2009.06.24 16:11:37 | 000,000,000 | ---D | M] -- C:\Programme\WinAVIVideoConverter
[2011.04.25 15:48:35 | 000,000,000 | ---D | M] -- C:\Programme\Windows Calendar
[2011.04.25 15:48:34 | 000,000,000 | ---D | M] -- C:\Programme\Windows Collaboration
[2011.04.25 15:48:31 | 000,000,000 | ---D | M] -- C:\Programme\Windows Defender
[2009.05.05 17:07:55 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live
[2009.05.05 17:07:26 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live SkyDrive
[2011.04.25 15:48:35 | 000,000,000 | ---D | M] -- C:\Programme\Windows Mail
[2011.04.25 15:48:34 | 000,000,000 | ---D | M] -- C:\Programme\Windows Media Player
[2009.04.03 21:33:10 | 000,000,000 | ---D | M] -- C:\Programme\Windows NT
[2011.04.25 15:48:34 | 000,000,000 | ---D | M] -- C:\Programme\Windows Photo Gallery
[2011.04.25 15:48:34 | 000,000,000 | ---D | M] -- C:\Programme\Windows Sidebar
[2009.11.14 18:57:26 | 000,000,000 | ---D | M] -- C:\Programme\winklers
[2009.04.04 20:14:03 | 000,000,000 | ---D | M] -- C:\Programme\WinRAR

xRaptoRxGG 02.05.2011 10:44

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< C:\ProgramData\{EBDD7DE0-D012-47DF-859B-DB1061E2D512} /S >

< C:\Users\Gökhan Gürel\AppData\Roaming\Ucsohi /S >
[1 C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp files -> C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp -> ]

< C:\Users\Gökhan Gürel\AppData\Roaming\Obliw /S >
[1 C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp files -> C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp -> ]


< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008.01.21 04:34:42 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:34:42 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe

< MD5 for: USERINIT.EXE >
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

xRaptoRxGG 02.05.2011 10:46

< MD5 for: WININIT.EXE >
[2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

xRaptoRxGG 02.05.2011 10:55

Es ist unmöglich das Ende des Logfiles zu posten...

Das ist sowas von Merkwürdig.



Ich kanns weder posten, noch kann ich es als .txt anhängen. Immer wieder kommt diese Fehlermeldung.


Auf C: hab ich jetzt 15GB freien Platz geschaffen. Ich hoffe das reicht.

M-K-D-B 02.05.2011 13:13

Hallo xRaptoRxGG,



Zitat:

Zitat von xRaptoRxGG (Beitrag 651251)
Es ist unmöglich das Ende des Logfiles zu posten...

Das ist sowas von Merkwürdig.

Ich kanns weder posten, noch kann ich es als .txt anhängen. Immer wieder kommt diese Fehlermeldung.

Ok, vielen Dank für die Rückmeldung.


Zitat:

Zitat von xRaptoRxGG (Beitrag 651251)
Auf C: hab ich jetzt 15GB freien Platz geschaffen. Ich hoffe das reicht.

Zitat:

Drive C: | 69,65 Gb Total Space | 14,46 Gb Free Space | 20,76% Space Free | Partition Type: NTFS
Das sollte reichen. :)

Zitat:

Drive D: | 69,64 Gb Total Space | 0,08 Gb Free Space | 0,12% Space Free | Partition Type: NTFS
Wie siehts mit dieser Partition aus? Kannst du da auch noch was löschen? Wäre nicht schlecht. :daumenhoc






Schritt # 1: TDSS Killer ausführen
Dowloade Dir bitte TDSS Killer.exe und speichere die Datei am Desktop.
  • Schließe alle laufenden Programme.
  • Trenne dich von Internet.
  • Deaktiviere deine AntiViren Software.
  • Starte TDSSkiller.exe mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start scan.
    Mache während dem Scan nichts am Rechner
    1. Sollte das Tool keine Funde aufweisen, klicke Close um es zu schließen.
    2. Wurde etwas gefunden werden die Funde in Scan results - Select action for found objects angezeigt und geben 3 Auswahlmöglichkeiten.
      Gehe sicher das Cure ( default ) angehackt ist ! Drücke Continue --> Reboot.
  • Die Logfile ist nach dem Neustart auf deinem Systemlaufwerk ( meist C: ) unter TDSSKiller_version_date_time_log.txt zu finden.
  • Bitte poste mir den Inhalt hier in deinen Thread.




Schritt # 2: aswMBR.exe ausführen
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Klicke auf Scan
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.





Schritt # 3: Fix mit OTL
Code:

:OTL
O4 - HKCU..\Run: [4E3E0230AEBB4E96] File not found
[2011.04.25 16:29:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\{EBDD7DE0-D012-47DF-859B-DB1061E2D512}
[2011.04.25 14:36:22 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\Ucsohi
[2011.04.25 14:36:22 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\Obliw
[2010.10.15 15:48:59 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin

:commands
[ResetHosts]
[Emptytemp]

  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread




Schritt # 4: ComboFix ausführen
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop
  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
  • ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
  • Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

http://i94.photobucket.com/albums/l8...eWHKonsole.jpg

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

http://i94.photobucket.com/albums/l8...nstalliert.jpg

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.





Schritt # 5: Systemscan mit OTL
  • Starte bitte OTL.exe.
  • Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
  • Poste die OTL.txt und die Extras.txt hier in deinen Thread.




Schritt # 6: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
  • die Beantwortung der gestellten Fragen,
  • das Logfile des TDSS Killers,
  • das Logfile des OTL-Fix,
  • das Logfile von ComboFix und
  • die beiden neuen Logfiles von OTL (OTL.txt und Extras.txt).

xRaptoRxGG 02.05.2011 13:36

1. Auf Laufwerk D: habe ich jetzt ca. 8GB freien Speicherplatz.

2. Beim Start des TDSS Killer lädt der Balken bis 80% und einen Moment später stürtzt laut Windows das Programm ab bzw. funktioniert nicht mehr.

M-K-D-B 02.05.2011 13:55

Hallo xRaptoRxGG,


Zitat:

Zitat von xRaptoRxGG (Beitrag 651362)
1. Auf Laufwerk D: habe ich jetzt ca. 8GB freien Speicherplatz.

Ok. Je mehr frei ist, desto besser.


Zitat:

Zitat von xRaptoRxGG (Beitrag 651362)
2. Beim Start des TDSS Killer lädt der Balken bis 80% und einen Moment später stürtzt laut Windows das Programm ab bzw. funktioniert nicht mehr.

Vergiss den TDSS Killer. Das ist eine neuere Variante des Rootkits. Damit wird dieses Tool (noch) nicht fertig. Wir versuchen was anderes:


Schritt # 1: Fix mit aswMBR
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Klicke auf Scan
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke nun auf Fix. Dieser Vorgang kann etwas dauern.
  • Drücke anschließend auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

xRaptoRxGG 02.05.2011 15:06

aswMBR version 0.9.5.232 Copyright(c) 2011 AVAST Software
Run date: 2011-05-01 23:05:04
-----------------------------
23:05:04.207 OS Version: Windows 6.0.6002 Service Pack 2
23:05:04.229 Number of processors: 1 586 0xF0D
23:05:04.232 ComputerName: GÖKHANGÜREL-PC UserName: Gökhan Gürel
23:05:21.825 Initialize success
23:05:49.280 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:05:49.284 Disk 0 Vendor: Hitachi_HTS542516K9SA00 BBCOC31P Size: 152627MB BusType: 3
23:05:51.320 Disk 0 MBR read successfully
23:05:51.329 Disk 0 MBR scan
23:05:51.333 Disk 0 TDL4@MBR code has been found
23:05:51.337 Disk 0 MBR hidden
23:05:51.345 Disk 0 MBR [TDL4] **ROOTKIT**
23:05:51.354 Disk 0 trace - called modules:
23:05:51.367 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85f57730]<<
23:05:51.373 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859bdaa0]
23:05:51.384 3 CLASSPNP.SYS[86faa8b3] -> nt!IofCallDriver -> [0x85fe4298]
23:05:51.395 \Driver\atapi[0x853f6090] -> IRP_MJ_CREATE -> 0x85f57730
23:05:51.402 Scan finished successfully
23:06:26.339 Disk 0 MBR has been saved successfully to "C:\Users\Gökhan Gürel\Desktop\MBR.dat"
23:06:26.447 The log file has been saved successfully to "C:\Users\Gökhan Gürel\Desktop\aswMBR.txt"


aswMBR version 0.9.5.232 Copyright(c) 2011 AVAST Software
Run date: 2011-05-02 16:04:20
-----------------------------
16:04:20.430 OS Version: Windows 6.0.6002 Service Pack 2
16:04:20.431 Number of processors: 1 586 0xF0D
16:04:20.432 ComputerName: GÖKHANGÜREL-PC UserName: Gökhan Gürel
16:04:26.962 Initialize success
16:04:38.432 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:04:38.435 Disk 0 Vendor: Hitachi_HTS542516K9SA00 BBCOC31P Size: 152627MB BusType: 3
16:04:40.444 Disk 0 MBR read successfully
16:04:40.448 Disk 0 MBR scan
16:04:40.456 Disk 0 TDL4@MBR code has been found
16:04:40.461 Disk 0 MBR hidden
16:04:40.470 Disk 0 MBR [TDL4] **ROOTKIT**
16:04:40.475 Disk 0 trace - called modules:
16:04:40.481 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x84b8a228]<<
16:04:40.491 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859bd960]
16:04:40.497 Scan finished successfully
16:04:48.093 Disk 0 fixing MBR
16:04:58.105 Disk 0 MBR restored successfully
16:04:58.115 Infection fixed successfully - please reboot ASAP
16:05:30.518 Disk 0 MBR has been saved successfully to "C:\Users\Gökhan Gürel\Desktop\MBR.dat"
16:05:30.540 The log file has been saved successfully to "C:\Users\Gökhan Gürel\Desktop\aswMBR.txt"

M-K-D-B 02.05.2011 19:29

Hallo xRaptoRxGG,

Zitat:

16:04:58.115 Infection fixed successfully - please reboot ASAP
Anscheined hat es geklappt. Hast du deinen Rechner seit dem Fix mit aswMBR schon mal neu gestartet?
Starte deinen Rechner neu auf.

Wir kontrollieren, ob das Rootkit wirklich weg ist:




Schritt # 1: aswMBR.exe ausführen
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Klicke auf Scan
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.





Schritt # 2: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
  • das neue Logfile von aswMBR.

xRaptoRxGG 03.05.2011 12:10

aswMBR version 0.9.5.232 Copyright(c) 2011 AVAST Software
Run date: 2011-05-01 23:05:04
-----------------------------
23:05:04.207 OS Version: Windows 6.0.6002 Service Pack 2
23:05:04.229 Number of processors: 1 586 0xF0D
23:05:04.232 ComputerName: GÖKHANGÜREL-PC UserName: Gökhan Gürel
23:05:21.825 Initialize success
23:05:49.280 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:05:49.284 Disk 0 Vendor: Hitachi_HTS542516K9SA00 BBCOC31P Size: 152627MB BusType: 3
23:05:51.320 Disk 0 MBR read successfully
23:05:51.329 Disk 0 MBR scan
23:05:51.333 Disk 0 TDL4@MBR code has been found
23:05:51.337 Disk 0 MBR hidden
23:05:51.345 Disk 0 MBR [TDL4] **ROOTKIT**
23:05:51.354 Disk 0 trace - called modules:
23:05:51.367 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85f57730]<<
23:05:51.373 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859bdaa0]
23:05:51.384 3 CLASSPNP.SYS[86faa8b3] -> nt!IofCallDriver -> [0x85fe4298]
23:05:51.395 \Driver\atapi[0x853f6090] -> IRP_MJ_CREATE -> 0x85f57730
23:05:51.402 Scan finished successfully
23:06:26.339 Disk 0 MBR has been saved successfully to "C:\Users\Gökhan Gürel\Desktop\MBR.dat"
23:06:26.447 The log file has been saved successfully to "C:\Users\Gökhan Gürel\Desktop\aswMBR.txt"


aswMBR version 0.9.5.232 Copyright(c) 2011 AVAST Software
Run date: 2011-05-02 16:04:20
-----------------------------
16:04:20.430 OS Version: Windows 6.0.6002 Service Pack 2
16:04:20.431 Number of processors: 1 586 0xF0D
16:04:20.432 ComputerName: GÖKHANGÜREL-PC UserName: Gökhan Gürel
16:04:26.962 Initialize success
16:04:38.432 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:04:38.435 Disk 0 Vendor: Hitachi_HTS542516K9SA00 BBCOC31P Size: 152627MB BusType: 3
16:04:40.444 Disk 0 MBR read successfully
16:04:40.448 Disk 0 MBR scan
16:04:40.456 Disk 0 TDL4@MBR code has been found
16:04:40.461 Disk 0 MBR hidden
16:04:40.470 Disk 0 MBR [TDL4] **ROOTKIT**
16:04:40.475 Disk 0 trace - called modules:
16:04:40.481 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x84b8a228]<<
16:04:40.491 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859bd960]
16:04:40.497 Scan finished successfully
16:04:48.093 Disk 0 fixing MBR
16:04:58.105 Disk 0 MBR restored successfully
16:04:58.115 Infection fixed successfully - please reboot ASAP
16:05:30.518 Disk 0 MBR has been saved successfully to "C:\Users\Gökhan Gürel\Desktop\MBR.dat"
16:05:30.540 The log file has been saved successfully to "C:\Users\Gökhan Gürel\Desktop\aswMBR.txt"


aswMBR version 0.9.5.232 Copyright(c) 2011 AVAST Software
Run date: 2011-05-03 13:07:32
-----------------------------
13:07:32.201 OS Version: Windows 6.0.6002 Service Pack 2
13:07:32.201 Number of processors: 1 586 0xF0D
13:07:32.202 ComputerName: GÖKHANGÜREL-PC UserName: Gökhan Gürel
13:07:39.223 Initialize success
13:07:46.022 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:07:46.030 Disk 0 Vendor: Hitachi_HTS542516K9SA00 BBCOC31P Size: 152627MB BusType: 3
13:07:48.057 Disk 0 MBR read successfully
13:07:48.061 Disk 0 MBR scan
13:07:48.065 Disk 0 unknown MBR code
13:07:50.070 Disk 0 scanning sectors +312578048
13:07:50.099 Disk 0 scanning C:\Windows\system32\drivers
13:07:55.468 Service scanning
13:07:59.276 Disk 0 trace - called modules:
13:07:59.302 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
13:07:59.307 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855bdac8]
13:07:59.317 3 CLASSPNP.SYS[86fa98b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84e6f408]
13:07:59.322 Scan finished successfully
13:08:26.698 Disk 0 MBR has been saved successfully to "C:\Users\Gökhan Gürel\Desktop\MBR.dat"
13:08:26.725 The log file has been saved successfully to "C:\Users\Gökhan Gürel\Desktop\aswMBR.txt"

M-K-D-B 03.05.2011 16:25

Hallo xRaptoRxGG,


ich hab noch so meine Bedenken wegen dieser Zeile hier:
Zitat:

13:07:48.065 Disk 0 unknown MBR code
Lösche zuerst den TDSS Killer von Kaspersky von deinem Desktop!

Seit heute gibt es davon nämlich eine neue Version (2.5). Damit sollte es auf jeden Fall funktionieren. Auch wenn der TDSS Killer nichts findet, poste mir bitte das Logfile!





Schritt # 1: TDSS Killer ausführen
Dowloade Dir bitte TDSS Killer.exe und speichere die Datei am Desktop.
  • Schließe alle laufenden Programme.
  • Trenne dich von Internet.
  • Deaktiviere deine AntiViren Software.
  • Starte TDSSkiller.exe mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start scan.
    Mache während dem Scan nichts am Rechner
    1. Sollte das Tool keine Funde aufweisen, klicke Close um es zu schließen.
    2. Wurde etwas gefunden werden die Funde in Scan results - Select action for found objects angezeigt und geben 3 Auswahlmöglichkeiten.
      Gehe sicher das Cure ( default ) angehackt ist ! Drücke Continue --> Reboot.
  • Die Logfile ist nach dem Neustart auf deinem Systemlaufwerk ( meist C: ) unter TDSSKiller_version_date_time_log.txt zu finden.
  • Bitte poste mir den Inhalt hier in deinen Thread.




Schritt # 2: Fix mit OTL
Code:

:OTL
O4 - HKCU..\Run: [4E3E0230AEBB4E96] File not found
[2011.04.25 16:29:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\{EBDD7DE0-D012-47DF-859B-DB1061E2D512}
[2011.04.25 14:36:22 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\Ucsohi
[2011.04.25 14:36:22 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\Obliw
[2010.10.15 15:48:59 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin

:commands
[ResetHosts]
[Emptytemp]

  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread




Schritt # 3: ComboFix ausführen
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop
  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
  • ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
  • Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

http://i94.photobucket.com/albums/l8...eWHKonsole.jpg

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

http://i94.photobucket.com/albums/l8...nstalliert.jpg

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.





Schritt # 4: Systemscan mit OTL
  • Starte bitte OTL.exe.
  • Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
  • Poste die OTL.txt und die Extras.txt hier in deinen Thread.




Schritt # 5: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
  • das Logfile des TDSS Killers,
  • das Logfile des OTL-Fix,
  • das Logfile von ComboFix und
  • die beiden neuen Logfiles von OTL (OTL.txt und Extras.txt).

xRaptoRxGG 04.05.2011 17:25

Nichts gefunden!


