Anti Malware Doctor endgültig entfernen

xRaptoRxGG · 24.04.2011, 11:24

Hallo Miteinander,

dies ist mein erster Post und mein erstes Thema da ich den "Anti Malware Doctror" auf meinem Laptop habe/hatte.

Zuerst bin ich nach dieser http://www.trojaner-board.de/83172-a...entfernen.html Anleitung vorgegangen und habe unten gelesen, dass der Trojaner nicht ganz weg sein könnte da ich immernoch zwischendurch einige Fehlermeldungen bekomme.

Jetzt hab ich mich mit dieser http://www.trojaner-board.de/95965-w...entfernen.html Anleitung beschäftigt und glaube, einen zu brauchen der mir mit den Logfiles weiter hilft.

Vielen Dank im Voraus.

Ich hoffe mein Verhalten war den Boardregeln angemessen.

Wird hier einem auch mal geholfen?

M-K-D-B · 26.04.2011, 11:12

Mein Name ist M-K-D-B und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
Bitte arbeite solange mit mir mit, bis ich dir sage, dass wir hier fertig sind.
Solltest du mir nicht innerhalb von 5 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Für Benutzer von Windows Vista und Windows 7 gilt: Alle Programme mit Rechtsklick "Als Administrator ausführen" starten.

Schritt # 1: Load.exe ausführen
Downloade Dir bitte Load.exe

Das Tool benötigt eine aktive Internetverbindung, aber keinen offenen Browser
Sollte deine Firewall meckern, die Anwendung bitte zulassen.

Speichere die Datei am Desktop.
Schließe bitte alle laufenden Programme sowie Browser und sichere gegebenfalls offene Dokumente.
Starte die Load.exe
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool wird nun einige Tools auf deinem Desktop laden.

Sobald der Download beendet ist, startet sich TFC.exe. Drücke den Start Button in TFC.
TFC wird alle offenen Programme schließen. Sichere alle offenen Dokumente bevor du Start drückst
Sollte TFC den Rechner nicht neu starten wird Load.exe den Rechner neu starten.
Nach dem Neustart wird sich automatisch die Anleitung.html ( zu finden auf dem Desktop ) öffnen. Darin wird die Anweisung der Tools beschrieben.

Schritt # 2: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

das Logfile von Defogger,
das Logfile von GMER und
die beiden Logfiles von OTL (OTL.txt und Extras.txt).

xRaptoRxGG · 26.04.2011, 23:24

OTL EXTRAS Logfile:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 24.04.2011 12:10:44 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Gökhan Gürel\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
952,00 Mb Total Physical Memory | 200,00 Mb Available Physical Memory | 21,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 48,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 5,37 Gb Free Space | 7,72% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 0,08 Gb Free Space | 0,12% Space Free | Partition Type: NTFS
 
