| |
| |||||||
Log-Analyse und Auswertung: Windows 7: es öffnet ständig Werbefenster, Webseiten werden auf Werbung umgeleitet, Wörter sind z.T unterstrichen.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.11.2014, 09:17
| #1 |
| |  Windows 7: es öffnet ständig Werbefenster, Webseiten werden auf Werbung umgeleitet, Wörter sind z.T unterstrichen. Hallo, Wenn ich eine Webseite öffne öffnet es immer mehrere Fenster mit Werbungen (z.B hxxp://mwl.petuniasaucecockup.com/) und auch auf der Seite auf der ich mich befinde kommen ständig Fenster und Anzeigen. Wörter auf Webseiten sind z.T Doppelt unterstrichen und verlinkt. Mein Coputer ist dadurch seehr langsam und auch laut.. Bin neu hier und hoffe die Beschreibung reicht aus. lg Yasemin Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-05 08:40:28
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LH00 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Yasemin\AppData\Local\Temp\kwldqpod.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83476A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834B0212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtCreateFile + 6 7705560E 4 Bytes [28, 34, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtCreateFile + B 77055613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtMapViewOfSection + 6 77055C6E 4 Bytes [28, 37, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtMapViewOfSection + B 77055C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenFile + 6 77055D1E 4 Bytes [68, 34, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenFile + B 77055D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenProcess + 6 77055DCE 4 Bytes [A8, 35, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenProcess + B 77055DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenProcessToken + B 77055DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenProcessTokenEx + 6 77055DEE 4 Bytes [A8, 36, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenProcessTokenEx + B 77055DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenThread + 6 77055E4E 4 Bytes [68, 35, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenThread + B 77055E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenThreadToken + 6 77055E5E 4 Bytes [68, 36, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenThreadToken + B 77055E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenThreadTokenEx + B 77055E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtQueryAttributesFile + 6 77055F7E 4 Bytes [A8, 34, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtQueryAttributesFile + B 77055F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtQueryFullAttributesFile + B 77056033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtSetInformationFile + 6 7705667E 4 Bytes [28, 35, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtSetInformationFile + B 77056683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtSetInformationThread + 6 770566DE 4 Bytes [28, 36, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtSetInformationThread + B 770566E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtUnmapViewOfSection + 6 770569FE 4 Bytes [68, 37, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtUnmapViewOfSection + B 77056A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtCreateFile + 6 7705560E 4 Bytes [28, 7C, 17, 00] {SUB [EDI+EDX+0x0], BH}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtCreateFile + B 77055613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtMapViewOfSection + 6 77055C6E 4 Bytes [28, 7F, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtMapViewOfSection + B 77055C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenFile + 6 77055D1E 4 Bytes [68, 7C, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenFile + B 77055D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenProcess + 6 77055DCE 4 Bytes [A8, 7D, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenProcess + B 77055DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenProcessToken + B 77055DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenProcessTokenEx + 6 77055DEE 4 Bytes [A8, 7E, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenProcessTokenEx + B 77055DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenThread + 6 77055E4E 4 Bytes [68, 7D, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenThread + B 77055E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenThreadToken + 6 77055E5E 4 Bytes [68, 7E, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenThreadToken + B 77055E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenThreadTokenEx + B 77055E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtQueryAttributesFile + 6 77055F7E 4 Bytes [A8, 7C, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtQueryAttributesFile + B 77055F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtQueryFullAttributesFile + B 77056033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtSetInformationFile + 6 7705667E 4 Bytes [28, 7D, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtSetInformationFile + B 77056683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtSetInformationThread + 6 770566DE 4 Bytes [28, 7E, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtSetInformationThread + B 770566E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtUnmapViewOfSection + 6 770569FE 4 Bytes [68, 7F, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtUnmapViewOfSection + B 77056A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtMapViewOfSection + 6 77055C6E 4 Bytes [18, 20, 1F, 71]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtMapViewOfSection + B 77055C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtCreateFile + 6 7705560E 4 Bytes [28, 78, 8E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtCreateFile + B 77055613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtMapViewOfSection + 6 77055C6E 4 Bytes [28, 7B, 8E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtMapViewOfSection + B 77055C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenFile + 6 77055D1E 4 Bytes [68, 78, 8E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenFile + B 77055D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenProcess + 6 77055DCE 4 Bytes [A8, 79, 8E, 00] {TEST AL, 0x79; MOV ES, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenProcess + B 77055DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenProcessToken + B 77055DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenProcessTokenEx + 6 77055DEE 4 Bytes [A8, 7A, 8E, 00] {TEST AL, 0x7a; MOV ES, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenProcessTokenEx + B 77055DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenThread + 6 77055E4E 4 Bytes [68, 79, 8E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenThread + B 77055E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenThreadToken + 6 77055E5E 4 Bytes [68, 7A, 8E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenThreadToken + B 77055E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenThreadTokenEx + B 77055E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtQueryAttributesFile + 6 77055F7E 4 Bytes [A8, 78, 8E, 00] {TEST AL, 0x78; MOV ES, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtQueryAttributesFile + B 77055F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtQueryFullAttributesFile + B 77056033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtSetInformationFile + 6 7705667E 4 Bytes [28, 79, 8E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtSetInformationFile + B 77056683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtSetInformationThread + 6 770566DE 4 Bytes [28, 7A, 8E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtSetInformationThread + B 770566E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtUnmapViewOfSection + 6 770569FE 4 Bytes [68, 7B, 8E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtUnmapViewOfSection + B 77056A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtCreateFile + 6 7705560E 4 Bytes [28, 40, ED, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtCreateFile + B 77055613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtMapViewOfSection + 6 77055C6E 4 Bytes [28, 43, ED, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtMapViewOfSection + B 77055C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenFile + 6 77055D1E 4 Bytes [68, 40, ED, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenFile + B 77055D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenProcess + 6 77055DCE 4 Bytes [A8, 41, ED, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenProcess + B 77055DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenProcessToken + B 77055DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenProcessTokenEx + 6 77055DEE 4 Bytes [A8, 42, ED, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenProcessTokenEx + B 77055DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenThread + 6 77055E4E 4 Bytes [68, 41, ED, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenThread + B 77055E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenThreadToken + 6 77055E5E 4 Bytes [68, 42, ED, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenThreadToken + B 77055E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenThreadTokenEx + B 77055E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtQueryAttributesFile + 6 77055F7E 4 Bytes [A8, 40, ED, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtQueryAttributesFile + B 77055F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtQueryFullAttributesFile + B 77056033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtSetInformationFile + 6 7705667E 4 Bytes [28, 41, ED, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtSetInformationFile + B 77056683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtSetInformationThread + 6 770566DE 4 Bytes [28, 42, ED, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtSetInformationThread + B 770566E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtUnmapViewOfSection + 6 770569FE 4 Bytes [68, 43, ED, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtUnmapViewOfSection + B 77056A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtCreateFile + 6 7705560E 4 Bytes [28, 3C, D1, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtCreateFile + B 77055613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtMapViewOfSection + 6 77055C6E 4 Bytes [28, 3F, D1, 00] {SUB [EDI], BH; ROL DWORD [EAX], 0x1}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtMapViewOfSection + B 77055C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenFile + 6 77055D1E 4 Bytes [68, 3C, D1, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenFile + B 77055D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcess + 6 77055DCE 4 Bytes [A8, 3D, D1, 00] {TEST AL, 0x3d; ROL DWORD [EAX], 0x1}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcess + B 77055DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcessToken + B 77055DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcessTokenEx + 6 77055DEE 4 Bytes [A8, 3E, D1, 00] {TEST AL, 0x3e; ROL DWORD [EAX], 0x1}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcessTokenEx + B 77055DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThread + 6 77055E4E 4 Bytes [68, 3D, D1, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThread + B 77055E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThreadToken + 6 77055E5E 4 Bytes [68, 3E, D1, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThreadToken + B 77055E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThreadTokenEx + B 77055E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtQueryAttributesFile + 6 77055F7E 4 Bytes [A8, 3C, D1, 00] {TEST AL, 0x3c; ROL DWORD [EAX], 0x1}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtQueryAttributesFile + B 77055F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtQueryFullAttributesFile + B 77056033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtSetInformationFile + 6 7705667E 4 Bytes [28, 3D, D1, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtSetInformationFile + B 77056683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtSetInformationThread + 6 770566DE 4 Bytes [28, 3E, D1, 00] {SUB [ESI], BH; ROL DWORD [EAX], 0x1}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtSetInformationThread + B 770566E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtUnmapViewOfSection + 6 770569FE 4 Bytes [68, 3F, D1, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtUnmapViewOfSection + B 77056A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtCreateFile + 6 7705560E 4 Bytes [28, 0C, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtCreateFile + B 77055613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtMapViewOfSection + 6 77055C6E 4 Bytes [28, 0F, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtMapViewOfSection + B 77055C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenFile + 6 77055D1E 4 Bytes [68, 0C, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenFile + B 77055D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcess + 6 77055DCE 4 Bytes [A8, 0D, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcess + B 77055DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcessToken + B 77055DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcessTokenEx + 6 77055DEE 4 Bytes [A8, 0E, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcessTokenEx + B 77055DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThread + 6 77055E4E 4 Bytes [68, 0D, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThread + B 77055E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThreadToken + 6 77055E5E 4 Bytes [68, 0E, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThreadToken + B 77055E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThreadTokenEx + B 77055E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtQueryAttributesFile + 6 77055F7E 4 Bytes [A8, 0C, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtQueryAttributesFile + B 77055F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtQueryFullAttributesFile + B 77056033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtSetInformationFile + 6 7705667E 4 Bytes [28, 0D, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtSetInformationFile + B 77056683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtSetInformationThread + 6 770566DE 4 Bytes [28, 0E, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtSetInformationThread + B 770566E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtUnmapViewOfSection + 6 770569FE 4 Bytes [68, 