Anti Malware Doctor endgültig entfernen

xRaptoRxGG · 04.05.2011, 17:32

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\4E3E0230AEBB4E96 deleted successfully.
Folder C:\ProgramData\{EBDD7DE0-D012-47DF-859B-DB1061E2D512}\ not found.
C:\Users\Gökhan Gürel\AppData\Roaming\Ucsohi folder moved successfully.
C:\Users\Gökhan Gürel\AppData\Roaming\Obliw folder moved successfully.
C:\Recycle.Bin folder moved successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gökhan Gürel
->Temp folder emptied: 1048825 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 154169481 bytes
->Flash cache emptied: 1605 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1614928 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 150,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05042011_182725

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP000000110A85A4591F7FB083 not found!

Registry entries deleted on Reboot...

xRaptoRxGG · 04.05.2011, 18:22

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-05-03.08 - Gökhan Gürel 04.05.2011  18:55:49.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.952.213 [GMT 2:00]
ausgeführt von:: c:\users\Gökhan Gürel\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gökhan Gürel\AppData\Roaming\Adobe\plugs
c:\users\Gökhan Gürel\AppData\Roaming\Adobe\shed
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-04 bis 2011-05-04  ))))))))))))))))))))))))))))))
.
.
2011-05-04 17:11 . 2011-05-04 17:11	--------	d-----w-	c:\users\Gökhan Gürel\AppData\Local\temp
2011-05-04 17:11 . 2011-05-04 17:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-04 16:14 . 2011-05-04 16:14	--------	d-----w-	c:\program files\Windows Portable Devices
2011-05-04 16:11 . 2009-09-10 02:00	1164800	----a-w-	c:\windows\system32\UIRibbonRes.dll
2011-05-04 16:11 . 2009-09-10 02:00	92672	----a-w-	c:\windows\system32\UIAnimation.dll
2011-05-04 16:11 . 2009-09-10 02:01	3023360	----a-w-	c:\windows\system32\UIRibbon.dll
2011-05-04 16:11 . 2009-09-25 01:33	369664	----a-w-	c:\windows\system32\WMPhoto.dll
2011-05-04 16:11 . 2009-09-25 02:10	974848	----a-w-	c:\windows\system32\WindowsCodecs.dll
2011-05-04 16:11 . 2009-09-25 02:07	189440	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2011-05-04 16:11 . 2009-09-25 02:04	321024	----a-w-	c:\windows\system32\PhotoMetadataHandler.dll
2011-05-04 16:11 . 2009-09-25 01:33	195584	----a-w-	c:\windows\system32\dxdiagn.dll
2011-05-04 16:11 . 2009-09-25 01:32	252928	----a-w-	c:\windows\system32\dxdiag.exe
2011-05-04 16:11 . 2009-09-25 01:31	519680	----a-w-	c:\windows\system32\d3d11.dll
2011-05-04 16:08 . 2009-10-08 21:07	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2011-05-04 16:08 . 2009-10-08 21:08	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2011-05-04 16:08 . 2009-10-08 21:08	234496	----a-w-	c:\windows\system32\oleacc.dll
2011-05-03 10:36 . 2011-02-22 13:33	797696	----a-w-	c:\windows\system32\FntCache.dll
2011-05-03 10:34 . 2010-05-04 19:13	231424	----a-w-	c:\windows\system32\msshsq.dll
2011-05-03 10:23 . 2011-04-11 07:04	7071056	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5AF6409-4BB9-44A7-A698-2A6B3D85874D}\mpengine.dll
2011-04-28 17:17 . 2011-04-28 17:17	98392	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2011-04-28 13:09 . 2011-04-28 13:09	--------	d--h--w-	c:\programdata\CanonIJEGV
2011-04-27 17:55 . 2011-04-27 17:55	--------	d-----w-	C:\_OTL
2011-04-26 21:41 . 2011-04-27 17:36	--------	d-----w-	c:\program files\ERUNT
2011-04-25 14:30 . 2011-04-25 14:30	--------	d-----w-	c:\users\Gökhan Gürel\AppData\Local\Sunbelt Software
2011-04-25 14:28 . 2011-05-03 12:27	--------	d-----w-	c:\programdata\Lavasoft
2011-04-25 13:47 . 2011-04-25 13:48	--------	d-----w-	c:\windows\system32\ca-ES
2011-04-25 13:47 . 2011-04-25 13:48	--------	d-----w-	c:\windows\system32\eu-ES
2011-04-25 13:47 . 2011-04-25 13:48	--------	d-----w-	c:\windows\system32\vi-VN
2011-04-25 12:41 . 2011-04-25 12:41	--------	d-----w-	c:\windows\system32\EventProviders
2011-04-25 12:36 . 2011-04-25 12:36	233984	----a-w-	c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\dacaru.exe
2011-04-25 10:43 . 2011-05-01 20:57	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-04-25 10:43 . 2011-05-01 20:56	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-04-23 17:04 . 2011-04-23 17:04	--------	d-----w-	c:\windows\Sun
2011-04-23 16:43 . 2011-04-23 16:43	--------	d-----w-	c:\users\Gökhan Gürel\AppData\Roaming\Malwarebytes
2011-04-23 16:43 . 2011-04-23 16:43	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-23 15:31 . 2011-04-23 15:31	112	----a-w-	c:\users\Gökhan Gürel\AppData\Roaming\srvblck2.tmp
2011-04-22 19:18 . 2011-04-22 19:18	--------	d-----w-	c:\users\Gökhan Gürel\AppData\Local\DDMSettings
2011-04-22 18:57 . 2011-04-22 18:57	--------	d-----w-	c:\program files\Common Files\PX Storage Engine
2011-04-22 18:56 . 2011-04-22 18:57	--------	d-----w-	c:\program files\Common Files\DivX Shared
2011-04-22 18:54 . 2011-04-22 18:58	--------	d-----w-	c:\programdata\DivX
2011-04-13 15:23 . 2011-03-03 10:49	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-23 15:31 . 2011-04-23 15:31	112	----a-w-	c:\users\Gökhan Gürel\AppData\Roaming\srvblck2.tmp
2011-04-23 15:31 . 2011-04-23 15:31	112	----a-w-	c:\users\Gökhan Gürel\AppData\Roaming\srvblck2.tmp
2011-04-01 15:52 . 2008-09-17 13:29	14744	----a-w-	c:\users\Gökhan Gürel\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2011-04-01 15:52 . 2008-09-17 13:29	14744	----a-w-	c:\users\Gökhan Gürel\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2011-03-03 15:40 . 2011-05-03 10:36	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-05-03 10:36	458752	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-05-03 10:36	542720	----a-w-	c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-05-03 10:36	2159616	----a-w-	c:\windows\apppatch\AcGenral.dll
2008-12-09 15:23	47840	--sh--r-	c:\windows\System32\config\systemprofile\AppData\Roaming\appconf32.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RouterControl"="c:\progra~1\ROUTER~1\ROUTERCONTROL.EXE" [2008-11-18 3191296]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-25 159744]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 875016]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
dacaru.exe [2011-4-25 233984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Megatech-Software-Protection;Megatech-Software-Protection;c:\program files\Common Files\Megatech\MProtect\MPSERV.EXE [2007-01-10 36864]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [2007-12-26 17968]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-04-19 717296]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-01-23 501560]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-30 112128]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-04-15 51160]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-04-08 43736]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-04 c:\windows\Tasks\User_Feed_Synchronization-{CABC6CDF-19C7-4765-9CEB-B0201A34F566}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1008&m=extensa_5230
IE: Free YouTube to Mp3 Converter - c:\users\Gökhan Gürel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Gökhan Gürel\AppData\Roaming\Mozilla\Firefox\Profiles\bq9e1jlb.default\
FF - prefs.js: browser.startup.homepage - spiegel-online.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-eRecoveryService - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-04 19:11
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-05-04  19:19:15
ComboFix-quarantined-files.txt  2011-05-04 17:19
.
Vor Suchlauf: 14 Verzeichnis(se), 13.705.502.720 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 13.323.911.168 Bytes frei
.
- - End Of File - - 42C3A8233F3B783770ACC36979741092