Computer Name: GÖKHANGÜREL-PC | User Name: Gökhan Gürel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-3665531956-1048049180-3051706973-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1451C412-E212-469D-963E-203DD1CFEB05}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1DD353AB-9FEA-4861-AA39-E61C026CA40E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{24E6C9D9-685F-4C45-8F16-985C122822C2}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{258AE4BE-F063-407D-9E67-229E527C136A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2BADE237-EBC4-4E14-8333-EAE22491397C}" = lport=6112 | protocol=6 | dir=in | name=wciii 6112 | 
"{439B5AC8-9ADC-47D8-840B-EB8DDBF94D7E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{49F5D437-07F2-4D88-914D-76F7BAD7B681}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4E1D8C7B-E8ED-4ACB-9914-C236DD632672}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{597B088D-D95E-4F50-BBB2-F5781CCBE44E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{5A2CCD5E-9FAA-418F-B846-9FA9E2F1F122}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5CA111DC-74D6-44DB-84B9-D45F432F7B80}" = lport=6113 | protocol=6 | dir=in | name=wciii 6113 | 
"{5CD8B400-36DE-4C9A-BCFC-FDD146606D0B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5E7E46A8-D3A3-40DF-B28D-D2571FE9E2BD}" = lport=6116 | protocol=6 | dir=in | name=wciii 6116 | 
"{5F6E628E-3204-4F2D-9BCF-AFAEB60CBB1A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6B309508-A613-4B91-A0EE-659CD6A23CB4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{71DB7BBC-957A-4B45-891B-410E273006E9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7213BE3E-FF45-426E-B90A-D51B0BB46BA0}" = lport=6114 | protocol=6 | dir=in | name=wciii 6114 | 
"{79BAE974-D46E-42D6-B08F-7A4EF2F9B719}" = lport=6118 | protocol=6 | dir=in | name=wciii 6118 | 
"{838B6577-FBAE-4D09-AB04-03E20068C1A5}" = lport=6117 | protocol=6 | dir=in | name=wciii 6117 | 
"{88002A36-8E50-4939-A5A4-1248935882E8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{896B56F8-0C5D-4980-BBE9-4A11937FBA9B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9701CE72-9C09-47FA-AF59-58B41F4C5325}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A5FE2DE2-CDDD-4EF0-9ADD-8F7023B5C6C6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AD0BC489-D2D6-48CA-BCDC-37334E0EF348}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B737825E-265F-455A-9521-76D00F609254}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BC98501C-4646-4088-9228-3A523E4AD4B2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C30E6250-CCEB-47AC-AF21-338B57DCCBB6}" = lport=6119 | protocol=6 | dir=in | name=wciii 6119 | 
"{C532C692-976A-48C4-B478-3C73FEF767B3}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E1267A1C-CA09-4DF5-B746-F0B8B70BB27F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F8E55AD6-114D-4227-98C1-F42AA9E0CA6C}" = lport=6115 | protocol=6 | dir=in | name=wciii 6115 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010E1948-8967-43C2-A361-F02DE426D049}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{0145FD7A-0D3B-444D-9DFC-E31231260404}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{041258C5-46FF-4930-8554-1575033F13BB}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe | 
"{09DE9771-B740-4411-BC56-BEF213FEF593}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{1654011D-DF0B-4584-B7FC-C1B9D35204C8}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{1DBE9FAD-B084-4447-93AA-BE2DDBF60462}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{25C159E5-BA03-4D7D-AE97-052F0C82519F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{2CDCD8E7-9145-4466-BD45-FE7BD05B0FF5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2FB0550F-C930-4478-8F7C-2B8677505F05}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{321D68F6-EFD5-4310-9151-233139B8F289}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3671050F-184C-4014-A25F-01982329DA42}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3A88EDFC-C670-44D2-B769-3F9B957BAB4D}" = protocol=6 | dir=out | app=system | 
"{3A9CFDD2-91FB-412A-948B-75AD4DF64A83}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{3E41AF68-945F-410D-B389-011B0FE21B58}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{3FC4CBD6-41E1-4350-B512-4EBC275470BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4491D6C4-ED71-4998-A362-EE3173294832}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{47489154-018C-448B-B459-70A62D534650}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{475D8E22-6107-403C-83C9-1328D582EE53}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{48DCF6B7-9E8A-4443-BF65-C32FAEB4D5B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{48DD435B-06D9-46BD-A848-C4276BC3143C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{496D62F6-D29F-4410-979C-599E7BB1A391}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{4D1A27E1-8E99-433C-80DE-0DE926ABDD6E}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe | 
"{51292651-B47B-4F40-BB68-97A05ADDDC87}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{53583FF2-E850-403D-9102-07657908A43B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{545130B5-97FD-45A6-B17B-B05F2F166190}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5BA04F23-EE01-40DF-A2C8-B1E7F89B3846}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{651CFB77-31E5-49B0-A7A6-1CFEB9DAA360}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{662D53E8-08D9-4C18-A9E3-78A4D1178D7A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{68B555B6-3487-4150-9CCC-F42AFE2E0BE3}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{773C13BC-4712-4FE6-A23F-4B630F21459C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | 
"{7FC14EA8-465A-40D9-A69A-9AFA66CC3CA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8F9FC7F5-1C26-452D-830B-983A671BBCA9}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{931A74F7-49BD-423D-A70B-51BCA84BF234}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe | 
"{A1F0A157-58DB-44C7-9B6A-61705B11B760}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{A7C97A7C-E44D-4743-AAB4-7F2D4CDD51F0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B352C36B-B9FF-4565-A4CC-9B913F56348C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{B56F3BC7-F1C6-4112-8676-0E4B73CE7F9B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B6EDF804-6125-4672-A0DB-C2C2D7130FD1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{B74280C0-2D32-471A-9A4B-8FFC6FC598FA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{BEFD1A8C-3788-4AC7-8A04-0EE3FB812E6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C03D6FD8-8B8B-4BD7-B668-4668EF28ACC7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{C7B42F14-88F0-4C25-9120-9C553657D0E7}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{D604EDAE-DF03-4AF9-B221-3677DC0A30F2}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{E20B0277-86AA-477D-B1D5-FF6883BE68A3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{F1DDB615-F088-474A-810E-B6D61AA9C16C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FBD88422-4C49-4F8B-81F7-E6FAA4E2000F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{FF87AC28-3F8A-4B61-9296-991EE30A46E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{C1CD1C21-B798-42BC-94C7-E7DA7CDBCE6B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{CA0637B9-C850-4F21-BC0F-845B1094AA5C}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{F70D284D-06DD-4D43-A49C-F28F4C460C4E}C:\users\gökhan gürel\desktop\leecher.exe" = protocol=6 | dir=in | app=c:\users\gökhan gürel\desktop\leecher.exe | 
"UDP Query User{7163784E-C48E-4BDC-9205-172925FBF50C}C:\users\gökhan gürel\desktop\leecher.exe" = protocol=17 | dir=in | app=c:\users\gökhan gürel\desktop\leecher.exe | 
"UDP Query User{E866CFE2-38C6-421A-B6EB-4F1741126425}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{F9EA3F1D-687B-4BE3-A116-CAFB7489A9DD}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{141A7ECB-AA8E-4C16-85FE-6FFF804799CF}" = Buchungssatzpauker-B IKR 2.50 (Shareware)
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 22
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{548AF5C1-54E3-4B74-A3E5-D5E6CB7D487C}" = O2Micro Flash Memory Card Reader Driver (x86)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{9D0BDD42-6564-4E1B-963A-4977A6271DB4}" = Winklers Lernprogramm 2027
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{C1A80F67-656F-4DF3-A6C4-DE18A47477C5}_is1" = ICQ Away Reader 1.4
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Burning Studio 2009_is1" = Ashampoo Burning Studio 2009
"AviSynth" = AviSynth 2.5
"Boilsoft AVI to VCD SVCD DVD Converter_is1" = Boilosft AVI to VCD SVCD DVD Converter 3.81
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"Canon iP4700 series Benutzerregistrierung" = Canon iP4700 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"JDownloader" = JDownloader
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mp3tag" = Mp3tag v2.45a
"PokerStars.net" = PokerStars.net
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RouterControl" = RouterControl 1.92
"Uninstall_is1" = Uninstall 1.0.0.1
"Videora iPhone Converter" = Videora iPhone Converter 6
"VLC media player" = VLC media player 1.0.1
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.04.2011 10:16:59 | Computer Name = GökhanGürel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.04.2011 10:16:59 | Computer Name = GökhanGürel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.04.2011 10:17:00 | Computer Name = GökhanGürel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.04.2011 10:17:03 | Computer Name = GökhanGürel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.04.2011 10:17:03 | Computer Name = GökhanGürel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.04.2011 10:17:04 | Computer Name = GökhanGürel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.04.2011 10:17:05 | Computer Name = GökhanGürel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.04.2011 10:17:07 | Computer Name = GökhanGürel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.04.2011 10:17:15 | Computer Name = GökhanGürel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.04.2011 10:17:17 | Computer Name = GökhanGürel-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 24.04.2011 05:02:25 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 24.04.2011 05:02:25 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 24.04.2011 05:02:25 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 24.04.2011 05:02:25 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 24.04.2011 05:02:25 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 24.04.2011 05:02:25 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 24.04.2011 05:02:25 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 24.04.2011 05:02:25 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 24.04.2011 05:02:25 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 24.04.2011 05:04:23 | Computer Name = GökhanGürel-PC | Source = Service Control Manager | ID = 7032
Description = 
 