0F, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtUnmapViewOfSection + B 77056A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtCreateFile + 6 7705560E 4 Bytes [28, 44, 1F, 00] {SUB [EDI+EBX+0x0], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtCreateFile + B 77055613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtMapViewOfSection + 6 77055C6E 4 Bytes [28, 47, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtMapViewOfSection + B 77055C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenFile + 6 77055D1E 4 Bytes [68, 44, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenFile + B 77055D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenProcess + 6 77055DCE 4 Bytes [A8, 45, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenProcess + B 77055DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenProcessToken + B 77055DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenProcessTokenEx + 6 77055DEE 4 Bytes [A8, 46, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenProcessTokenEx + B 77055DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenThread + 6 77055E4E 4 Bytes [68, 45, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenThread + B 77055E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenThreadToken + 6 77055E5E 4 Bytes [68, 46, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenThreadToken + B 77055E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenThreadTokenEx + B 77055E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtQueryAttributesFile + 6 77055F7E 4 Bytes [A8, 44, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtQueryAttributesFile + B 77055F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtQueryFullAttributesFile + B 77056033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtSetInformationFile + 6 7705667E 4 Bytes [28, 45, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtSetInformationFile + B 77056683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtSetInformationThread + 6 770566DE 4 Bytes [28, 46, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtSetInformationThread + B 770566E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtUnmapViewOfSection + 6 770569FE 4 Bytes [68, 47, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtUnmapViewOfSection + B 77056A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtCreateFile + 6 7705560E 4 Bytes [28, 8C, AA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtCreateFile + B 77055613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtMapViewOfSection + 6 77055C6E 4 Bytes [28, 8F, AA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtMapViewOfSection + B 77055C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenFile + 6 77055D1E 4 Bytes [68, 8C, AA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenFile + B 77055D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcess + 6 77055DCE 4 Bytes [A8, 8D, AA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcess + B 77055DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcessToken + B 77055DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcessTokenEx + 6 77055DEE 4 Bytes [A8, 8E, AA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcessTokenEx + B 77055DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThread + 6 77055E4E 4 Bytes [68, 8D, AA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThread + B 77055E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThreadToken + 6 77055E5E 4 Bytes [68, 8E, AA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThreadToken + B 77055E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThreadTokenEx + B 77055E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtQueryAttributesFile + 6 77055F7E 4 Bytes [A8, 8C, AA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtQueryAttributesFile + B 77055F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtQueryFullAttributesFile + B 77056033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtSetInformationFile + 6 7705667E 4 Bytes [28, 8D, AA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtSetInformationFile + B 77056683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtSetInformationThread + 6 770566DE 4 Bytes [28, 8E, AA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtSetInformationThread + B 770566E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtUnmapViewOfSection + 6 770569FE 4 Bytes [68, 8F, AA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtUnmapViewOfSection + B 77056A03 1 Byte [E2]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713d41209
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713d41209@0022989cd691 0x64 0x04 0xAA 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713d41209@ac932fb2b2b4 0x54 0xE0 0x26 0xBD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713d41209@a071a9d28809 0xBC 0xA1 0xB5 0x6B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713d41209 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713d41209@0022989cd691 0x64 0x04 0xAA 0xE8 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713d41209@ac932fb2b2b4 0x54 0xE0 0x26 0xBD ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713d41209@a071a9d28809 0xBC 0xA1 0xB5 0x6B ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@30D81AD4 1566
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{83B37DC7-69F3-11DF-8781-806E6F6E6963} 8415149240
---- EOF - GMER 2.1 ----
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-11-2014
Ran by Yasemin at 2014-11-05 08:04:10
Running from C:\Users\Yasemin\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.6.602.180 - Adobe Systems Incorporated)
airView - 192.168.1.20 (HKCU\...\airView - 192.168.1.20) (Version: - Ubiquiti Networks, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
AutoCAD 2011 - Deutsch (HKLM\...\AutoCAD 2011 - Deutsch) (Version: 18.1.49.0 - Autodesk)
AutoCAD 2011 - Deutsch (Version: 18.1.49.0 - Autodesk) Hidden
AutoCAD 2011 Language Pack - Deutsch (Version: 18.1.49.0 - Autodesk) Hidden
Autodesk Material Library 2011 (HKLM\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Base Image library (HKLM\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk)
Broadcom 2070 Bluetooth 2.1 + EDR (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
FARO LS 1.1.406.58 (HKLM\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM\...\{206E1EEB-027A-4FC0-B4ED-6E48203BD49A}) (Version: 1.1.1.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{9161546B-336A-4E3D-B049-F25A400558C6}) (Version: 3.5.14.1 - Hewlett-Packard Company)
HP Setup (HKLM\...\{1E6219D4-027E-47EE-AB83-DD2F26E31A32}) (Version: 1.2.3557.3169 - Hewlett-Packard)
HP SoftPaq Download Manager (HKLM\...\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}) (Version: 3.0.5.0 - Hewlett-Packard Company)
HP Software Framework (HKLM\...\{223E2363-6643-49CB-A062-59A9858EE8EE}) (Version: 3.5.17.1 - Hewlett-Packard Company)
HP Software Setup (HKLM\...\{04801E42-B1A6-4C52-9F3D-CADB5A050433}) (Version: 7.0.1.6 - Hewlett-Packard Company)
HP Support Assistant (HKLM\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP User Guides 0190 (HKLM\...\{5B0D9F1A-425E-46C4-B06D-2C0736C1E804}) (Version: 1.00.0000 - Hewlett-Packard)
HP Webcam (HKLM\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.25.0 - Roxio)
HP Webcam Driver (HKLM\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.0049 - Realtek Semiconductor Corp.)