--- --- ---

xRaptoRxGG · 04.05.2011, 18:33

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 04.05.2011 19:24:13 - Run 6
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Gökhan Gürel\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
952,00 Mb Total Physical Memory | 267,00 Mb Available Physical Memory | 28,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 12,45 Gb Free Space | 17,87% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 7,79 Gb Free Space | 11,19% Space Free | Partition Type: NTFS
 
Computer Name: GÖKHANGÜREL-PC | User Name: Gökhan Gürel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Gökhan Gürel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Gökhan Gürel\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\SysHook.dll (Acer Inc.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (o2flash) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (Megatech-Software-Protection) -- C:\Programme\Common Files\Megatech\MProtect\MPServ.exe ()
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH)
DRV - (TpChoice) -- C:\Windows\System32\drivers\TpChoice.sys (Alps Electric Co., Ltd.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1008&m=extensa_5230
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "spiegel-online.de"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.22 20:58:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.22 20:58:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.03 16:00:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.03 16:00:20 | 000,000,000 | ---D | M]
 
[2009.04.07 01:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Extensions
[2011.05.03 12:09:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions
[2010.08.31 18:29:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.16 20:36:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.03 12:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.24 10:38:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.04.22 20:58:25 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.04.22 20:58:26 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2009.06.23 19:38:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2010.10.24 10:38:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\GÃ¶KHAN GÃ¼REL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9E1JLB.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\USERS\GÃ¶KHAN GÃ¼REL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9E1JLB.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.08 08:07:41 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.08 08:07:41 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.08 08:07:41 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.08 08:07:41 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.08 08:07:41 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.04 18:27:34 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [RouterControl] C:\Programme\RouterControl\RouterControl.exe (Mirko Böer)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gökhan Gürel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.04 19:19:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.05.04 19:19:18 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\temp
[2011.05.04 18:39:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.05.04 18:39:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.05.04 18:39:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.05.04 18:39:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.05.04 18:37:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.05.04 18:37:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.05.04 18:14:58 | 000,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices
[2011.05.04 18:11:44 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011.05.04 18:11:44 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2011.05.04 18:11:43 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011.05.04 18:11:03 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011.05.04 18:11:00 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011.05.04 18:11:00 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011.05.04 18:11:00 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011.05.04 18:11:00 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011.05.04 18:11:00 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011.05.04 18:10:16 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2011.05.04 18:10:16 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011.05.04 18:10:09 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2011.05.04 18:10:05 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011.05.04 18:10:05 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2011.05.04 18:10:05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2011.05.04 18:10:04 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011.05.04 18:10:04 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011.05.04 18:10:04 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2011.05.04 18:10:04 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2011.05.04 18:10:04 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2011.05.04 18:10:04 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2011.05.04 18:08:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011.05.04 18:08:17 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011.05.03 20:57:03 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Gökhan Gürel\Desktop\tdsskiller.exe
[2011.05.03 16:01:04 | 012,362,480 | ---- | C] (Mozilla) -- C:\Users\Gökhan Gürel\Desktop\Firefox Setup 4.0.1.exe
[2011.05.03 12:37:34 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011.05.03 12:37:33 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.05.03 12:37:33 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011.05.03 12:37:33 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.05.03 12:37:32 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011.05.03 12:37:32 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011.05.03 12:37:32 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.05.03 12:37:31 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.05.03 12:37:30 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011.05.03 12:37:30 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011.05.03 12:37:30 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.05.03 12:37:28 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011.05.03 12:37:28 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011.05.03 12:36:39 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.05.03 12:36:39 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011.05.03 12:36:39 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.05.03 12:36:39 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.05.03 12:36:38 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011.05.03 12:36:38 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.05.03 12:36:38 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011.05.03 12:36:38 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.05.03 12:36:38 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011.05.03 12:36:37 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011.05.03 12:36:37 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.05.03 12:36:12 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.05.03 12:36:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.05.03 12:34:42 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011.05.01 23:02:32 | 000,575,488 | ---- | C] (AVAST Software) -- C:\Users\Gökhan Gürel\Desktop\aswMBR.exe
[2011.04.28 19:17:14 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.04.28 15:09:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2011.04.27 19:55:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.04.27 18:59:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\OTL.exe
[2011.04.27 18:59:49 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\TFC.exe
[2011.04.27 18:59:48 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\Gökhan Gürel\Desktop\Erunt-setup.exe
[2011.04.26 23:43:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.26 23:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.04.26 23:41:50 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.04.25 16:30:38 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\Sunbelt Software
[2011.04.25 16:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011.04.25 15:47:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011.04.25 15:47:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011.04.25 15:47:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011.04.25 14:41:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.04.25 12:43:53 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011.04.25 12:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.04.25 12:40:35 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Users\Gökhan Gürel\Desktop\spybotsd162.exe
[2011.04.23 19:04:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.04.23 18:43:33 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\Malwarebytes
[2011.04.23 18:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.23 17:42:00 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\VA_-_Kontor_House_Of_House_Vol.10-3CD-2010-MOD
[2011.04.23 17:41:50 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Chris_Brown-Yeah_3x_(Clean_Version)-WEB-2011-RECA
[2011.04.23 17:07:13 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Usher--More-Promo_CDS-2010-WUS
[2011.04.22 21:18:09 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\DDMSettings
[2011.04.22 20:57:27 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine
[2011.04.22 20:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011.04.22 20:56:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared
[2011.04.22 20:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011.04.20 12:50:05 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\DJ Antoine - WOW (320)
[2011.04.20 08:40:45 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Lernzettel
[2011.04.13 17:24:40 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.13 17:24:40 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.13 17:24:32 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.13 17:24:32 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.13 17:24:26 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.13 17:24:19 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.13 17:24:15 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.13 17:24:15 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.13 17:24:15 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.13 17:24:14 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.13 17:24:14 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.13 17:24:10 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.13 17:24:07 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.13 17:24:06 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2008.10.15 09:06:59 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp files -> C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.04 18:34:51 | 004,337,254 | R--- | M] () -- C:\Users\Gökhan Gürel\Desktop\ComboFix.exe