 
< End of report >

--- --- ---

--- --- ---

OTL logfile created on: 26.04.2011 23:47:25 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Gökhan Gürel\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

952,00 Mb Total Physical Memory | 111,00 Mb Available Physical Memory | 12,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 31,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 14,56 Gb Free Space | 20,91% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 0,08 Gb Free Space | 0,12% Space Free | Partition Type: NTFS

Computer Name: GÖKHANGÜREL-PC | User Name: Gökhan Gürel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\GKHANG~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Users\Gökhan Gürel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\RouterControl\RouterControl.exe (Mirko Böer)
PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\RacAgent.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\Programme\Common Files\Megatech\MProtect\MPServ.exe ()
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.)

========== Modules (SafeList) ==========

MOD - C:\Users\Gökhan Gürel\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msshsq.dll (Microsoft Corporation)
MOD - C:\Windows\System32\duser.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (o2flash) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (Megatech-Software-Protection) -- C:\Programme\Common Files\Megatech\MProtect\MPServ.exe ()
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (O2MDRDR) -- C:\Windows\System32\drivers\o2media.sys (O2Micro )
DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro )
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH)
DRV - (TpChoice) -- C:\Windows\System32\drivers\TpChoice.sys (Alps Electric Co., Ltd.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1008&m=extensa_5230
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1008&m=extensa_5230

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vb32&d=1008&m=extensa_5230
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "spiegel-online.de"
FF - prefs.js..extensions.enabledItems: {300350ba-cad8-4c5e-a98b-302ecc608f5e}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {54534D75-A690-4284-9111-F301A308E9E6}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.22 20:58:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.22 20:58:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.26 16:17:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.22 20:54:09 | 000,000,000 | ---D | M]

[2009.04.07 01:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Extensions
[2011.04.26 23:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions
[2010.08.31 18:29:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.28 19:35:31 | 000,000,000 | ---D | M] (Raid Rush Community Toolbar) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{300350ba-cad8-4c5e-a98b-302ecc608f5e}
[2010.10.16 20:36:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.28 19:35:31 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\engine@conduit.com
[2011.04.23 18:37:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.24 10:38:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.04.22 20:58:25 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video&gt

-- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.04.22 20:58:26 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2009.06.23 19:38:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2010.10.24 10:38:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\GÃ¶KHAN GÃ¼REL\APPDATA\LOCAL\{54534D75-A690-4284-9111-F301A308E9E6}
File not found (No name found) -- C:\USERS\GÃ¶KHAN GÃ¼REL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9E1JLB.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\USERS\GÃ¶KHAN GÃ¼REL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9E1JLB.DEFAULT\EXTENSIONS\{300350BA-CAD8-4C5E-A98B-302ECC608F5E}
File not found (No name found) -- C:\USERS\GÃ¶KHAN GÃ¼REL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9E1JLB.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
File not found (No name found) -- C:\USERS\GÃ¶KHAN GÃ¼REL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQ9E1JLB.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.08 08:07:41 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.08 08:07:41 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.08 08:07:41 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.08 08:07:41 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.08 08:07:41 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RouterControl] C:\Programme\RouterControl\RouterControl.exe (Mirko Böer)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gökhan Gürel\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1edf9e42-2111-11df-8593-001d72dd38e9}\Shell\AutoRun\command - "" = aNVYBn.EXE
O33 - MountPoints2\{1edf9e42-2111-11df-8593-001d72dd38e9}\Shell\oPEn\CommANd - "" = AnVyBN.EXe
O33 - MountPoints2\{1edf9e47-2111-11df-8593-001d72dd38e9}\Shell - "" = AutoRun
O33 - MountPoints2\{1edf9e47-2111-11df-8593-001d72dd38e9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{1edf9e5e-2111-11df-8593-001d72dd38e9}\Shell\AutoRun\command - "" = RECYCLERS\runmgr.exe
O33 - MountPoints2\{1edf9e5e-2111-11df-8593-001d72dd38e9}\Shell\open\command - "" = RECYCLERS\runmgr.exe
O33 - MountPoints2\{3ef58160-3069-11df-bcc3-001d72dd38e9}\Shell - "" = AutoRun
O33 - MountPoints2\{3ef58160-3069-11df-bcc3-001d72dd38e9}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3ef58162-3069-11df-bcc3-001d72dd38e9}\Shell - "" = AutoRun
O33 - MountPoints2\{3ef58162-3069-11df-bcc3-001d72dd38e9}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{56cc05e8-3067-11df-8237-001d72dd38e9}\Shell - "" = AutoRun
O33 - MountPoints2\{56cc05e8-3067-11df-8237-001d72dd38e9}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{66a167c2-e4d2-11de-8ad6-001d72dd38e9}\Shell - "" = AutoRun
O33 - MountPoints2\{66a167c2-e4d2-11de-8ad6-001d72dd38e9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{6bec9fc4-2d34-11de-85d2-001d72dd38e9}\Shell - "" = AutoRun
O33 - MountPoints2\{6bec9fc4-2d34-11de-85d2-001d72dd38e9}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{6bec9fc4-2d34-11de-85d2-001d72dd38e9}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{6bec9fc4-2d34-11de-85d2-001d72dd38e9}\Shell\install\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{87963c58-ff47-11de-b299-001d72dd38e9}\Shell - "" = AutoRun
O33 - MountPoints2\{87963c58-ff47-11de-b299-001d72dd38e9}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{9b4b3500-331b-11de-9b7d-001d72dd38e9}\Shell\AutoRun\command - "" = jcomkm.exe
O33 - MountPoints2\{9b4b3500-331b-11de-9b7d-001d72dd38e9}\Shell\explore\Command - "" = jcomkm.exe
O33 - MountPoints2\{9b4b3500-331b-11de-9b7d-001d72dd38e9}\Shell\open\Command - "" = jcomkm.exe
O33 - MountPoints2\{fc5083e7-2116-11df-868e-001d72dd38e9}\Shell - "" = AutoRun
O33 - MountPoints2\{fc5083e7-2116-11df-868e-001d72dd38e9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011.04.26 23:43:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.26 23:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.04.26 23:41:50 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.04.26 22:52:02 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Gökhan Gürel\Desktop\Erunt-setup.exe
[2011.04.26 22:52:02 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\TFC.exe
[2011.04.25 17:01:10 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011.04.25 16:30:38 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\Sunbelt Software
[2011.04.25 16:29:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\{EBDD7DE0-D012-47DF-859B-DB1061E2D512}
[2011.04.25 16:28:50 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2011.04.25 16:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011.04.25 16:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011.04.25 15:47:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011.04.25 15:47:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011.04.25 15:47:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011.04.25 14:41:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.04.25 14:36:22 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\Ucsohi
[2011.04.25 14:36:22 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\Obliw
[2011.04.25 12:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.04.25 12:43:53 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011.04.25 12:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.04.25 12:40:35 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Gökhan Gürel\Desktop\spybotsd162.exe
[2011.04.25 12:32:55 | 123,916,352 | ---- | C] (Lavasoft ) -- C:\Users\Gökhan Gürel\Desktop\Ad-Aware902Install.exe
[2011.04.24 12:08:32 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\OTL.exe
[2011.04.23 19:04:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.04.23 18:43:33 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\Malwarebytes
[2011.04.23 18:43:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.23 18:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.23 18:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.23 18:43:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.23 18:43:23 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.23 17:42:00 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\VA_-_Kontor_House_Of_House_Vol.10-3CD-2010-MOD
[2011.04.23 17:41:50 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Chris_Brown-Yeah_3x_(Clean_Version)-WEB-2011-RECA
[2011.04.23 17:31:15 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\xmldm
[2011.04.23 17:31:14 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\kock
[2011.04.23 17:27:16 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\{54534D75-A690-4284-9111-F301A308E9E6}
[2011.04.23 17:25:33 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\55EF921B3F01E13BF6CA0EAAFBEEBEC3
[2011.04.23 17:07:13 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Usher--More-Promo_CDS-2010-WUS
[2011.04.22 21:18:09 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\DDMSettings
[2011.04.22 20:57:27 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine
[2011.04.22 20:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011.04.22 20:56:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared
[2011.04.22 20:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011.04.20 18:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.04.20 18:15:38 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.04.20 18:15:26 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.04.20 17:53:03 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.04.20 12:50:05 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\DJ Antoine - WOW (320)
[2011.04.20 08:40:45 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Lernzettel
[2011.04.01 17:45:01 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Local\PokerStars.NET
[2011.04.01 17:44:48 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
[2011.04.01 17:44:28 | 000,000,000 | ---D | C] -- C:\Programme\PokerStars.NET
[2011.03.31 19:47:12 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\CDU
[2011.03.31 19:44:55 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\Desktop\Warez Seiten
[2011.03.31 17:57:55 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\Karteikartentrainer
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2008.10.15 09:06:59 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp files -> C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.04.26 23:42:16 | 000,000,917 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.04.26 23:41:52 | 000,000,737 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\NTREGOPT.lnk
[2011.04.26 23:41:52 | 000,000,718 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\ERUNT.lnk
[2011.04.26 23:30:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.26 23:30:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.04.26 23:30:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.26 23:30:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.26 23:20:50 | 175,245,713 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.26 22:52:15 | 000,301,568 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\g2m3e4r.exe
[2011.04.26 22:52:12 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Gökhan Gürel\Desktop\Erunt-setup.exe
[2011.04.26 22:52:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\OTL.exe
[2011.04.26 22:52:06 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Gökhan Gürel\Desktop\TFC.exe
[2011.04.26 22:49:36 | 000,377,260 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Load.exe
[2011.04.26 22:44:42 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CABC6CDF-19C7-4765-9CEB-B0201A34F566}.job
