| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ick glaub en virusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.07.2013, 20:02
| #1 |
| |  Ick glaub en virus Hallo Forum, ick bin neu hier, ick hab ein Problem kacke verdammte  normalerweise, ick benutz den Chrome browser, aber voll kacke, mein Internet Explorer tut sich öffnen und dann da steht so in URL so getwindowinfo und so´n kack. Jetzt habick den avira durchlaufen lassen und so einen adwcleaner scheiss. Aber das geht net weg der Mist. Wat soll ick machen . Hilfeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee headbang: |
|
27.07.2013, 20:07
| #2 |
| /// the machine /// TB-Ausbilder    | Ick glaub en virus Hi,
__________________Deutsch lernen wäre ne coole Idee für den Anfang. Versuch Dich ein wenig an der deutschen Grammatik und Rechtschreibung zu orientieren, damit man Dir auch folgen kann  Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
27.07.2013, 21:30
| #3 |
| | Ick glaub en virus hÄÄ; wenn ich auf 32bit klicke dann öffnet diese seite Farbar Recovery Scan Tool FRST - Download - Filepony
__________________wo soll ich dann drücken |
|
28.07.2013, 07:13
| #4 |
| /// the machine /// TB-Ausbilder | Ick glaub en virus Rechts auf den grünen Download Button, dann nochmal in der Mitte auf den Namen FRST.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.07.2013, 12:14
| #5 |
| | Ick glaub en virus Mal eben ne Frage schrauber, bevor ich es runterlade, funktioniert auch das hier?? http://www.trojaner-board.de/51187-a...i-malware.html FRST.txt : FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-07-2013 04
Ran by Walid Efetürk (administrator) on 28-07-2013 13:07:38
Running from C:\Users\Walid Efetürk\Desktop\chara (3)
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Windows Net) C:\Users\Walid Efetürk\AppData\Roaming\Windows Net Data\net.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Users\Walid Efetürk\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Walid Efetürk\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Walid Efetürk\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Walid Efetürk\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Walid Efetürk\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Google Inc.) C:\Users\Walid Efetürk\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Companion\companionuser.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [InstallerLauncher] - C:\Users\WALIDE~1\AppData\Local\Temp\GZ_INSTALL_0\setuplauncher.exe [815600 2013-03-25] (BitDefender S.R.L.) <===== ATTENTION
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe [1174016 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Walid Efetürk\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-07-06] (Google Inc.)
HKCU\...\Run: [NTRedirect] - C:\Windows\system32\rundll32.exe [44544 2009-07-14] (Microsoft Corporation) <===== ATTENTION
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [ 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [ 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Walid Efetürk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Walid Efetürk\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Delta Search
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE Suche - die Suchmaschine
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=445C001D60192B79&affID=119357&tsp=4956
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=445C001D60192B79&affID=119357&tsp=4956
BHO: WEB.DE Konfiguration - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
BHO: LyricXeeker - {17E58097-6CA5-448B-830F-2A19678248FB} - C:\Program Files\LyriXeeker\125.dll (LyriXeeker Tech)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Lyrics-Pal - {AB9778AB-BAEF-49B9-96EE-D6E4BD0BCE68} - C:\Program Files\LyricsPal\125.dll No File
BHO: HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - C:\Users\Walid Efetürk\AppData\Roaming\HomeTab\HomeTab.dll No File
BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.22.0\bh\delta.dll (Delta-search.com)
BHO: No Name - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File
BHO: No Name - {f999a48b-1950-4d81-9971-79018f807b4b} - No File
Toolbar: HKLM - HomeTab - {ba696155-d96e-4281-b467-0367a0456474} - C:\Users\Walid Efetürk\AppData\Roaming\HomeTab\HomeTab.dll No File
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.22.0\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU -No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No File
Toolbar: HKCU -No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File
Toolbar: HKCU -No Name - {F999A48B-1950-4D81-9971-79018F807B4B} - No File
Toolbar: HKCU -Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Walid Efetürk\AppData\Roaming\Mozilla\Firefox\Profiles\soxvhzsa.default
FF user.js: detected! => C:\Users\Walid Efetürk\AppData\Roaming\Mozilla\Firefox\Profiles\soxvhzsa.default\user.js
FF NewTab: hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=445C001D60192B79&affID=119357&tsp=4956
FF Homepage: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=445C001D60192B79&affID=119357&tsp=4956
FF SelectedSearchEngine: Delta Search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.2.72 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Walid Efetürk\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Walid Efetürk\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Walid Efetürk\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Walid Efetürk\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Walid Efetürk\AppData\Roaming\Mozilla\Firefox\Profiles\soxvhzsa.default\searchplugins\babylon.xml
FF Extension: No Name - C:\Users\Walid Efetürk\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF Extension: No Name - C:\Users\Walid Efetürk\AppData\Roaming\Mozilla\Firefox\Profiles\soxvhzsa.default\Extensions\ffxtlbr@babylon.com
FF Extension: Delta Toolbar - C:\Users\Walid Efetürk\AppData\Roaming\Mozilla\Firefox\Profiles\soxvhzsa.default\Extensions\ffxtlbr@delta.com
FF Extension: No Name - C:\Users\Walid Efetürk\AppData\Roaming\Mozilla\Firefox\Profiles\soxvhzsa.default\Extensions\linkuryfirefoxremoteplugin@linkury.com
FF Extension: HomeTab - C:\Users\Walid Efetürk\AppData\Roaming\Mozilla\Firefox\Profiles\soxvhzsa.default\Extensions\{24532715-4abc-47ee-bd4f-a6774d0723d2}
FF Extension: No Name - C:\Users\Walid Efetürk\AppData\Roaming\Mozilla\Firefox\Profiles\soxvhzsa.default\Extensions\{454a5ece-209d-4710-92ce-12079d9f613b}
FF Extension: Yahoo! Toolbar - C:\Users\Walid Efetürk\AppData\Roaming\Mozilla\Firefox\Profiles\soxvhzsa.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: No Name - C:\Users\Walid Efetürk\AppData\Roaming\Mozilla\Firefox\Profiles\soxvhzsa.default\Extensions\{6cbdb759-ed53-46b9-9226-ea9c2315a1cf}
FF Extension: FoxyDeal - C:\Users\Walid Efetürk\AppData\Roaming\Mozilla\Firefox\Profiles\soxvhzsa.default\Extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D}
FF Extension: abb - C:\Users\Walid Efetürk\AppData\Roaming\Mozilla\Firefox\Profiles\soxvhzsa.default\Extensions\abb@amazon.com.xpi
FF Extension: toolbar_AVIRA-V7 - C:\Users\Walid Efetürk\AppData\Roaming\Mozilla\Firefox\Profiles\soxvhzsa.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
FF Extension: No Name - C:\Users\Walid Efetürk\AppData\Roaming\Mozilla\Firefox\Profiles\soxvhzsa.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [{9309FA47-1B48-4768-AFA4-9E0556F5DC81}] C:\Program Files\LyricsPal\125.xpi
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] C:\Program Files\LyriXeeker\125.xpi
FF Extension: No Name - C:\Program Files\LyriXeeker\125.xpi
Chrome:
=======
CHR HomePage: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=445C001D60192B79&affID=119357&tsp=4956
CHR RestoreOnStartup: "https://www.google.de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Walid Efet\u00FCrk\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Walid Efet\u00FCrk\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Walid Efet\u00FCrk\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Unity Player) - C:\Users\Walid Efet\u00FCrk\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Walid Efet\u00FCrk\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Top Eleven) - C:\Users\WALIDE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljphpjlafmmdmegmfbkacafhbegjfkkn\2.0.0.4_0
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Walid Efetürk\AppData\Roaming\BabSolution\CR\Delta.crx
CHR HKLM\...\Chrome\Extension: [fgibjgmnimooanbagcfpnkmngejcojaf] - C:\Program Files\HomeTab\chrome\HomeTab.crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files\vShare.tv plugin\vshareplg.crx
CHR HKLM\...\Chrome\Extension: [mmiopbgcekanlhpjkonogoljpfmhpkhf] - C:\Program Files\LyricsPal\125.crx
CHR HKLM\...\Chrome\Extension: [odnofacmifkjndflfmmplhckcbfjckhj] - C:\Program Files\LyriXeeker\125.crx
CHR StartMenuInternet: Google Chrome - "C:\Users\Walid Efetürk\AppData\Local\Google\Chrome\Application\chrome.exe"
========================== Services (Whitelisted) =================
S4 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [107912 2008-10-09] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)
S4 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [559168 2013-03-12] (RealNetworks, Inc.)