[2011.05.04 18:31:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.04 18:31:04 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.04 18:31:02 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.05.04 18:30:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.04 18:27:34 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.05.04 18:24:16 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.04 18:24:16 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.04 18:24:16 | 000,149,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.04 18:24:16 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.04 18:14:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.05.04 18:13:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011.05.04 17:56:30 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CABC6CDF-19C7-4765-9CEB-B0201A34F566}.job
[2011.05.03 20:57:13 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Gökhan Gürel\Desktop\tdsskiller.exe
[2011.05.03 16:01:55 | 012,362,480 | ---- | M] (Mozilla) -- C:\Users\Gökhan Gürel\Desktop\Firefox Setup 4.0.1.exe
[2011.05.03 13:08:26 | 000,000,512 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\MBR.dat
[2011.05.02 21:03:46 | 123,485,281 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.05.02 11:51:19 | 000,058,961 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\logfile ende.jpg
[2011.05.02 11:31:07 | 000,014,249 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\OTL.rar
[2011.05.02 10:34:19 | 000,163,840 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.01 23:02:46 | 000,575,488 | ---- | M] (AVAST Software) -- C:\Users\Gökhan Gürel\Desktop\aswMBR.exe
[2011.05.01 22:00:19 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011.05.01 22:00:19 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011.04.29 18:31:48 | 000,109,566 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\screen.jpg
[2011.04.28 19:17:09 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.04.27 22:21:04 | 000,301,568 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\35xnhg1c.exe
[2011.04.27 21:53:52 | 002,052,388 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Foto.JPG
[2011.04.27 21:41:23 | 000,000,020 | ---- | M] () -- C:\Users\Gökhan Gürel\defogger_reenable
[2011.04.27 21:37:18 | 000,050,477 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Defogger.exe
[2011.04.27 19:36:29 | 000,000,737 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\NTREGOPT.lnk
[2011.04.27 19:36:29 | 000,000,718 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\ERUNT.lnk
[2011.04.27 19:00:03 | 000,301,568 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\g2m3e4r.exe
[2011.04.27 19:00:01 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\Gökhan Gürel\Desktop\Erunt-setup.exe
[2011.04.27 19:00:00 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\TFC.exe
[2011.04.27 18:59:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\OTL.exe
[2011.04.26 22:49:36 | 000,377,260 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Load.exe
[2011.04.25 15:52:17 | 002,306,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.25 12:41:26 | 016,409,960 | ---- | M] (Safer Networking Limited                                    ) -- C:\Users\Gökhan Gürel\Desktop\spybotsd162.exe
[2011.04.23 18:38:39 | 001,006,778 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\iExplore.exe
[2011.04.23 18:38:18 | 001,006,778 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\rkill.com
[2011.04.20 18:01:16 | 000,000,680 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\d3d9caps.dat
[2011.04.16 14:25:34 | 005,148,967 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Sergey_Romanov_aka_Elektro_Violine_-_Qadro_Electro....mp3
[1 C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp files -> C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.04 18:39:41 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.05.04 18:39:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.05.04 18:39:41 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.05.04 18:39:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.05.04 18:39:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.05.04 18:33:58 | 004,337,254 | R--- | C] () -- C:\Users\Gökhan Gürel\Desktop\ComboFix.exe
[2011.05.04 18:14:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.05.04 18:13:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011.05.02 21:03:46 | 123,485,281 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.05.02 11:51:19 | 000,058,961 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\logfile ende.jpg
[2011.05.02 11:31:17 | 000,014,249 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\OTL.rar
[2011.05.01 23:06:26 | 000,000,512 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\MBR.dat
[2011.04.29 18:31:47 | 000,109,566 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\screen.jpg
[2011.04.28 19:17:59 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.04.28 19:17:59 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.04.27 22:20:43 | 000,301,568 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\35xnhg1c.exe
[2011.04.27 21:53:37 | 002,052,388 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Foto.JPG
[2011.04.27 21:40:59 | 000,000,020 | ---- | C] () -- C:\Users\Gökhan Gürel\defogger_reenable
[2011.04.27 21:37:05 | 000,050,477 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Defogger.exe
[2011.04.27 18:59:49 | 000,301,568 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\g2m3e4r.exe
[2011.04.26 23:41:52 | 000,000,737 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\NTREGOPT.lnk
[2011.04.26 23:41:52 | 000,000,718 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\ERUNT.lnk
[2011.04.26 22:48:31 | 000,377,260 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Load.exe
[2011.04.23 18:38:36 | 001,006,778 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\iExplore.exe
[2011.04.23 18:07:42 | 001,006,778 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\rkill.com
[2011.04.16 14:24:30 | 005,148,967 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Sergey_Romanov_aka_Elektro_Violine_-_Qadro_Electro....mp3
[2010.11.07 13:21:18 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.02.20 17:07:10 | 000,000,619 | ---- | C] () -- C:\Windows\eReg.dat
[2010.02.13 21:54:44 | 000,003,084 | ---- | C] () -- C:\Windows\wininit.ini
[2010.02.13 21:54:14 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2010.01.27 21:38:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.17 19:25:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 19:25:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.07.12 10:50:14 | 000,000,680 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Local\d3d9caps.dat
[2009.06.22 13:15:34 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.06.15 21:03:30 | 000,000,067 | ---- | C] () -- C:\Windows\AVIConverter.INI
[2009.05.10 18:18:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MPDLL.DLL
[2009.05.10 18:18:04 | 000,000,085 | ---- | C] () -- C:\Windows\megapfad.ini
[2009.04.20 04:07:40 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.04.20 01:18:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.04.07 01:40:00 | 000,000,127 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Roaming\default.rss
[2009.04.05 11:09:34 | 000,163,840 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.04 21:45:00 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.04.03 22:49:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.15 08:55:26 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.10.15 08:55:26 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.10.15 08:55:26 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008.10.14 23:19:42 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.10.14 23:19:42 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.10.14 23:19:42 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.10.14 23:19:42 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.05.26 10:41:20 | 000,685,712 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.05.26 10:41:20 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.05.26 10:41:20 | 000,149,980 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.05.26 10:41:20 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.05.26 01:06:07 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.05.26 01:02:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.05.26 01:02:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.05.14 10:29:02 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.05.14 10:29:02 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.05.14 10:29:01 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 002,306,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,642,704 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,121,592 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

< End of report >

--- --- ---

M-K-D-B · 04.05.2011, 19:46

Hallo xRaptoRxGG,

Schritt # 1: Alle Dateien anzeigen
Bitte befolge folgende Anleitung und lass dir alle Dateien anzeigen:
alle Windows Dateien sichtbar machen

Schritt # 2: Kontrolle mit VirusTotal
Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.

Klicke auf Durchsuchen

Kopiere nun folgendes in die Suchleiste.

Code:

ATTFilter

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dacaru.exe

und klicke auf Öffnen.
Klicke auf Send File.

Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.

Zitat:

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

klicke auf Reanalyse.
Warte bis unter Current status: Finished steht.

Kopiere den Link aus deiner Adresszeile und poste ihn hier.

Schritt # 3: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM)

Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt # 4: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

den Link zum Ergebnis von VirusTotal und
das Logfile von MBAM.

xRaptoRxGG · 04.05.2011, 20:28

hxxp://www.virustotal.com/file-scan/report.html?id=3f5aba4a5435351f49d47ee4434469d74271b33ac76d94a9a1b27595ee59db8e-1304536773

Könntest du mir nochmal bitte einen Link zu Malwarebytes geben weil ich die letzten Male es komplett entfernt habe.