[2011.04.25 17:23:30 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.25 17:23:30 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.25 17:23:30 | 000,149,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.25 17:23:30 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.25 16:29:30 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.04.25 15:52:17 | 002,306,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.25 12:41:26 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Gökhan Gürel\Desktop\spybotsd162.exe
[2011.04.25 12:39:17 | 123,916,352 | ---- | M] (Lavasoft ) -- C:\Users\Gökhan Gürel\Desktop\Ad-Aware902Install.exe
[2011.04.23 18:43:27 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.23 18:38:39 | 001,006,778 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\iExplore.exe
[2011.04.23 18:38:18 | 001,006,778 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\rkill.com
[2011.04.23 17:27:20 | 000,000,000 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\Rsagikufevori.bin
[2011.04.23 17:27:19 | 000,000,120 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\Glezeqo.dat
[2011.04.20 18:17:08 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.20 18:01:16 | 000,000,680 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\d3d9caps.dat
[2011.04.16 14:25:34 | 005,148,967 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\Sergey_Romanov_aka_Elektro_Violine_-_Qadro_Electro....mp3
[2011.04.12 22:06:05 | 000,162,816 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.01 17:44:49 | 000,000,894 | ---- | M] () -- C:\Users\Gökhan Gürel\Desktop\PokerStars.net.lnk
[1 C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp files -> C:\Users\Gökhan Gürel\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.04.26 23:42:16 | 000,000,917 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.04.26 23:41:52 | 000,000,737 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\NTREGOPT.lnk
[2011.04.26 23:41:52 | 000,000,718 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\ERUNT.lnk
[2011.04.26 22:52:03 | 000,301,568 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\g2m3e4r.exe
[2011.04.26 22:48:31 | 000,377,260 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Load.exe
[2011.04.25 23:45:32 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011.04.25 17:02:57 | 175,245,713 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.04.25 16:29:30 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.04.23 18:43:27 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.23 18:38:36 | 001,006,778 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\iExplore.exe
[2011.04.23 18:07:42 | 001,006,778 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\rkill.com
[2011.04.23 17:27:20 | 000,000,000 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Local\Rsagikufevori.bin
[2011.04.23 17:27:19 | 000,000,120 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Local\Glezeqo.dat
[2011.04.20 18:17:08 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.16 14:24:30 | 005,148,967 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\Sergey_Romanov_aka_Elektro_Violine_-_Qadro_Electro....mp3
[2011.04.01 17:44:49 | 000,000,894 | ---- | C] () -- C:\Users\Gökhan Gürel\Desktop\PokerStars.net.lnk
[2010.11.07 13:21:18 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.02.20 17:07:10 | 000,000,619 | ---- | C] () -- C:\Windows\eReg.dat
[2010.02.13 21:54:44 | 000,003,084 | ---- | C] () -- C:\Windows\wininit.ini
[2010.02.13 21:54:14 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2010.01.27 21:38:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.17 19:25:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 19:25:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.07.12 10:50:14 | 000,000,680 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Local\d3d9caps.dat
[2009.06.22 13:15:34 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.06.15 21:03:30 | 000,000,067 | ---- | C] () -- C:\Windows\AVIConverter.INI
[2009.05.10 18:18:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MPDLL.DLL
[2009.05.10 18:18:04 | 000,000,085 | ---- | C] () -- C:\Windows\megapfad.ini
[2009.04.20 04:07:40 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.04.20 01:18:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.04.07 01:40:00 | 000,000,127 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Roaming\default.rss
[2009.04.05 11:09:34 | 000,162,816 | ---- | C] () -- C:\Users\Gökhan Gürel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.04 21:45:00 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.04.03 22:49:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.15 08:55:26 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.10.15 08:55:26 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.10.15 08:55:26 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008.10.14 23:19:42 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.10.14 23:19:42 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.10.14 23:19:42 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.10.14 23:19:42 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.05.26 10:41:20 | 000,685,712 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.05.26 10:41:20 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.05.26 10:41:20 | 000,149,980 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.05.26 10:41:20 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.05.26 01:06:07 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.05.26 01:02:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.05.26 01:02:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.05.14 10:29:02 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.05.14 10:29:02 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.05.14 10:29:01 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:44:53 | 002,306,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,642,704 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,121,592 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011.04.23 18:26:15 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\55EF921B3F01E13BF6CA0EAAFBEEBEC3
[2009.04.25 19:39:46 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Ashampoo
[2009.06.03 12:52:53 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Buhl Data Service GmbH
[2009.04.20 01:08:17 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DAEMON Tools
[2009.04.20 01:08:40 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DAEMON Tools Lite
[2009.04.20 01:08:17 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DAEMON Tools Pro
[2010.10.16 20:35:59 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.04.04 16:26:42 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\eSobi
[2011.04.25 12:36:53 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\ICQ
[2009.04.20 04:07:47 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\InterVideo
[2011.03.31 18:05:13 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Karteikartentrainer
[2011.04.23 17:31:14 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\kock
[2009.10.14 19:53:49 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\LG Electronics
[2009.04.17 01:04:13 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Mp3tag
[2011.04.25 16:59:47 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Obliw
[2010.11.09 21:27:49 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Red Kawa
[2010.08.16 19:39:58 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\RouterControl
[2009.07.01 13:26:14 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\soul.im
[2010.10.18 19:19:33 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\TeamViewer
[2011.04.25 18:27:53 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Ucsohi
[2010.03.15 21:22:34 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\Vodafone
[2011.03.31 19:49:13 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\WindSolutions
[2011.04.23 17:31:15 | 000,000,000 | ---D | M] -- C:\Users\Gökhan Gürel\AppData\Roaming\xmldm
[2011.04.26 23:29:19 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.04.26 22:44:42 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CABC6CDF-19C7-4765-9CEB-B0201A34F566}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2009.04.03 21:39:38 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.04.03 21:38:11 | 000,000,000 | ---D | M] -- C:\Acer
[2008.10.15 09:07:07 | 000,000,000 | ---D | M] -- C:\Book
[2011.04.25 15:56:19 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.04.03 21:33:10 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.04.29 20:36:02 | 000,000,000 | ---D | M] -- C:\Downloads
[2009.11.21 15:31:13 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2009.04.03 21:40:46 | 000,000,000 | ---D | M] -- C:\Elements
[2008.05.14 09:39:56 | 000,000,000 | ---D | M] -- C:\Intel
[2009.11.07 12:25:12 | 000,000,000 | -H-D | M] -- C:\LG3G
[2010.04.13 22:55:26 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 04:43:50 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.04.26 23:41:50 | 000,000,000 | R--D | M] -- C:\Programme
[2011.04.25 16:29:32 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.04.03 21:33:10 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.04.25 14:43:10 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.10.25 19:10:39 | 000,000,000 | ---D | M] -- C:\test
[2009.04.03 21:36:48 | 000,000,000 | R--D | M] -- C:\Users
[2010.02.13 22:43:51 | 000,000,000 | ---D | M] -- C:\WESTWOOD
[2011.04.26 23:43:06 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.1