2011/05/04 18:05:02.0873 2672 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/04 18:05:02.0998 2672 ================================================================================
2011/05/04 18:05:02.0998 2672 SystemInfo:
2011/05/04 18:05:02.0998 2672
2011/05/04 18:05:02.0998 2672 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/04 18:05:02.0998 2672 Product type: Workstation
2011/05/04 18:05:02.0999 2672 ComputerName: GÖKHANGÜREL-PC
2011/05/04 18:05:02.0999 2672 UserName: Gökhan Gürel
2011/05/04 18:05:02.0999 2672 Windows directory: C:\Windows
2011/05/04 18:05:02.0999 2672 System windows directory: C:\Windows
2011/05/04 18:05:02.0999 2672 Processor architecture: Intel x86
2011/05/04 18:05:02.0999 2672 Number of processors: 1
2011/05/04 18:05:02.0999 2672 Page size: 0x1000
2011/05/04 18:05:02.0999 2672 Boot type: Normal boot
2011/05/04 18:05:02.0999 2672 ================================================================================
2011/05/04 18:05:04.0344 2672 Initialize success
2011/05/04 18:05:10.0669 3908 ================================================================================
2011/05/04 18:05:10.0669 3908 Scan started
2011/05/04 18:05:10.0669 3908 Mode: Manual;
2011/05/04 18:05:10.0669 3908 ================================================================================
2011/05/04 18:05:12.0197 3908 acedrv11 (66dc3740111238c91b875d8a0021834d) C:\Windows\system32\drivers\acedrv11.sys
2011/05/04 18:05:12.0271 3908 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/04 18:05:12.0609 3908 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/04 18:05:12.0770 3908 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/04 18:05:12.0996 3908 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/04 18:05:13.0125 3908 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/04 18:05:13.0236 3908 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/04 18:05:13.0375 3908 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/04 18:05:13.0459 3908 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/04 18:05:13.0514 3908 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/04 18:05:13.0636 3908 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/04 18:05:13.0683 3908 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/04 18:05:13.0760 3908 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/04 18:05:13.0924 3908 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/04 18:05:14.0119 3908 ApfiltrService (b90e6ec1c41e3c6cc4f69baa9d74515c) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/05/04 18:05:14.0227 3908 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/04 18:05:14.0325 3908 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/04 18:05:14.0442 3908 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/04 18:05:14.0512 3908 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/04 18:05:14.0662 3908 athr (7fa516fc81dd5931f389b56279a27a3e) C:\Windows\system32\DRIVERS\athr.sys
2011/05/04 18:05:14.0857 3908 b57nd60x (7d0f2bfa273831124fa08526af48af18) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/04 18:05:14.0945 3908 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/04 18:05:15.0091 3908 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/04 18:05:15.0282 3908 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/04 18:05:15.0414 3908 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/04 18:05:15.0540 3908 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/04 18:05:15.0648 3908 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/04 18:05:15.0812 3908 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/04 18:05:15.0883 3908 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/04 18:05:16.0010 3908 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/04 18:05:16.0095 3908 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/04 18:05:16.0241 3908 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/04 18:05:16.0379 3908 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/04 18:05:16.0538 3908 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/04 18:05:16.0717 3908 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/04 18:05:16.0846 3908 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/04 18:05:16.0960 3908 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/04 18:05:17.0071 3908 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/04 18:05:17.0252 3908 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/04 18:05:17.0386 3908 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/04 18:05:17.0682 3908 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/04 18:05:17.0897 3908 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/04 18:05:18.0092 3908 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/05/04 18:05:18.0252 3908 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/04 18:05:18.0368 3908 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/04 18:05:18.0534 3908 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/04 18:05:18.0649 3908 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/04 18:05:18.0806 3908 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/04 18:05:18.0889 3908 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/04 18:05:19.0199 3908 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/04 18:05:19.0353 3908 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/04 18:05:20.0018 3908 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/04 18:05:20.0316 3908 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/04 18:05:20.0514 3908 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/04 18:05:20.0785 3908 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/04 18:05:21.0018 3908 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/04 18:05:21.0180 3908 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/04 18:05:21.0262 3908 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/04 18:05:21.0569 3908 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/04 18:05:21.0714 3908 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/04 18:05:21.0893 3908 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/04 18:05:22.0126 3908 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/04 18:05:22.0221 3908 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/04 18:05:22.0495 3908 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/04 18:05:22.0655 3908 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/04 18:05:22.0918 3908 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/05/04 18:05:23.0398 3908 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/05/04 18:05:23.0648 3908 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/05/04 18:05:23.0718 3908 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2011/05/04 18:05:23.0928 3908 hwdatacard (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/05/04 18:05:24.0052 3908 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/04 18:05:24.0187 3908 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/04 18:05:24.0323 3908 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/04 18:05:25.0017 3908 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/04 18:05:25.0640 3908 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/04 18:05:25.0774 3908 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
2011/05/04 18:05:26.0051 3908 IntcAzAudAddService (58628f232a00a3149d7cc7708c521499) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/04 18:05:26.0314 3908 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys
2011/05/04 18:05:26.0408 3908 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/04 18:05:26.0545 3908 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/04 18:05:26.0746 3908 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/04 18:05:27.0084 3908 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/04 18:05:27.0308 3908 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/04 18:05:27.0511 3908 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2011/05/04 18:05:27.0683 3908 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/04 18:05:28.0002 3908 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/04 18:05:28.0616 3908 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/04 18:05:29.0058 3908 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/04 18:05:29.0292 3908 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/04 18:05:29.0655 3908 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/04 18:05:29.0993 3908 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/04 18:05:30.0560 3908 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/04 18:05:31.0063 3908 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/04 18:05:31.0481 3908 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/04 18:05:32.0138 3908 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/04 18:05:32.0534 3908 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/04 18:05:32.0883 3908 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/04 18:05:33.0169 3908 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/04 18:05:33.0601 3908 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/04 18:05:34.0069 3908 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/04 18:05:34.0480 3908 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/04 18:05:34.0770 3908 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/04 18:05:35.0004 3908 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/04 18:05:35.0206 3908 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/04 18:05:35.0484 3908 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/04 18:05:35.0729 3908 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/04 18:05:35.0887 3908 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/04 18:05:36.0073 3908 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/04 18:05:36.0253 3908 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/04 18:05:36.0454 3908 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/04 18:05:36.0701 3908 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/04 18:05:36.0897 3908 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/04 18:05:37.0034 3908 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/05/04 18:05:37.0155 3908 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/04 18:05:37.0485 3908 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/04 18:05:37.0848 3908 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/04 18:05:38.0090 3908 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/04 18:05:38.0226 3908 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/04 18:05:38.0348 3908 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/04 18:05:38.0536 3908 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/04 18:05:38.0657 3908 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/04 18:05:38.0802 3908 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/04 18:05:38.0937 3908 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/04 18:05:39.0159 3908 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/04 18:05:39.0526 3908 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/04 18:05:39.0729 3908 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/04 18:05:39.0843 3908 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/04 18:05:39.0953 3908 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/04 18:05:40.0093 3908 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/04 18:05:40.0211 3908 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/04 18:05:40.0414 3908 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/04 18:05:40.0617 3908 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/04 18:05:40.0759 3908 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/04 18:05:40.0889 3908 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
2011/05/04 18:05:41.0032 3908 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/04 18:05:41.0155 3908 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/04 18:05:41.0364 3908 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/05/04 18:05:41.0454 3908 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/04 18:05:41.0633 3908 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/04 18:05:41.0772 3908 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/04 18:05:41.0873 3908 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/04 18:05:42.0082 3908 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/04 18:05:42.0958 3908 O2MDRDR (78575368974962042472f18b24d3cf28) C:\Windows\system32\DRIVERS\o2media.sys
2011/05/04 18:05:43.0334 3908 O2SDRDR (b6dbda8c79dc4333ad9b0c15067b8247) C:\Windows\system32\DRIVERS\o2sd.sys
2011/05/04 18:05:43.0664 3908 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/04 18:05:44.0066 3908 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/04 18:05:44.0735 3908 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/04 18:05:45.0040 3908 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/04 18:05:45.0287 3908 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/04 18:05:45.0546 3908 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/04 18:05:45.0640 3908 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/04 18:05:45.0788 3908 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/04 18:05:46.0160 3908 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/04 18:05:46.0320 3908 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/04 18:05:46.0545 3908 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/04 18:05:46.0839 3908 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/04 18:05:47.0005 3908 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/04 18:05:47.0071 3908 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/04 18:05:47.0153 3908 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/04 18:05:47.0206 3908 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/04 18:05:47.0536 3908 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/04 18:05:47.0742 3908 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/04 18:05:48.0042 3908 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/04 18:05:48.0223 3908 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/04 18:05:48.0478 3908 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/04 18:05:48.0602 3908 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/04 18:05:48.0857 3908 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/04 18:05:49.0013 3908 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
2011/05/04 18:05:49.0217 3908 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/04 18:05:49.0406 3908 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/04 18:05:50.0013 3908 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/04 18:05:50.0340 3908 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/04 18:05:50.0514 3908 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/04 18:05:50.0696 3908 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/04 18:05:50.0771 3908 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/04 18:05:51.0038 3908 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/04 18:05:51.0124 3908 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/04 18:05:51.0298 3908 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/04 18:05:51.0440 3908 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/04 18:05:51.0599 3908 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/04 18:05:51.0722 3908 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/04 18:05:51.0892 3908 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/04 18:05:52.0078 3908 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/04 18:05:52.0191 3908 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/04 18:05:52.0529 3908 sptd (71e276f6d189413266ea22171806597b) C:\Windows\System32\Drivers\sptd.sys
2011/05/04 18:05:52.0840 3908 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/04 18:05:52.0996 3908 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/04 18:05:53.0069 3908 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/04 18:05:53.0334 3908 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/04 18:05:53.0438 3908 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/04 18:05:53.0588 3908 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/04 18:05:53.0771 3908 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/04 18:05:54.0077 3908 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/04 18:05:54.0288 3908 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/04 18:05:54.0443 3908 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/04 18:05:54.0496 3908 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/04 18:05:54.0549 3908 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/04 18:05:54.0690 3908 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/04 18:05:54.0762 3908 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/04 18:05:54.0952 3908 TpChoice (3afff25eae28188fa4ecd292658be31b) C:\Windows\system32\DRIVERS\TpChoice.sys
2011/05/04 18:05:55.0080 3908 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/04 18:05:55.0235 3908 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/04 18:05:55.0331 3908 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/04 18:05:55.0636 3908 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/04 18:05:55.0710 3908 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2011/05/04 18:05:55.0878 3908 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/04 18:05:56.0076 3908 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/04 18:05:56.0169 3908 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/04 18:05:56.0307 3908 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/04 18:05:56.0378 3908 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/04 18:05:56.0457 3908 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/04 18:05:56.0667 3908 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/05/04 18:05:56.0864 3908 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/04 18:05:56.0983 3908 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/04 18:05:57.0201 3908 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/04 18:05:57.0310 3908 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/04 18:05:57.0475 3908 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/04 18:05:57.0559 3908 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/04 18:05:57.0643 3908 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/04 18:05:57.0808 3908 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/04 18:05:57.0951 3908 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/04 18:05:58.0102 3908 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/04 18:05:58.0208 3908 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/04 18:05:58.0308 3908 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/04 18:05:58.0424 3908 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/04 18:05:58.0523 3908 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/04 18:05:58.0623 3908 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/04 18:05:58.0744 3908 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/04 18:05:58.0893 3908 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/04 18:05:59.0075 3908 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/04 18:05:59.0218 3908 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/04 18:05:59.0410 3908 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/04 18:05:59.0436 3908 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/04 18:05:59.0627 3908 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/04 18:05:59.0791 3908 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/04 18:06:00.0106 3908 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/05/04 18:06:00.0346 3908 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/04 18:06:00.0582 3908 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/04 18:06:00.0838 3908 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/04 18:06:01.0084 3908 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/04 18:06:01.0234 3908 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/05/04 18:06:01.0529 3908 ================================================================================
2011/05/04 18:06:01.0529 3908 Scan finished
2011/05/04 18:06:01.0529 3908 ================================================================================
2011/05/04 18:08:36.0226 4020 Deinitialize success

xRaptoRxGG 04.05.2011 17:32

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\4E3E0230AEBB4E96 deleted successfully.
Folder C:\ProgramData\{EBDD7DE0-D012-47DF-859B-DB1061E2D512}\ not found.
C:\Users\Gökhan Gürel\AppData\Roaming\Ucsohi folder moved successfully.
C:\Users\Gökhan Gürel\AppData\Roaming\Obliw folder moved successfully.
C:\Recycle.Bin folder moved successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gökhan Gürel
->Temp folder emptied: 1048825 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 154169481 bytes
->Flash cache emptied: 1605 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1614928 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 150,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05042011_182725

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP000000110A85A4591F7FB083 not found!

Registry entries deleted on Reboot...

xRaptoRxGG 04.05.2011 18:22

Combofix Logfile:
Code:

ComboFix 11-05-03.08 - Gökhan Gürel 04.05.2011  18:55:49.1.1 - x86
Microsoft® Windows Vista™ Home Basic  6.0.6002.2.1252.49.1031.18.952.213 [GMT 2:00]
ausgeführt von:: c:\users\Gökhan Gürel\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gökhan Gürel\AppData\Roaming\Adobe\plugs
c:\users\Gökhan Gürel\AppData\Roaming\Adobe\shed
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-04 bis 2011-05-04  ))))))))))))))))))))))))))))))
.
.
2011-05-04 17:11 . 2011-05-04 17:11        --------        d-----w-        c:\users\Gökhan Gürel\AppData\Local\temp
2011-05-04 17:11 . 2011-05-04 17:11        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-04 16:14 . 2011-05-04 16:14        --------        d-----w-        c:\program files\Windows Portable Devices
2011-05-04 16:11 . 2009-09-10 02:00        1164800        ----a-w-        c:\windows\system32\UIRibbonRes.dll
2011-05-04 16:11 . 2009-09-10 02:00        92672        ----a-w-        c:\windows\system32\UIAnimation.dll
2011-05-04 16:11 . 2009-09-10 02:01        3023360        ----a-w-        c:\windows\system32\UIRibbon.dll
2011-05-04 16:11 . 2009-09-25 01:33        369664        ----a-w-        c:\windows\system32\WMPhoto.dll
2011-05-04 16:11 . 2009-09-25 02:10        974848        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2011-05-04 16:11 . 2009-09-25 02:07        189440        ----a-w-        c:\windows\system32\WindowsCodecsExt.dll
2011-05-04 16:11 . 2009-09-25 02:04        321024        ----a-w-        c:\windows\system32\PhotoMetadataHandler.dll
2011-05-04 16:11 . 2009-09-25 01:33        195584        ----a-w-        c:\windows\system32\dxdiagn.dll
2011-05-04 16:11 . 2009-09-25 01:32        252928        ----a-w-        c:\windows\system32\dxdiag.exe
2011-05-04 16:11 . 2009-09-25 01:31        519680        ----a-w-        c:\windows\system32\d3d11.dll
2011-05-04 16:08 . 2009-10-08 21:07        4096        ----a-w-        c:\windows\system32\oleaccrc.dll
2011-05-04 16:08 . 2009-10-08 21:08        555520        ----a-w-        c:\windows\system32\UIAutomationCore.dll
2011-05-04 16:08 . 2009-10-08 21:08        234496        ----a-w-        c:\windows\system32\oleacc.dll
2011-05-03 10:36 . 2011-02-22 13:33        797696        ----a-w-        c:\windows\system32\FntCache.dll
2011-05-03 10:34 . 2010-05-04 19:13        231424        ----a-w-        c:\windows\system32\msshsq.dll
2011-05-03 10:23 . 2011-04-11 07:04        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5AF6409-4BB9-44A7-A698-2A6B3D85874D}\mpengine.dll
2011-04-28 17:17 . 2011-04-28 17:17        98392        ----a-w-        c:\windows\system32\drivers\SBREDrv.sys
2011-04-28 13:09 . 2011-04-28 13:09        --------        d--h--w-        c:\programdata\CanonIJEGV
2011-04-27 17:55 . 2011-04-27 17:55        --------        d-----w-        C:\_OTL
2011-04-26 21:41 . 2011-04-27 17:36        --------        d-----w-        c:\program files\ERUNT
2011-04-25 14:30 . 2011-04-25 14:30        --------        d-----w-        c:\users\Gökhan Gürel\AppData\Local\Sunbelt Software
2011-04-25 14:28 . 2011-05-03 12:27        --------        d-----w-        c:\programdata\Lavasoft
2011-04-25 13:47 . 2011-04-25 13:48        --------        d-----w-        c:\windows\system32\ca-ES
2011-04-25 13:47 . 2011-04-25 13:48        --------        d-----w-        c:\windows\system32\eu-ES
2011-04-25 13:47 . 2011-04-25 13:48        --------        d-----w-        c:\windows\system32\vi-VN
2011-04-25 12:41 . 2011-04-25 12:41        --------        d-----w-        c:\windows\system32\EventProviders
2011-04-25 12:36 . 2011-04-25 12:36        233984        ----a-w-        c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\dacaru.exe
2011-04-25 10:43 . 2011-05-01 20:57        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2011-04-25 10:43 . 2011-05-01 20:56        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2011-04-23 17:04 . 2011-04-23 17:04        --------        d-----w-        c:\windows\Sun
2011-04-23 16:43 . 2011-04-23 16:43        --------        d-----w-        c:\users\Gökhan Gürel\AppData\Roaming\Malwarebytes
2011-04-23 16:43 . 2011-04-23 16:43        --------        d-----w-        c:\programdata\Malwarebytes
2011-04-23 15:31 . 2011-04-23 15:31        112        ----a-w-        c:\users\Gökhan Gürel\AppData\Roaming\srvblck2.tmp
2011-04-22 19:18 . 2011-04-22 19:18        --------        d-----w-        c:\users\Gökhan Gürel\AppData\Local\DDMSettings
2011-04-22 18:57 . 2011-04-22 18:57        --------        d-----w-        c:\program files\Common Files\PX Storage Engine
2011-04-22 18:56 . 2011-04-22 18:57        --------        d-----w-        c:\program files\Common Files\DivX Shared
2011-04-22 18:54 . 2011-04-22 18:58        --------        d-----w-        c:\programdata\DivX
2011-04-13 15:23 . 2011-03-03 10:49        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-23 15:31 . 2011-04-23 15:31        112        ----a-w-        c:\users\Gökhan Gürel\AppData\Roaming\srvblck2.tmp
2011-04-23 15:31 . 2011-04-23 15:31        112        ----a-w-        c:\users\Gökhan Gürel\AppData\Roaming\srvblck2.tmp
2011-04-01 15:52 . 2008-09-17 13:29        14744        ----a-w-        c:\users\Gökhan Gürel\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2011-04-01 15:52 . 2008-09-17 13:29        14744        ----a-w-        c:\users\Gökhan Gürel\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2011-03-03 15:40 . 2011-05-03 10:36        173056        ----a-w-        c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-05-03 10:36        458752        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-05-03 10:36        542720        ----a-w-        c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-05-03 10:36        2159616        ----a-w-        c:\windows\apppatch\AcGenral.dll
2008-12-09 15:23        47840        --sh--r-        c:\windows\System32\config\systemprofile\AppData\Roaming\appconf32.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RouterControl"="c:\progra~1\ROUTER~1\ROUTERCONTROL.EXE" [2008-11-18 3191296]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-25 159744]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 875016]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
dacaru.exe [2011-4-25 233984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Megatech-Software-Protection;Megatech-Software-Protection;c:\program files\Common Files\Megatech\MProtect\MPSERV.EXE [2007-01-10 36864]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [2007-12-26 17968]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-04-19 717296]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-01-23 501560]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-30 112128]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-04-15 51160]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-04-08 43736]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-04 c:\windows\Tasks\User_Feed_Synchronization-{CABC6CDF-19C7-4765-9CEB-B0201A34F566}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1008&m=extensa_5230
IE: Free YouTube to Mp3 Converter - c:\users\Gökhan Gürel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Gökhan Gürel\AppData\Roaming\Mozilla\Firefox\Profiles\bq9e1jlb.default\
FF - prefs.js: browser.startup.homepage - spiegel-online.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-eRecoveryService - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-04 19:11
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-05-04  19:19:15
ComboFix-quarantined-files.txt  2011-05-04 17:19
.
Vor Suchlauf: 14 Verzeichnis(se), 13.705.502.720 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 13.323.911.168 Bytes frei
.
- - End Of File - - 42C3A8233F3B783770ACC36979741092