M-K-D-B · 04.05.2011, 20:37

Hallo xRaptoRxGG,

Zitat:

Zitat von xRaptoRxGG

Könntest du mir nochmal bitte einen Link zu Malwarebytes geben weil ich die letzten Male es komplett entfernt habe.

Gibt es einen Grund dafür, dass du dieses Programm wieder entfernst, obwohl wir mit der Bereinigung noch nicht fertig sind?

Stattdessen solltest du Ad-Aware und Spybot entfernen.

Downloade Dir bitte Malwarebytes' Anti-Malware

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

xRaptoRxGG · 04.05.2011, 21:01

nichts gefunden....

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6507

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

04.05.2011 22:00:21
mbam-log-2011-05-04 (22-00-21).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 145397
Laufzeit: 5 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

M-K-D-B · 04.05.2011, 21:34

Hallo xRaptoRxGG,

Zitat:

nichts gefunden....

Was leider noch nicht bedeutet, dass dein Rechner sauber ist. Es gibt noch was zu tun:

Schritt # 1: Fehlende Anti-Viren Software
Ich sehe in den Logfiles keine laufende Anti Viren Software.

Das ist gefährlich. Manchmal bemerkt man Malware durch PopUps oder Google-Umleitungen etc, aber meisten läuft diese unbemerkt im Hintergrund.
Ein AVP kann Dir helfen, Malware zu finden. Bitte downloade und Installiere Dir eines der folgenden AVPs.

Schritt # 2: CFScript mit ComboFix ausführen
Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

ATTFilter

http://www.trojaner-board.de/98013-anti-malware-doctor-endgueltig-entfernen-5.html#post652948

Collect::
c:\windows\System32\config\systemprofile\AppData\Roaming\appconf32.exe
c:\users\Gökhan Gürel\AppData\Roaming\srvblck2.tmp
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dacaru.exe

Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:

Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!
Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.
Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
Mache nichts am PC solange ComboFix läuft.

In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Schritt # 3: Systemscan mit OTL

Starte bitte OTL.exe.
Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Schritt # 4: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

eine Rückmeldung, für welchen Virenscanner zu dich entschieden hast,
das neue Logfile von ComboFix und
die beiden neuen Logfiles von OTL (OTL.txt und Extras.txt).

xRaptoRxGG · 04.05.2011, 21:40

Ich hab hier das Programm "Notebook Security 2009 von GDATA"... soll ich das installieren, kannst du mir ein noch besseres empfehlen oder reicht eines der von dir angebotenen vollkommen aus?

M-K-D-B · 04.05.2011, 21:48

Hallo xRaptoRxGG,

Zitat:

Zitat von xRaptoRxGG

Ich hab hier das Programm "Notebook Security 2009 von GDATA"... soll ich das installieren, kannst du mir ein noch besseres empfehlen oder reicht eines der von dir angebotenen vollkommen aus?

Notebook Security 2009 von GDATA enthält eine Firewall, welche du nicht benötigst. Solche Security Suiten verlangsamen oft den Rechner und schützen den Rechner auch nicht beser. Zudem ist diese Version 2009 schon etwas älter.

Die drei Angebote, die ich dir gemacht habe sind vollkommen ausreichend. Sie sind kostenlos, bieten guten Schutz und besitzen hohe Erkennungsraten.

Ich verwende selbst eines der vorgeschlagenen Programme.

Letztlich entscheidest natürlich du.

xRaptoRxGG · 04.05.2011, 22:15

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-05-04.02 - Gökhan Gürel 04.05.2011  22:49:36.2.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.952.433 [GMT 2:00]
ausgeführt von:: c:\users\Gökhan Gürel\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Gökhan Gürel\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dacaru.exe
file zipped: c:\users\Gökhan Gürel\AppData\Roaming\srvblck2.tmp
file zipped: c:\windows\System32\config\systemprofile\AppData\Roaming\appconf32.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System32\config\systemprofile\AppData\Roaming\appconf32.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-04 bis 2011-05-04  ))))))))))))))))))))))))))))))
.
.
2011-05-04 21:01 . 2011-05-04 21:03	--------	d-----w-	c:\users\Gökhan Gürel\AppData\Local\temp
2011-05-04 21:01 . 2011-05-04 21:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-04 19:52 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-04 19:52 . 2011-05-04 19:52	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-05-04 19:52 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-05-04 16:14 . 2011-05-04 16:14	--------	d-----w-	c:\program files\Windows Portable Devices
2011-05-04 16:11 . 2009-09-10 02:00	1164800	----a-w-	c:\windows\system32\UIRibbonRes.dll
2011-05-04 16:11 . 2009-09-10 02:00	92672	----a-w-	c:\windows\system32\UIAnimation.dll
2011-05-04 16:11 . 2009-09-10 02:01	3023360	----a-w-	c:\windows\system32\UIRibbon.dll
2011-05-04 16:11 . 2009-09-25 01:33	369664	----a-w-	c:\windows\system32\WMPhoto.dll
2011-05-04 16:11 . 2009-09-25 02:10	974848	----a-w-	c:\windows\system32\WindowsCodecs.dll
2011-05-04 16:11 . 2009-09-25 02:07	189440	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2011-05-04 16:11 . 2009-09-25 02:04	321024	----a-w-	c:\windows\system32\PhotoMetadataHandler.dll
2011-05-04 16:11 . 2009-09-25 01:33	195584	----a-w-	c:\windows\system32\dxdiagn.dll
2011-05-04 16:11 . 2009-09-25 01:32	252928	----a-w-	c:\windows\system32\dxdiag.exe
2011-05-04 16:11 . 2009-09-25 01:31	519680	----a-w-	c:\windows\system32\d3d11.dll
2011-05-04 16:08 . 2009-10-08 21:07	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2011-05-04 16:08 . 2009-10-08 21:08	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2011-05-04 16:08 . 2009-10-08 21:08	234496	----a-w-	c:\windows\system32\oleacc.dll
2011-05-03 10:36 . 2011-02-22 13:33	797696	----a-w-	c:\windows\system32\FntCache.dll
2011-05-03 10:34 . 2010-05-04 19:13	231424	----a-w-	c:\windows\system32\msshsq.dll
2011-05-03 10:23 . 2011-04-11 07:04	7071056	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5AF6409-4BB9-44A7-A698-2A6B3D85874D}\mpengine.dll
2011-04-28 17:17 . 2011-04-28 17:17	98392	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2011-04-28 13:09 . 2011-04-28 13:09	--------	d--h--w-	c:\programdata\CanonIJEGV
2011-04-27 17:55 . 2011-04-27 17:55	--------	d-----w-	C:\_OTL
2011-04-26 21:41 . 2011-04-27 17:36	--------	d-----w-	c:\program files\ERUNT
2011-04-25 14:30 . 2011-04-25 14:30	--------	d-----w-	c:\users\Gökhan Gürel\AppData\Local\Sunbelt Software
2011-04-25 14:28 . 2011-05-03 12:27	--------	d-----w-	c:\programdata\Lavasoft
2011-04-25 13:47 . 2011-04-25 13:48	--------	d-----w-	c:\windows\system32\ca-ES
2011-04-25 13:47 . 2011-04-25 13:48	--------	d-----w-	c:\windows\system32\eu-ES
2011-04-25 13:47 . 2011-04-25 13:48	--------	d-----w-	c:\windows\system32\vi-VN
2011-04-25 12:41 . 2011-04-25 12:41	--------	d-----w-	c:\windows\system32\EventProviders
2011-04-25 10:43 . 2011-05-01 20:57	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-04-25 10:43 . 2011-05-01 20:56	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-04-23 17:04 . 2011-04-23 17:04	--------	d-----w-	c:\windows\Sun
2011-04-23 16:43 . 2011-04-23 16:43	--------	d-----w-	c:\users\Gökhan Gürel\AppData\Roaming\Malwarebytes
2011-04-23 16:43 . 2011-04-23 16:43	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-23 15:31 . 2011-04-23 15:31	112	----a-w-	c:\users\Gökhan Gürel\AppData\Roaming\srvblck2.tmp
2011-04-22 19:18 . 2011-04-22 19:18	--------	d-----w-	c:\users\Gökhan Gürel\AppData\Local\DDMSettings
2011-04-22 18:57 . 2011-04-22 18:57	--------	d-----w-	c:\program files\Common Files\PX Storage Engine
2011-04-22 18:56 . 2011-04-22 18:57	--------	d-----w-	c:\program files\Common Files\DivX Shared
2011-04-22 18:54 . 2011-04-22 18:58	--------	d-----w-	c:\programdata\DivX
2011-04-13 15:23 . 2011-03-03 10:49	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-23 15:31 . 2011-04-23 15:31	112	----a-w-	c:\users\Gökhan Gürel\AppData\Roaming\srvblck2.tmp
2011-04-23 15:31 . 2011-04-23 15:31	112	----a-w-	c:\users\Gökhan Gürel\AppData\Roaming\srvblck2.tmp
2011-04-01 15:52 . 2008-09-17 13:29	14744	----a-w-	c:\users\Gökhan Gürel\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2011-04-01 15:52 . 2008-09-17 13:29	14744	----a-w-	c:\users\Gökhan Gürel\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2011-03-03 15:40 . 2011-05-03 10:36	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-05-03 10:36	458752	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-05-03 10:36	542720	----a-w-	c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-05-03 10:36	2159616	----a-w-	c:\windows\apppatch\AcGenral.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RouterControl"="c:\progra~1\ROUTER~1\ROUTERCONTROL.EXE" [2008-11-18 3191296]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-25 159744]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 875016]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
dacaru.exe [2011-5-4 233984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 CFcatchme;CFcatchme;c:\users\GKHANG~1\AppData\Local\Temp\CFcatchme.sys [x]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [2007-12-26 17968]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-04-19 717296]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-01-23 501560]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 Megatech-Software-Protection;Megatech-Software-Protection;c:\program files\Common Files\Megatech\MProtect\MPSERV.EXE [2007-01-10 36864]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-30 112128]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-04-15 51160]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-04-08 43736]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-04 c:\windows\Tasks\User_Feed_Synchronization-{CABC6CDF-19C7-4765-9CEB-B0201A34F566}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1008&m=extensa_5230
IE: Free YouTube to Mp3 Converter - c:\users\Gökhan Gürel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Gökhan Gürel\AppData\Roaming\Mozilla\Firefox\Profiles\bq9e1jlb.default\
FF - prefs.js: browser.startup.homepage - spiegel-online.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2596)
c:\windows\System32\SysHook.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\LManager.exe
c:\program files\RouterControl\RouterControl.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-04  23:12:03 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-05-04 21:11
ComboFix2.txt  2011-05-04 17:19
.
Vor Suchlauf: 18 Verzeichnis(se), 13.281.202.176 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 13.153.083.392 Bytes frei
.
- - End Of File - - F4534B480090F02812E9E3B783707463