xRaptoRxGG · 26.04.2011, 23:28

Danke schonmal im Voraus!

M-K-D-B · 27.04.2011, 09:59

Hallo xRaptoRxGG,

Schritt # 1: Fragen & Hinweise
Bitte beantworte mir folgende Fragen:

Wozu sind diese Seiten gut?

Zitat:

C:\Users\Gökhan Gürel\Desktop\Warez Seiten

Ich möchte dich hiermit auf folgendes hinweisen: Cracks, Keygens und andere illegale Software
Leider hast du den unteren Teil des OTL.txt Logfiles vergessen zu kopieren:

Zitat:

...
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.1
Bitte achte darauf, dass du immer das komplette Logfiles kopierst und einfügst. So ersparen wir uns unnötige Logfiles.

Schritt # 2: Störende Programme

Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt.
Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind):
Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung.

Schritt # 3: Add-ons in Firefox entfernen

Starte Firefox
Klicke auf Extras -> Add-ons
Entferne die folgenden Add-ons (sofern sie vorhanden sind):
- Raid Rush Community Toolbar
- Conduit Engine
Zum Abschluss musst du Firefox schließen und neu starten, damit die Entfernung abgeschlossen werden kann.
Kontrolliere, ob die genannten Erweiterungen auch entfernt wurden.
Schließe Firefox wieder.

Schritt # 4: Fix mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..extensions.enabledItems: {300350ba-cad8-4c5e-a98b-302ecc608f5e}:3.3.3.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
[2011.03.28 19:35:31 | 000,000,000 | ---D | M] (Raid Rush Community Toolbar) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{300350ba-cad8-4c5e-a98b-302ecc608f5e}
[2011.03.28 19:35:31 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\engine@conduit.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
[2011.04.23 17:31:15 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\xmldm
[2011.04.23 17:31:14 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\kock
[2011.04.23 17:25:33 | 000,000,000 | ---D | C] -- C:\Users\Gökhan Gürel\AppData\Roaming\55EF921B3F01E13BF6CA0EAAFBEEBEC3
[2011.04.23 17:27:20 | 000,000,000 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\Rsagikufevori.bin
[2011.04.23 17:27:19 | 000,000,120 | ---- | M] () -- C:\Users\Gökhan Gürel\AppData\Local\Glezeqo.dat

:files
C:\USERS\Gökhan Gürel\APPDATA\LOCAL\{54534D75-A690-4284-9111-F301A308E9E6}

:Commands
[purity]
[resethosts]
[emptytemp]

Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt # 5: Stoppen von Treibern mit Defogger
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Vista User: Bitte mit Rechtsklick "als Administrator starten".
Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
Defogger fordert nun zum Neustart auf. Bestätige dies mit OK.
DeFogger erstellt nun ein Logfile auf dem Desktop (defogger_disable).

Poste bitte den Inhalt der Logfile in Deiner nächsten Antwort.
Wenn wir die Bereinigung beendet haben, starte bitte defogger erneut und klicke den Re-enable Button.