--- --- ---

xRaptoRxGG 04.05.2011 18:33

OTL Logfile:
Code:

OTL logfile created on: 04.05.2011 19:24:13 - Run 6
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Gökhan Gürel\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
952,00 Mb Total Physical Memory | 267,00 Mb Available Physical Memory | 28,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 12,45 Gb Free Space | 17,87% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 7,79 Gb Free Space | 11,19% Space Free | Partition Type: NTFS
 
Computer Name: GÖKHANGÜREL-PC | User Name: Gökhan Gürel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Gökhan Gürel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Gökhan Gürel\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\SysHook.dll (Acer Inc.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (o2flash) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (Megatech-Software-Protection) -- C:\Programme\Common Files\Megatech\MProtect\MPServ.exe ()
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH)
DRV - (TpChoice) -- C:\Windows\System32\drivers\TpChoice.sys (Alps Electric Co., Ltd.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1008&m=extensa_5230
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "spiegel-online.de"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.22 20:58:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.22 20:58:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.03 16:00:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.03 16:00:20 | 000,000,000 | ---D | M]
 
[2009.04.07 01:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Extensions
[2011.05.03 12:09:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions
[2010.08.31 18:29:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.16 20:36:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.03 12:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.24 10:38:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.04.22 20:58:25 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.04.22 20:58:26 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2009.06.23 19:38:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2010.10.24 10:38:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\GöKHAN GüREL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9E1JLB.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\USERS\GöKHAN GüREL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9E1JLB.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.08 08:07:41 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.08 08:07:41 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.08 08:07:41 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.08 08:07:41 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.08 08:07:41 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.04 18:27:34 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [RouterControl] C:\Programme\RouterControl\RouterControl.exe (Mirko Böer)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gökhan Gürel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.04 19:19:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.05.04 19:19:18 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\temp
[2011.05.04 18:39:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.05.04 18:39:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.05.04 18:39:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.05.04 18:39:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.05.04 18:37:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.05.04 18:37:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.05.04 18:14:58 | 000,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices
[2011.05.04 18:11:44 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011.05.04 18:11:44 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2011.05.04 18:11:43 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011.05.04 18:11:03 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011.05.04 18:11:00 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011.05.04 18:11:00 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011.05.04 18:11:00 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011.05.04 18:11:00 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011.05.04 18:11:00 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011.05.04 18:10:16 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2011.05.04 18:10:16 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011.05.04 18:10:09 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2011.05.04 18:10:05 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011.05.04 18:10:05 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2011.05.04 18:10:05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2011.05.04 18:10:04 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011.05.04 18:10:04 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011.05.04 18:10:04 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2011.05.04 18:10:04 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2011.05.04 18:10:04 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2011.05.04 18:10:04 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2011.05.04 18:08:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011.05.04 18:08:17 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011.05.03 20:57:03 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Gökhan Gürel\Desktop\tdsskiller.exe
[2011.05.03 16:01:04 | 012,362,480 | ---- | C] (Mozilla) -- C:\Users\Gökhan Gürel\Desktop\Firefox Setup 4.0.1.exe
[2011.05.03 12:37:34 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011.05.03 12:37:33 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.05.03 12:37:33 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011.05.03 12:37:33 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.05.03 12:37:32 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011.05.03 12:37:32 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011.05.03 12:37:32 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.05.03 12:37:31 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.05.03 12:37:30 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011.05.03 12:37:30 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011.05.03 12:37:30 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.05.03 12:37:28 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011.05.03 12:37:28 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011.05.03 12:36:39 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.05.03 12:36:39 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011.05.03 12:36:39 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.05.03 12:36:39 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.05.03 12:36:38 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011.05.03 12:36:38 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.05.03 12:36:38 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011.05.03 12:36:38 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.05.03 12:36:38 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011.05.03 12:36:37 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011.05.03 12:36:37 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.05.03 12:36:12 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.05.03 12:36:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.05.03 12:34:42 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011.05.01 23:02:32 | 000,575,488 | ---- | C] (AVAST Software) -- C:\Users\Gökhan Gürel\Desktop\aswMBR.exe
[2011.04.28 19:17:14 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.04.28 15:09:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2011.04.27 19:55:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.04.27 18:59:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\OTL.exe
[2011.04.27 18:59:49 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\TFC.exe
[2011.04.27 18:59:48 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\Gökhan Gürel\Desktop\Erunt-setup.exe
[2011.04.26 23:43:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.26 23:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.04.26 23:41:50 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.04.25 16:30:38 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\Sunbelt Software
[2011.04.25 16:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011.04.25 15:47:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011.04.25 15:47:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011.04.25 15:47:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011.04.25 14:41:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.04.25 12:43:53 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011.04.25 12:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.04.25 12:40:35 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Users\Gökhan Gürel\Desktop\spybotsd162.exe
[2011.04.23 19:04:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.04.23 18:43:33 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\Malwarebytes
[2011.04.23 18:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.23 17:42:00 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\VA_-_Kontor_House_Of_House_Vol.10-3CD-2010-MOD
[2011.04.23 17:41:50 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Chris_Brown-Yeah_3x_(Clean_Version)-WEB-2011-RECA
[2011.04.23 17:07:13 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Usher--More-Promo_CDS-2010-WUS
[2011.04.22 21:18:09 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\DDMSettings
[2011.04.22 20:57:27 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine
[2011.04.22 20:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011.04.22 20:56:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared
[2011.04.22 20:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011.04.20 12:50:05 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\DJ Antoine - WOW (320)
[2011.04.20 08:40:45 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Lernzettel
[2011.04.13 17:24:40 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.13 17:24:40 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.13 17:24:32 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.13 17:24:32 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.13 17:24:26 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.13 17:24:19 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.13 17:24:15 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.13 17:24:15 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.13 17:24:15 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.13 17:24:14 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.13 17:24:14 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.13 17:24:10 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.13 17:24:07 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.13 17:24:06 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2008.10.15 09:06:59 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp files -> C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.04 18:34:51 | 004,337,254 | R--- | M] () -- C:\Users\Gökhan Gürel\Desktop\ComboFix.exe
[2011.05.04 18:31:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.04 18:31:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.04 18:31:02 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.05.04 18:30:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.04 18:27:34 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.05.04 18:24:16 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.04 18:24:16 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.04 18:24:16 | 000,149,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.04 18:24:16 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.04 18:14:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.05.04 18:13:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011.05.04 17:56:30 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CABC6CDF-19C7-4765-9CEB-B0201A34F566}.job
[2011.05.03 20:57:13 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Gökhan Gürel\Desktop\tdsskiller.exe
[2011.05.03 16:01:55 | 012,362,480 | ---- | M] (Mozilla) -- C:\Users\Gökhan Gürel\Desktop\Firefox Setup 4.0.1.exe
[2011.05.03 13:08:26 | 000,000,512 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\MBR.dat
[2011.05.02 21:03:46 | 123,485,281 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.05.02 11:51:19 | 000,058,961 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\logfile ende.jpg
[2011.05.02 11:31:07 | 000,014,249 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\OTL.rar
[2011.05.02 10:34:19 | 000,163,840 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.01 23:02:46 | 000,575,488 | ---- | M] (AVAST Software) -- C:\Users\Gökhan Gürel\Desktop\aswMBR.exe
[2011.05.01 22:00:19 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011.05.01 22:00:19 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011.04.29 18:31:48 | 000,109,566 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\screen.jpg
[2011.04.28 19:17:09 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.04.27 22:21:04 | 000,301,568 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\35xnhg1c.exe
[2011.04.27 21:53:52 | 002,052,388 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Foto.JPG
[2011.04.27 21:41:23 | 000,000,020 | ---- | M] () -- C:\Users\Gökhan Gürel\defogger_reenable
[2011.04.27 21:37:18 | 000,050,477 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Defogger.exe
[2011.04.27 19:36:29 | 000,000,737 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\NTREGOPT.lnk
[2011.04.27 19:36:29 | 000,000,718 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\ERUNT.lnk
[2011.04.27 19:00:03 | 000,301,568 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\g2m3e4r.exe
[2011.04.27 19:00:01 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\Gökhan Gürel\Desktop\Erunt-setup.exe
[2011.04.27 19:00:00 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\TFC.exe
[2011.04.27 18:59:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\OTL.exe
[2011.04.26 22:49:36 | 000,377,260 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Load.exe
[2011.04.25 15:52:17 | 002,306,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.25 12:41:26 | 016,409,960 | ---- | M] (Safer Networking Limited                                    ) -- C:\Users\Gökhan Gürel\Desktop\spybotsd162.exe
[2011.04.23 18:38:39 | 001,006,778 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\iExplore.exe
[2011.04.23 18:38:18 | 001,006,778 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\rkill.com
[2011.04.20 18:01:16 | 000,000,680 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\d3d9caps.dat
[2011.04.16 14:25:34 | 005,148,967 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Sergey_Romanov_aka_Elektro_Violine_-_Qadro_Electro....mp3
[1 C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp files -> C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.04 18:39:41 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.05.04 18:39:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.05.04 18:39:41 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.05.04 18:39:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.05.04 18:39:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.05.04 18:33:58 | 004,337,254 | R--- | C] () -- C:\Users\Gökhan Gürel\Desktop\ComboFix.exe
[2011.05.04 18:14:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.05.04 18:13:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011.05.02 21:03:46 | 123,485,281 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.05.02 11:51:19 | 000,058,961 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\logfile ende.jpg
[2011.05.02 11:31:17 | 000,014,249 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\OTL.rar
[2011.05.01 23:06:26 | 000,000,512 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\MBR.dat
[2011.04.29 18:31:47 | 000,109,566 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\screen.jpg
[2011.04.28 19:17:59 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.04.28 19:17:59 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.04.27 22:20:43 | 000,301,568 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\35xnhg1c.exe
[2011.04.27 21:53:37 | 002,052,388 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Foto.JPG
[2011.04.27 21:40:59 | 000,000,020 | ---- | C] () -- C:\Users\Gökhan Gürel\defogger_reenable
[2011.04.27 21:37:05 | 000,050,477 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Defogger.exe
[2011.04.27 18:59:49 | 000,301,568 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\g2m3e4r.exe
[2011.04.26 23:41:52 | 000,000,737 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\NTREGOPT.lnk
[2011.04.26 23:41:52 | 000,000,718 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\ERUNT.lnk
[2011.04.26 22:48:31 | 000,377,260 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Load.exe
[2011.04.23 18:38:36 | 001,006,778 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\iExplore.exe
[2011.04.23 18:07:42 | 001,006,778 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\rkill.com
[2011.04.16 14:24:30 | 005,148,967 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Sergey_Romanov_aka_Elektro_Violine_-_Qadro_Electro....mp3
[2010.11.07 13:21:18 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.02.20 17:07:10 | 000,000,619 | ---- | C] () -- C:\Windows\eReg.dat
[2010.02.13 21:54:44 | 000,003,084 | ---- | C] () -- C:\Windows\wininit.ini
[2010.02.13 21:54:14 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2010.01.27 21:38:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.17 19:25:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 19:25:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.07.12 10:50:14 | 000,000,680 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Local\d3d9caps.dat
[2009.06.22 13:15:34 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.06.15 21:03:30 | 000,000,067 | ---- | C] () -- C:\Windows\AVIConverter.INI
[2009.05.10 18:18:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MPDLL.DLL
[2009.05.10 18:18:04 | 000,000,085 | ---- | C] () -- C:\Windows\megapfad.ini
[2009.04.20 04:07:40 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.04.20 01:18:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.04.07 01:40:00 | 000,000,127 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Roaming\default.rss
[2009.04.05 11:09:34 | 000,163,840 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.04 21:45:00 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.04.03 22:49:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.15 08:55:26 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.10.15 08:55:26 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.10.15 08:55:26 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008.10.14 23:19:42 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.10.14 23:19:42 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.10.14 23:19:42 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.10.14 23:19:42 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.05.26 10:41:20 | 000,685,712 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.05.26 10:41:20 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.05.26 10:41:20 | 000,149,980 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.05.26 10:41:20 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.05.26 01:06:07 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.05.26 01:02:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.05.26 01:02:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.05.14 10:29:02 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.05.14 10:29:02 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.05.14 10:29:01 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 002,306,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,642,704 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,121,592 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

< End of report >

--- --- ---

M-K-D-B 04.05.2011 19:46

Hallo xRaptoRxGG,




Schritt # 1: Alle Dateien anzeigen
Bitte befolge folgende Anleitung und lass dir alle Dateien anzeigen:
alle Windows Dateien sichtbar machen





Schritt # 2: Kontrolle mit VirusTotal
Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Durchsuchen
  • Kopiere nun folgendes in die Suchleiste.
    Code:

    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dacaru.exe
  • und klicke auf Öffnen.
  • Klicke auf Send File.
Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.
Zitat:

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
klicke auf Reanalyse.
Warte bis unter Current status: Finished steht.

Kopiere den Link aus deiner Adresszeile und poste ihn hier.





Schritt # 3: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM)
  • Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.




Schritt # 4: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
  • den Link zum Ergebnis von VirusTotal und
  • das Logfile von MBAM.

xRaptoRxGG 04.05.2011 20:28

hxxp://www.virustotal.com/file-scan/report.html?id=3f5aba4a5435351f49d47ee4434469d74271b33ac76d94a9a1b27595ee59db8e-1304536773


Könntest du mir nochmal bitte einen Link zu Malwarebytes geben weil ich die letzten Male es komplett entfernt habe.

M-K-D-B 04.05.2011 20:37

Hallo xRaptoRxGG,


Zitat:

Zitat von xRaptoRxGG (Beitrag 653042)
Könntest du mir nochmal bitte einen Link zu Malwarebytes geben weil ich die letzten Male es komplett entfernt habe.

Gibt es einen Grund dafür, dass du dieses Programm wieder entfernst, obwohl wir mit der Bereinigung noch nicht fertig sind?

Stattdessen solltest du Ad-Aware und Spybot entfernen.




Downloade Dir bitte Malwarebytes' Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

xRaptoRxGG 04.05.2011 21:01

nichts gefunden....


Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6507

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

04.05.2011 22:00:21
mbam-log-2011-05-04 (22-00-21).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 145397
Laufzeit: 5 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

M-K-D-B 04.05.2011 21:34

Hallo xRaptoRxGG,



Zitat:

nichts gefunden....
Was leider noch nicht bedeutet, dass dein Rechner sauber ist. Es gibt noch was zu tun:




Schritt # 1: Fehlende Anti-Viren Software
Ich sehe in den Logfiles keine laufende Anti Viren Software.

Das ist gefährlich. Manchmal bemerkt man Malware durch PopUps oder Google-Umleitungen etc, aber meisten läuft diese unbemerkt im Hintergrund.
Ein AVP kann Dir helfen, Malware zu finden. Bitte downloade und Installiere Dir eines der folgenden AVPs.



Schritt # 2: CFScript mit ComboFix ausführen
Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:

http://www.trojaner-board.de/98013-anti-malware-doctor-endgueltig-entfernen-5.html#post652948

Collect::
c:\windows\System32\config\systemprofile\AppData\Roaming\appconf32.exe
c:\users\Gökhan Gürel\AppData\Roaming\srvblck2.tmp
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dacaru.exe

Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
http://i266.photobucket.com/albums/i.../CFScriptB.gif
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.





Schritt # 3: Systemscan mit OTL
  • Starte bitte OTL.exe.
  • Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
  • Poste die OTL.txt und die Extras.txt hier in deinen Thread.




Schritt # 4: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
  • eine Rückmeldung, für welchen Virenscanner zu dich entschieden hast,
  • das neue Logfile von ComboFix und
  • die beiden neuen Logfiles von OTL (OTL.txt und Extras.txt).

xRaptoRxGG 04.05.2011 21:40

Ich hab hier das Programm "Notebook Security 2009 von GDATA"... soll ich das installieren, kannst du mir ein noch besseres empfehlen oder reicht eines der von dir angebotenen vollkommen aus?

M-K-D-B 04.05.2011 21:48

Hallo xRaptoRxGG,

Zitat:

Zitat von xRaptoRxGG (Beitrag 653071)
Ich hab hier das Programm "Notebook Security 2009 von GDATA"... soll ich das installieren, kannst du mir ein noch besseres empfehlen oder reicht eines der von dir angebotenen vollkommen aus?

Notebook Security 2009 von GDATA enthält eine Firewall, welche du nicht benötigst. Solche Security Suiten verlangsamen oft den Rechner und schützen den Rechner auch nicht beser. Zudem ist diese Version 2009 schon etwas älter.

Die drei Angebote, die ich dir gemacht habe sind vollkommen ausreichend. Sie sind kostenlos, bieten guten Schutz und besitzen hohe Erkennungsraten. :)
Ich verwende selbst eines der vorgeschlagenen Programme. :daumenhoc

Letztlich entscheidest natürlich du.

xRaptoRxGG 04.05.2011 22:15

Combofix Logfile:
Code:

ComboFix 11-05-04.02 - Gökhan Gürel 04.05.2011  22:49:36.2.1 - x86
Microsoft® Windows Vista™ Home Basic  6.0.6002.2.1252.49.1031.18.952.433 [GMT 2:00]
ausgeführt von:: c:\users\Gökhan Gürel\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Gökhan Gürel\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dacaru.exe
file zipped: c:\users\Gökhan Gürel\AppData\Roaming\srvblck2.tmp
file zipped: c:\windows\System32\config\systemprofile\AppData\Roaming\appconf32.exe
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System32\config\systemprofile\AppData\Roaming\appconf32.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-04 bis 2011-05-04  ))))))))))))))))))))))))))))))
.
.
2011-05-04 21:01 . 2011-05-04 21:03        --------        d-----w-        c:\users\Gökhan Gürel\AppData\Local\temp
2011-05-04 21:01 . 2011-05-04 21:01        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-04 19:52 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-04 19:52 . 2011-05-04 19:52        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-05-04 19:52 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-05-04 16:14 . 2011-05-04 16:14        --------        d-----w-        c:\program files\Windows Portable Devices
2011-05-04 16:11 . 2009-09-10 02:00        1164800        ----a-w-        c:\windows\system32\UIRibbonRes.dll
2011-05-04 16:11 . 2009-09-10 02:00        92672        ----a-w-        c:\windows\system32\UIAnimation.dll
2011-05-04 16:11 . 2009-09-10 02:01        3023360        ----a-w-        c:\windows\system32\UIRibbon.dll
2011-05-04 16:11 . 2009-09-25 01:33        369664        ----a-w-        c:\windows\system32\WMPhoto.dll
2011-05-04 16:11 . 2009-09-25 02:10        974848        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2011-05-04 16:11 . 2009-09-25 02:07        189440        ----a-w-        c:\windows\system32\WindowsCodecsExt.dll
2011-05-04 16:11 . 2009-09-25 02:04        321024        ----a-w-        c:\windows\system32\PhotoMetadataHandler.dll
2011-05-04 16:11 . 2009-09-25 01:33        195584        ----a-w-        c:\windows\system32\dxdiagn.dll
2011-05-04 16:11 . 2009-09-25 01:32        252928        ----a-w-        c:\windows\system32\dxdiag.exe
2011-05-04 16:11 . 2009-09-25 01:31        519680        ----a-w-        c:\windows\system32\d3d11.dll
2011-05-04 16:08 . 2009-10-08 21:07        4096        ----a-w-        c:\windows\system32\oleaccrc.dll
2011-05-04 16:08 . 2009-10-08 21:08        555520        ----a-w-        c:\windows\system32\UIAutomationCore.dll
2011-05-04 16:08 . 2009-10-08 21:08        234496        ----a-w-        c:\windows\system32\oleacc.dll
2011-05-03 10:36 . 2011-02-22 13:33        797696        ----a-w-        c:\windows\system32\FntCache.dll
2011-05-03 10:34 . 2010-05-04 19:13        231424        ----a-w-        c:\windows\system32\msshsq.dll
2011-05-03 10:23 . 2011-04-11 07:04        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5AF6409-4BB9-44A7-A698-2A6B3D85874D}\mpengine.dll
2011-04-28 17:17 . 2011-04-28 17:17        98392        ----a-w-        c:\windows\system32\drivers\SBREDrv.sys
2011-04-28 13:09 . 2011-04-28 13:09        --------        d--h--w-        c:\programdata\CanonIJEGV
2011-04-27 17:55 . 2011-04-27 17:55        --------        d-----w-        C:\_OTL
2011-04-26 21:41 . 2011-04-27 17:36        --------        d-----w-        c:\program files\ERUNT
2011-04-25 14:30 . 2011-04-25 14:30        --------        d-----w-        c:\users\Gökhan Gürel\AppData\Local\Sunbelt Software
2011-04-25 14:28 . 2011-05-03 12:27        --------        d-----w-        c:\programdata\Lavasoft
2011-04-25 13:47 . 2011-04-25 13:48        --------        d-----w-        c:\windows\system32\ca-ES
2011-04-25 13:47 . 2011-04-25 13:48        --------        d-----w-        c:\windows\system32\eu-ES
2011-04-25 13:47 . 2011-04-25 13:48        --------        d-----w-        c:\windows\system32\vi-VN
2011-04-25 12:41 . 2011-04-25 12:41        --------        d-----w-        c:\windows\system32\EventProviders
2011-04-25 10:43 . 2011-05-01 20:57        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2011-04-25 10:43 . 2011-05-01 20:56        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2011-04-23 17:04 . 2011-04-23 17:04        --------        d-----w-        c:\windows\Sun
2011-04-23 16:43 . 2011-04-23 16:43        --------        d-----w-        c:\users\Gökhan Gürel\AppData\Roaming\Malwarebytes
2011-04-23 16:43 . 2011-04-23 16:43        --------        d-----w-        c:\programdata\Malwarebytes
2011-04-23 15:31 . 2011-04-23 15:31        112        ----a-w-        c:\users\Gökhan Gürel\AppData\Roaming\srvblck2.tmp
2011-04-22 19:18 . 2011-04-22 19:18        --------        d-----w-        c:\users\Gökhan Gürel\AppData\Local\DDMSettings
2011-04-22 18:57 . 2011-04-22 18:57        --------        d-----w-        c:\program files\Common Files\PX Storage Engine
2011-04-22 18:56 . 2011-04-22 18:57        --------        d-----w-        c:\program files\Common Files\DivX Shared
2011-04-22 18:54 . 2011-04-22 18:58        --------        d-----w-        c:\programdata\DivX
2011-04-13 15:23 . 2011-03-03 10:49        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-23 15:31 . 2011-04-23 15:31        112        ----a-w-        c:\users\Gökhan Gürel\AppData\Roaming\srvblck2.tmp
2011-04-23 15:31 . 2011-04-23 15:31        112        ----a-w-        c:\users\Gökhan Gürel\AppData\Roaming\srvblck2.tmp
2011-04-01 15:52 . 2008-09-17 13:29        14744        ----a-w-        c:\users\Gökhan Gürel\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2011-04-01 15:52 . 2008-09-17 13:29        14744        ----a-w-        c:\users\Gökhan Gürel\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2011-03-03 15:40 . 2011-05-03 10:36        173056        ----a-w-        c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-05-03 10:36        458752        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-05-03 10:36        542720        ----a-w-        c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-05-03 10:36        2159616        ----a-w-        c:\windows\apppatch\AcGenral.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RouterControl"="c:\progra~1\ROUTER~1\ROUTERCONTROL.EXE" [2008-11-18 3191296]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-25 159744]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 875016]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
dacaru.exe [2011-5-4 233984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 CFcatchme;CFcatchme;c:\users\GKHANG~1\AppData\Local\Temp\CFcatchme.sys [x]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [2007-12-26 17968]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-04-19 717296]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-01-23 501560]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 Megatech-Software-Protection;Megatech-Software-Protection;c:\program files\Common Files\Megatech\MProtect\MPSERV.EXE [2007-01-10 36864]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-30 112128]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-04-15 51160]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-04-08 43736]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-04 c:\windows\Tasks\User_Feed_Synchronization-{CABC6CDF-19C7-4765-9CEB-B0201A34F566}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1008&m=extensa_5230
IE: Free YouTube to Mp3 Converter - c:\users\Gökhan Gürel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Gökhan Gürel\AppData\Roaming\Mozilla\Firefox\Profiles\bq9e1jlb.default\
FF - prefs.js: browser.startup.homepage - spiegel-online.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2596)
c:\windows\System32\SysHook.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\LManager.exe
c:\program files\RouterControl\RouterControl.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-04  23:12:03 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-05-04 21:11
ComboFix2.txt  2011-05-04 17:19
.
Vor Suchlauf: 18 Verzeichnis(se), 13.281.202.176 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 13.153.083.392 Bytes frei
.
- - End Of File - - F4534B480090F02812E9E3B783707463

--- --- ---
Hochladen war erfolgreich

xRaptoRxGG 04.05.2011 22:23

OTL Logfile:
Code:

OTL logfile created on: 04.05.2011 23:16:55 - Run 7
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Gökhan Gürel\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
952,00 Mb Total Physical Memory | 284,00 Mb Available Physical Memory | 30,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 12,30 Gb Free Space | 17,65% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 7,79 Gb Free Space | 11,19% Space Free | Partition Type: NTFS
 
Computer Name: GÖKHANGÜREL-PC | User Name: Gökhan Gürel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Gökhan Gürel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\RouterControl\RouterControl.exe (Mirko Böer)
PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\Programme\Common Files\Megatech\MProtect\MPServ.exe ()
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Gökhan Gürel\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\SysHook.dll (Acer Inc.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (o2flash) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (Megatech-Software-Protection) -- C:\Programme\Common Files\Megatech\MProtect\MPServ.exe ()
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) --  File not found
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH)
DRV - (TpChoice) -- C:\Windows\System32\drivers\TpChoice.sys (Alps Electric Co., Ltd.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1008&m=extensa_5230
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "spiegel-online.de"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.22 20:58:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.22 20:58:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.03 16:00:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.03 16:00:20 | 000,000,000 | ---D | M]
 