S4 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1699168 2012-09-19] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
R3 Atc002; C:\Windows\System32\DRIVERS\l260x86.sys [29184 2009-07-14] (Atheros Communications, Inc.)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-11] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-07-27] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22656 2013-01-31] (ManyCam LLC)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [95304 2011-11-10] (MotioninJoy)
S3 nmwcdnsu; C:\Windows\System32\drivers\nmwcdnsu.sys [137472 2011-08-17] (Nokia)
S3 nmwcdnsuc; C:\Windows\System32\drivers\nmwcdnsuc.sys [8576 2011-08-17] (Nokia)
R3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1311232 2009-07-14] (NXP Semiconductors)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-19] (TuneUp Software)
S3 taphss6; system32\DRIVERS\taphss6.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-28 13:07 - 2013-07-28 13:07 - 00000000 ____D C:\FRST
2013-07-27 23:17 - 2013-07-27 23:18 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-07-27 23:17 - 2013-07-27 23:17 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\Malwarebytes
2013-07-27 23:16 - 2013-07-27 23:16 - 00001075 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-27 23:16 - 2013-07-27 23:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-27 23:16 - 2013-07-27 23:16 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-27 23:16 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-27 22:20 - 2013-07-27 22:20 - 00000057 _____ C:\Users\Walid Efetürk\AppData\Roaming\WB.CFG
2013-07-27 22:20 - 2013-07-27 22:20 - 00000005 _____ C:\Users\Walid Efetürk\AppData\Roaming\WBPU-TTL.DAT
2013-07-27 21:24 - 2013-07-27 21:24 - 00000000 ____D C:\Users\Walid Efetürk\Qtrax
2013-07-27 21:20 - 2013-07-28 12:28 - 00000380 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-07-27 21:20 - 2013-07-27 23:20 - 00000308 _____ C:\Windows\Tasks\DSite.job
2013-07-27 21:20 - 2013-07-27 21:20 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\Zip Opener Packages
2013-07-27 21:20 - 2013-07-27 21:20 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
2013-07-27 21:20 - 2013-07-27 21:20 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\DSite
2013-07-27 21:20 - 2013-07-27 21:20 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\Delta
2013-07-27 21:20 - 2013-07-27 21:20 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\DealPly
2013-07-27 21:20 - 2013-07-27 21:20 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\Babylon
2013-07-27 21:20 - 2013-07-27 21:20 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\BabSolution
2013-07-27 21:20 - 2013-07-27 21:20 - 00000000 ____D C:\ProgramData\Babylon
2013-07-27 21:20 - 2013-07-27 21:20 - 00000000 ____D C:\Program Files\LyriXeeker
2013-07-27 21:20 - 2013-07-27 21:20 - 00000000 ____D C:\Program Files\Delta
2013-07-27 20:41 - 2013-07-27 20:42 - 00001939 _____ C:\AdwCleaner[R6].txt
2013-07-27 20:14 - 2013-07-27 20:14 - 00001819 _____ C:\AdwCleaner[R5].txt
2013-07-27 20:14 - 2013-07-27 20:14 - 00001788 _____ C:\AdwCleaner[S4].txt
2013-07-27 20:13 - 2013-07-27 20:13 - 00001759 _____ C:\AdwCleaner[R4].txt
2013-07-27 20:01 - 2013-07-28 12:28 - 00006750 _____ C:\Windows\PFRO.log
2013-07-27 19:59 - 2013-07-27 19:59 - 00030444 _____ C:\ProgramData\1374947945.bdinstall.bin
2013-07-27 19:53 - 2013-07-28 12:28 - 00000280 _____ C:\Windows\setupact.log
2013-07-27 19:53 - 2013-07-27 19:53 - 00000000 _____ C:\Windows\setuperr.log
2013-07-27 19:51 - 2013-07-27 19:51 - 00001658 _____ C:\AdwCleaner[S3].txt
2013-07-27 19:50 - 2013-07-27 19:50 - 00001689 _____ C:\AdwCleaner[R3].txt
2013-07-27 19:49 - 2013-07-27 23:33 - 00094177 _____ C:\Windows\WindowsUpdate.log
2013-07-27 15:49 - 2013-07-27 15:49 - 00000218 _____ C:\Users\WALIDE~1\AppData\Local\recently-used.xbel
2013-07-27 15:42 - 2013-07-27 15:42 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\inkscape
2013-07-27 12:47 - 2013-07-27 20:14 - 00000934 _____ C:\Windows\DeleteOnReboot.bat
2013-07-27 12:47 - 2013-07-27 12:49 - 00082109 _____ C:\AdwCleaner[S2].txt
2013-07-27 12:46 - 2013-07-27 12:47 - 00082638 _____ C:\AdwCleaner[R2].txt
2013-07-27 12:28 - 2013-07-27 12:28 - 00002174 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-26 19:35 - 2013-07-26 19:36 - 00000000 ____D C:\Users\Walid Efetürk\Desktop\Neuer Ordner
2013-07-26 17:24 - 2013-07-27 20:00 - 00000000 ____D C:\ProgramData\Avira
2013-07-26 17:19 - 2013-07-26 17:19 - 00000407 _____ C:\AdwCleaner[S1].txt
2013-07-26 17:18 - 2013-07-26 17:19 - 00082231 _____ C:\AdwCleaner[R1].txt
2013-07-26 17:15 - 2013-07-26 17:15 - 00666633 _____ C:\Users\Walid Efetürk\Desktop\adwcleaner06.exe
2013-07-26 12:26 - 2013-07-26 12:26 - 00000000 __SHD C:\found.005
2013-07-22 17:20 - 2013-07-23 20:58 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\Windows Net Data
2013-07-22 17:19 - 2013-05-13 05:52 - 00023624 _____ C:\Windows\Launcher.exe
2013-07-22 17:18 - 2013-07-22 17:18 - 00002551 _____ C:\Users\Public\Desktop\Free System Utilities.lnk
2013-07-22 17:18 - 2013-07-22 17:18 - 00000000 ____D C:\ProgramData\FreeSystemUtilities
2013-07-22 17:17 - 2013-07-22 17:17 - 00000000 ____D C:\ProgramData\Package Cache
2013-07-14 14:46 - 2013-07-27 16:24 - 00000000 ____D C:\Users\Walid Efetürk\Desktop\Der Edle Quran
2013-07-13 23:20 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 23:20 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 23:20 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 23:20 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 23:20 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 23:20 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 23:20 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 23:20 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-13 23:20 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 23:20 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 23:20 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 23:20 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 23:20 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 23:20 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 23:20 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 23:20 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 23:03 - 2013-07-13 23:03 - 00000000 ____D C:\Windows\pss
2013-07-13 17:57 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-13 17:57 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-13 17:57 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-13 17:57 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-13 17:45 - 2013-07-13 17:45 - 00000000 ____D C:\Program Files\Blender Foundation
2013-07-07 10:41 - 2013-07-07 10:41 - 00000000 _____ C:\temp.txt
2013-06-30 17:54 - 2013-07-07 10:42 - 00000000 ____D C:\Windows\system32\appmgmt
2013-06-30 17:41 - 2013-06-30 17:41 - 00000904 _____ C:\Users\Walid Efetürk\Desktop\HD Tune.lnk
2013-06-30 17:41 - 2013-06-30 17:41 - 00000000 ____D C:\Program Files\HD Tune
2013-06-30 16:41 - 2013-06-30 16:41 - 00000000 ____D C:\Program Files\CCleaner
2013-06-29 12:06 - 2013-06-29 12:07 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{0A143F33-B193-4F34-ACE1-063F6DB3339E}
2013-06-29 12:04 - 2013-06-29 12:04 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\simplitec
2013-06-28 22:51 - 2013-06-28 22:51 - 00000000 ____D C:\Users\Walid Efetürk\Documents\Music Maker 2013
2013-06-28 22:51 - 2013-06-28 22:51 - 00000000 ____D C:\Users\Walid Efetürk\Documents\MAGIX
2013-06-28 22:50 - 2013-06-28 22:50 - 00000000 ____D C:\Users\Public\Documents\MAGIX
2013-06-28 22:48 - 2013-07-07 10:59 - 00000000 ____D C:\Program Files\Common Files\MAGIX Services
2013-06-28 22:48 - 2013-06-28 22:51 - 00000000 ____D C:\ProgramData\MAGIX
2013-06-28 22:48 - 2013-06-28 22:48 - 00000000 ____D C:\ProgramData\simplitec
2013-06-28 22:48 - 2013-06-28 22:48 - 00000000 ____D C:\Program Files\MAGIX
2013-06-28 22:39 - 2013-06-28 22:51 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\MAGIX