HP Wireless Assistant (HKLM\...\{1061DF04-CF33-40B0-8360-D07C9BBEB122}) (Version: 3.50.10.1 - Hewlett-Packard)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6300.0 - IDT)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2057 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java(TM) 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MiKTeX 2.9 (HKCU\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mobile Broadband HL Service (HKLM\...\Mobile Broadband HL Service) (Version: 22.001.10.00.03 - Huawei Technologies Co.,Ltd)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nuance PDF Professional 6 (HKLM\...\{BDB494AE-3597-41E7-8B6A-F6BAF4E514EE}) (Version: 6.00.3205 - Nuance Communications, Inc)
Nuance PDF Reader (HKLM\...\{5F6C549F-78DA-4E0E-AE70-0BD981936D99}) (Version: 7.00.0000 - Nuance Communications, Inc.)
REALTEK Wireless LAN Software (HKLM\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0104 - REALTEK Semiconductor Corp.)
Scansoft PDF Professional (Version: - ) Hidden
Skype™ 6.10 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.10.104 - Skype Technologies S.A.)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.4.0 - Synaptics Incorporated)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Windows 7 Default Setting (HKLM\...\{5BF8E079-D6E2-4323-B794-75152371122A}) (Version: 1.0.1.6 - Hewlett-Packard Company)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414) (HKLM\...\0973B297E079B467E3776E59F763D63FD557795B) (Version: 12/16/2009 6.2.0.9414 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\E77704EF5E71F4F18CADFBFA68595AFE036D5D97) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
WinZip 12.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Yasemin\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Yasemin\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2011\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Yasemin\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2011\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2011\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2011\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Yasemin\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
==================== Restore Points =========================
12-10-2014 08:33:30 Windows Update
15-10-2014 17:33:04 Windows Update
16-10-2014 19:49:12 Windows Update
20-10-2014 23:00:40 Windows Update
25-10-2014 19:06:00 Windows Update
28-10-2014 21:06:50 Windows Update
01-11-2014 13:26:43 Windows Update
04-11-2014 19:15:09 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2014-11-01 18:30 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {01EE3230-6FE6-44DC-84DC-3677063E40B2} - System32\Tasks\{895A450F-3FB7-4492-821D-6EBE64233EC1} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.60.106/de/go/help.faq.installer?LastError=1603
Task: {0E73BCA4-E031-4120-9284-AE0A2C3B8FF3} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-775044091-3129311835-2082847881-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {146F0F89-361C-45F4-8200-BDC96BF039D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {200B9E92-C258-4C3E-8BD7-CA73212D42D8} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {239364E9-7BB3-4534-AA48-792A620E2736} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-775044091-3129311835-2082847881-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {2A33B83E-1DAD-459D-BFC6-CA0EB84A44BC} - System32\Tasks\{532C4AE6-67BA-4633-9C1D-C747ECF4D199} => C:\Users\Yasemin\Downloads\KARTALCELLConnectionManager.exe
Task: {2FC296EC-EBDE-4D80-92A4-508A7794362C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {3192D309-D252-4FA4-974D-6E4DB3050F4E} - System32\Tasks\{8E9E3C8F-740F-410D-B666-CE6F49CB5291} => C:\Users\Yasemin\Downloads\KARTALCELLConnectionManager.exe
Task: {34CF5AB6-4B80-4147-A09D-19BC6F12A60F} - System32\Tasks\{9EE636DC-04F9-4829-9206-B060781B9537} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.0.104/de/go/help.faq.installer?LastError=1603
Task: {3C2A34D0-9878-4AB5-8439-2C36ACA3DA70} - System32\Tasks\{CBE8DDBA-63C6-40C9-9C44-5686CC9FF9A0} => C:\Users\Yasemin\Downloads\KARTALCELLConnectionManager.exe