[2009.04.07 01:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Extensions
[2011.05.04 21:23:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions
[2010.08.31 18:29:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.16 20:36:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.04 21:23:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.24 10:38:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.04.22 20:58:25 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.04.22 20:58:26 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2009.06.23 19:38:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2010.10.24 10:38:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\GöKHAN GüREL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9E1JLB.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\USERS\GöKHAN GüREL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9E1JLB.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.08 08:07:41 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.08 08:07:41 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.08 08:07:41 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.08 08:07:41 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.08 08:07:41 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.04 23:03:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [RouterControl] C:\Programme\RouterControl\RouterControl.exe (Mirko Böer)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gökhan Gürel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.04 23:13:47 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\temp
[2011.05.04 23:10:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.05.04 23:01:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.05.04 22:44:47 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.05.04 22:44:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.05.04 21:52:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.04 21:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.04 21:52:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.04 21:52:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.04 21:52:01 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Gökhan Gürel\Desktop\mbam-setup.exe
[2011.05.04 18:39:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.05.04 18:39:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.05.04 18:39:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.05.04 18:37:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.05.04 18:14:58 | 000,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices
[2011.05.04 18:11:44 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011.05.04 18:11:44 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2011.05.04 18:11:43 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011.05.04 18:11:03 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011.05.04 18:11:00 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011.05.04 18:11:00 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011.05.04 18:11:00 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011.05.04 18:11:00 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011.05.04 18:11:00 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011.05.04 18:10:16 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2011.05.04 18:10:16 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011.05.04 18:10:09 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2011.05.04 18:10:05 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011.05.04 18:10:05 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2011.05.04 18:10:05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2011.05.04 18:10:04 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011.05.04 18:10:04 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011.05.04 18:10:04 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2011.05.04 18:10:04 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2011.05.04 18:10:04 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2011.05.04 18:10:04 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2011.05.04 18:08:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011.05.04 18:08:17 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011.05.03 20:57:03 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Gökhan Gürel\Desktop\tdsskiller.exe
[2011.05.03 16:01:04 | 012,362,480 | ---- | C] (Mozilla) -- C:\Users\Gökhan Gürel\Desktop\Firefox Setup 4.0.1.exe
[2011.05.03 12:37:34 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011.05.03 12:37:33 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.05.03 12:37:33 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011.05.03 12:37:33 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.05.03 12:37:32 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011.05.03 12:37:32 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011.05.03 12:37:32 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.05.03 12:37:31 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.05.03 12:37:30 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011.05.03 12:37:30 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011.05.03 12:37:30 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.05.03 12:37:28 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011.05.03 12:37:28 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011.05.03 12:36:39 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.05.03 12:36:39 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011.05.03 12:36:39 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.05.03 12:36:39 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.05.03 12:36:38 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011.05.03 12:36:38 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.05.03 12:36:38 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011.05.03 12:36:38 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.05.03 12:36:38 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011.05.03 12:36:37 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011.05.03 12:36:37 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.05.03 12:36:12 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.05.03 12:36:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.05.03 12:34:42 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011.05.01 23:02:32 | 000,575,488 | ---- | C] (AVAST Software) -- C:\Users\Gökhan Gürel\Desktop\aswMBR.exe
[2011.04.28 19:17:14 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.04.28 15:09:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2011.04.27 19:55:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.04.27 18:59:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\OTL.exe
[2011.04.27 18:59:49 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\TFC.exe
[2011.04.27 18:59:48 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\Gökhan Gürel\Desktop\Erunt-setup.exe
[2011.04.26 23:43:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.26 23:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.04.26 23:41:50 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.04.25 16:30:38 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\Sunbelt Software
[2011.04.25 16:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011.04.25 15:47:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011.04.25 15:47:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011.04.25 15:47:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011.04.25 14:41:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.04.25 12:43:53 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011.04.25 12:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.04.25 12:40:35 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Users\Gökhan Gürel\Desktop\spybotsd162.exe
[2011.04.23 19:04:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.04.23 18:43:33 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\Malwarebytes
[2011.04.23 18:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.23 17:42:00 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\VA_-_Kontor_House_Of_House_Vol.10-3CD-2010-MOD
[2011.04.23 17:41:50 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Chris_Brown-Yeah_3x_(Clean_Version)-WEB-2011-RECA
[2011.04.23 17:07:13 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Usher--More-Promo_CDS-2010-WUS
[2011.04.22 21:18:09 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\DDMSettings
[2011.04.22 20:57:27 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine
[2011.04.22 20:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011.04.22 20:56:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared
[2011.04.22 20:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011.04.20 12:50:05 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\DJ Antoine - WOW (320)
[2011.04.20 08:40:45 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Lernzettel
[2011.04.13 17:24:40 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.13 17:24:40 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.13 17:24:32 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.13 17:24:32 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.13 17:24:26 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.13 17:24:19 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.13 17:24:15 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.13 17:24:15 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.13 17:24:15 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.13 17:24:14 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.13 17:24:14 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.13 17:24:10 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.13 17:24:07 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.13 17:24:06 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2008.10.15 09:06:59 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp files -> C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.04 23:03:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.05.04 23:03:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.04 23:03:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.04 23:03:15 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.05.04 23:02:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.04 22:41:47 | 004,337,362 | R--- | M] () -- C:\Users\Gökhan Gürel\Desktop\ComboFix.exe
[2011.05.04 21:52:50 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.04 21:52:16 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Gökhan Gürel\Desktop\mbam-setup.exe
[2011.05.04 18:24:16 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.04 18:24:16 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.04 18:24:16 | 000,149,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.04 18:24:16 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.04 18:14:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.05.04 18:13:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011.05.04 17:56:30 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CABC6CDF-19C7-4765-9CEB-B0201A34F566}.job
[2011.05.03 20:57:13 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Gökhan Gürel\Desktop\tdsskiller.exe
[2011.05.03 16:01:55 | 012,362,480 | ---- | M] (Mozilla) -- C:\Users\Gökhan Gürel\Desktop\Firefox Setup 4.0.1.exe
[2011.05.03 13:08:26 | 000,000,512 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\MBR.dat
[2011.05.02 21:03:46 | 123,485,281 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.05.02 11:51:19 | 000,058,961 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\logfile ende.jpg
[2011.05.02 11:31:07 | 000,014,249 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\OTL.rar
[2011.05.02 10:34:19 | 000,163,840 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.01 23:02:46 | 000,575,488 | ---- | M] (AVAST Software) -- C:\Users\Gökhan Gürel\Desktop\aswMBR.exe
[2011.05.01 22:00:19 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011.05.01 22:00:19 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011.04.29 18:31:48 | 000,109,566 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\screen.jpg
[2011.04.28 19:17:09 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.04.27 22:21:04 | 000,301,568 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\35xnhg1c.exe
[2011.04.27 21:53:52 | 002,052,388 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Foto.JPG
[2011.04.27 21:41:23 | 000,000,020 | ---- | M] () -- C:\Users\Gökhan Gürel\defogger_reenable
[2011.04.27 21:37:18 | 000,050,477 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Defogger.exe
[2011.04.27 19:36:29 | 000,000,737 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\NTREGOPT.lnk
[2011.04.27 19:36:29 | 000,000,718 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\ERUNT.lnk
[2011.04.27 19:00:03 | 000,301,568 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\g2m3e4r.exe
[2011.04.27 19:00:01 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\Gökhan Gürel\Desktop\Erunt-setup.exe
[2011.04.27 19:00:00 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\TFC.exe
[2011.04.27 18:59:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\OTL.exe
[2011.04.26 22:49:36 | 000,377,260 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Load.exe
[2011.04.25 15:52:17 | 002,306,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.25 12:41:26 | 016,409,960 | ---- | M] (Safer Networking Limited                                    ) -- C:\Users\Gökhan Gürel\Desktop\spybotsd162.exe
[2011.04.23 18:38:39 | 001,006,778 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\iExplore.exe
[2011.04.23 18:38:18 | 001,006,778 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\rkill.com
[2011.04.20 18:01:16 | 000,000,680 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\d3d9caps.dat
[2011.04.16 14:25:34 | 005,148,967 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Sergey_Romanov_aka_Elektro_Violine_-_Qadro_Electro....mp3
[1 C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp files -> C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.04 22:41:25 | 004,337,362 | R--- | C] () -- C:\Users\Gökhan Gürel\Desktop\ComboFix.exe
[2011.05.04 21:52:50 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.04 18:39:41 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.05.04 18:39:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.05.04 18:39:41 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.05.04 18:39:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.05.04 18:39:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.05.04 18:14:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.05.04 18:13:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011.05.02 21:03:46 | 123,485,281 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.05.02 11:51:19 | 000,058,961 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\logfile ende.jpg
[2011.05.02 11:31:17 | 000,014,249 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\OTL.rar
[2011.05.01 23:06:26 | 000,000,512 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\MBR.dat
[2011.04.29 18:31:47 | 000,109,566 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\screen.jpg
[2011.04.28 19:17:59 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.04.28 19:17:59 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.04.27 22:20:43 | 000,301,568 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\35xnhg1c.exe
[2011.04.27 21:53:37 | 002,052,388 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Foto.JPG
[2011.04.27 21:40:59 | 000,000,020 | ---- | C] () -- C:\Users\Gökhan Gürel\defogger_reenable
[2011.04.27 21:37:05 | 000,050,477 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Defogger.exe
[2011.04.27 18:59:49 | 000,301,568 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\g2m3e4r.exe
[2011.04.26 23:41:52 | 000,000,737 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\NTREGOPT.lnk
[2011.04.26 23:41:52 | 000,000,718 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\ERUNT.lnk
[2011.04.26 22:48:31 | 000,377,260 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Load.exe
[2011.04.23 18:38:36 | 001,006,778 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\iExplore.exe
[2011.04.23 18:07:42 | 001,006,778 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\rkill.com
[2011.04.16 14:24:30 | 005,148,967 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Sergey_Romanov_aka_Elektro_Violine_-_Qadro_Electro....mp3
[2010.11.07 13:21:18 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.02.20 17:07:10 | 000,000,619 | ---- | C] () -- C:\Windows\eReg.dat
[2010.02.13 21:54:44 | 000,003,084 | ---- | C] () -- C:\Windows\wininit.ini
[2010.02.13 21:54:14 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2010.01.27 21:38:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.17 19:25:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 19:25:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.07.12 10:50:14 | 000,000,680 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Local\d3d9caps.dat
[2009.06.22 13:15:34 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.06.15 21:03:30 | 000,000,067 | ---- | C] () -- C:\Windows\AVIConverter.INI
[2009.05.10 18:18:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MPDLL.DLL
[2009.05.10 18:18:04 | 000,000,085 | ---- | C] () -- C:\Windows\megapfad.ini
[2009.04.20 04:07:40 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.04.20 01:18:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.04.07 01:40:00 | 000,000,127 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Roaming\default.rss
[2009.04.05 11:09:34 | 000,163,840 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.04 21:45:00 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.04.03 22:49:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.15 08:55:26 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.10.15 08:55:26 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.10.15 08:55:26 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008.10.14 23:19:42 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.10.14 23:19:42 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.10.14 23:19:42 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.10.14 23:19:42 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.05.26 10:41:20 | 000,685,712 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.05.26 10:41:20 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.05.26 10:41:20 | 000,149,980 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.05.26 10:41:20 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.05.26 01:06:07 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.05.26 01:02:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.05.26 01:02:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.05.14 10:29:02 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.05.14 10:29:02 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.05.14 10:29:01 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 002,306,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,642,704 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,121,592 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

< End of report >

--- --- ---

xRaptoRxGG 04.05.2011 22:23

OTL EXTRAS Logfile:
Code:

OTL Extras logfile created on: 04.05.2011 23:16:55 - Run 7
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Gökhan Gürel\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
952,00 Mb Total Physical Memory | 284,00 Mb Available Physical Memory | 30,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 12,30 Gb Free Space | 17,65% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 7,79 Gb Free Space | 11,19% Space Free | Partition Type: NTFS
 
Computer Name: GÖKHANGÜREL-PC | User Name: Gökhan Gürel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1451C412-E212-469D-963E-203DD1CFEB05}" = rport=445 | protocol=6 | dir=out | app=system |
"{1DD353AB-9FEA-4861-AA39-E61C026CA40E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{24E6C9D9-685F-4C45-8F16-985C122822C2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{258AE4BE-F063-407D-9E67-229E527C136A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2BADE237-EBC4-4E14-8333-EAE22491397C}" = lport=6112 | protocol=6 | dir=in | name=wciii 6112 |
"{439B5AC8-9ADC-47D8-840B-EB8DDBF94D7E}" = lport=445 | protocol=6 | dir=in | app=system |
"{49F5D437-07F2-4D88-914D-76F7BAD7B681}" = rport=138 | protocol=17 | dir=out | app=system |
"{4E1D8C7B-E8ED-4ACB-9914-C236DD632672}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{597B088D-D95E-4F50-BBB2-F5781CCBE44E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5A2CCD5E-9FAA-418F-B846-9FA9E2F1F122}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5CA111DC-74D6-44DB-84B9-D45F432F7B80}" = lport=6113 | protocol=6 | dir=in | name=wciii 6113 |
"{5CD8B400-36DE-4C9A-BCFC-FDD146606D0B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5E7E46A8-D3A3-40DF-B28D-D2571FE9E2BD}" = lport=6116 | protocol=6 | dir=in | name=wciii 6116 |
"{5F6E628E-3204-4F2D-9BCF-AFAEB60CBB1A}" = lport=138 | protocol=17 | dir=in | app=system |
"{6B309508-A613-4B91-A0EE-659CD6A23CB4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{71DB7BBC-957A-4B45-891B-410E273006E9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7213BE3E-FF45-426E-B90A-D51B0BB46BA0}" = lport=6114 | protocol=6 | dir=in | name=wciii 6114 |
"{79BAE974-D46E-42D6-B08F-7A4EF2F9B719}" = lport=6118 | protocol=6 | dir=in | name=wciii 6118 |
"{838B6577-FBAE-4D09-AB04-03E20068C1A5}" = lport=6117 | protocol=6 | dir=in | name=wciii 6117 |
"{88002A36-8E50-4939-A5A4-1248935882E8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{896B56F8-0C5D-4980-BBE9-4A11937FBA9B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9701CE72-9C09-47FA-AF59-58B41F4C5325}" = lport=137 | protocol=17 | dir=in | app=system |
"{A5FE2DE2-CDDD-4EF0-9ADD-8F7023B5C6C6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD0BC489-D2D6-48CA-BCDC-37334E0EF348}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B737825E-265F-455A-9521-76D00F609254}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC98501C-4646-4088-9228-3A523E4AD4B2}" = rport=139 | protocol=6 | dir=out | app=system |
"{C30E6250-CCEB-47AC-AF21-338B57DCCBB6}" = lport=6119 | protocol=6 | dir=in | name=wciii 6119 |
"{C532C692-976A-48C4-B478-3C73FEF767B3}" = lport=139 | protocol=6 | dir=in | app=system |
"{E1267A1C-CA09-4DF5-B746-F0B8B70BB27F}" = rport=137 | protocol=17 | dir=out | app=system |
"{F8E55AD6-114D-4227-98C1-F42AA9E0CA6C}" = lport=6115 | protocol=6 | dir=in | name=wciii 6115 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010E1948-8967-43C2-A361-F02DE426D049}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{0145FD7A-0D3B-444D-9DFC-E31231260404}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{041258C5-46FF-4930-8554-1575033F13BB}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{09DE9771-B740-4411-BC56-BEF213FEF593}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1654011D-DF0B-4584-B7FC-C1B9D35204C8}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{1DBE9FAD-B084-4447-93AA-BE2DDBF60462}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{25C159E5-BA03-4D7D-AE97-052F0C82519F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{2FB0550F-C930-4478-8F7C-2B8677505F05}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{321D68F6-EFD5-4310-9151-233139B8F289}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3A88EDFC-C670-44D2-B769-3F9B957BAB4D}" = protocol=6 | dir=out | app=system |
"{3A9CFDD2-91FB-412A-948B-75AD4DF64A83}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{3E41AF68-945F-410D-B389-011B0FE21B58}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{3FC4CBD6-41E1-4350-B512-4EBC275470BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4491D6C4-ED71-4998-A362-EE3173294832}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{47489154-018C-448B-B459-70A62D534650}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{475D8E22-6107-403C-83C9-1328D582EE53}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{48DCF6B7-9E8A-4443-BF65-C32FAEB4D5B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48DD435B-06D9-46BD-A848-C4276BC3143C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{496D62F6-D29F-4410-979C-599E7BB1A391}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{4D1A27E1-8E99-433C-80DE-0DE926ABDD6E}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{51292651-B47B-4F40-BB68-97A05ADDDC87}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53583FF2-E850-403D-9102-07657908A43B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{545130B5-97FD-45A6-B17B-B05F2F166190}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5BA04F23-EE01-40DF-A2C8-B1E7F89B3846}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{651CFB77-31E5-49B0-A7A6-1CFEB9DAA360}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{662D53E8-08D9-4C18-A9E3-78A4D1178D7A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{68B555B6-3487-4150-9CCC-F42AFE2E0BE3}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{773C13BC-4712-4FE6-A23F-4B630F21459C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe |
"{7FC14EA8-465A-40D9-A69A-9AFA66CC3CA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F9FC7F5-1C26-452D-830B-983A671BBCA9}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{931A74F7-49BD-423D-A70B-51BCA84BF234}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe |
"{A1F0A157-58DB-44C7-9B6A-61705B11B760}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{A7C97A7C-E44D-4743-AAB4-7F2D4CDD51F0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B352C36B-B9FF-4565-A4CC-9B913F56348C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{B56F3BC7-F1C6-4112-8676-0E4B73CE7F9B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B6EDF804-6125-4672-A0DB-C2C2D7130FD1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B74280C0-2D32-471A-9A4B-8FFC6FC598FA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{BEFD1A8C-3788-4AC7-8A04-0EE3FB812E6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C03D6FD8-8B8B-4BD7-B668-4668EF28ACC7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{C7B42F14-88F0-4C25-9120-9C553657D0E7}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{E20B0277-86AA-477D-B1D5-FF6883BE68A3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{F1DDB615-F088-474A-810E-B6D61AA9C16C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FBD88422-4C49-4F8B-81F7-E6FAA4E2000F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{FF87AC28-3F8A-4B61-9296-991EE30A46E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{C1CD1C21-B798-42BC-94C7-E7DA7CDBCE6B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{C5BF0B3A-A593-41C2-BD67-D27BCE1A0DA4}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{CA0637B9-C850-4F21-BC0F-845B1094AA5C}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{F63BCEC5-7E03-4B88-88C1-F6290E78C82C}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{F70D284D-06DD-4D43-A49C-F28F4C460C4E}C:\users\gökhan gürel\desktop\leecher.exe" = protocol=6 | dir=in | app=c:\users\gökhan gürel\desktop\leecher.exe |
"UDP Query User{59D85393-571A-49E7-A9FA-A1086D1B70D9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{7163784E-C48E-4BDC-9205-172925FBF50C}C:\users\gökhan gürel\desktop\leecher.exe" = protocol=17 | dir=in | app=c:\users\gökhan gürel\desktop\leecher.exe |
"UDP Query User{DA36BF38-4A4F-4453-A30B-3BA11C8177CF}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{E866CFE2-38C6-421A-B6EB-4F1741126425}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{F9EA3F1D-687B-4BE3-A116-CAFB7489A9DD}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{141A7ECB-AA8E-4C16-85FE-6FFF804799CF}" = Buchungssatzpauker-B IKR 2.50 (Shareware)
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 22
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{548AF5C1-54E3-4B74-A3E5-D5E6CB7D487C}" = O2Micro Flash Memory Card Reader Driver (x86)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D0BDD42-6564-4E1B-963A-4977A6271DB4}" = Winklers Lernprogramm 2027
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Burning Studio 2009_is1" = Ashampoo Burning Studio 2009
"AviSynth" = AviSynth 2.5
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"Canon iP4700 series Benutzerregistrierung" = Canon iP4700 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"JDownloader" = JDownloader
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Mp3tag" = Mp3tag v2.45a
"PokerStars.net" = PokerStars.net
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RouterControl" = RouterControl 1.92
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.04.2011 08:32:56 | Computer Name = GökhanGürel-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 25.04.2011 08:41:31 | Computer Name = GökhanGürel-PC | Source = SPP | ID = 16387
Description =
 
Error - 25.04.2011 08:41:31 | Computer Name = GökhanGürel-PC | Source = System Restore | ID = 8193
Description =
 
Error - 25.04.2011 08:43:16 | Computer Name = GökhanGürel-PC | Source = SPP | ID = 16387
Description =
 
Error - 25.04.2011 08:43:16 | Computer Name = GökhanGürel-PC | Source = System Restore | ID = 8193
Description =
 
Error - 25.04.2011 08:51:23 | Computer Name = GökhanGürel-PC | Source = SPP | ID = 16387
Description =
 
Error - 25.04.2011 08:51:23 | Computer Name = GökhanGürel-PC | Source = System Restore | ID = 8193
Description =
 
Error - 25.04.2011 09:37:51 | Computer Name = GökhanGürel-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 25.04.2011 09:52:49 | Computer Name = GökhanGürel-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 25.04.2011 09:55:22 | Computer Name = GökhanGürel-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 04.05.2011 15:12:20 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 04.05.2011 16:44:44 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 04.05.2011 16:47:57 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 04.05.2011 16:48:01 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 04.05.2011 16:48:47 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 04.05.2011 16:49:17 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 04.05.2011 16:56:36 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 04.05.2011 17:01:39 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 04.05.2011 17:04:43 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 04.05.2011 17:04:43 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >

--- --- ---

xRaptoRxGG 04.05.2011 22:26

Ich hab mich für Avira entschieden :-)

M-K-D-B 05.05.2011 21:08

Hallo xRaptoRxGG,



Zitat:

Zitat von xRaptoRxGG (Beitrag 653088)
Ich hab mich für Avira entschieden :-)

:daumenhoc




Schritt # 1: Fragen beantworten
Bitte beantworte mir folgende Fragen:
Zitat:

Drive C: | 69,65 Gb Total Space | 12,30 Gb Free Space | 17,65% Space Free | Partition Type: NTFS
Bis vor kurzem hattest du noch fast 15 GB freien Speicherplatz. Jetzt sind es nur noch gute 12 GB. Woher kommt das?
Wenn du so weiter machst, ist die Festplatte bald wieder voll. Dann ist es nicht mehr auszuschließen, dass wieder Bluescreens erscheinen.





Schritt # 2: Fix mit OTL
Code:

:OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

:files
c:\users\Gökhan Gürel\AppData\Roaming\srvblck2.tmp
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dacaru.exe

:commands
[Emptytemp]

  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread




Schritt # 3: Java deinstallieren/neu installieren
  • Schließe alle Internet Browser.
  • Folge dem Pfad: Start -> Systemsteuerung -> Programme deinstallieren
  • Deinstalliere bitte Java(TM) 6 Update 22
  • Lade dir anschließend Java(TM) 6 Update 25 von hier auf deinen Desktop.
  • Installiere anschließend die neue Version mit Rechtsklick -> Als Administrator ausführen




Schritt # 4: ESET Online Scanner
Bitte während des Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threads kein Haken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.