--- --- ---
Hochladen war erfolgreich

xRaptoRxGG · 04.05.2011, 22:23

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 04.05.2011 23:16:55 - Run 7
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Gökhan Gürel\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
952,00 Mb Total Physical Memory | 284,00 Mb Available Physical Memory | 30,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 12,30 Gb Free Space | 17,65% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 7,79 Gb Free Space | 11,19% Space Free | Partition Type: NTFS
 
Computer Name: GÖKHANGÜREL-PC | User Name: Gökhan Gürel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Gökhan Gürel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\RouterControl\RouterControl.exe (Mirko Böer)
PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\Programme\Common Files\Megatech\MProtect\MPServ.exe ()
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Gökhan Gürel\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\SysHook.dll (Acer Inc.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (o2flash) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (Megatech-Software-Protection) -- C:\Programme\Common Files\Megatech\MProtect\MPServ.exe ()
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) --  File not found
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH)
DRV - (TpChoice) -- C:\Windows\System32\drivers\TpChoice.sys (Alps Electric Co., Ltd.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1008&m=extensa_5230
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "spiegel-online.de"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.22 20:58:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.22 20:58:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.03 16:00:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.03 16:00:20 | 000,000,000 | ---D | M]
 
[2009.04.07 01:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Extensions
[2011.05.04 21:23:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions
[2010.08.31 18:29:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.16 20:36:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.04 21:23:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.24 10:38:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.04.22 20:58:25 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.04.22 20:58:26 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2009.06.23 19:38:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2010.10.24 10:38:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\GÃ¶KHAN GÃ¼REL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9E1JLB.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\USERS\GÃ¶KHAN GÃ¼REL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9E1JLB.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.08 08:07:41 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.08 08:07:41 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.08 08:07:41 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.08 08:07:41 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.08 08:07:41 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.04 23:03:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [RouterControl] C:\Programme\RouterControl\RouterControl.exe (Mirko Böer)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gökhan Gürel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.04 23:13:47 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\temp
[2011.05.04 23:10:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.05.04 23:01:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.05.04 22:44:47 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.05.04 22:44:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.05.04 21:52:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.04 21:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.04 21:52:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.04 21:52:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.04 21:52:01 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Gökhan Gürel\Desktop\mbam-setup.exe
[2011.05.04 18:39:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.05.04 18:39:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.05.04 18:39:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.05.04 18:37:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.05.04 18:14:58 | 000,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices
[2011.05.04 18:11:44 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011.05.04 18:11:44 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2011.05.04 18:11:43 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011.05.04 18:11:03 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011.05.04 18:11:00 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011.05.04 18:11:00 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011.05.04 18:11:00 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011.05.04 18:11:00 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011.05.04 18:11:00 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011.05.04 18:10:16 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2011.05.04 18:10:16 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011.05.04 18:10:09 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2011.05.04 18:10:05 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011.05.04 18:10:05 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2011.05.04 18:10:05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2011.05.04 18:10:04 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011.05.04 18:10:04 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011.05.04 18:10:04 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2011.05.04 18:10:04 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2011.05.04 18:10:04 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2011.05.04 18:10:04 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2011.05.04 18:08:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011.05.04 18:08:17 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011.05.03 20:57:03 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Gökhan Gürel\Desktop\tdsskiller.exe
[2011.05.03 16:01:04 | 012,362,480 | ---- | C] (Mozilla) -- C:\Users\Gökhan Gürel\Desktop\Firefox Setup 4.0.1.exe
[2011.05.03 12:37:34 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011.05.03 12:37:33 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.05.03 12:37:33 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011.05.03 12:37:33 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.05.03 12:37:32 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011.05.03 12:37:32 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011.05.03 12:37:32 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.05.03 12:37:31 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.05.03 12:37:30 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011.05.03 12:37:30 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011.05.03 12:37:30 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.05.03 12:37:28 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011.05.03 12:37:28 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011.05.03 12:36:39 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.05.03 12:36:39 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011.05.03 12:36:39 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.05.03 12:36:39 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.05.03 12:36:38 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011.05.03 12:36:38 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.05.03 12:36:38 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011.05.03 12:36:38 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.05.03 12:36:38 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011.05.03 12:36:37 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011.05.03 12:36:37 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.05.03 12:36:12 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.05.03 12:36:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.05.03 12:34:42 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011.05.01 23:02:32 | 000,575,488 | ---- | C] (AVAST Software) -- C:\Users\Gökhan Gürel\Desktop\aswMBR.exe
[2011.04.28 19:17:14 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.04.28 15:09:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2011.04.27 19:55:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.04.27 18:59:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\OTL.exe
[2011.04.27 18:59:49 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\TFC.exe
[2011.04.27 18:59:48 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\Gökhan Gürel\Desktop\Erunt-setup.exe
[2011.04.26 23:43:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.26 23:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.04.26 23:41:50 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.04.25 16:30:38 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\Sunbelt Software
[2011.04.25 16:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011.04.25 15:47:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011.04.25 15:47:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011.04.25 15:47:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011.04.25 14:41:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.04.25 12:43:53 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011.04.25 12:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.04.25 12:40:35 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Users\Gökhan Gürel\Desktop\spybotsd162.exe
[2011.04.23 19:04:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.04.23 18:43:33 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\Malwarebytes
[2011.04.23 18:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.23 17:42:00 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\VA_-_Kontor_House_Of_House_Vol.10-3CD-2010-MOD
[2011.04.23 17:41:50 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Chris_Brown-Yeah_3x_(Clean_Version)-WEB-2011-RECA
[2011.04.23 17:07:13 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Usher--More-Promo_CDS-2010-WUS
[2011.04.22 21:18:09 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\DDMSettings
[2011.04.22 20:57:27 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine
[2011.04.22 20:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011.04.22 20:56:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared
[2011.04.22 20:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011.04.20 12:50:05 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\DJ Antoine - WOW (320)
[2011.04.20 08:40:45 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Lernzettel
[2011.04.13 17:24:40 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.13 17:24:40 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.13 17:24:32 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.13 17:24:32 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.13 17:24:26 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.13 17:24:19 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.13 17:24:15 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.13 17:24:15 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.13 17:24:15 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.13 17:24:14 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.13 17:24:14 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.13 17:24:10 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.13 17:24:07 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.13 17:24:06 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2008.10.15 09:06:59 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp files -> C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.04 23:03:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.05.04 23:03:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.04 23:03:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.04 23:03:15 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.05.04 23:02:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.04 22:41:47 | 004,337,362 | R--- | M] () -- C:\Users\Gökhan Gürel\Desktop\ComboFix.exe
[2011.05.04 21:52:50 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.04 21:52:16 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Gökhan Gürel\Desktop\mbam-setup.exe
[2011.05.04 18:24:16 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.04 18:24:16 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.04 18:24:16 | 000,149,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.04 18:24:16 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.04 18:14:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.05.04 18:13:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011.05.04 17:56:30 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CABC6CDF-19C7-4765-9CEB-B0201A34F566}.job
[2011.05.03 20:57:13 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Gökhan Gürel\Desktop\tdsskiller.exe
[2011.05.03 16:01:55 | 012,362,480 | ---- | M] (Mozilla) -- C:\Users\Gökhan Gürel\Desktop\Firefox Setup 4.0.1.exe
[2011.05.03 13:08:26 | 000,000,512 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\MBR.dat
[2011.05.02 21:03:46 | 123,485,281 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.05.02 11:51:19 | 000,058,961 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\logfile ende.jpg
[2011.05.02 11:31:07 | 000,014,249 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\OTL.rar
[2011.05.02 10:34:19 | 000,163,840 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.01 23:02:46 | 000,575,488 | ---- | M] (AVAST Software) -- C:\Users\Gökhan Gürel\Desktop\aswMBR.exe
[2011.05.01 22:00:19 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011.05.01 22:00:19 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011.04.29 18:31:48 | 000,109,566 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\screen.jpg
[2011.04.28 19:17:09 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.04.27 22:21:04 | 000,301,568 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\35xnhg1c.exe
[2011.04.27 21:53:52 | 002,052,388 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Foto.JPG
[2011.04.27 21:41:23 | 000,000,020 | ---- | M] () -- C:\Users\Gökhan Gürel\defogger_reenable
[2011.04.27 21:37:18 | 000,050,477 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Defogger.exe
[2011.04.27 19:36:29 | 000,000,737 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\NTREGOPT.lnk
[2011.04.27 19:36:29 | 000,000,718 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\ERUNT.lnk
[2011.04.27 19:00:03 | 000,301,568 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\g2m3e4r.exe
[2011.04.27 19:00:01 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\Gökhan Gürel\Desktop\Erunt-setup.exe
[2011.04.27 19:00:00 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\TFC.exe
[2011.04.27 18:59:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\OTL.exe
[2011.04.26 22:49:36 | 000,377,260 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Load.exe
[2011.04.25 15:52:17 | 002,306,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.25 12:41:26 | 016,409,960 | ---- | M] (Safer Networking Limited                                    ) -- C:\Users\Gökhan Gürel\Desktop\spybotsd162.exe
[2011.04.23 18:38:39 | 001,006,778 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\iExplore.exe
[2011.04.23 18:38:18 | 001,006,778 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\rkill.com
[2011.04.20 18:01:16 | 000,000,680 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\d3d9caps.dat
[2011.04.16 14:25:34 | 005,148,967 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Sergey_Romanov_aka_Elektro_Violine_-_Qadro_Electro....mp3
[1 C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp files -> C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.04 22:41:25 | 004,337,362 | R--- | C] () -- C:\Users\Gökhan Gürel\Desktop\ComboFix.exe
[2011.05.04 21:52:50 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.04 18:39:41 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.05.04 18:39:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.05.04 18:39:41 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.05.04 18:39:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.05.04 18:39:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.05.04 18:14:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.05.04 18:13:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011.05.02 21:03:46 | 123,485,281 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.05.02 11:51:19 | 000,058,961 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\logfile ende.jpg
[2011.05.02 11:31:17 | 000,014,249 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\OTL.rar
[2011.05.01 23:06:26 | 000,000,512 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\MBR.dat
[2011.04.29 18:31:47 | 000,109,566 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\screen.jpg
[2011.04.28 19:17:59 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.04.28 19:17:59 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.04.27 22:20:43 | 000,301,568 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\35xnhg1c.exe
[2011.04.27 21:53:37 | 002,052,388 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Foto.JPG
[2011.04.27 21:40:59 | 000,000,020 | ---- | C] () -- C:\Users\Gökhan Gürel\defogger_reenable
[2011.04.27 21:37:05 | 000,050,477 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Defogger.exe
[2011.04.27 18:59:49 | 000,301,568 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\g2m3e4r.exe
[2011.04.26 23:41:52 | 000,000,737 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\NTREGOPT.lnk
[2011.04.26 23:41:52 | 000,000,718 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\ERUNT.lnk
[2011.04.26 22:48:31 | 000,377,260 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Load.exe
[2011.04.23 18:38:36 | 001,006,778 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\iExplore.exe
[2011.04.23 18:07:42 | 001,006,778 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\rkill.com
[2011.04.16 14:24:30 | 005,148,967 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Sergey_Romanov_aka_Elektro_Violine_-_Qadro_Electro....mp3
[2010.11.07 13:21:18 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.02.20 17:07:10 | 000,000,619 | ---- | C] () -- C:\Windows\eReg.dat
[2010.02.13 21:54:44 | 000,003,084 | ---- | C] () -- C:\Windows\wininit.ini
[2010.02.13 21:54:14 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2010.01.27 21:38:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.17 19:25:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 19:25:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.07.12 10:50:14 | 000,000,680 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Local\d3d9caps.dat
[2009.06.22 13:15:34 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.06.15 21:03:30 | 000,000,067 | ---- | C] () -- C:\Windows\AVIConverter.INI
[2009.05.10 18:18:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MPDLL.DLL
[2009.05.10 18:18:04 | 000,000,085 | ---- | C] () -- C:\Windows\megapfad.ini
[2009.04.20 04:07:40 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.04.20 01:18:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.04.07 01:40:00 | 000,000,127 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Roaming\default.rss
[2009.04.05 11:09:34 | 000,163,840 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.04 21:45:00 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.04.03 22:49:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.15 08:55:26 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.10.15 08:55:26 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.10.15 08:55:26 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008.10.14 23:19:42 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.10.14 23:19:42 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.10.14 23:19:42 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.10.14 23:19:42 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.05.26 10:41:20 | 000,685,712 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.05.26 10:41:20 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.05.26 10:41:20 | 000,149,980 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.05.26 10:41:20 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.05.26 01:06:07 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.05.26 01:02:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.05.26 01:02:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.05.14 10:29:02 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.05.14 10:29:02 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.05.14 10:29:01 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 002,306,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,642,704 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,121,592 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