Schritt # 6: GMER Rootkitscan
Bitte

alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
nichts am Rechner arbeiten,
nach jedem Scan den Rechner neu starten.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista und Win7 User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Entferne rechts den Haken bei:
- IAT/EAT
- Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
- Show all (sollte abgehackt sein)
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Schritt # 7: Benutzerdefinierter Scan mit OTL
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%PROGRAMFILES%\*.
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\ProgramData\{EBDD7DE0-D012-47DF-859B-DB1061E2D512} /S
C:\Users\Gökhan Gürel\AppData\Roaming\Ucsohi /S
C:\Users\Gökhan Gürel\AppData\Roaming\Obliw /S
/md5start
explorer.exe 
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Schritt # 8: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

die Beantwortung der gestellten Frage,
das Logfile des OTL-Fix,
das Logfile von Defogger,
das Logfile von GMER und
das neue Logfile von OTL.

xRaptoRxGG · 27.04.2011, 19:26

Die gewünschten Dinge hab ich entfernt aber mein Laptop stürzt bei dem Neustart immer ab(blauer Bildschirm mit anschließendem Neustart).

Soll ich trotzdem mit den Schritten weitermachen oder anders vorgehen?

M-K-D-B · 27.04.2011, 19:36

Hallo xRaptoRxGG,

Zitat:

Die gewünschten Dinge hab ich entfernt...

Von welchen Dingen sprichst du hier? Sprichst du von Schritt # 3 oder Schritt # 4?

Zitat:

...aber mein Laptop stürzt bei dem Neustart immer ab(blauer Bildschirm mit anschließendem Neustart).

Bei einem Neustart von Firefox oder bei einem Windows Neustart?

Welche Fehlermeldung erscheint auf dem blauen Bildschirm? Notiere dir die Datei, die Probleme verursacht und den genauen Fehlercode und berichte.

xRaptoRxGG · 27.04.2011, 19:48

Ich meine Schritt 2 und 3.

Bei einem Windowsneustart.

Ich mach dannn jetzt ein neuversuch und notiere mir die Daten.

xRaptoRxGG · 27.04.2011, 20:01

Hat geklappt, ich hoffe das ist das richtige Dokument, dass gesucht ist.

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: {300350ba-cad8-4c5e-a98b-302ecc608f5e}:3.3.3.2 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Folder C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{300350ba-cad8-4c5e-a98b-302ecc608f5e}\ not found.
Folder C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\engine@conduit.com\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Folder C:\Users\Gökhan Gürel\AppData\Roaming\xmldm\ not found.
Folder C:\Users\Gökhan Gürel\AppData\Roaming\kock\ not found.
Folder C:\Users\Gökhan Gürel\AppData\Roaming\55EF921B3F01E13BF6CA0EAAFBEEBEC3\ not found.
File C:\Users\Gökhan Gürel\AppData\Local\Rsagikufevori.bin not found.
File C:\Users\Gökhan Gürel\AppData\Local\Glezeqo.dat not found.
========== FILES ==========
File\Folder C:\USERS\Gökhan Gürel\APPDATA\LOCAL\{54534D75-A690-4284-9111-F301A308E9E6} not found.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gökhan Gürel
->Temp folder emptied: 237814 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 15021022 bytes
->Flash cache emptied: 456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1048576 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 16,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04272011_204915

Files\Folders moved on Reboot...
C:\Users\Gökhan Gürel\AppData\Local\Temp\RtkBtMnt.exe moved successfully.
File\Folder C:\Windows\temp\TMP000000465AF8E120532AC241 not found!

Registry entries deleted on Reboot...

M-K-D-B · 27.04.2011, 20:13

Hallo xRaptoRxGG,

Zitat:

ich hoffe das ist das richtige Dokument, dass gesucht ist.

Du hast mir das Logfile des OTL-Fix gepostet. Aber die Einträge wurden anscheinend schon vorher entfernt.

Kam beim letzten Neustart kein blauer Bildschirm mit einer Fehlermeldung? Ich wollte, dass du mir davon die genaue Fehlermeldung postest.

Schau mal bitte unter C:\_OTL\Moved Files\ und poste mir die Inhalte aller Textdateien (Logfiles), die du dort findest.

Vielen Dank.

xRaptoRxGG · 27.04.2011, 20:17

Nein, beim letzten mal ist es nicht abgestürzt aber beim Hochfahren hat es ungewöhnlich lange gedauert.

Hier alle Textdokumente die in dem Ordner sind:

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: {300350ba-cad8-4c5e-a98b-302ecc608f5e}:3.3.3.2 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Folder C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{300350ba-cad8-4c5e-a98b-302ecc608f5e}\ not found.
Folder C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\engine@conduit.com\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
C:\Users\Gökhan Gürel\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Gökhan Gürel\AppData\Roaming\kock folder moved successfully.
C:\Users\Gökhan Gürel\AppData\Roaming\55EF921B3F01E13BF6CA0EAAFBEEBEC3 folder moved successfully.
C:\Users\Gökhan Gürel\AppData\Local\Rsagikufevori.bin moved successfully.
C:\Users\Gökhan Gürel\AppData\Local\Glezeqo.dat moved successfully.
========== FILES ==========
C:\USERS\Gökhan Gürel\APPDATA\LOCAL\{54534D75-A690-4284-9111-F301A308E9E6}\chrome\content folder moved successfully.
C:\USERS\Gökhan Gürel\APPDATA\LOCAL\{54534D75-A690-4284-9111-F301A308E9E6}\chrome folder moved successfully.
C:\USERS\Gökhan Gürel\APPDATA\LOCAL\{54534D75-A690-4284-9111-F301A308E9E6} folder moved successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gökhan Gürel
->Temp folder emptied: 237814 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 13451244 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 13,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04272011_195555