Task: {3EFD0CAE-2947-4D20-B1FB-DE21EB87B747} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {50344D16-116E-47EC-AEF5-E1D33091FCE1} - System32\Tasks\{A63776A1-A5DF-4A06-A2C7-17A7E48F05B1} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.60.104/de/go/help.faq.installer?LastError=1603
Task: {5302E3AA-DF67-4BD6-9477-D0344124C96E} - System32\Tasks\{EBAB3818-77ED-43D9-A8E1-71AFC07AF55A} => C:\Users\Yasemin\Downloads\KARTALCELLConnectionManager.exe
Task: {54622B0C-4A6D-4365-8242-9C89C3C733AE} - System32\Tasks\{4F245382-1EA7-43CA-810B-EA656D9388E1} => C:\Program Files\KARTALCELLConnectionManager\KARTALCELLConnectionManager.exe
Task: {5EDB74B6-21C6-478B-AD78-7C3A5D858405} - System32\Tasks\{09DC06D9-B307-499E-84B8-2E3A5F9B8875} => C:\Program Files\KARTALCELLConnectionManager\KARTALCELLConnectionManager.exe
Task: {68B29BD1-61BE-4CFC-8ABD-D86C219E3217} - System32\Tasks\{87CEF544-6FC0-4D06-B16F-F1FC26A4FBA3} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/de/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {74807195-5D53-4513-A5E7-C88112578B96} - System32\Tasks\{019A5DCD-C67D-49C9-87D1-C1F4A19A4AA5} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1603
Task: {75D274B3-E20B-42D0-8A1C-247BB9970970} - System32\Tasks\{16DFD35E-7CB3-4E2C-802A-ECEEE1842F60} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.60.106/de/go/help.faq.installer?LastError=1603
Task: {849EF2F9-F886-41E4-B2C6-D4B8FA03B182} - System32\Tasks\{C13A5F54-ED37-46C4-9070-BE41C8F6C7A3} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/de/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {86D2AA7C-5C99-4761-ACBE-9963B31352D9} - System32\Tasks\{5691B8AE-3591-4E7E-B62D-B871E2DAA14D} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.0.104/de/go/help.faq.installer?LastError=1603
Task: {9378BF31-F45C-4B4B-88FD-030F84F738C8} - System32\Tasks\PC Rambazamba => C:\Program Files\Langmeier Software\PC Rambazamba\pcrambazamba.exe
Task: {95B010BC-BF43-46AA-93DB-7F662D7ACE71} - System32\Tasks\{C4E3F0DF-7E52-4F78-AA55-3D240D216004} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.60.104/de/go/help.faq.installer?LastError=1603
Task: {9C8C9C25-DB15-436A-875E-CBCEB8CF363C} - System32\Tasks\{03A532B0-20D6-4259-AD68-C75E98A22A32} => C:\Program Files\KARTALCELLConnectionManager\KARTALCELLConnectionManager.exe
Task: {A1CEEE58-2985-4CD1-A079-45886949A81D} - System32\Tasks\{2947A8CC-EA0C-4F95-B798-D95C8924EA28} => C:\Users\Yasemin\Downloads\KARTALCELLConnectionManager.exe
Task: {A32DD7D0-2F52-4255-AFE3-5C987C09659C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {A4AA761D-7EBC-4900-A070-3FBBEA027E58} - System32\Tasks\{01047A8B-71AD-4588-8FFE-8AB9C70E9F4C} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.0.104/de/go/help.faq.installer?LastError=1603
Task: {A6E057AE-F2DD-423E-BD01-191C58B45138} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-10-21] (Microsoft)
Task: {BB8BF9BD-F3E7-4912-B5D9-6DF49C89226F} - System32\Tasks\{B9A79358-96C0-4165-82EF-317D834C4978} => C:\Users\Yasemin\Downloads\KARTALCELLConnectionManager.exe
Task: {C0328437-9518-4086-A81F-59C937494EA0} - System32\Tasks\{C8B91321-60E9-41A9-BEE7-2CD2053F9B61} => C:\Users\Yasemin\Downloads\KARTALCELLConnectionManager.exe
Task: {C6AE8857-0C79-444B-B229-71FBD5271143} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {DCE47A7E-DE4B-4849-9C8E-F754DE1CDF4A} - System32\Tasks\{0FB27FDB-994A-45D2-AEB7-54660739C236} => C:\Users\Yasemin\Downloads\KARTALCELLConnectionManager.exe
Task: {E38649D2-2597-4A1C-A336-5E8285187ECB} - System32\Tasks\{EE6B47E2-519E-4254-8EDF-4830D6B7807B} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.60.106/de/go/help.faq.installer?LastError=1603
Task: {F5D3DFFF-E20F-4B1A-AF98-3800D714461D} - System32\Tasks\HPCeeScheduleForYasemin => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {FC4664BE-7317-4207-8547-21433737B6F5} - System32\Tasks\{FC43AD21-D397-43B9-84B5-8895ED7CAF55} => C:\Program Files\KARTALCELLConnectionManager\KARTALCELLConnectionManager.exe
Task: {FFBDD08A-3FBB-48AE-98BD-A4B8D3FB0EC3} - System32\Tasks\{AB9B7DD6-1763-421C-95E4-6C70368B8CA8} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.60.106/de/go/help.faq.installer?LastError=1603