Schritt # 5: Benutzerdefinierter Scan mit OTL
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%PROGRAMFILES%\*.
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread




Schritt # 6: Durchführung einer Sicherheitskontrolle
Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.
  • Poste den Inhalt bitte hier.




Schritt # 7: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
  • die Beantwortung der gestellen Fragen,
  • das Logfile des OTL-Fix,
  • das Logfile des ESET Online Scanners,
  • das neue Logfile von OTL (OTL.txt) und
  • das Logfile von SecurityCheck.

xRaptoRxGG 06.05.2011 17:19

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
========== FILES ==========
c:\users\Gökhan Gürel\AppData\Roaming\srvblck2.tmp moved successfully.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dacaru.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gökhan Gürel
->Temp folder emptied: 248831 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 87648940 bytes
->Flash cache emptied: 651 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 52718176 bytes

Total Files Cleaned = 134,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05062011_152804

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

xRaptoRxGG 07.05.2011 15:53

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=81e50eca4ba81a4ab8cb2004c4c970ef
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-07 12:39:23
# local_time=2011-05-07 02:39:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 77180 41302114 126123 0
# compatibility_mode=5892 16776638 100 100 347082 142298065 0 0
# compatibility_mode=8192 67108863 100 0 213 213 0 0
# scanned=153054
# found=5
# cleaned=0
# scan_time=6669
C:\Qoobox\Quarantine\[4]-Submit_2011-05-04_22.48.14.zip multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\config\systemprofile\AppData\Roaming\appconf32.exe.vir a variant of Win32/Spy.Banker.VTW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4986b9b8-6b786e51 a variant of Win32/Spy.Banker.VTW trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\04272011_195555\C_Users\Gökhan Gürel\AppData\Roaming\55EF921B3F01E13BF6CA0EAAFBEEBEC3\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\04272011_195555\C_Users\Gökhan Gürel\AppData\Roaming\55EF921B3F01E13BF6CA0EAAFBEEBEC3\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application (unable to clean) 00000000000000000000000000000000 I

xRaptoRxGG 08.05.2011 11:33

OTL Logfile:
Code:

OTL logfile created on: 08.05.2011 11:38:37 - Run 8
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Gökhan Gürel\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
952,00 Mb Total Physical Memory | 381,00 Mb Available Physical Memory | 40,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 54,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 12,18 Gb Free Space | 17,49% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 7,79 Gb Free Space | 11,19% Space Free | Partition Type: NTFS
 
Computer Name: GÖKHANGÜREL-PC | User Name: Gökhan Gürel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\GKHANG~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Users\Gökhan Gürel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\RouterControl\RouterControl.exe (Mirko Böer)
PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\Programme\Common Files\Megatech\MProtect\MPServ.exe ()
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Gökhan Gürel\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (o2flash) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (Megatech-Software-Protection) -- C:\Programme\Common Files\Megatech\MProtect\MPServ.exe ()
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH)
DRV - (TpChoice) -- C:\Windows\System32\drivers\TpChoice.sys (Alps Electric Co., Ltd.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "spiegel-online.de"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.22 20:58:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.22 20:58:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.03 16:00:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.03 16:00:20 | 000,000,000 | ---D | M]
 
[2009.04.07 01:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Extensions
[2011.05.07 12:33:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions
[2010.08.31 18:29:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.16 20:36:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.07 12:33:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.05.06 18:25:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.04.22 20:58:25 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.04.22 20:58:26 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2009.06.23 19:38:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2011.05.06 18:25:00 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\GöKHAN GüREL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9E1JLB.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\USERS\GöKHAN GüREL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9E1JLB.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
[2011.05.06 18:24:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.08 08:07:41 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.08 08:07:41 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.08 08:07:41 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.08 08:07:41 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.08 08:07:41 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.04 23:03:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [RouterControl] C:\Programme\RouterControl\RouterControl.exe (Mirko Böer)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gökhan Gürel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {17052482-DBDC-7730-7743-E53C20E965EB} - Browser Customizations
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {74A68C95-2811-BD6E-B680-24DD4A461C21} - Java (Sun)
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.07 12:44:40 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.05.06 18:25:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2011.05.06 18:24:36 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2011.05.05 17:49:24 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Fast and Furious 5 - Rio Heist
[2011.05.05 17:38:40 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\faf
[2011.05.05 17:38:24 | 000,124,416 | ---- | C] (SFT Loader und SFT Encrypter) -- C:\Users\Gökhan Gürel\Desktop\dsconn.dll
[2011.05.04 23:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.05.04 23:34:05 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.05.04 23:34:04 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.05.04 23:34:04 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.05.04 23:34:00 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.05.04 23:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.05.04 23:13:47 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\temp
[2011.05.04 23:10:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.05.04 23:01:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.05.04 22:44:47 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.05.04 22:44:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.05.04 21:52:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.04 21:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.04 21:52:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.04 21:52:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.04 21:52:01 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Gökhan Gürel\Desktop\mbam-setup.exe
[2011.05.04 18:39:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.05.04 18:39:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.05.04 18:39:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.05.04 18:37:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.05.04 18:14:58 | 000,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices
[2011.05.03 20:57:03 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Gökhan Gürel\Desktop\tdsskiller.exe
[2011.05.01 23:02:32 | 000,575,488 | ---- | C] (AVAST Software) -- C:\Users\Gökhan Gürel\Desktop\aswMBR.exe
[2011.04.28 19:17:14 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.04.28 15:09:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2011.04.27 19:55:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.04.27 18:59:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\OTL.exe
[2011.04.27 18:59:49 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\TFC.exe
[2011.04.27 18:59:48 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\Gökhan Gürel\Desktop\Erunt-setup.exe
[2011.04.26 23:43:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.26 23:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.04.26 23:41:50 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.04.25 16:30:38 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\Sunbelt Software
[2011.04.25 16:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011.04.25 15:47:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011.04.25 15:47:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011.04.25 15:47:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011.04.25 14:41:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.04.25 12:43:53 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011.04.25 12:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.04.25 12:40:35 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Users\Gökhan Gürel\Desktop\spybotsd162.exe
[2011.04.23 19:04:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.04.23 18:43:33 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\Malwarebytes
[2011.04.23 18:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.23 17:42:00 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\VA_-_Kontor_House_Of_House_Vol.10-3CD-2010-MOD
[2011.04.23 17:41:50 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Chris_Brown-Yeah_3x_(Clean_Version)-WEB-2011-RECA
[2011.04.23 17:07:13 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Usher--More-Promo_CDS-2010-WUS
[2011.04.22 21:18:09 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\DDMSettings
[2011.04.22 20:57:27 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine
[2011.04.22 20:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011.04.22 20:56:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared
[2011.04.22 20:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011.04.20 12:50:05 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\DJ Antoine - WOW (320)
[2011.04.20 08:40:45 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Lernzettel
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2008.10.15 09:06:59 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.08 11:36:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.08 11:36:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.07 21:24:31 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CABC6CDF-19C7-4765-9CEB-B0201A34F566}.job
[2011.05.06 15:36:03 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.05.06 15:35:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.05 17:47:31 | 000,000,937 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\config.dat
[2011.05.05 17:38:26 | 000,124,416 | ---- | M] (SFT Loader und SFT Encrypter) -- C:\Users\Gökhan Gürel\Desktop\dsconn.dll
[2011.05.05 17:37:55 | 000,001,284 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\faf.sft
[2011.05.04 23:42:56 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011.05.04 23:03:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.05.04 22:41:47 | 004,337,362 | R--- | M] () -- C:\Users\Gökhan Gürel\Desktop\ComboFix.exe
[2011.05.04 21:52:50 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.04 21:52:16 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Gökhan Gürel\Desktop\mbam-setup.exe
[2011.05.04 18:24:16 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.04 18:24:16 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.04 18:24:16 | 000,149,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.04 18:24:16 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.04 18:14:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.05.04 18:13:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011.05.03 20:57:13 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Gökhan Gürel\Desktop\tdsskiller.exe
[2011.05.03 13:08:26 | 000,000,512 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\MBR.dat
[2011.05.02 11:51:19 | 000,058,961 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\logfile ende.jpg
[2011.05.02 11:31:07 | 000,014,249 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\OTL.rar
[2011.05.02 10:34:19 | 000,163,840 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.01 23:02:46 | 000,575,488 | ---- | M] (AVAST Software) -- C:\Users\Gökhan Gürel\Desktop\aswMBR.exe
[2011.05.01 22:00:19 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011.05.01 22:00:19 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011.04.29 18:31:48 | 000,109,566 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\screen.jpg
[2011.04.28 19:17:09 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.04.27 22:21:04 | 000,301,568 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\35xnhg1c.exe
[2011.04.27 21:53:52 | 002,052,388 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Foto.JPG
[2011.04.27 21:41:23 | 000,000,020 | ---- | M] () -- C:\Users\Gökhan Gürel\defogger_reenable
[2011.04.27 21:37:18 | 000,050,477 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Defogger.exe
[2011.04.27 19:36:29 | 000,000,737 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\NTREGOPT.lnk
[2011.04.27 19:36:29 | 000,000,718 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\ERUNT.lnk
[2011.04.27 19:00:03 | 000,301,568 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\g2m3e4r.exe
[2011.04.27 19:00:01 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\Gökhan Gürel\Desktop\Erunt-setup.exe
[2011.04.27 19:00:00 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\TFC.exe
[2011.04.27 18:59:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\OTL.exe
[2011.04.26 22:49:36 | 000,377,260 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Load.exe
[2011.04.25 15:52:17 | 002,306,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.25 12:41:26 | 016,409,960 | ---- | M] (Safer Networking Limited                                    ) -- C:\Users\Gökhan Gürel\Desktop\spybotsd162.exe
[2011.04.23 18:38:39 | 001,006,778 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\iExplore.exe
[2011.04.23 18:38:18 | 001,006,778 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\rkill.com
[2011.04.20 18:01:16 | 000,000,680 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\d3d9caps.dat
[2011.04.16 14:25:34 | 005,148,967 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Sergey_Romanov_aka_Elektro_Violine_-_Qadro_Electro....mp3
 