< End of report >

--- --- ---

xRaptoRxGG · 04.05.2011, 22:23

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 04.05.2011 23:16:55 - Run 7
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Gökhan Gürel\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
952,00 Mb Total Physical Memory | 284,00 Mb Available Physical Memory | 30,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 12,30 Gb Free Space | 17,65% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 7,79 Gb Free Space | 11,19% Space Free | Partition Type: NTFS
 
Computer Name: GÖKHANGÜREL-PC | User Name: Gökhan Gürel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1451C412-E212-469D-963E-203DD1CFEB05}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1DD353AB-9FEA-4861-AA39-E61C026CA40E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{24E6C9D9-685F-4C45-8F16-985C122822C2}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{258AE4BE-F063-407D-9E67-229E527C136A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2BADE237-EBC4-4E14-8333-EAE22491397C}" = lport=6112 | protocol=6 | dir=in | name=wciii 6112 | 
"{439B5AC8-9ADC-47D8-840B-EB8DDBF94D7E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{49F5D437-07F2-4D88-914D-76F7BAD7B681}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4E1D8C7B-E8ED-4ACB-9914-C236DD632672}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{597B088D-D95E-4F50-BBB2-F5781CCBE44E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{5A2CCD5E-9FAA-418F-B846-9FA9E2F1F122}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5CA111DC-74D6-44DB-84B9-D45F432F7B80}" = lport=6113 | protocol=6 | dir=in | name=wciii 6113 | 
"{5CD8B400-36DE-4C9A-BCFC-FDD146606D0B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5E7E46A8-D3A3-40DF-B28D-D2571FE9E2BD}" = lport=6116 | protocol=6 | dir=in | name=wciii 6116 | 
"{5F6E628E-3204-4F2D-9BCF-AFAEB60CBB1A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6B309508-A613-4B91-A0EE-659CD6A23CB4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{71DB7BBC-957A-4B45-891B-410E273006E9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7213BE3E-FF45-426E-B90A-D51B0BB46BA0}" = lport=6114 | protocol=6 | dir=in | name=wciii 6114 | 
"{79BAE974-D46E-42D6-B08F-7A4EF2F9B719}" = lport=6118 | protocol=6 | dir=in | name=wciii 6118 | 
"{838B6577-FBAE-4D09-AB04-03E20068C1A5}" = lport=6117 | protocol=6 | dir=in | name=wciii 6117 | 
"{88002A36-8E50-4939-A5A4-1248935882E8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{896B56F8-0C5D-4980-BBE9-4A11937FBA9B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9701CE72-9C09-47FA-AF59-58B41F4C5325}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A5FE2DE2-CDDD-4EF0-9ADD-8F7023B5C6C6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AD0BC489-D2D6-48CA-BCDC-37334E0EF348}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B737825E-265F-455A-9521-76D00F609254}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BC98501C-4646-4088-9228-3A523E4AD4B2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C30E6250-CCEB-47AC-AF21-338B57DCCBB6}" = lport=6119 | protocol=6 | dir=in | name=wciii 6119 | 
"{C532C692-976A-48C4-B478-3C73FEF767B3}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E1267A1C-CA09-4DF5-B746-F0B8B70BB27F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F8E55AD6-114D-4227-98C1-F42AA9E0CA6C}" = lport=6115 | protocol=6 | dir=in | name=wciii 6115 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010E1948-8967-43C2-A361-F02DE426D049}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{0145FD7A-0D3B-444D-9DFC-E31231260404}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{041258C5-46FF-4930-8554-1575033F13BB}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe | 
"{09DE9771-B740-4411-BC56-BEF213FEF593}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{1654011D-DF0B-4584-B7FC-C1B9D35204C8}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{1DBE9FAD-B084-4447-93AA-BE2DDBF60462}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{25C159E5-BA03-4D7D-AE97-052F0C82519F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{2FB0550F-C930-4478-8F7C-2B8677505F05}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{321D68F6-EFD5-4310-9151-233139B8F289}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3A88EDFC-C670-44D2-B769-3F9B957BAB4D}" = protocol=6 | dir=out | app=system | 
"{3A9CFDD2-91FB-412A-948B-75AD4DF64A83}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{3E41AF68-945F-410D-B389-011B0FE21B58}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{3FC4CBD6-41E1-4350-B512-4EBC275470BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4491D6C4-ED71-4998-A362-EE3173294832}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{47489154-018C-448B-B459-70A62D534650}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{475D8E22-6107-403C-83C9-1328D582EE53}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{48DCF6B7-9E8A-4443-BF65-C32FAEB4D5B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{48DD435B-06D9-46BD-A848-C4276BC3143C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{496D62F6-D29F-4410-979C-599E7BB1A391}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{4D1A27E1-8E99-433C-80DE-0DE926ABDD6E}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe | 
"{51292651-B47B-4F40-BB68-97A05ADDDC87}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{53583FF2-E850-403D-9102-07657908A43B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{545130B5-97FD-45A6-B17B-B05F2F166190}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5BA04F23-EE01-40DF-A2C8-B1E7F89B3846}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{651CFB77-31E5-49B0-A7A6-1CFEB9DAA360}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{662D53E8-08D9-4C18-A9E3-78A4D1178D7A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{68B555B6-3487-4150-9CCC-F42AFE2E0BE3}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{773C13BC-4712-4FE6-A23F-4B630F21459C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | 
"{7FC14EA8-465A-40D9-A69A-9AFA66CC3CA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8F9FC7F5-1C26-452D-830B-983A671BBCA9}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{931A74F7-49BD-423D-A70B-51BCA84BF234}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | 
"{A1F0A157-58DB-44C7-9B6A-61705B11B760}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{A7C97A7C-E44D-4743-AAB4-7F2D4CDD51F0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B352C36B-B9FF-4565-A4CC-9B913F56348C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{B56F3BC7-F1C6-4112-8676-0E4B73CE7F9B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B6EDF804-6125-4672-A0DB-C2C2D7130FD1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{B74280C0-2D32-471A-9A4B-8FFC6FC598FA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{BEFD1A8C-3788-4AC7-8A04-0EE3FB812E6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C03D6FD8-8B8B-4BD7-B668-4668EF28ACC7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{C7B42F14-88F0-4C25-9120-9C553657D0E7}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{E20B0277-86AA-477D-B1D5-FF6883BE68A3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{F1DDB615-F088-474A-810E-B6D61AA9C16C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FBD88422-4C49-4F8B-81F7-E6FAA4E2000F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{FF87AC28-3F8A-4B61-9296-991EE30A46E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{C1CD1C21-B798-42BC-94C7-E7DA7CDBCE6B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{C5BF0B3A-A593-41C2-BD67-D27BCE1A0DA4}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{CA0637B9-C850-4F21-BC0F-845B1094AA5C}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{F63BCEC5-7E03-4B88-88C1-F6290E78C82C}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{F70D284D-06DD-4D43-A49C-F28F4C460C4E}C:\users\gökhan gürel\desktop\leecher.exe" = protocol=6 | dir=in | app=c:\users\gökhan gürel\desktop\leecher.exe | 
"UDP Query User{59D85393-571A-49E7-A9FA-A1086D1B70D9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{7163784E-C48E-4BDC-9205-172925FBF50C}C:\users\gökhan gürel\desktop\leecher.exe" = protocol=17 | dir=in | app=c:\users\gökhan gürel\desktop\leecher.exe | 
"UDP Query User{DA36BF38-4A4F-4453-A30B-3BA11C8177CF}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{E866CFE2-38C6-421A-B6EB-4F1741126425}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{F9EA3F1D-687B-4BE3-A116-CAFB7489A9DD}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{141A7ECB-AA8E-4C16-85FE-6FFF804799CF}" = Buchungssatzpauker-B IKR 2.50 (Shareware)
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 22
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{548AF5C1-54E3-4B74-A3E5-D5E6CB7D487C}" = O2Micro Flash Memory Card Reader Driver (x86)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D0BDD42-6564-4E1B-963A-4977A6271DB4}" = Winklers Lernprogramm 2027
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Burning Studio 2009_is1" = Ashampoo Burning Studio 2009
"AviSynth" = AviSynth 2.5
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"Canon iP4700 series Benutzerregistrierung" = Canon iP4700 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"JDownloader" = JDownloader
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Mp3tag" = Mp3tag v2.45a
"PokerStars.net" = PokerStars.net
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RouterControl" = RouterControl 1.92
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.04.2011 08:32:56 | Computer Name = GökhanGürel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.04.2011 08:41:31 | Computer Name = GökhanGürel-PC | Source = SPP | ID = 16387
Description = 
 