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForYasemin.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2007-01-26 10:17 - 2007-01-26 10:17 - 00022723 _____ () C:\windows\System32\ssgh1l3.dll
2014-04-07 20:16 - 2014-04-07 20:16 - 00230240 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2009-12-29 21:31 - 2009-12-29 21:31 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2009-07-01 23:44 - 2009-07-01 23:44 - 00632888 ____R () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
2014-11-05 07:32 - 2014-11-05 07:32 - 00043008 _____ () c:\users\yasemin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphg4var.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\libcef.dll
2014-10-28 22:00 - 2014-10-22 05:04 - 01042760 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-28 22:00 - 2014-10-22 05:04 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-28 22:00 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 22:00 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-11-01 00:54 - 2014-11-05 07:33 - 00123632 _____ () C:\ProgramData\e435d908-8e15-4e0c-ae35-3dc1cb10ee1e\maintainer.exe
2014-10-28 22:00 - 2014-10-22 05:05 - 14902600 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
2014-11-05 07:56 - 2014-11-05 07:56 - 00050477 _____ () C:\Users\Yasemin\Downloads\Defogger.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-775044091-3129311835-2082847881-500 - Administrator - Disabled)
Gast (S-1-5-21-775044091-3129311835-2082847881-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-775044091-3129311835-2082847881-1003 - Limited - Enabled)
Yasemin (S-1-5-21-775044091-3129311835-2082847881-1001 - Administrator - Enabled) => C:\Users\Yasemin
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/05/2014 07:38:37 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "130290". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.
Error: (11/05/2014 07:38:37 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (11/04/2014 08:08:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "130110". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.
Error: (11/04/2014 08:08:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (11/04/2014 00:09:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "129930". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.
Error: (11/04/2014 00:09:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (11/04/2014 00:04:52 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "129750". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.
Error: (11/04/2014 00:04:52 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (11/04/2014 01:01:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "129570". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.
Error: (11/04/2014 01:00:59 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
System errors:
=============
Error: (11/05/2014 07:32:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/04/2014 11:53:15 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (11/04/2014 11:14:17 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (11/04/2014 11:05:19 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (11/04/2014 10:51:04 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (11/04/2014 08:07:50 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.6
registriert werden. Der Computer mit IP-Adresse 192.168.1.2 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (11/04/2014 08:03:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/04/2014 00:03:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/04/2014 00:54:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/03/2014 11:53:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (06/19/2014 11:20:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 709 seconds with 660 seconds of active time. This session ended with a crash.
Error: (01/23/2012 00:30:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1363 seconds with 1200 seconds of active time. This session ended with a crash.
Error: (01/22/2012 01:44:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 875 seconds with 540 seconds of active time. This session ended with a crash.