2013-06-28 21:34 - 2013-06-28 21:35 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{C1D44A52-4AFD-4ED9-BF02-F81E16E3A16E}
2013-06-28 21:00 - 2013-07-28 12:28 - 00000366 _____ C:\Windows\Tasks\Lyrics-Pal Update.job
12012-02-02 20:20 - 2013-07-27 21:24 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2361670767-3260828624-3907866334-1000Core2d9829e7e9a89661.job
12012-02-02 19:41 - 12012-02-02 19:41 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{C5BA8C0A-DDBE-4C08-AB8B-4BAFF6C25BD0}
12012-02-02 19:41 - 12012-02-02 19:41 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{3F10A175-25D5-465C-9604-2D4AD978721B}
12012-02-01 18:34 - 12012-02-01 18:34 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{FA13249B-BF3D-42CE-817D-3C81F66BDDAF}
12012-02-01 18:33 - 12012-02-01 18:34 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{E08864C5-530F-463E-902D-55052BDDC613}
12012-02-01 14:45 - 12012-02-01 14:45 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{FD0ACC11-B06A-4D7D-8EEE-4E4891B15602}
12012-02-01 14:45 - 12012-02-01 14:45 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{A9B6870C-C1A2-43ED-B2E8-1401DF4B9750}
12012-01-31 16:12 - 12012-01-31 16:12 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{9EF58DBF-E483-44E5-8C4C-600AFE016AC4}
12012-01-31 16:11 - 12012-01-31 16:12 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{70D78DE0-95C9-4AC4-9114-163162684102}
12012-01-30 15:29 - 12012-01-30 15:29 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{C7820ECF-C451-4B9C-8FCF-AB98C918F170}
12012-01-30 15:29 - 12012-01-30 15:29 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{3A6D5AD0-ACA0-43F4-81DC-E169ADCB93E2}
12012-01-29 13:37 - 2013-07-28 12:28 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore2d98268b474f51c.job
12012-01-29 13:07 - 12012-01-29 13:07 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{CDD53968-98C3-4BB1-9304-BFA657B239F6}
12012-01-29 13:07 - 12012-01-29 13:07 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{C8AEBDE3-0904-4D92-AD47-B0CB2DDEF98F}
12012-01-28 10:47 - 12012-01-28 10:48 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{1C7157F7-C4C8-42DC-94CA-1464C73F98A8}
12012-01-28 10:47 - 12012-01-28 10:47 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{64F9D545-CE4C-473F-9852-20A06DADB7B2}
12012-01-27 15:40 - 12012-01-27 15:41 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{FF64576A-4099-4392-979B-CBB73023C99A}
12012-01-27 15:40 - 12012-01-27 15:40 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{B283F3E8-8093-4883-80BF-55EE8A3975EE}
12012-01-26 22:34 - 12012-01-26 22:34 - 00000000 ___HD C:\ProgramData\CanonIJSolutionMenu
12012-01-26 22:34 - 12012-01-26 22:34 - 00000000 ___HD C:\ProgramData\CanonIJMyPrinter
12012-01-26 22:26 - 12012-01-26 22:26 - 00000000 ___HD C:\ProgramData\CanonIJEGV
12012-01-26 22:18 - 1980-07-02 09:11 - 00000000 ____D C:\ProgramData\CanonIJPLM
12012-01-26 22:06 - 12012-01-26 22:06 - 00000000 ____D C:\Program Files\Common Files\CANON
12012-01-26 22:02 - 2007-06-18 04:15 - 00363520 _____ (CANON INC.) C:\Windows\system32\CNMNPPM.DLL
12012-01-26 22:02 - 2007-06-18 04:15 - 00143360 _____ (CANON INC.) C:\Windows\system32\CNMNPUI.DLL
12012-01-26 22:02 - 12012-01-26 22:33 - 00000000 ____D C:\Program Files\Canon
12012-01-26 16:40 - 12012-01-26 16:40 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{7DFF6244-B311-472A-94EA-7AD96CF5053E}
12012-01-26 16:40 - 12012-01-26 16:40 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{3E1DA19D-D100-4E96-8E12-61D843258376}
12012-01-25 16:04 - 12012-01-25 16:04 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{DA168AC7-8E27-4C6B-8BDA-812B51CD72F5}
12012-01-25 16:03 - 12012-01-25 16:03 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{7DA63DCC-6E9B-40F7-9477-A16E15333D40}
12012-01-23 20:25 - 12012-01-23 20:26 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{F884DCB4-B58C-49CA-8CA9-B9E74DBC2F95}
12012-01-23 20:25 - 12012-01-23 20:25 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{5D1707A9-1398-4D49-A927-B1551E1B3152}
12012-01-22 11:42 - 12012-01-22 11:42 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{F03AB034-2B04-4FCA-B607-E2C09F1637B5}
12012-01-22 11:41 - 12012-01-22 11:42 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{4B14110C-8422-4C81-958A-99B681D9A63B}
12012-01-21 22:33 - 12012-01-21 22:33 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{F1B59349-CD28-478C-A4D2-636F4B5CBF14}
12012-01-21 22:33 - 12012-01-21 22:33 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{14A1FEED-B6FF-4D5A-8FD9-6D79024A06C7}
12012-01-20 16:19 - 12012-01-20 16:19 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{BAFAD5F9-65DD-49F3-A525-430A2C6FEB2F}
12012-01-20 16:19 - 12012-01-20 16:19 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{AC74F643-89F5-4409-80DE-81D64158E248}
12012-01-19 16:09 - 12012-01-19 16:09 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{3E357B28-31D7-446A-BFDD-5C3865758626}
12012-01-19 16:09 - 12012-01-19 16:09 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{3DB64643-5C61-4408-A4DC-1F4046953342}
12012-01-18 16:32 - 12012-01-18 16:32 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{89E036D7-61D5-4E2D-BB4C-5B7D3524EE5B}
12012-01-18 16:31 - 12012-01-18 16:32 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{194C2201-2D4F-481A-ACBA-DB92E8A20666}
12012-01-17 17:25 - 12012-01-17 17:25 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{D43433F2-7067-4033-90E0-3C9908DDA9E1}
12012-01-17 17:25 - 12012-01-17 17:25 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{5E2E644D-F1AF-4DEA-AD66-6AB93CF8730C}
12012-01-15 13:15 - 12012-01-15 13:16 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{92BC1845-49E6-4708-9FEE-54F0A1F8B81A}
12012-01-15 13:15 - 12012-01-15 13:15 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{0E793B4C-9813-46AD-9B02-594B5485EC67}
12012-01-14 15:39 - 12012-01-14 15:40 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{7583D814-BD93-4F56-9A5A-B5DAF6443435}
12012-01-14 15:39 - 12012-01-14 15:39 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{37FED5F7-C315-49F9-B3CD-C61BAB79095F}
12012-01-13 15:42 - 12012-01-13 15:42 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{9C5F2BF4-CA5F-4CF6-AB12-EA453572FA6A}
12012-01-13 15:42 - 12012-01-13 15:42 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{0DD8B8CE-5CF5-4235-B13A-27426AC85051}
12012-01-13 00:17 - 2013-03-17 15:37 - 00000000 ___HD C:\Windows\msdownld.tmp
12012-01-13 00:14 - 12012-01-13 00:14 - 00000000 ____D C:\ProgramData\DesktopIcons
12012-01-13 00:14 - 12012-01-13 00:14 - 00000000 ____D C:\ProgramData\1und1InternetExplorerAddon
12012-01-13 00:01 - 12012-01-13 00:01 - 00000000 __SHD C:\found.000
12012-01-12 18:48 - 2007-08-21 14:32 - 00098304 _____ C:\Windows\system32\redmonnt.dll
12012-01-12 18:48 - 12012-01-12 18:48 - 00000000 ____D C:\Program Files\FoxTabPDFConverter
12012-01-12 18:01 - 12012-01-12 18:02 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{565C793B-B9F7-4099-9B78-81E856B6E51A}
12012-01-12 18:01 - 12012-01-12 18:01 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{BD1E8BDF-CA6C-44AC-877D-0A9824791600}
12012-01-11 16:45 - 2011-11-17 07:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
12012-01-11 16:45 - 2011-11-17 07:34 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
12012-01-11 16:45 - 2011-11-17 07:34 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
12012-01-11 16:45 - 2011-11-17 07:34 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
12012-01-11 16:45 - 2011-11-17 07:32 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
12012-01-11 16:45 - 2011-11-17 07:29 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
12012-01-11 16:40 - 12012-01-11 16:41 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{619B73A8-0D85-4460-80C2-FEA1104C3EBA}
12012-01-11 16:40 - 12012-01-11 16:40 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{2B533755-E620-4764-BB4F-2F8B78EE3159}
==================== One Month Modified Files and Folders =======
2013-07-28 13:07 - 2013-07-28 13:07 - 00000000 ____D C:\FRST