========== Files Created - No Company Name ==========
 
[2011.05.05 17:38:26 | 000,000,937 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\config.dat
[2011.05.05 17:37:44 | 000,001,284 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\faf.sft
[2011.05.04 22:41:25 | 004,337,362 | R--- | C] () -- C:\Users\Gökhan Gürel\Desktop\ComboFix.exe
[2011.05.04 21:52:50 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.04 18:39:41 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.05.04 18:39:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.05.04 18:39:41 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.05.04 18:39:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.05.04 18:39:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.05.04 18:14:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.05.04 18:13:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011.05.02 11:51:19 | 000,058,961 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\logfile ende.jpg
[2011.05.02 11:31:17 | 000,014,249 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\OTL.rar
[2011.05.01 23:06:26 | 000,000,512 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\MBR.dat
[2011.04.29 18:31:47 | 000,109,566 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\screen.jpg
[2011.04.28 19:17:59 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.04.28 19:17:59 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.04.27 22:20:43 | 000,301,568 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\35xnhg1c.exe
[2011.04.27 21:53:37 | 002,052,388 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Foto.JPG
[2011.04.27 21:40:59 | 000,000,020 | ---- | C] () -- C:\Users\Gökhan Gürel\defogger_reenable
[2011.04.27 21:37:05 | 000,050,477 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Defogger.exe
[2011.04.27 18:59:49 | 000,301,568 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\g2m3e4r.exe
[2011.04.26 23:41:52 | 000,000,737 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\NTREGOPT.lnk
[2011.04.26 23:41:52 | 000,000,718 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\ERUNT.lnk
[2011.04.26 22:48:31 | 000,377,260 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Load.exe
[2011.04.23 18:38:36 | 001,006,778 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\iExplore.exe
[2011.04.23 18:07:42 | 001,006,778 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\rkill.com
[2011.04.16 14:24:30 | 005,148,967 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Sergey_Romanov_aka_Elektro_Violine_-_Qadro_Electro....mp3
[2010.11.07 13:21:18 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.02.20 17:07:10 | 000,000,619 | ---- | C] () -- C:\Windows\eReg.dat
[2010.02.13 21:54:44 | 000,003,084 | ---- | C] () -- C:\Windows\wininit.ini
[2010.02.13 21:54:14 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2010.01.27 21:38:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.17 19:25:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 19:25:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.07.12 10:50:14 | 000,000,680 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Local\d3d9caps.dat
[2009.06.22 13:15:34 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.06.15 21:03:30 | 000,000,067 | ---- | C] () -- C:\Windows\AVIConverter.INI
[2009.05.10 18:18:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MPDLL.DLL
[2009.05.10 18:18:04 | 000,000,085 | ---- | C] () -- C:\Windows\megapfad.ini
[2009.04.20 04:07:40 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.04.20 01:18:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.04.07 01:40:00 | 000,000,127 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Roaming\default.rss
[2009.04.05 11:09:34 | 000,163,840 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.04 21:45:00 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.04.03 22:49:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.15 08:55:26 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.10.15 08:55:26 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.10.15 08:55:26 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008.10.14 23:19:42 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.10.14 23:19:42 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.10.14 23:19:42 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.10.14 23:19:42 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.05.26 10:41:20 | 000,685,712 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.05.26 10:41:20 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.05.26 10:41:20 | 000,149,980 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.05.26 10:41:20 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.05.26 01:06:07 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.05.26 01:02:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.05.26 01:02:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.05.14 10:29:02 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.05.14 10:29:02 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.05.14 10:29:01 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 002,306,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,642,704 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,121,592 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2009.04.25 19:39:46 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Ashampoo
[2009.06.03 12:52:53 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Buhl Data Service GmbH
[2009.04.20 01:08:17 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DAEMON Tools
[2009.04.20 01:08:40 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DAEMON Tools Lite
[2009.04.20 01:08:17 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DAEMON Tools Pro
[2010.10.16 20:35:59 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.04.04 16:26:42 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\eSobi
[2011.04.25 12:36:53 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\ICQ
[2009.04.20 04:07:47 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\InterVideo
[2011.03.31 18:05:13 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Karteikartentrainer
[2009.10.14 19:53:49 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\LG Electronics
[2009.04.17 01:04:13 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Mp3tag
[2010.08.16 19:39:58 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\RouterControl
[2009.07.01 13:26:14 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\soul.im
[2010.10.18 19:19:33 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\TeamViewer
[2010.03.15 21:22:34 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Vodafone
[2011.03.31 19:49:13 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\WindSolutions
[2011.05.06 15:30:21 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.05.07 21:24:31 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CABC6CDF-19C7-4765-9CEB-B0201A34F566}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.05.04 23:10:05 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.04.03 21:38:11 | 000,000,000 | ---D | M] -- C:\Acer
[2008.10.15 09:07:07 | 000,000,000 | ---D | M] -- C:\Book
[2011.04.25 15:56:19 | 000,000,000 | ---D | M] -- C:\Boot
[2011.05.04 23:13:51 | 000,000,000 | ---D | M] -- C:\ComboFix
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.04.03 21:33:10 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.04.29 20:36:02 | 000,000,000 | ---D | M] -- C:\Downloads
[2009.11.21 15:31:13 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2009.04.03 21:40:46 | 000,000,000 | ---D | M] -- C:\Elements
[2008.05.14 09:39:56 | 000,000,000 | ---D | M] -- C:\Intel
[2009.11.07 12:25:12 | 000,000,000 | ---D | M] -- C:\LG3G
[2010.04.13 22:55:26 | 000,000,000 | R--D | M] -- C:\MSOCache
[2008.01.21 04:43:50 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.05.07 12:44:40 | 000,000,000 | R--D | M] -- C:\Programme
[2011.05.04 23:42:56 | 000,000,000 | ---D | M] -- C:\ProgramData
[2009.04.03 21:33:10 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.05.04 23:13:49 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.05.08 11:40:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.10.25 19:10:39 | 000,000,000 | ---D | M] -- C:\test
[2009.04.03 21:36:48 | 000,000,000 | R--D | M] -- C:\Users
[2010.02.13 22:43:51 | 000,000,000 | ---D | M] -- C:\WESTWOOD
[2011.05.04 23:54:31 | 000,000,000 | ---D | M] -- C:\Windows
[2011.04.27 19:55:55 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %PROGRAMFILES%\*. >
[2009.04.03 21:39:32 | 000,000,000 | ---D | M] -- C:\Programme\Acer
[2008.10.14 23:32:22 | 000,000,000 | ---D | M] -- C:\Programme\Acer Inc
[2008.10.14 23:33:08 | 000,000,000 | ---D | M] -- C:\Programme\Acer Incorporated
[2008.05.26 00:59:52 | 000,000,000 | ---D | M] -- C:\Programme\Activation Assistant for the 2007 Microsoft Office suites
[2011.03.14 18:49:08 | 000,000,000 | ---D | M] -- C:\Programme\Adobe
[2008.10.14 23:22:47 | 000,000,000 | ---D | M] -- C:\Programme\Apoint2K
[2009.04.21 07:05:53 | 000,000,000 | ---D | M] -- C:\Programme\Apple Software Update
[2009.04.25 19:30:04 | 000,000,000 | ---D | M] -- C:\Programme\Ashampoo
[2011.05.04 23:34:00 | 000,000,000 | ---D | M] -- C:\Programme\Avira
[2010.11.08 01:15:41 | 000,000,000 | ---D | M] -- C:\Programme\AviSynth 2.5
[2008.05.14 09:42:55 | 000,000,000 | ---D | M] -- C:\Programme\Broadcom
[2011.02.02 18:52:13 | 000,000,000 | ---D | M] -- C:\Programme\Buchungssatzpauker-B IKR 2.50 (Shareware)
[2010.01.27 19:00:29 | 000,000,000 | ---D | M] -- C:\Programme\Canon
[2010.01.27 18:53:56 | 000,000,000 | -H-D | M] -- C:\Programme\CanonBJ
[2011.05.06 18:25:41 | 000,000,000 | ---D | M] -- C:\Programme\Common Files
[2008.10.14 23:14:02 | 000,000,000 | ---D | M] -- C:\Programme\CONEXANT
[2008.10.14 23:25:17 | 000,000,000 | ---D | M] -- C:\Programme\COREL
[2009.04.20 01:07:14 | 000,000,000 | ---D | M] -- C:\Programme\DAEMON Tools Lite
[2009.04.20 00:59:10 | 000,000,000 | ---D | M] -- C:\Programme\DAEMON Tools Pro
[2009.05.11 08:46:54 | 000,000,000 | ---D | M] -- C:\Programme\DAMN NFO Viewer
[2011.04.22 20:58:31 | 000,000,000 | ---D | M] -- C:\Programme\DivX
[2011.05.02 11:20:33 | 000,000,000 | ---D | M] -- C:\Programme\DVDVideoSoft
[2010.02.20 16:57:38 | 000,000,000 | ---D | M] -- C:\Programme\EA Games
[2011.04.27 19:36:56 | 000,000,000 | ---D | M] -- C:\Programme\ERUNT
[2011.05.07 12:44:40 | 000,000,000 | ---D | M] -- C:\Programme\ESET
[2009.04.04 16:34:27 | 000,000,000 | ---D | M] -- C:\Programme\eSobi
[2009.04.03 21:33:10 | 000,000,000 | -HSD | M] -- C:\Programme\Gemeinsame Dateien
[2010.03.17 00:25:34 | 000,000,000 | ---D | M] -- C:\Programme\Hornet Demo
[2011.05.02 11:09:57 | 000,000,000 | ---D | M] -- C:\Programme\ICQ Away Reader
[2011.04.15 21:12:28 | 000,000,000 | ---D | M] -- C:\Programme\ICQ7.2
[2011.05.02 14:28:26 | 000,000,000 | -H-D | M] -- C:\Programme\InstallShield Installation Information
[2008.05.14 09:40:01 | 000,000,000 | ---D | M] -- C:\Programme\Intel
[2011.04.25 15:48:34 | 000,000,000 | ---D | M] -- C:\Programme\Internet Explorer
[2008.10.14 23:28:16 | 000,000,000 | ---D | M] -- C:\Programme\InterVideo
[2011.05.06 18:24:36 | 000,000,000 | ---D | M] -- C:\Programme\Java
[2011.04.12 21:23:40 | 000,000,000 | ---D | M] -- C:\Programme\JDownloader
[2008.10.14 23:24:52 | 000,000,000 | ---D | M] -- C:\Programme\Launch Manager
[2011.05.04 21:52:50 | 000,000,000 | ---D | M] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.01.31 15:42:51 | 000,000,000 | ---D | M] -- C:\Programme\Maxis
[2009.09.17 21:38:02 | 000,000,000 | ---D | M] -- C:\Programme\MegaCAD_3D_2007
[2009.11.28 10:45:05 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft
[2006.11.02 14:35:51 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Games
[2010.04.13 23:06:24 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Office
[2010.01.05 00:56:17 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Small Business
[2011.03.25 19:38:40 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft SQL Server
[2011.01.26 18:13:58 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft.NET
[2011.04.25 15:48:35 | 000,000,000 | ---D | M] -- C:\Programme\Movie Maker
[2011.05.06 18:38:29 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox
[2009.11.29 14:37:52 | 000,000,000 | ---D | M] -- C:\Programme\Mp3tag
[2006.11.02 14:35:51 | 000,000,000 | ---D | M] -- C:\Programme\MSBuild
[2009.04.03 22:07:34 | 000,000,000 | ---D | M] -- C:\Programme\MSXML 4.0
[2011.05.02 11:15:30 | 000,000,000 | ---D | M] -- C:\Programme\NewTech Infosystems
[2008.10.14 23:20:49 | 000,000,000 | ---D | M] -- C:\Programme\O2Micro Flash Memory Card Driver
[2011.04.01 17:45:47 | 000,000,000 | ---D | M] -- C:\Programme\PokerStars.NET
[2009.10.17 17:01:31 | 000,000,000 | ---D | M] -- C:\Programme\ProtectDisc Driver Installer
[2009.12.13 14:41:13 | 000,000,000 | ---D | M] -- C:\Programme\QS
[2011.05.02 11:13:59 | 000,000,000 | ---D | M] -- C:\Programme\QuickTime
[2008.10.14 23:19:39 | 000,000,000 | ---D | M] -- C:\Programme\Realtek
[2006.11.02 14:35:51 | 000,000,000 | ---D | M] -- C:\Programme\Reference Assemblies
[2010.11.03 15:52:17 | 000,000,000 | ---D | M] -- C:\Programme\RouterControl
[2009.05.03 11:52:37 | 000,000,000 | ---D | M] -- C:\Programme\SCWA-Software
[2010.02.24 18:08:04 | 000,000,000 | R--D | M] -- C:\Programme\Skype
[2011.05.01 22:57:49 | 000,000,000 | ---D | M] -- C:\Programme\Spybot - Search & Destroy
[2011.02.12 16:27:01 | 000,000,000 | ---D | M] -- C:\Programme\TeamViewer
[2006.11.02 14:58:18 | 000,000,000 | -H-D | M] -- C:\Programme\Uninstall Information
[2009.04.07 01:43:34 | 000,000,000 | ---D | M] -- C:\Programme\VideoLAN
[2010.02.24 18:02:58 | 000,000,000 | ---D | M] -- C:\Programme\Warcraft III
[2011.04.25 15:48:35 | 000,000,000 | ---D | M] -- C:\Programme\Windows Calendar
[2011.04.25 15:48:34 | 000,000,000 | ---D | M] -- C:\Programme\Windows Collaboration
[2011.04.25 15:48:31 | 000,000,000 | ---D | M] -- C:\Programme\Windows Defender
[2009.05.05 17:07:55 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live
[2009.05.05 17:07:26 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live SkyDrive
[2011.04.25 15:48:35 | 000,000,000 | ---D | M] -- C:\Programme\Windows Mail
[2011.04.25 15:48:34 | 000,000,000 | ---D | M] -- C:\Programme\Windows Media Player
[2009.04.03 21:33:10 | 000,000,000 | ---D | M] -- C:\Programme\Windows NT
[2011.04.25 15:48:34 | 000,000,000 | ---D | M] -- C:\Programme\Windows Photo Gallery
[2011.05.04 18:14:58 | 000,000,000 | ---D | M] -- C:\Programme\Windows Portable Devices
[2011.04.25 15:48:34 | 000,000,000 | ---D | M] -- C:\Programme\Windows Sidebar
[2009.11.14 18:57:26 | 000,000,000 | ---D | M] -- C:\Programme\winklers
[2009.04.04 20:14:03 | 000,000,000 | ---D | M] -- C:\Programme\WinRAR
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:34:42 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\ERDNT\cache\regedit.exe
[2008.01.21 04:34:42 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:34:42 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-06 13:29:51
 
<          >

< End of report >

--- --- ---

xRaptoRxGG 08.05.2011 11:33

OTL Logfile:
Code:

OTL logfile created on: 08.05.2011 11:38:37 - Run 8
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Gökhan Gürel\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
952,00 Mb Total Physical Memory | 381,00 Mb Available Physical Memory | 40,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 54,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 12,18 Gb Free Space | 17,49% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 7,79 Gb Free Space | 11,19% Space Free | Partition Type: NTFS
 
Computer Name: GÖKHANGÜREL-PC | User Name: Gökhan Gürel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\GKHANG~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Users\Gökhan Gürel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\RouterControl\RouterControl.exe (Mirko Böer)
PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\Programme\Common Files\Megatech\MProtect\MPServ.exe ()
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Gökhan Gürel\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (o2flash) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (Megatech-Software-Protection) -- C:\Programme\Common Files\Megatech\MProtect\MPServ.exe ()
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH)
DRV - (TpChoice) -- C:\Windows\System32\drivers\TpChoice.sys (Alps Electric Co., Ltd.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "spiegel-online.de"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.22 20:58:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.22 20:58:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.03 16:00:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.03 16:00:20 | 000,000,000 | ---D | M]
 
[2009.04.07 01:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Extensions
[2011.05.07 12:33:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions
[2010.08.31 18:29:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.16 20:36:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.07 12:33:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.05.06 18:25:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.04.22 20:58:25 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.04.22 20:58:26 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2009.06.23 19:38:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2011.05.06 18:25:00 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\GöKHAN GüREL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9E1JLB.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\USERS\GöKHAN GüREL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9E1JLB.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
[2011.05.06 18:24:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.08 08:07:41 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.08 08:07:41 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.08 08:07:41 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.08 08:07:41 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.08 08:07:41 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.04 23:03:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [RouterControl] C:\Programme\RouterControl\RouterControl.exe (Mirko Böer)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gökhan Gürel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {17052482-DBDC-7730-7743-E53C20E965EB} - Browser Customizations
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {74A68C95-2811-BD6E-B680-24DD4A461C21} - Java (Sun)
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.07 12:44:40 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.05.06 18:25:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2011.05.06 18:24:36 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2011.05.05 17:49:24 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Fast and Furious 5 - Rio Heist
[2011.05.05 17:38:40 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\faf
[2011.05.05 17:38:24 | 000,124,416 | ---- | C] (SFT Loader und SFT Encrypter) -- C:\Users\Gökhan Gürel\Desktop\dsconn.dll
[2011.05.04 23:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.05.04 23:34:05 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.05.04 23:34:04 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.05.04 23:34:04 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.05.04 23:34:00 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.05.04 23:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.05.04 23:13:47 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\temp
[2011.05.04 23:10:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.05.04 23:01:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.05.04 22:44:47 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.05.04 22:44:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.05.04 21:52:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.04 21:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.04 21:52:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.04 21:52:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.04 21:52:01 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Gökhan Gürel\Desktop\mbam-setup.exe
[2011.05.04 18:39:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.05.04 18:39:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.05.04 18:39:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.05.04 18:37:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.05.04 18:14:58 | 000,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices
[2011.05.03 20:57:03 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Gökhan Gürel\Desktop\tdsskiller.exe
[2011.05.01 23:02:32 | 000,575,488 | ---- | C] (AVAST Software) -- C:\Users\Gökhan Gürel\Desktop\aswMBR.exe
[2011.04.28 19:17:14 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.04.28 15:09:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2011.04.27 19:55:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.04.27 18:59:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\OTL.exe
[2011.04.27 18:59:49 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\TFC.exe
[2011.04.27 18:59:48 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\Gökhan Gürel\Desktop\Erunt-setup.exe
[2011.04.26 23:43:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.26 23:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.04.26 23:41:50 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.04.25 16:30:38 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\Sunbelt Software
[2011.04.25 16:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011.04.25 15:47:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011.04.25 15:47:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011.04.25 15:47:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011.04.25 14:41:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.04.25 12:43:53 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011.04.25 12:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.04.25 12:40:35 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Users\Gökhan Gürel\Desktop\spybotsd162.exe
[2011.04.23 19:04:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.04.23 18:43:33 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\Malwarebytes
[2011.04.23 18:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.23 17:42:00 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\VA_-_Kontor_House_Of_House_Vol.10-3CD-2010-MOD
[2011.04.23 17:41:50 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Chris_Brown-Yeah_3x_(Clean_Version)-WEB-2011-RECA
[2011.04.23 17:07:13 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Usher--More-Promo_CDS-2010-WUS
[2011.04.22 21:18:09 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\DDMSettings
[2011.04.22 20:57:27 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine
[2011.04.22 20:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011.04.22 20:56:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared
[2011.04.22 20:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011.04.20 12:50:05 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\DJ Antoine - WOW (320)
[2011.04.20 08:40:45 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Lernzettel
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2008.10.15 09:06:59 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.08 11:36:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.08 11:36:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.07 21:24:31 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CABC6CDF-19C7-4765-9CEB-B0201A34F566}.job
[2011.05.06 15:36:03 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.05.06 15:35:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.05 17:47:31 | 000,000,937 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\config.dat
[2011.05.05 17:38:26 | 000,124,416 | ---- | M] (SFT Loader und SFT Encrypter) -- C:\Users\Gökhan Gürel\Desktop\dsconn.dll
[2011.05.05 17:37:55 | 000,001,284 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\faf.sft
[2011.05.04 23:42:56 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011.05.04 23:03:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.05.04 22:41:47 | 004,337,362 | R--- | M] () -- C:\Users\Gökhan Gürel\Desktop\ComboFix.exe
[2011.05.04 21:52:50 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.04 21:52:16 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Gökhan Gürel\Desktop\mbam-setup.exe
[2011.05.04 18:24:16 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.04 18:24:16 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.04 18:24:16 | 000,149,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.04 18:24:16 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.04 18:14:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.05.04 18:13:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011.05.03 20:57:13 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Gökhan Gürel\Desktop\tdsskiller.exe
[2011.05.03 13:08:26 | 000,000,512 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\MBR.dat
[2011.05.02 11:51:19 | 000,058,961 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\logfile ende.jpg
[2011.05.02 11:31:07 | 000,014,249 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\OTL.rar
[2011.05.02 10:34:19 | 000,163,840 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.01 23:02:46 | 000,575,488 | ---- | M] (AVAST Software) -- C:\Users\Gökhan Gürel\Desktop\aswMBR.exe
[2011.05.01 22:00:19 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011.05.01 22:00:19 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011.04.29 18:31:48 | 000,109,566 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\screen.jpg
[2011.04.28 19:17:09 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.04.27 22:21:04 | 000,301,568 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\35xnhg1c.exe
[2011.04.27 21:53:52 | 002,052,388 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Foto.JPG
[2011.04.27 21:41:23 | 000,000,020 | ---- | M] () -- C:\Users\Gökhan Gürel\defogger_reenable
[2011.04.27 21:37:18 | 000,050,477 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Defogger.exe
[2011.04.27 19:36:29 | 000,000,737 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\NTREGOPT.lnk
[2011.04.27 19:36:29 | 000,000,718 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\ERUNT.lnk
[2011.04.27 19:00:03 | 000,301,568 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\g2m3e4r.exe
[2011.04.27 19:00:01 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\Gökhan Gürel\Desktop\Erunt-setup.exe
[2011.04.27 19:00:00 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\TFC.exe
[2011.04.27 18:59:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\OTL.exe
[2011.04.26 22:49:36 | 000,377,260 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Load.exe
[2011.04.25 15:52:17 | 002,306,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.25 12:41:26 | 016,409,960 | ---- | M] (Safer Networking Limited                                    ) -- C:\Users\Gökhan Gürel\Desktop\spybotsd162.exe
[2011.04.23 18:38:39 | 001,006,778 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\iExplore.exe
[2011.04.23 18:38:18 | 001,006,778 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\rkill.com
[2011.04.20 18:01:16 | 000,000,680 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\d3d9caps.dat
[2011.04.16 14:25:34 | 005,148,967 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Sergey_Romanov_aka_Elektro_Violine_-_Qadro_Electro....mp3
 