Error: (06/11/2011 01:53:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 8338 seconds with 2460 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 87%
Total physical RAM: 3000.27 MB
Available physical RAM: 363.81 MB
Total Pagefile: 5998.82 MB
Available Pagefile: 2407.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.52 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:448.47 GB) (Free:48.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 3C5F7C9A)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)
==================== End Of Log ============================
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-11-2014 Ran by Yasemin (administrator) on 1907FB on 05-11-2014 08:01:46 Running from C:\Users\Yasemin\Downloads Loaded Profiles: Yasemin & (Available profiles: Yasemin) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe () C:\ProgramData\MobileBrServ\mbbService.exe (Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 6\PdfPro6Hook.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Akamai Technologies, Inc.) C:\Users\Yasemin\AppData\Local\Akamai\netsession_win.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Akamai Technologies, Inc.) C:\Users\Yasemin\AppData\Local\Akamai\netsession_win.exe () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe (Dropbox, Inc.) C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe () C:\ProgramData\e435d908-8e15-4e0c-ae35-3dc1cb10ee1e\maintainer.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe () C:\Users\Yasemin\Downloads\Defogger.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [QLBController] => C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-01-28] (Hewlett-Packard Company) HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1684776 2010-01-22] (Synaptics Incorporated) HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard) HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Professional 6\pdfpro6hook.exe [1277952 2009-11-13] (Nuance Communications, Inc.) HKLM\...\Run: [PDF6 Registry Controller] => C:\Program Files\Nuance\PDF Professional 6\RegistryController.exe [110880 2009-11-03] (Nuance Communications, Inc.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2012-03-31] (IDT, Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files\Nuance\PDF Reader\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.) HKLM\...\Run: [Lexmark X1100 Series] => "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard) HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2013-03-21] (Microsoft Corporation) HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-775044091-3129311835-2082847881-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-775044091-3129311835-2082847881-1001\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden HKU\S-1-5-21-775044091-3129311835-2082847881-1001\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKU\S-1-5-21-775044091-3129311835-2082847881-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Yasemin\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-775044091-3129311835-2082847881-1001\...\MountPoints2: {360e4847-359c-11e2-9e29-81f343ed3cbc} - D:\Windows/Autorun.exe AUTORUN=1 HKU\S-1-5-21-775044091-3129311835-2082847881-1001\...\MountPoints2: {42cbf559-316a-11e0-9e7c-002713d41209} - D:\Autorun.exe HKU\S-1-5-21-775044091-3129311835-2082847881-1001\...\MountPoints2: {a07f38c4-0fa6-11e2-8d58-c2adeb74a1b3} - D:\AutoRun.exe HKU\S-1-5-21-775044091-3129311835-2082847881-1001\...\MountPoints2: {d475885a-4bce-11e4-845a-e1a8a5d2a7b5} - D:\AutoRun.exe HKU\S-1-5-21-775044091-3129311835-2082847881-1001\...\MountPoints2: {d47588ad-4bce-11e4-845a-e1a8a5d2a7b5} - D:\AutoRun.exe HKU\S-1-5-21-775044091-3129311835-2082847881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-775044091-3129311835-2082847881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden HKU\S-1-5-21-775044091-3129311835-2082847881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKU\S-1-5-21-775044091-3129311835-2082847881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Yasemin\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-775044091-3129311835-2082847881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {360e4847-359c-11e2-9e29-81f343ed3cbc} - D:\Windows/Autorun.exe AUTORUN=1 HKU\S-1-5-21-775044091-3129311835-2082847881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {42cbf559-316a-11e0-9e7c-002713d41209} - D:\Autorun.exe HKU\S-1-5-21-775044091-3129311835-2082847881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a07f38c4-0fa6-11e2-8d58-c2adeb74a1b3} - D:\AutoRun.exe HKU\S-1-5-21-775044091-3129311835-2082847881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d475885a-4bce-11e4-845a-e1a8a5d2a7b5} - D:\AutoRun.exe HKU\S-1-5-21-775044091-3129311835-2082847881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d47588ad-4bce-11e4-845a-e1a8a5d2a7b5} - D:\AutoRun.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2013-03-21] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Yasemin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [Symbol-Overlay-Steuerprogramm für AutoCAD Digitale Signaturen] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll (Autodesk, Inc.) BootExecute: autocheck autochk /r \??\E:autocheck autochk * GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: http=127.0.0.1:53171;https=127.0.0.1:53171 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com URLSearchHook: HKCU - (No Name) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - No File SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/result.htm?q={searchTerms}&SearchMashine=true SearchScopes: HKCU - {03FB391B-FE35-48EF-AB11-37A4F4E47EA7} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 SearchScopes: HKCU - {276EF2C9-813B-4791-96B6-171F89DF6552} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie SearchScopes: HKCU - {7D82C5DC-2488-4168-BC1B-DCC0DFB292C3} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {A48B372B-AA81-4EA7-A412-41869B2F8DAC} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7NDKB_deAT530 SearchScopes: HKCU - {F5673F48-9211-493D-BE3F-B48D9BA90E7F} URL = hxxp://go.gmx.at/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {FE6AECCA-1DF5-4C90-B3BD-3FFF08707767} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll (Zeon Corporation) BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll No File BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No File DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u20-windows-i586.