2013-07-28 13:06 - 2013-03-02 19:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-28 13:06 - 2011-06-26 16:32 - 00000000 ___RD C:\Users\Walid Efetürk\Desktop\chara (3)
2013-07-28 12:39 - 2013-07-27 19:49 - 00094177 _____ C:\Windows\WindowsUpdate.log
2013-07-28 12:36 - 2009-07-14 06:34 - 00014752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-28 12:36 - 2009-07-14 06:34 - 00014752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-28 12:34 - 1980-05-15 16:22 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2361670767-3260828624-3907866334-1003UA.job
2013-07-28 12:28 - 2013-07-27 21:20 - 00000380 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-07-28 12:28 - 2013-07-27 20:01 - 00006750 _____ C:\Windows\PFRO.log
2013-07-28 12:28 - 2013-07-27 19:53 - 00000280 _____ C:\Windows\setupact.log
2013-07-28 12:28 - 2013-06-28 21:00 - 00000366 _____ C:\Windows\Tasks\Lyrics-Pal Update.job
2013-07-28 12:28 - 2013-06-24 17:56 - 00000408 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Walid Efetürk.job
2013-07-28 12:28 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-28 12:28 - 12012-01-29 13:37 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore2d98268b474f51c.job
2013-07-27 23:27 - 2011-07-06 15:12 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-27 23:24 - 2011-07-07 14:50 - 00001152 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2361670767-3260828624-3907866334-1000UA.job
2013-07-27 23:20 - 2013-07-27 21:20 - 00000308 _____ C:\Windows\Tasks\DSite.job
2013-07-27 23:18 - 2013-07-27 23:17 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-07-27 23:17 - 2013-07-27 23:17 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\Malwarebytes
2013-07-27 23:16 - 2013-07-27 23:16 - 00001075 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-27 23:16 - 2013-07-27 23:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-27 23:16 - 2013-07-27 23:16 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-27 23:08 - 2011-09-06 19:30 - 00001170 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2361670767-3260828624-3907866334-1000UA.job
2013-07-27 22:26 - 2011-09-11 19:16 - 00000000 ____D C:\Program Files\Ardamax Keylogger Lite
2013-07-27 22:25 - 2013-07-13 17:45 - 00000000 ____D C:\Program Files\Blender Foundation
2013-07-27 22:20 - 2013-07-27 22:20 - 00000057 _____ C:\Users\Walid Efetürk\AppData\Roaming\WB.CFG
2013-07-27 22:20 - 2013-07-27 22:20 - 00000005 _____ C:\Users\Walid Efetürk\AppData\Roaming\WBPU-TTL.DAT
2013-07-27 22:20 - 2012-10-07 19:15 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2361670767-3260828624-3907866334-1003UA.job
2013-07-27 21:42 - 2013-06-24 17:56 - 00000398 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Walid Efetürk.job
2013-07-27 21:24 - 2013-07-27 21:24 - 00000000 ____D C:\Users\Walid Efetürk\Qtrax
2013-07-27 21:24 - 2011-06-26 16:32 - 00000000 ____D C:\Users\Walid Efetürk
2013-07-27 21:24 - 12012-02-02 20:20 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2361670767-3260828624-3907866334-1000Core2d9829e7e9a89661.job
2013-07-27 21:20 - 2013-07-27 21:20 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\Zip Opener Packages
2013-07-27 21:20 - 2013-07-27 21:20 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
2013-07-27 21:20 - 2013-07-27 21:20 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\DSite
2013-07-27 21:20 - 2013-07-27 21:20 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\Delta
2013-07-27 21:20 - 2013-07-27 21:20 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\DealPly
2013-07-27 21:20 - 2013-07-27 21:20 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\Babylon
2013-07-27 21:20 - 2013-07-27 21:20 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\BabSolution
2013-07-27 21:20 - 2013-07-27 21:20 - 00000000 ____D C:\ProgramData\Babylon
2013-07-27 21:20 - 2013-07-27 21:20 - 00000000 ____D C:\Program Files\LyriXeeker
2013-07-27 21:20 - 2013-07-27 21:20 - 00000000 ____D C:\Program Files\Delta
2013-07-27 20:42 - 2013-07-27 20:41 - 00001939 _____ C:\AdwCleaner[R6].txt
2013-07-27 20:20 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-07-27 20:14 - 2013-07-27 20:14 - 00001819 _____ C:\AdwCleaner[R5].txt
2013-07-27 20:14 - 2013-07-27 20:14 - 00001788 _____ C:\AdwCleaner[S4].txt
2013-07-27 20:14 - 2013-07-27 12:47 - 00000934 _____ C:\Windows\DeleteOnReboot.bat
2013-07-27 20:13 - 2013-07-27 20:13 - 00001759 _____ C:\AdwCleaner[R4].txt
2013-07-27 20:00 - 2013-07-26 17:24 - 00000000 ____D C:\ProgramData\Avira
2013-07-27 19:59 - 2013-07-27 19:59 - 00030444 _____ C:\ProgramData\1374947945.bdinstall.bin
2013-07-27 19:53 - 2013-07-27 19:53 - 00000000 _____ C:\Windows\setuperr.log
2013-07-27 19:51 - 2013-07-27 19:51 - 00001658 _____ C:\AdwCleaner[S3].txt
2013-07-27 19:50 - 2013-07-27 19:50 - 00001689 _____ C:\AdwCleaner[R3].txt
2013-07-27 19:38 - 2011-10-21 14:16 - 00000452 ____H C:\Windows\Tasks\Norton Security Scan for Walid Efetürk.job
2013-07-27 19:19 - 2012-10-07 19:14 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2361670767-3260828624-3907866334-1003Core.job
2013-07-27 19:18 - 2011-11-16 17:56 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-07-27 16:34 - 1980-05-15 16:22 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2361670767-3260828624-3907866334-1003Core.job
2013-07-27 16:24 - 2013-07-14 14:46 - 00000000 ____D C:\Users\Walid Efetürk\Desktop\Der Edle Quran
2013-07-27 15:49 - 2013-07-27 15:49 - 00000218 _____ C:\Users\WALIDE~1\AppData\Local\recently-used.xbel
2013-07-27 15:42 - 2013-07-27 15:42 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\inkscape
2013-07-27 14:59 - 2013-06-24 17:56 - 00000402 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Walid Efetürk.job
2013-07-27 12:49 - 2013-07-27 12:47 - 00082109 _____ C:\AdwCleaner[S2].txt
2013-07-27 12:47 - 2013-07-27 12:46 - 00082638 _____ C:\AdwCleaner[R2].txt
2013-07-27 12:28 - 2013-07-27 12:28 - 00002174 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-27 12:28 - 2011-07-06 15:12 - 00000000 ____D C:\Program Files\Google
2013-07-26 19:36 - 2013-07-26 19:35 - 00000000 ____D C:\Users\Walid Efetürk\Desktop\Neuer Ordner
2013-07-26 18:43 - 2011-06-26 16:34 - 00336998 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-26 17:19 - 2013-07-26 17:19 - 00000407 _____ C:\AdwCleaner[S1].txt
2013-07-26 17:19 - 2013-07-26 17:18 - 00082231 _____ C:\AdwCleaner[R1].txt
2013-07-26 17:15 - 2013-07-26 17:15 - 00666633 _____ C:\Users\Walid Efetürk\Desktop\adwcleaner06.exe
2013-07-26 12:44 - 2012-08-24 16:32 - 00000000 ___RD C:\Users\Walid Efetürk\Desktop\Programme
2013-07-26 12:26 - 2013-07-26 12:26 - 00000000 __SHD C:\found.005
2013-07-23 20:58 - 2013-07-22 17:20 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\Windows Net Data
2013-07-22 17:20 - 2013-06-12 16:41 - 00002647 _____ C:\Users\Walid Efetürk\Desktop\Google Chrome.lnk
2013-07-22 17:18 - 2013-07-22 17:18 - 00002551 _____ C:\Users\Public\Desktop\Free System Utilities.lnk
2013-07-22 17:18 - 2013-07-22 17:18 - 00000000 ____D C:\ProgramData\FreeSystemUtilities
2013-07-22 17:17 - 2013-07-22 17:17 - 00000000 ____D C:\ProgramData\Package Cache
2013-07-14 18:05 - 2011-07-07 19:57 - 00000000 ___RD C:\Users\Walid Efetürk\Desktop\DonOmairat
2013-07-14 18:04 - 2012-12-30 21:09 - 00005120 ____H C:\Users\Walid Efetürk\Desktop\photothumb.db
2013-07-14 16:24 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-14 14:04 - 2011-06-26 17:05 - 00000000 ____D C:\Windows\Panther
2013-07-14 14:02 - 2009-07-14 06:33 - 00483792 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-14 14:01 - 2011-07-30 13:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-14 14:01 - 2009-07-14 10:57 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-14 14:01 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 23:03 - 2013-07-13 23:03 - 00000000 ____D C:\Windows\pss
2013-07-13 17:48 - 2012-09-10 18:01 - 00000000 ____D C:\Users\Walid Efetürk\.thumbnails
2013-07-07 11:08 - 2011-09-06 19:30 - 00001148 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2361670767-3260828624-3907866334-1000Core.job