Error - 25.04.2011 08:41:31 | Computer Name = GökhanGürel-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 25.04.2011 08:43:16 | Computer Name = GökhanGürel-PC | Source = SPP | ID = 16387
Description = 
 
Error - 25.04.2011 08:43:16 | Computer Name = GökhanGürel-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 25.04.2011 08:51:23 | Computer Name = GökhanGürel-PC | Source = SPP | ID = 16387
Description = 
 
Error - 25.04.2011 08:51:23 | Computer Name = GökhanGürel-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 25.04.2011 09:37:51 | Computer Name = GökhanGürel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.04.2011 09:52:49 | Computer Name = GökhanGürel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.04.2011 09:55:22 | Computer Name = GökhanGürel-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 04.05.2011 15:12:20 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.05.2011 16:44:44 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 04.05.2011 16:47:57 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 04.05.2011 16:48:01 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 04.05.2011 16:48:47 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 04.05.2011 16:49:17 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 04.05.2011 16:56:36 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 04.05.2011 17:01:39 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 04.05.2011 17:04:43 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.05.2011 17:04:43 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

xRaptoRxGG · 04.05.2011, 22:26

Ich hab mich für Avira entschieden :-)

M-K-D-B · 05.05.2011, 21:08

Hallo xRaptoRxGG,

Zitat:

Zitat von xRaptoRxGG

Ich hab mich für Avira entschieden :-)

Schritt # 1: Fragen beantworten
Bitte beantworte mir folgende Fragen:

Zitat:

Drive C: | 69,65 Gb Total Space | 12,30 Gb Free Space | 17,65% Space Free | Partition Type: NTFS

Bis vor kurzem hattest du noch fast 15 GB freien Speicherplatz. Jetzt sind es nur noch gute 12 GB. Woher kommt das?
Wenn du so weiter machst, ist die Festplatte bald wieder voll. Dann ist es nicht mehr auszuschließen, dass wieder Bluescreens erscheinen.

Schritt # 2: Fix mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

:files
c:\users\Gökhan Gürel\AppData\Roaming\srvblck2.tmp
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dacaru.exe 

:commands
[Emptytemp]

Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt # 3: Java deinstallieren/neu installieren

Schließe alle Internet Browser.
Folge dem Pfad: Start -> Systemsteuerung -> Programme deinstallieren
Deinstalliere bitte Java(TM) 6 Update 22
Lade dir anschließend Java(TM) 6 Update 25 von hier auf deinen Desktop.
Installiere anschließend die neue Version mit Rechtsklick -> Als Administrator ausführen

Schritt # 4: ESET Online Scanner
Bitte während des Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
Dein Anti-Virus-Programm während des Scans deaktivieren.

Button (<< klick) drücken.
- Firefox-User:
  Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User:
  müssen das Installieren eines ActiveX Elements erlauben.
Setze den einen Haken bei Yes, i accept the Terms of Use.
Drücke den Button.
Warte bis die Komponenten herunter geladen wurden.
Setze einen Haken bei "Scan archives".
Gehe sicher das bei Remove Found Threads kein Haken gesetzt ist.
drücken.
Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

Klicke Finish.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
Logfile hier posten.

Schritt # 5: Benutzerdefinierter Scan mit OTL
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%PROGRAMFILES%\*.
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe 
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Schritt # 6: Durchführung einer Sicherheitskontrolle
Downloade Dir bitte SecurityCheck

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.
Poste den Inhalt bitte hier.

Schritt # 7: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

die Beantwortung der gestellen Fragen,
das Logfile des OTL-Fix,
das Logfile des ESET Online Scanners,
das neue Logfile von OTL (OTL.txt) und
das Logfile von SecurityCheck.

Anti Malware Doctor endgültig entfernen

Plagegeister aller Art und deren Bekämpfung: Anti Malware Doctor endgültig entfernen