xRaptoRxGG · 27.04.2011, 20:17

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: {300350ba-cad8-4c5e-a98b-302ecc608f5e}:3.3.3.2 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Folder C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{300350ba-cad8-4c5e-a98b-302ecc608f5e}\ not found.
Folder C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\engine@conduit.com\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Folder C:\Users\Gökhan Gürel\AppData\Roaming\xmldm\ not found.
Folder C:\Users\Gökhan Gürel\AppData\Roaming\kock\ not found.
Folder C:\Users\Gökhan Gürel\AppData\Roaming\55EF921B3F01E13BF6CA0EAAFBEEBEC3\ not found.
File C:\Users\Gökhan Gürel\AppData\Local\Rsagikufevori.bin not found.
File C:\Users\Gökhan Gürel\AppData\Local\Glezeqo.dat not found.
========== FILES ==========
File\Folder C:\USERS\Gökhan Gürel\APPDATA\LOCAL\{54534D75-A690-4284-9111-F301A308E9E6} not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gökhan Gürel
->Temp folder emptied: 237814 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17610348 bytes
->Flash cache emptied: 456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 524288 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 18,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04272011_200953

Files\Folders moved on Reboot...
C:\Users\Gökhan Gürel\AppData\Local\Temp\RtkBtMnt.exe moved successfully.
File\Folder C:\Windows\temp\TMP0000000D6503FD7C96C4BC27 not found!

Registry entries deleted on Reboot...

xRaptoRxGG · 27.04.2011, 20:18

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: {300350ba-cad8-4c5e-a98b-302ecc608f5e}:3.3.3.2 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Folder C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\{300350ba-cad8-4c5e-a98b-302ecc608f5e}\ not found.
Folder C:\Users\Gökhan Gürel\AppData\Roaming\mozilla\Firefox\Profiles\bq9e1jlb.default\extensions\engine@conduit.com\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Folder C:\Users\Gökhan Gürel\AppData\Roaming\xmldm\ not found.
Folder C:\Users\Gökhan Gürel\AppData\Roaming\kock\ not found.
Folder C:\Users\Gökhan Gürel\AppData\Roaming\55EF921B3F01E13BF6CA0EAAFBEEBEC3\ not found.
File C:\Users\Gökhan Gürel\AppData\Local\Rsagikufevori.bin not found.
File C:\Users\Gökhan Gürel\AppData\Local\Glezeqo.dat not found.
========== FILES ==========
File\Folder C:\USERS\Gökhan Gürel\APPDATA\LOCAL\{54534D75-A690-4284-9111-F301A308E9E6} not found.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gökhan Gürel
->Temp folder emptied: 237814 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 15021022 bytes
->Flash cache emptied: 456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1048576 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 16,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04272011_204915

Files\Folders moved on Reboot...
C:\Users\Gökhan Gürel\AppData\Local\Temp\RtkBtMnt.exe moved successfully.
File\Folder C:\Windows\temp\TMP000000465AF8E120532AC241 not found!

Registry entries deleted on Reboot...

M-K-D-B · 27.04.2011, 20:27

Hallo xRaptoRxGG,

Zitat:

Nein, beim letzten mal ist es nicht abgestürzt...

Ok. Sollte es wieder auftreten, so notiere dir die Fehlermeldung und poste sie mit deiner nächsten Antwort.

Zitat:

...aber beim Hochfahren hat es ungewöhnlich lange gedauert.

Das ist bei einem Fix mit OTL nichts Ungewöhnliches.

Die folgende Frage hast du mir noch nicht beantwortet:

Zitat:

C:\Users\Gökhan Gürel\Desktop\Warez Seiten

Wozu sind diese Seiten gut?

Arbeite die folgenden Schritte nacheinander ab und poste mir die gewünschten Logfiles:

Schritt # 1: Stoppen von Treibern mit Defogger
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Vista User: Bitte mit Rechtsklick "als Administrator starten".
Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
Defogger fordert nun zum Neustart auf. Bestätige dies mit OK.
DeFogger erstellt nun ein Logfile auf dem Desktop (defogger_disable).

Poste bitte den Inhalt der Logfile in Deiner nächsten Antwort.
Wenn wir die Bereinigung beendet haben, starte bitte defogger erneut und klicke den Re-enable Button.

Schritt # 2: GMER Rootkitscan
Bitte

alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
nichts am Rechner arbeiten,
nach jedem Scan den Rechner neu starten.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista und Win7 User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Entferne rechts den Haken bei:
- IAT/EAT
- Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
- Show all (sollte abgehackt sein)
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Schritt # 3: Benutzerdefinierter Scan mit OTL
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%PROGRAMFILES%\*.
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe 
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Schritt # 4: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

die Beantwortung der gestellten Frage,
das Logfile von Defogger,
das Logfile von GMER und
das neue Logfile von OTL (OTL.txt).

xRaptoRxGG · 27.04.2011, 21:03

Also "Warez Seiten" ist einfach nur eine html Datei die ich inzwischen schon gelöscht habe.

Beim Ausführen von Schritt 1 ist mein Laptop wieder abgestürzt.

Hier ein Foto:hxxp://www.xup.in/dl,11533431/Foto.JPG/%5D%5Bimg%5Dhxxp://www0.xup.in/exec/ximg.php?fid=11533431

Anti Malware Doctor endgültig entfernen

Plagegeister aller Art und deren Bekämpfung: Anti Malware Doctor endgültig entfernen