2013-07-07 10:59 - 2013-06-28 22:48 - 00000000 ____D C:\Program Files\Common Files\MAGIX Services
2013-07-07 10:59 - 2011-07-06 15:12 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\Google
2013-07-07 10:59 - 2011-07-06 15:12 - 00000000 ____D C:\ProgramData\Google
2013-07-07 10:43 - 2011-11-18 23:30 - 00000000 ____D C:\Program Files\Ubisoft
2013-07-07 10:42 - 2013-06-30 17:54 - 00000000 ____D C:\Windows\system32\appmgmt
2013-07-07 10:41 - 2013-07-07 10:41 - 00000000 _____ C:\temp.txt
2013-07-07 10:27 - 2011-07-07 14:51 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-06-30 17:41 - 2013-06-30 17:41 - 00000904 _____ C:\Users\Walid Efetürk\Desktop\HD Tune.lnk
2013-06-30 17:41 - 2013-06-30 17:41 - 00000000 ____D C:\Program Files\HD Tune
2013-06-30 17:10 - 2011-08-27 23:05 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\uTorrent
2013-06-30 17:08 - 2013-04-01 14:17 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-06-30 16:47 - 2011-07-30 13:27 - 00000000 ____D C:\Users\Walid Efetürk\Tracing
2013-06-30 16:41 - 2013-06-30 16:41 - 00000000 ____D C:\Program Files\CCleaner
2013-06-29 12:07 - 2013-06-29 12:06 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{0A143F33-B193-4F34-ACE1-063F6DB3339E}
2013-06-29 12:05 - 2011-07-07 14:49 - 00153744 _____ C:\Users\WALIDE~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-29 12:04 - 2013-06-29 12:04 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\simplitec
2013-06-28 22:51 - 2013-06-28 22:51 - 00000000 ____D C:\Users\Walid Efetürk\Documents\Music Maker 2013
2013-06-28 22:51 - 2013-06-28 22:51 - 00000000 ____D C:\Users\Walid Efetürk\Documents\MAGIX
2013-06-28 22:51 - 2013-06-28 22:48 - 00000000 ____D C:\ProgramData\MAGIX
2013-06-28 22:51 - 2013-06-28 22:39 - 00000000 ____D C:\Users\Walid Efetürk\AppData\Roaming\MAGIX
2013-06-28 22:50 - 2013-06-28 22:50 - 00000000 ____D C:\Users\Public\Documents\MAGIX
2013-06-28 22:50 - 2007-04-27 10:43 - 00120200 _____ () C:\Windows\system32\DLLDEV32i.dll
2013-06-28 22:48 - 2013-06-28 22:48 - 00000000 ____D C:\ProgramData\simplitec
2013-06-28 22:48 - 2013-06-28 22:48 - 00000000 ____D C:\Program Files\MAGIX
2013-06-28 22:48 - 2012-09-21 16:44 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-06-28 22:48 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Help
2013-06-28 22:48 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-06-28 21:35 - 2013-06-28 21:34 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{C1D44A52-4AFD-4ED9-BF02-F81E16E3A16E}
12012-02-02 19:41 - 12012-02-02 19:41 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{C5BA8C0A-DDBE-4C08-AB8B-4BAFF6C25BD0}
12012-02-02 19:41 - 12012-02-02 19:41 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{3F10A175-25D5-465C-9604-2D4AD978721B}
12012-02-01 18:34 - 12012-02-01 18:34 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{FA13249B-BF3D-42CE-817D-3C81F66BDDAF}
12012-02-01 18:34 - 12012-02-01 18:33 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{E08864C5-530F-463E-902D-55052BDDC613}
12012-02-01 14:45 - 12012-02-01 14:45 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{FD0ACC11-B06A-4D7D-8EEE-4E4891B15602}
12012-02-01 14:45 - 12012-02-01 14:45 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{A9B6870C-C1A2-43ED-B2E8-1401DF4B9750}
12012-01-31 17:14 - 2011-10-09 11:11 - 00000000 ____D C:\Program Files\DVDVideoSoft
12012-01-31 17:14 - 2011-10-09 11:11 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
12012-01-31 16:12 - 12012-01-31 16:12 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{9EF58DBF-E483-44E5-8C4C-600AFE016AC4}
12012-01-31 16:12 - 12012-01-31 16:11 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{70D78DE0-95C9-4AC4-9114-163162684102}
12012-01-30 15:29 - 12012-01-30 15:29 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{C7820ECF-C451-4B9C-8FCF-AB98C918F170}
12012-01-30 15:29 - 12012-01-30 15:29 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{3A6D5AD0-ACA0-43F4-81DC-E169ADCB93E2}
12012-01-29 13:07 - 12012-01-29 13:07 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{CDD53968-98C3-4BB1-9304-BFA657B239F6}
12012-01-29 13:07 - 12012-01-29 13:07 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{C8AEBDE3-0904-4D92-AD47-B0CB2DDEF98F}
12012-01-28 10:48 - 12012-01-28 10:47 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{1C7157F7-C4C8-42DC-94CA-1464C73F98A8}
12012-01-28 10:47 - 12012-01-28 10:47 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{64F9D545-CE4C-473F-9852-20A06DADB7B2}
12012-01-27 15:41 - 12012-01-27 15:40 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{FF64576A-4099-4392-979B-CBB73023C99A}
12012-01-27 15:40 - 12012-01-27 15:40 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{B283F3E8-8093-4883-80BF-55EE8A3975EE}
12012-01-26 22:34 - 12012-01-26 22:34 - 00000000 ___HD C:\ProgramData\CanonIJSolutionMenu
12012-01-26 22:34 - 12012-01-26 22:34 - 00000000 ___HD C:\ProgramData\CanonIJMyPrinter
12012-01-26 22:33 - 12012-01-26 22:02 - 00000000 ____D C:\Program Files\Canon
12012-01-26 22:26 - 12012-01-26 22:26 - 00000000 ___HD C:\ProgramData\CanonIJEGV
12012-01-26 22:06 - 12012-01-26 22:06 - 00000000 ____D C:\Program Files\Common Files\CANON
12012-01-26 16:40 - 12012-01-26 16:40 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{7DFF6244-B311-472A-94EA-7AD96CF5053E}
12012-01-26 16:40 - 12012-01-26 16:40 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{3E1DA19D-D100-4E96-8E12-61D843258376}
12012-01-25 16:04 - 12012-01-25 16:04 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{DA168AC7-8E27-4C6B-8BDA-812B51CD72F5}
12012-01-25 16:03 - 12012-01-25 16:03 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{7DA63DCC-6E9B-40F7-9477-A16E15333D40}
12012-01-23 20:26 - 12012-01-23 20:25 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{F884DCB4-B58C-49CA-8CA9-B9E74DBC2F95}
12012-01-23 20:25 - 12012-01-23 20:25 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{5D1707A9-1398-4D49-A927-B1551E1B3152}
12012-01-22 11:42 - 12012-01-22 11:42 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{F03AB034-2B04-4FCA-B607-E2C09F1637B5}
12012-01-22 11:42 - 12012-01-22 11:41 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{4B14110C-8422-4C81-958A-99B681D9A63B}
12012-01-21 22:33 - 12012-01-21 22:33 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{F1B59349-CD28-478C-A4D2-636F4B5CBF14}
12012-01-21 22:33 - 12012-01-21 22:33 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{14A1FEED-B6FF-4D5A-8FD9-6D79024A06C7}
12012-01-20 16:19 - 12012-01-20 16:19 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{BAFAD5F9-65DD-49F3-A525-430A2C6FEB2F}
12012-01-20 16:19 - 12012-01-20 16:19 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{AC74F643-89F5-4409-80DE-81D64158E248}
12012-01-19 16:09 - 12012-01-19 16:09 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{3E357B28-31D7-446A-BFDD-5C3865758626}
12012-01-19 16:09 - 12012-01-19 16:09 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{3DB64643-5C61-4408-A4DC-1F4046953342}
12012-01-18 16:32 - 12012-01-18 16:32 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{89E036D7-61D5-4E2D-BB4C-5B7D3524EE5B}
12012-01-18 16:32 - 12012-01-18 16:31 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{194C2201-2D4F-481A-ACBA-DB92E8A20666}
12012-01-17 17:25 - 12012-01-17 17:25 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{D43433F2-7067-4033-90E0-3C9908DDA9E1}
12012-01-17 17:25 - 12012-01-17 17:25 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{5E2E644D-F1AF-4DEA-AD66-6AB93CF8730C}
12012-01-15 13:16 - 12012-01-15 13:15 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{92BC1845-49E6-4708-9FEE-54F0A1F8B81A}
12012-01-15 13:15 - 12012-01-15 13:15 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{0E793B4C-9813-46AD-9B02-594B5485EC67}
12012-01-14 15:40 - 12012-01-14 15:39 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{7583D814-BD93-4F56-9A5A-B5DAF6443435}
12012-01-14 15:39 - 12012-01-14 15:39 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{37FED5F7-C315-49F9-B3CD-C61BAB79095F}