========== Files Created - No Company Name ==========
 
[2011.05.05 17:38:26 | 000,000,937 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\config.dat
[2011.05.05 17:37:44 | 000,001,284 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\faf.sft
[2011.05.04 22:41:25 | 004,337,362 | R--- | C] () -- C:\Users\Gökhan Gürel\Desktop\ComboFix.exe
[2011.05.04 21:52:50 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.04 18:39:41 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.05.04 18:39:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.05.04 18:39:41 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.05.04 18:39:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.05.04 18:39:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.05.04 18:14:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.05.04 18:13:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011.05.02 11:51:19 | 000,058,961 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\logfile ende.jpg
[2011.05.02 11:31:17 | 000,014,249 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\OTL.rar
[2011.05.01 23:06:26 | 000,000,512 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\MBR.dat
[2011.04.29 18:31:47 | 000,109,566 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\screen.jpg
[2011.04.28 19:17:59 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.04.28 19:17:59 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.04.27 22:20:43 | 000,301,568 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\35xnhg1c.exe
[2011.04.27 21:53:37 | 002,052,388 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Foto.JPG
[2011.04.27 21:40:59 | 000,000,020 | ---- | C] () -- C:\Users\Gökhan Gürel\defogger_reenable
[2011.04.27 21:37:05 | 000,050,477 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Defogger.exe
[2011.04.27 18:59:49 | 000,301,568 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\g2m3e4r.exe
[2011.04.26 23:41:52 | 000,000,737 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\NTREGOPT.lnk
[2011.04.26 23:41:52 | 000,000,718 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\ERUNT.lnk
[2011.04.26 22:48:31 | 000,377,260 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Load.exe
[2011.04.23 18:38:36 | 001,006,778 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\iExplore.exe
[2011.04.23 18:07:42 | 001,006,778 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\rkill.com
[2011.04.16 14:24:30 | 005,148,967 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Sergey_Romanov_aka_Elektro_Violine_-_Qadro_Electro....mp3
[2010.11.07 13:21:18 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.02.20 17:07:10 | 000,000,619 | ---- | C] () -- C:\Windows\eReg.dat
[2010.02.13 21:54:44 | 000,003,084 | ---- | C] () -- C:\Windows\wininit.ini
[2010.02.13 21:54:14 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2010.01.27 21:38:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.17 19:25:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 19:25:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.07.12 10:50:14 | 000,000,680 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Local\d3d9caps.dat
[2009.06.22 13:15:34 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.06.15 21:03:30 | 000,000,067 | ---- | C] () -- C:\Windows\AVIConverter.INI
[2009.05.10 18:18:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MPDLL.DLL
[2009.05.10 18:18:04 | 000,000,085 | ---- | C] () -- C:\Windows\megapfad.ini
[2009.04.20 04:07:40 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.04.20 01:18:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.04.07 01:40:00 | 000,000,127 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Roaming\default.rss
[2009.04.05 11:09:34 | 000,163,840 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.04 21:45:00 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.04.03 22:49:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.15 08:55:26 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.10.15 08:55:26 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.10.15 08:55:26 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008.10.14 23:19:42 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.10.14 23:19:42 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.10.14 23:19:42 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.10.14 23:19:42 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.05.26 10:41:20 | 000,685,712 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.05.26 10:41:20 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.05.26 10:41:20 | 000,149,980 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.05.26 10:41:20 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.05.26 01:06:07 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.05.26 01:02:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.05.26 01:02:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.05.14 10:29:02 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.05.14 10:29:02 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.05.14 10:29:01 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 002,306,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,642,704 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,121,592 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2009.04.25 19:39:46 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Ashampoo
[2009.06.03 12:52:53 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Buhl Data Service GmbH
[2009.04.20 01:08:17 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DAEMON Tools
[2009.04.20 01:08:40 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DAEMON Tools Lite
[2009.04.20 01:08:17 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DAEMON Tools Pro
[2010.10.16 20:35:59 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.04.04 16:26:42 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\eSobi
[2011.04.25 12:36:53 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\ICQ
[2009.04.20 04:07:47 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\InterVideo
[2011.03.31 18:05:13 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Karteikartentrainer
[2009.10.14 19:53:49 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\LG Electronics
[2009.04.17 01:04:13 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Mp3tag
[2010.08.16 19:39:58 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\RouterControl
[2009.07.01 13:26:14 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\soul.im
[2010.10.18 19:19:33 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\TeamViewer
[2010.03.15 21:22:34 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Vodafone
[2011.03.31 19:49:13 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\WindSolutions
[2011.05.06 15:30:21 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.05.07 21:24:31 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CABC6CDF-19C7-4765-9CEB-B0201A34F566}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.05.04 23:10:05 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.04.03 21:38:11 | 000,000,000 | ---D | M] -- C:\Acer
[2008.10.15 09:07:07 | 000,000,000 | ---D | M] -- C:\Book
[2011.04.25 15:56:19 | 000,000,000 | ---D | M] -- C:\Boot
[2011.05.04 23:13:51 | 000,000,000 | ---D | M] -- C:\ComboFix
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.04.03 21:33:10 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.04.29 20:36:02 | 000,000,000 | ---D | M] -- C:\Downloads
[2009.11.21 15:31:13 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2009.04.03 21:40:46 | 000,000,000 | ---D | M] -- C:\Elements
[2008.05.14 09:39:56 | 000,000,000 | ---D | M] -- C:\Intel
[2009.11.07 12:25:12 | 000,000,000 | ---D | M] -- C:\LG3G
[2010.04.13 22:55:26 | 000,000,000 | R--D | M] -- C:\MSOCache
[2008.01.21 04:43:50 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.05.07 12:44:40 | 000,000,000 | R--D | M] -- C:\Programme
[2011.05.04 23:42:56 | 000,000,000 | ---D | M] -- C:\ProgramData
[2009.04.03 21:33:10 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.05.04 23:13:49 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.05.08 11:40:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.10.25 19:10:39 | 000,000,000 | ---D | M] -- C:\test
[2009.04.03 21:36:48 | 000,000,000 | R--D | M] -- C:\Users
[2010.02.13 22:43:51 | 000,000,000 | ---D | M] -- C:\WESTWOOD
[2011.05.04 23:54:31 | 000,000,000 | ---D | M] -- C:\Windows
[2011.04.27 19:55:55 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %PROGRAMFILES%\*. >
[2009.04.03 21:39:32 | 000,000,000 | ---D | M] -- C:\Programme\Acer
[2008.10.14 23:32:22 | 000,000,000 | ---D | M] -- C:\Programme\Acer Inc
[2008.10.14 23:33:08 | 000,000,000 | ---D | M] -- C:\Programme\Acer Incorporated
[2008.05.26 00:59:52 | 000,000,000 | ---D | M] -- C:\Programme\Activation Assistant for the 2007 Microsoft Office suites
[2011.03.14 18:49:08 | 000,000,000 | ---D | M] -- C:\Programme\Adobe
[2008.10.14 23:22:47 | 000,000,000 | ---D | M] -- C:\Programme\Apoint2K
[2009.04.21 07:05:53 | 000,000,000 | ---D | M] -- C:\Programme\Apple Software Update
[2009.04.25 19:30:04 | 000,000,000 | ---D | M] -- C:\Programme\Ashampoo
[2011.05.04 23:34:00 | 000,000,000 | ---D | M] -- C:\Programme\Avira
[2010.11.08 01:15:41 | 000,000,000 | ---D | M] -- C:\Programme\AviSynth 2.5
[2008.05.14 09:42:55 | 000,000,000 | ---D | M] -- C:\Programme\Broadcom
[2011.02.02 18:52:13 | 000,000,000 | ---D | M] -- C:\Programme\Buchungssatzpauker-B IKR 2.50 (Shareware)
[2010.01.27 19:00:29 | 000,000,000 | ---D | M] -- C:\Programme\Canon
[2010.01.27 18:53:56 | 000,000,000 | -H-D | M] -- C:\Programme\CanonBJ
[2011.05.06 18:25:41 | 000,000,000 | ---D | M] -- C:\Programme\Common Files
[2008.10.14 23:14:02 | 000,000,000 | ---D | M] -- C:\Programme\CONEXANT
[2008.10.14 23:25:17 | 000,000,000 | ---D | M] -- C:\Programme\COREL
[2009.04.20 01:07:14 | 000,000,000 | ---D | M] -- C:\Programme\DAEMON Tools Lite
[2009.04.20 00:59:10 | 000,000,000 | ---D | M] -- C:\Programme\DAEMON Tools Pro
[2009.05.11 08:46:54 | 000,000,000 | ---D | M] -- C:\Programme\DAMN NFO Viewer
[2011.04.22 20:58:31 | 000,000,000 | ---D | M] -- C:\Programme\DivX
[2011.05.02 11:20:33 | 000,000,000 | ---D | M] -- C:\Programme\DVDVideoSoft
[2010.02.20 16:57:38 | 000,000,000 | ---D | M] -- C:\Programme\EA Games
[2011.04.27 19:36:56 | 000,000,000 | ---D | M] -- C:\Programme\ERUNT
[2011.05.07 12:44:40 | 000,000,000 | ---D | M] -- C:\Programme\ESET
[2009.04.04 16:34:27 | 000,000,000 | ---D | M] -- C:\Programme\eSobi
[2009.04.03 21:33:10 | 000,000,000 | -HSD | M] -- C:\Programme\Gemeinsame Dateien
[2010.03.17 00:25:34 | 000,000,000 | ---D | M] -- C:\Programme\Hornet Demo
[2011.05.02 11:09:57 | 000,000,000 | ---D | M] -- C:\Programme\ICQ Away Reader
[2011.04.15 21:12:28 | 000,000,000 | ---D | M] -- C:\Programme\ICQ7.2
[2011.05.02 14:28:26 | 000,000,000 | -H-D | M] -- C:\Programme\InstallShield Installation Information
[2008.05.14 09:40:01 | 000,000,000 | ---D | M] -- C:\Programme\Intel
[2011.04.25 15:48:34 | 000,000,000 | ---D | M] -- C:\Programme\Internet Explorer
[2008.10.14 23:28:16 | 000,000,000 | ---D | M] -- C:\Programme\InterVideo
[2011.05.06 18:24:36 | 000,000,000 | ---D | M] -- C:\Programme\Java
[2011.04.12 21:23:40 | 000,000,000 | ---D | M] -- C:\Programme\JDownloader
[2008.10.14 23:24:52 | 000,000,000 | ---D | M] -- C:\Programme\Launch Manager
[2011.05.04 21:52:50 | 000,000,000 | ---D | M] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.01.31 15:42:51 | 000,000,000 | ---D | M] -- C:\Programme\Maxis
[2009.09.17 21:38:02 | 000,000,000 | ---D | M] -- C:\Programme\MegaCAD_3D_2007
[2009.11.28 10:45:05 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft
[2006.11.02 14:35:51 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Games
[2010.04.13 23:06:24 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Office
[2010.01.05 00:56:17 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Small Business
[2011.03.25 19:38:40 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft SQL Server
[2011.01.26 18:13:58 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft.NET
[2011.04.25 15:48:35 | 000,000,000 | ---D | M] -- C:\Programme\Movie Maker
[2011.05.06 18:38:29 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox
[2009.11.29 14:37:52 | 000,000,000 | ---D | M] -- C:\Programme\Mp3tag
[2006.11.02 14:35:51 | 000,000,000 | ---D | M] -- C:\Programme\MSBuild
[2009.04.03 22:07:34 | 000,000,000 | ---D | M] -- C:\Programme\MSXML 4.0
[2011.05.02 11:15:30 | 000,000,000 | ---D | M] -- C:\Programme\NewTech Infosystems
[2008.10.14 23:20:49 | 000,000,000 | ---D | M] -- C:\Programme\O2Micro Flash Memory Card Driver
[2011.04.01 17:45:47 | 000,000,000 | ---D | M] -- C:\Programme\PokerStars.NET
[2009.10.17 17:01:31 | 000,000,000 | ---D | M] -- C:\Programme\ProtectDisc Driver Installer
[2009.12.13 14:41:13 | 000,000,000 | ---D | M] -- C:\Programme\QS
[2011.05.02 11:13:59 | 000,000,000 | ---D | M] -- C:\Programme\QuickTime
[2008.10.14 23:19:39 | 000,000,000 | ---D | M] -- C:\Programme\Realtek
[2006.11.02 14:35:51 | 000,000,000 | ---D | M] -- C:\Programme\Reference Assemblies
[2010.11.03 15:52:17 | 000,000,000 | ---D | M] -- C:\Programme\RouterControl
[2009.05.03 11:52:37 | 000,000,000 | ---D | M] -- C:\Programme\SCWA-Software
[2010.02.24 18:08:04 | 000,000,000 | R--D | M] -- C:\Programme\Skype
[2011.05.01 22:57:49 | 000,000,000 | ---D | M] -- C:\Programme\Spybot - Search & Destroy
[2011.02.12 16:27:01 | 000,000,000 | ---D | M] -- C:\Programme\TeamViewer
[2006.11.02 14:58:18 | 000,000,000 | -H-D | M] -- C:\Programme\Uninstall Information
[2009.04.07 01:43:34 | 000,000,000 | ---D | M] -- C:\Programme\VideoLAN
[2010.02.24 18:02:58 | 000,000,000 | ---D | M] -- C:\Programme\Warcraft III
[2011.04.25 15:48:35 | 000,000,000 | ---D | M] -- C:\Programme\Windows Calendar
[2011.04.25 15:48:34 | 000,000,000 | ---D | M] -- C:\Programme\Windows Collaboration
[2011.04.25 15:48:31 | 000,000,000 | ---D | M] -- C:\Programme\Windows Defender
[2009.05.05 17:07:55 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live
[2009.05.05 17:07:26 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live SkyDrive
[2011.04.25 15:48:35 | 000,000,000 | ---D | M] -- C:\Programme\Windows Mail
[2011.04.25 15:48:34 | 000,000,000 | ---D | M] -- C:\Programme\Windows Media Player
[2009.04.03 21:33:10 | 000,000,000 | ---D | M] -- C:\Programme\Windows NT
[2011.04.25 15:48:34 | 000,000,000 | ---D | M] -- C:\Programme\Windows Photo Gallery
[2011.05.04 18:14:58 | 000,000,000 | ---D | M] -- C:\Programme\Windows Portable Devices
[2011.04.25 15:48:34 | 000,000,000 | ---D | M] -- C:\Programme\Windows Sidebar
[2009.11.14 18:57:26 | 000,000,000 | ---D | M] -- C:\Programme\winklers
[2009.04.04 20:14:03 | 000,000,000 | ---D | M] -- C:\Programme\WinRAR
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:34:42 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\ERDNT\cache\regedit.exe
[2008.01.21 04:34:42 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:34:42 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-06 13:29:51
 
<          >

< End of report >

--- --- ---

xRaptoRxGG 08.05.2011 11:47

Ich habe nix installiert. Nur die Programme die ich von dir aus installieren sollte.

M-K-D-B 08.05.2011 12:39

Hallo xRaptoRxGG,


poste mir bitte noch das Logfile von SecurityCheck. Vielen Dank. :)


Sollte dann alles passen, dann kommt meine Abschlussantwort.

xRaptoRxGG 08.05.2011 21:02

Results of screen317's Security Check version 0.99.10
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 25
Out of date Java installed!
Adobe Flash Player 10.2.152.32
Adobe Reader X (10.0.1) - Deutsch
Mozilla Firefox (3.6.17) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
``````````End of Log````````````

M-K-D-B 08.05.2011 21:13

Hallo xRaptoRxGG,





Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Dein Rechner ist sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.





Schritt # 1: Java Cache leeren
  • Folge dem Pfad: Start > Systemsteuerung > Programme > Java
  • Unter dem Tab Allgemein wähle unten Einstellungen
  • Klicke auf Dateien löschen und bestätige mit Ok.
  • Schließe Java.




Schritt # 2: ComboFix deinstallieren
Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:

Combofix /Uninstall
http://larusso.trojaner-board.de/Images/CFuninstall.jpg

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.





Schritt # 3: Systembereinigung mit OTL
Als nächstes müssen wir alle Programme, die zur Malwarebeseitigung notwendig waren, entfernen:
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Button Bereinigung.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.




Schritt # 4: Programme deinstallieren/löschen
  • Deinstalliere als nächstes bitte folgende Programme über die Systemsteuerung:
    • ERUNT
    • ESET Online Scanner
  • Führe gegebenenfalls einen Neustart deines Rechners durch.
  • Deinstalliere/Lösche gegebenenfalls weitere Dateien und Programme, die wir verwendet haben, manuell, falls sie noch nicht von deinem Rechner entfernt wurden.




Schritt # 5: Systemwiederherstellungspunkte löschen
Es ist nicht auszuschließen, dass durch die Malware auch Wiederherstellungspunkte infiziert sind. Dieses Problem behebst du wie folgt:
  • Windows + R Taste drücken --> cleanmgr ( eingeben ) --> OK
  • Wähle nun deine Systemplatte ( normal C: ).
  • Klicke auf Systemdateien bereinigen --> erneut die Systemplatte wählen --> Reiter Weitere Optionen
  • Klicke auf Systemwiederherstellung und Schattenkopien bereinigen.
  • Klicke auf Löschen und warte, bis der Vorgang abgeschlossen ist.
  • Schließe die Fenster.




Schritt # 6: Windows Update aktivieren
Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.
  • Windows + R Taste drücken.
  • Kopiere nun folgenden Text in die Kommandozeile:
    Code:

    RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl
  • Klicke auf Ok.
  • Stelle sicher, dass die automatischen Updates aktiviert sind.
  • Downloade und installiere gegebenenfalls alle verfügbaren Updates.
  • Vergewissere dich insbesondere, dass du den Internet Explorer 9 installierst. Du kannst diesen auch von hier auf deinen Desktop laden und installieren.




Schritt # 7: Schutz vor weiteren Infektionen
Damit du in Zukunft vor ähnlichen Infektionen geschützt bist, empfehle ich dir noch ein paar nützliche Programme inklusive ein paar Tipps.
  • Vergewissere dich, dass dein Virenscanner stets aktuell ist und regelmäßig Updates erhält.
  • Daneben empfehle ich dir die Verwendung eines der folgenden Anti-Malware tools:
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Eine Einführung findest du hier
  • Öffne keine E-Mails oder deren Anhänge, wenn du den Absender nicht kennst!
  • Verwende keine Filesharing Programme, da damit sehr oft Malware übertragen wird!
  • Verwende keine Keygens, Cracks, Cheats, etc.!
  • Halte ALLE deine Programme aktuell, z. B. mit dem Online Secunia Inspector!




Schritt # 8: Passwörter ändern
  • Du warst mit einem Trojaner infiziert, der Passwörter ausspäht.
  • Darum bitte ich dich, alle deine Passwörter (E-Mail, Ebay, Amazon, Online Banking, Facebook, etc.) zu ändern.




Schritt # 9: Deine Rückmeldung
Bitte gib mir kurz Bescheid, wenn alles erledigt ist und du keine Fragen mehr hast, damit ich das Thema aus meinen Abos löschen kann.

M-K-D-B 10.05.2011 20:54

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:21 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55