12012-01-13 15:42 - 12012-01-13 15:42 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{9C5F2BF4-CA5F-4CF6-AB12-EA453572FA6A}
12012-01-13 15:42 - 12012-01-13 15:42 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{0DD8B8CE-5CF5-4235-B13A-27426AC85051}
12012-01-13 00:14 - 12012-01-13 00:14 - 00000000 ____D C:\ProgramData\DesktopIcons
12012-01-13 00:14 - 12012-01-13 00:14 - 00000000 ____D C:\ProgramData\1und1InternetExplorerAddon
12012-01-13 00:01 - 12012-01-13 00:01 - 00000000 __SHD C:\found.000
12012-01-12 18:48 - 12012-01-12 18:48 - 00000000 ____D C:\Program Files\FoxTabPDFConverter
12012-01-12 18:02 - 12012-01-12 18:01 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{565C793B-B9F7-4099-9B78-81E856B6E51A}
12012-01-12 18:01 - 12012-01-12 18:01 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{BD1E8BDF-CA6C-44AC-877D-0A9824791600}
12012-01-11 16:41 - 12012-01-11 16:40 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{619B73A8-0D85-4460-80C2-FEA1104C3EBA}
12012-01-11 16:40 - 12012-01-11 16:40 - 00000000 ____D C:\Users\WALIDE~1\AppData\Local\{2B533755-E620-4764-BB4F-2F8B78EE3159}
Files to move or delete:
====================
C:\Users\WALIDE~1\AppData\Local\Temp\GZ_INSTALL_0\setuplauncher.exe
C:\Windows\system32\rundll32.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-23 00:20
==================== End Of Log ============================
--- --- --- Addition.txt :FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-07-2013 04 Ran by Walid Efetürk at 2013-07-28 13:09:07 Running from C:\Users\Walid Efetürk\Desktop\chara (3) Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= µTorrent (Version: 3.0.0) Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Shockwave Player 11.6 (Version: 11.6.1.629) Apple Application Support (Version: 2.3.3) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) Ardamax Keylogger 1.2 Avira SearchFree Toolbar plus Web Protection (Version: 12.2.2.663) Bonjour (Version: 3.0.0.10) Canon IJ Network Scan Utility Canon IJ Network Tool Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MP Navigator EX 2.1 Canon MX860 series Benutzerregistrierung Canon MX860 series MP Drivers Canon Utilities Easy-PhotoPrint EX Canon Utilities My Printer Canon Utilities Solution Menu CCleaner (Version: 4.03) Cheat Engine 6.0 Cheat Engine 6.2 D3DX10 (Version: 15.4.2368.0902) DealPly Delta Chrome Toolbar Delta toolbar (Version: 1.8.22.0) DVDVideoSoftTB Toolbar (Version: 6.3.3.3) Facebook Video Calling 1.2.0.287 (Version: 1.2.287) FMSLogo FoxTab PDF Creator Free Spider Solitaire 2010 v2.1 Free Studio version 5.2.1 Free System Utilities (Version: 1.1.0.95) Free SystemUtilities (Version: 1.1.0.95) Free YouTube to MP3 Converter version 3.10.15.1228 FreeOnlineRadioPlayerRecorder Toolbar (Version: 6.8.5.1) Galileo Family Quiz - Spezial I GameMaker 8.1 GIMP 2.6.11 (Version: 2.6.11) Google Chrome (HKCU Version: 28.0.1500.72) Google Earth (Version: 7.1.1.1888) Google Update Helper (Version: 1.3.21.153) HD Tune 2.55 HomeTab 3.2 (Version: 3.2) Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1930) iTunes (Version: 11.0.2.26) Junk Mail filter update (Version: 15.4.3502.0922) LEGO Star Wars III The Clone Wars (Version: 1.0) LyricXeeker MAGIX Content und Soundpools (Version: 1.0.0.0) MAGIX Goya burnR (MSI) (Version: 4.3.2.0) MAGIX Music Maker 2013 (Version: 19.0.3.47) MAGIX Music Maker 2013 Trial Soundpools (Version: 1.0.0.0) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) McAfee Security Scan Plus (Version: 2.0.181.2) Mesh Runtime (Version: 15.4.5722.2) Messenger Companion (Version: 15.4.3502.0922) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft AutoRoute 2002 (Version: 9.00.17.0200) Microsoft Encarta Enzyklopädie 2003 (Version: 2003) Microsoft Picture It! Foto 7.0 (Version: 7.0.0.0000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Word 2002 (Version: 10.0.2701.01) Microsoft Works 2003-Setup-Start Microsoft Works 7.0 (Version: 07.02.0702) Microsoft Works Suite-Add-Ins für Microsoft Word (Version: 2.0.0.0000) MotioninJoy ds3 driver version 0.6.0005 (Version: 0.6.00005) Mozilla Firefox 19.0.2 (x86 de) (Version: 19.0.2) Mozilla Maintenance Service (Version: 19.0.2) MSVCRT (Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (Version: 4.30.2100.0) Music Editor Free Nokia Connectivity Cable Driver (Version: 7.1.32.64) Norton Security Scan (Version: 3.5.1.8) Online Games Manager v1.20 (Version: 1.20.13) OpenOffice.org 3.4.1 (Version: 3.41.9593) PCSX2 - Playstation 2 Emulator PhotoScape Pinnacle VideoSpin (Version: 2.0.0.669) RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0) RealPlayer (Version: 15.0.6) RealUpgrade 1.1 (Version: 1.1.0) Snap.Do (Version: 1.8.1.10725) Snap.Do Engine (HKCU Version: 1.8.1.10725) swMSM (Version: 12.0.0.1) Text Express Deluxe (HKCU Version: 1.2.0) Text-To-Speech-Runtime (Version: 1.0.0.0) TuneUp Utilities 2013 (Version: 13.0.2020.4) TuneUp Utilities Language Pack (de-DE) (Version: 13.0.2020.4) Ubisoft Game Launcher (Version: 1.0.0.0) Unity Web Player (HKCU Version: ) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Zip Opener uTorrentBar_DE Toolbar (Version: 6.3.5.3) WEB.DE Internet Explorer Addon (Version: 1.0.1.0) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3555.0308) Windows Live Family Safety (Version: 15.4.3555.0308) Windows Live Fotogalerie (Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Mail (Version: 15.4.3502.0922) Windows Live Mesh (Version: 15.4.3502.0922) Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2) Windows Live Messenger (Version: 15.4.3538.0513) Windows Live Messenger Companion Core (Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Live Writer (Version: 15.4.3502.0922) Windows Live Writer Resources (Version: 15.4.3502.0922) Windows Utils WinRAR 4.01 (32-Bit) (Version: 4.01.0) Works Suite-Betriebssystem-Pack (Version: 3.0.0.0000) yEd Graph Editor 3.6.1.1 Zip Opener Packages ==================== Restore Points ========================= 04-04-2013 09:27:41 Windows Update 05-04-2013 14:38:14 Windows Update 05-04-2013 19:39:47 Windows Update 07-04-2013 08:00:27 Windows Update 12-04-2013 18:24:58 Windows Update 12-04-2013 20:41:21 Windows Update 19-04-2013 17:48:20 Windows Update 19-04-2013 17:48:58 Installed iTunes 23-04-2013 16:39:43 Windows Update 10-05-2013 19:03:03 Windows Update 16-05-2013 14:06:36 Windows Update 20-05-2013 17:14:34 Windows Update 21-05-2013 11:54:10 Windows Update 23-05-2013 12:54:24 Windows Update 29-05-2013 14:02:23 Windows Update 03-06-2013 13:52:08 Windows Update 09-06-2013 08:43:05 Windows Update 12-06-2013 14:48:41 Windows Update 22-06-2013 08:48:03 Windows Update 24-06-2013 17:04:29 Gerätetreiber-Paketinstallation: Anchorfree Inc Netzwerkdienst 24-06-2013 17:05:41 Gerätetreiber-Paketinstallation: Anchorfree HSS VPN Adapter Netzwerkadapter 25-06-2013 14:17:39 Gerätetreiber-Paketinstallation: Anchorfree HSS VPN Adapter Netzwerkadapter 25-06-2013 14:25:35 Windows Update 28-06-2013 19:07:51 Windows Update 29-06-2013 21:10:10 Windows Update 30-06-2013 15:53:15 Removed Apple Application Support 06-07-2013 19:43:37 Windows Update 07-07-2013 08:41:52 Removed Apple Application Support 07-07-2013 08:58:54 Removed simplitec simplicheck 07-07-2013 08:59:24 Removed Firebird SQL Server - MAGIX Edition 13-07-2013 15:53:56 Windows Update 13-07-2013 21:15:03 Windows Update 22-07-2013 13:38:45 Windows Update 22-07-2013 15:17:15 Free System Utilities 26-07-2013 10:37:18 Windows Update 26-07-2013 10:43:26 Free System Utilities 26.07.2013 12:43:21 ==================== Hosts content: ========================== 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {02503641-6546-4486-AFF8-3751C30FD405} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-24] (Adobe Systems Incorporated) Task: {08B6ACE2-605D-483A-B9D0-6D48C3D91107} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2361670767-3260828624-3907866334-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: {11B96052-0D4F-41A4-89F6-1ADD27A2A4A0} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation) Task: {18D7230B-B5BC-4738-B480-C8A3F9FBF7D1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd) Task: {25268314-FB51-420B-BD08-3F99BBD855BD} - System32\Tasks\ReclaimerUpdateXML_Walid Efetürk => C:\Users\Walid Efetürk\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-24] (RealNetworks, Inc.) Task: {2C4864B9-CEB7-4871-AC0F-E5E0B3823211} - System32\Tasks\DealPly => C:\Users\WALIDE~1\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE [2013-02-27] () Task: {2CF202C7-09A3-4AD6-A35F-3C6A95CC798F} - System32\Tasks\DSite => C:\Users\WALIDE~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE [2013-07-27] () Task: {2FB84088-5AC8-47FF-9F28-55B478141AE1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2361670767-3260828624-3907866334-1000Core2d9829e7e9a89661 => C:\Users\Walid Efetürk\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-06] (Google Inc.) Task: {3513D883-A2A8-4E2A-AC78-9A2A8302C665} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-06] (Google Inc.) Task: {37386F3C-4FA2-46E9-9D82-00818F669C54} - System32\Tasks\Funmoods => C:\Users\WALIDE~1\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE No File Task: {3AC9713B-BC6C-4DAA-9872-CDB7B6ED9489} - System32\Tasks\GoogleUpdateTaskMachineCore2d98268b474f51c => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-06] (Google Inc.) Task: {3E69D3DE-8468-4F2C-BA76-5135CCC7B764} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) Task: {40EBD274-8CC2-4ECD-AECD-2A832E57D7E3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2361670767-3260828624-3907866334-1003Core => C:\Users\yasmin\AppData\Local\Google\Update\GoogleUpdate.exe No File Task: {4CCA4F64-D4A0-47BD-BA90-31B28AD23D1C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2361670767-3260828624-3907866334-1003Core => C:\Users\yasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe No File Task: {50D7AAD2-7906-4416-B7A3-1B094FCDC63A} - System32\Tasks\{901EA2AC-A07A-4515-B3D9-B5A84EE5AC49} => C:\Program Files\Mozilla Firefox\firefox.exe [2013-03-07] (Mozilla Corporation) Task: {5171DE9A-2071-4EC0-A07B-40064A02FBF4} - System32\Tasks\LyricXeeker Update => C:\Program Files\LyriXeeker\LyriXupdate.exe [2013-07-26] (LyriXeeker Tech) Task: {55DCD610-239F-4E87-904A-9E07A873427F} - System32\Tasks\EPUpdater => C:\Users\WALIDE~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-06-06] () Task: {5AE6E89C-2B60-4E7C-B463-86F19F9FDA90} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2361670767-3260828624-3907866334-1003UA => C:\Users\yasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe No File Task: {5D60F1E9-CCAA-4F7D-8821-62D537E2B1F4} - System32\Tasks\RegClean Pro => C:\Program Files\RegClean Pro\RegCleanPro.exe No File Task: {62628167-9F16-4A5A-8050-DBA867315508} - System32\Tasks\OpenCandyHelperRun => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {626C586F-75C3-40E4-937D-462E24EE9F47} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2361670767-3260828624-3907866334-1003UA => C:\Users\yasmin\AppData\Local\Google\Update\GoogleUpdate.exe No File Task: {67EDE0E4-70E6-4914-A758-6A6DBCB2B055} - System32\Tasks\Freemium1ClickMaint => C:\Program Files\Covus Freemium\Free System Utilities\1Click.exe No File Task: {7CBB9273-F23A-417F-B3D6-E02B2B406A17} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2361670767-3260828624-3907866334-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.) Task: {7D0BD029-53C0-4032-8641-ACB7DCEAC25D} - System32\Tasks\Lyrics-Pal Update => C:\Program Files\LyricsPal\Lyrics.exe No File Task: {96B53163-27D2-433C-9EAC-3A4D5603B337} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2013\OneClick.exe [2012-09-19] (TuneUp Software) Task: {99D3E139-871D-4A4E-A365-4B1AEE2E5357} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {9C53E5B6-AC71-4D5E-8A54-536D03AB8AD2} - System32\Tasks\RNUpgradeHelperResumePrompt_Walid Efetürk => C:\Users\Walid Efetürk\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-24] (RealNetworks, Inc.) Task: {9EE8DDD2-4FFE-4184-977A-9F07F111CCF1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2361670767-3260828624-3907866334-1000Core => C:\Users\Walid Efetürk\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-27] (Facebook Inc.) Task: {ACE66B7F-03D7-408A-83CF-490F479A6AA2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2361670767-3260828624-3907866334-1000UA => C:\Users\Walid Efetürk\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-27] (Facebook Inc.) Task: {ADE00BC4-6C25-481E-8F1D-B1DB86B5AAED} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2361670767-3260828624-3907866334-1000UA => C:\Users\Walid Efetürk\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-06] (Google Inc.) Task: {B4E1CF5B-6EFF-4617-83E2-22E60DF851B1} - System32\Tasks\RNUpgradeHelperLogonPrompt_Walid Efetürk => C:\Users\Walid Efetürk\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-24] (RealNetworks, Inc.) Task: {B95473BB-F6D7-49A3-A718-58C7DADE89CD} - System32\Tasks\Norton Security Scan for Walid Efetürk => C:\PROGRA~1\NORTON~2\Engine\351~1.8\Nss.exe [2012-04-03] (Symantec Corporation) Task: {BD498787-A132-4321-B72E-32A935183671} - System32\Tasks\Software Updater => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe No File Task: {C54EAD11-82A0-4990-B4AF-E844BF50CCC2} - System32\Tasks\QtraxPlayer => C:\Program Files\Microsoft Silverlight\sllauncher.exe [2013-05-13] (Microsoft Corporation) Task: {D5C4E876-A0C7-45E1-8B2D-73443A7ECE83} - System32\Tasks\DealPlyUpdate => C:\Program No File Task: {D80247CC-2433-41FC-9617-9582097C9506} - System32\Tasks\Software Updater Ui => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Ui.exe No File Task: {E904DAE3-C1C7-43C7-9E91-86A9E11B8F7A} - System32\Tasks\ReclaimerUpdateFiles_Walid Efetürk => C:\Users\Walid Efetürk\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-24] (RealNetworks, Inc.) Task: {E9C1ED70-F396-4CF5-A531-3432FE3A8222} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {F1B00C50-4A24-49B8-A767-DADEF5E608A0} - System32\Tasks\User_Feed_Synchronization-{882B39A7-5BCF-48C7-8167-DE4F78D3CDA2} => C:\Windows\system32\msfeedssync.exe [2013-05-23] (Microsoft Corporation) Task: {FA6BEC50-AC85-4A5E-9759-7F161F9725A9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {FE1D8F6E-5002-4497-93CF-E4736E43DED6} - System32\Tasks\{3F8FFF01-3F9D-4A0D-90BA-59638BE1235E} => C:\Program Files\Mozilla Firefox\firefox.exe [2013-03-07] (Mozilla Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DSite.job => ? Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2361670767-3260828624-3907866334-1000Core.job => C:\Users\Walid Efetürk\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2361670767-3260828624-3907866334-1000UA.job => C:\Users\Walid Efetürk\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2361670767-3260828624-3907866334-1003Core.job => C:\Users\yasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2361670767-3260828624-3907866334-1003UA.job => C:\Users\yasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore2d98268b474f51c.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2361670767-3260828624-3907866334-1000Core2d9829e7e9a89661.job => C:\Users\Walid Efetürk\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2361670767-3260828624-3907866334-1000UA.job => C:\Users\Walid Efetürk\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2361670767-3260828624-3907866334-1003Core.job => C:\Users\yasmin\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2361670767-3260828624-3907866334-1003UA.job => C:\Users\yasmin\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Lyrics-Pal Update.job => C:\Program Files\LyricsPal\Lyrics.exe Task: C:\Windows\Tasks\LyricXeeker Update.job => C:\Program Files\LyriXeeker\LyriXupdate.exe Task: C:\Windows\Tasks\Norton Security Scan for Walid Efetürk.job => C:\PROGRA~1\NORTON~2\Engine\351~1.8\Nss.exe Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Walid Efetürk.job => C:\Users\Walid Efetürk\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe Task: C:\Windows\Tasks\ReclaimerUpdateXML_Walid Efetürk.job => C:\Users\Walid Efetürk\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Walid Efetürk.job => C:\Users\Walid Efetürk\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe ==================== Faulty Device Manager Devices ============= Name: Canon MX860 ser Network Description: Canon MX860 ser Network Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Canon Service: StillCam Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/27/2013 08:09:50 PM) (Source: MsiInstaller) (User: ALIOMAIRATPC) Description: Produkt: Avira SearchFree Toolbar plus Web Protection -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren: Internet Explorer Error: (07/27/2013 08:09:12 PM) (Source: MsiInstaller) (User: ALIOMAIRATPC) Description: Produkt: Avira SearchFree Toolbar plus Web Protection -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren: Internet Explorer Error: (07/27/2013 08:09:12 PM) (Source: MsiInstaller) (User: ALIOMAIRATPC) Description: Produkt: Avira SearchFree Toolbar plus Web Protection -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren: Internet Explorer Error: (07/27/2013 08:09:11 PM) (Source: MsiInstaller) (User: ALIOMAIRATPC) Description: Produkt: Avira SearchFree Toolbar plus Web Protection -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren: Internet Explorer Error: (07/27/2013 08:09:11 PM) (Source: MsiInstaller) (User: ALIOMAIRATPC) Description: Produkt: Avira SearchFree Toolbar plus Web Protection -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren: Internet Explorer Error: (07/27/2013 08:09:11 PM) (Source: MsiInstaller) (User: ALIOMAIRATPC) Description: Produkt: Avira SearchFree Toolbar plus Web Protection -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren: Internet Explorer Error: (07/27/2013 08:09:11 PM) (Source: MsiInstaller) (User: ALIOMAIRATPC) Description: Produkt: Avira SearchFree Toolbar plus Web Protection -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren: Internet Explorer Error: (07/27/2013 08:09:11 PM) (Source: MsiInstaller) (User: ALIOMAIRATPC) Description: Produkt: Avira SearchFree Toolbar plus Web Protection -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren: Internet Explorer Error: (07/27/2013 08:09:10 PM) (Source: MsiInstaller) (User: ALIOMAIRATPC) Description: Produkt: Avira SearchFree Toolbar plus Web Protection -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren: Internet Explorer Error: (07/27/2013 08:09:10 PM) (Source: MsiInstaller) (User: ALIOMAIRATPC) Description: Produkt: Avira SearchFree Toolbar plus Web Protection -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren: Internet Explorer System errors: ============= Error: (07/28/2013 00:29:17 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (07/28/2013 00:29:17 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (07/28/2013 00:29:17 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (07/28/2013 00:29:17 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (07/28/2013 00:29:17 PM) (Source: PNRPSvc) (User: ) Description: 0x80630801 Error: (07/28/2013 00:29:17 PM) (Source: PNRPSvc) (User: ) Description: 0x80630801 Error: (07/28/2013 00:29:08 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error: (07/28/2013 00:29:08 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error: (07/28/2013 00:29:08 PM) (Source: PNRPSvc) (User: ) Description: 0x80630801 Error: (07/28/2013 00:27:53 PM) (Source: Ntfs) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "C:" den Befehl "chkdsk" aus. Microsoft Office Sessions: ========================= Error: (07/27/2013 08:09:50 PM) (Source: MsiInstaller)(User: ALIOMAIRATPC) Description: Produkt: Avira SearchFree Toolbar plus Web Protection -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren: Internet Explorer(NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/27/2013 08:09:12 PM) (Source: MsiInstaller)(User: ALIOMAIRATPC) Description: Produkt: Avira SearchFree Toolbar plus Web Protection -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren: Internet Explorer(NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/27/2013 08:09:12 PM) (Source: MsiInstaller)(User: ALIOMAIRATPC) Description: Produkt: Avira SearchFree Toolbar plus Web Protection -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren: Internet Explorer(NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/27/2013 08:09:11 PM) (Source: MsiInstaller)(User: ALIOMAIRATPC) Description: Produkt: Avira SearchFree Toolbar plus Web Protection -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren: Internet Explorer(NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/27/2013 08:09:11 PM) (Source: MsiInstaller)(User: ALIOMAIRATPC) Description: Produkt: Avira SearchFree Toolbar plus Web Protection -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren: Internet Explorer(NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/27/2013 08:09:11 PM) (Source: MsiInstaller)(User: ALIOMAIRATPC) Description: Produkt: Avira SearchFree Toolbar plus Web Protection -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren: Internet Explorer(NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/27/2013 08:09:11 PM) (Source: MsiInstaller)(User: ALIOMAIRATPC) Description: Produkt: Avira SearchFree Toolbar plus Web Protection -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren: Internet Explorer(NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/27/2013 08:09:11 PM) (Source: MsiInstaller)(User: ALIOMAIRATPC) Description: Produkt: Avira SearchFree Toolbar plus Web Protection -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren: Internet Explorer(NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/27/2013 08:09:10 PM) (Source: MsiInstaller)(User: ALIOMAIRATPC) Description: Produkt: Avira SearchFree Toolbar plus Web Protection -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren: Internet Explorer(NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/27/2013 08:09:10 PM) (Source: MsiInstaller)(User: ALIOMAIRATPC) Description: Produkt: Avira SearchFree Toolbar plus Web Protection -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren: Internet Explorer(NULL)(NULL)(NULL)(NULL)(NULL) ==================== Memory info =========================== Percentage of memory in use: 86% Total physical RAM: 1015.24 MB Available physical RAM: 134.56 MB Total Pagefile: 2071.24 MB Available Pagefile: 627.18 MB Total Virtual: 2047.88 MB Available Virtual: 1905.71 MB ==================== Drives ================================ Drive c: (BOOT) (Fixed) (Total:315.34 GB) (Free:102.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (RECOVER) (Fixed) (Total:20 GB) (Free:11.04 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 335 GB) (Disk ID: B2AC8930) Partition 1: (Active) - (Size=315 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=20 GB) - (Type=OF Extended) ==================== End Of Log ============================ |
|
28.07.2013, 16:35
| #6 | |
| /// the machine /// TB-Ausbilder | Ick glaub en virus Das benutzen wir nachher  Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Ick glaub en virus |
|
28.07.2013, 17:30
| #7 |
| | Ick glaub en virus Ich hab da ein Problem und zwar soll ich ja meine Anti viren programme usw. deinstallieren aber ich kann avira nur löschen wenn Internet Explorer geschlossen ist. Aber er ist ja andauernd offen und wenn ich ihn schließe öffnet er sich sofort wieder. Was tun ??? |
|
28.07.2013, 21:40
| #8 |
| /// the machine /// TB-Ausbilder | Ick glaub en virus Rechtsklick auf den Rgenschirm unten in der Taskleiste und beenden, das reicht
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.07.2013, 23:39
| #9 |
| | Ick glaub en virus irgendwie ist der Virus weg, also der Internet Explorer schloss sich von selbst und öffnet sich auch nicht mehr wieder.??? |
|
29.07.2013, 08:35
| #10 |
| /// the machine /// TB-Ausbilder | Ick glaub en virus Lass trotzdem laufen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Ick glaub en virus |
| adwcleaner, avira, browser, chrome, explorer, forum, getwindowinfo, inter, interne, internet, internet explorer, neu, problem, verdammte, virus, voll, öffnen |
Linear-Darstellung