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{45E701E5-882B-4E68-8DD9-5EE480C2D7AC}: [NameServer] 192.168.1.20 Tcpip\..\Interfaces\{6C9216B0-B258-44CB-B803-DEAF94FD53C4}: [NameServer] 8.8.8.8,8.8.4.4 FireFox: ======== FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: ZEON/PDF,version=2.0 -> C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF HKCU\...\Firefox\Extensions: [{BE0CA9DB-3581-BB94-42A6-BD0A2ED1AA2B}] - C:\Program Files\ver9BetterMarkIt\181.xpi Chrome: ======= CHR HomePage: Default -> hxxp://www.google.at/ CHR DefaultSearchKeyword: Default -> ecosia.org CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-23] CHR Extension: (Google Drive) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-23] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07] CHR Extension: (YouTube) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-23] CHR Extension: (bnhdeincpllgeldajmlncemfloafomon) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnhdeincpllgeldajmlncemfloafomon [2014-11-01] CHR Extension: (Adblock Plus) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-23] CHR Extension: (Ecosia - Die Suchmaschine, die Bäume pflanzt) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\clellnciejhoedgepbdilbkdkaoecgpc [2014-05-07] CHR Extension: (Google-Suche) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-23] CHR Extension: (Krab Web) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlbonldcgbaeiljcefjhaofjcpdnmhoc [2014-11-01] CHR Extension: (TheHDvid-Codec V10) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjmhjjohhiehaoljianalpmfcceojaff [2014-11-01] CHR Extension: (Google Wallet) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-23] CHR Extension: (Google Mail) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-23] CHR HKLM\...\Chrome\Extension: [nlafpokblfobdnjhhggocaanijghemnd] - C:\Users\Yasemin\AppData\Local\CRE\nlafpokblfobdnjhhggocaanijghemnd.crx [2012-07-05] CHR HKCU\...\Chrome\Extension: [nlafpokblfobdnjhhggocaanijghemnd] - C:\Users\Yasemin\AppData\Local\CRE\nlafpokblfobdnjhhggocaanijghemnd.crx [2012-07-05] CHR StartMenuInternet: Google Chrome - chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 HP Support Assistant Service; C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed] R2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [265272 2010-01-28] (Hewlett-Packard Company) R2 MaintainerSvc1.05.7044970; C:\ProgramData\e435d908-8e15-4e0c-ae35-3dc1cb10ee1e\maintainer.exe [123632 2014-11-05] () R3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [230240 2014-04-07] () R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation) R2 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [134944 2009-11-03] (Nuance Communications, Inc.) R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [254034 2012-03-31] (IDT, Inc.) S2 SeaPort; "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-05] (Malwarebytes Corporation) R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation) S3 OlyCamComm; C:\windows\System32\DRIVERS\OlyCamComm.sys [21648 2009-09-14] (OLYMPUS IMAGING CORP.) R3 rtsuvc; C:\windows\System32\DRIVERS\rtsuvc.sys [78848 2012-04-01] (Realtek Semiconductor Corp.) S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-05 08:01 - 2014-11-05 08:02 - 00022527 _____ () C:\Users\Yasemin\Downloads\FRST.txt 2014-11-05 08:01 - 2014-11-05 08:02 - 00000000 ____D () C:\FRST 2014-11-05 08:00 - 2014-11-05 08:00 - 01106432 _____ (Farbar) C:\Users\Yasemin\Downloads\FRST.exe 2014-11-05 07:57 - 2014-11-05 07:57 - 00000476 _____ () C:\Users\Yasemin\Downloads\defogger_disable.log 2014-11-05 07:57 - 2014-11-05 07:57 - 00000000 _____ () C:\Users\Yasemin\defogger_reenable 2014-11-05 07:56 - 2014-11-05 07:56 - 00050477 _____ () C:\Users\Yasemin\Downloads\Defogger.exe 2014-11-05 07:32 - 2014-11-05 07:33 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{FF8DC1DC-C907-4676-B0F1-87A7A6F480B4} 2014-11-04 12:06 - 2014-11-04 12:06 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{D31A0991-D9A4-41D2-A001-62762534366D} 2014-11-03 17:19 - 2014-11-03 17:20 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{2214D6F5-7207-4405-8E05-ABA258A6FAF5} 2014-11-02 09:36 - 2014-11-02 09:36 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{F5535A71-F606-4593-B741-8C5D4EDE036A} 2014-11-01 19:09 - 2014-11-01 19:09 - 01998336 _____ () C:\Users\Yasemin\Downloads\adwcleaner_4.002 (1).exe 2014-11-01 18:56 - 2014-11-01 18:56 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Yasemin\Downloads\rkill.exe 2014-11-01 18:42 - 2014-11-01 19:12 - 00000000 ____D () C:\AdwCleaner 2014-11-01 18:38 - 2014-11-05 07:48 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-01 18:38 - 2014-11-01 18:38 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-01 18:38 - 2014-11-01 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-01 18:37 - 2014-11-01 18:38 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-11-01 18:37 - 2014-11-01 18:37 - 01998336 _____ () C:\Users\Yasemin\Downloads\adwcleaner_4.002.exe 2014-11-01 18:37 - 2014-11-01 18:37 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-01 18:37 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-11-01 18:37 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-11-01 18:37 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-11-01 18:35 - 2014-11-01 18:37 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Yasemin\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-01 18:09 - 2014-11-01 18:09 - 00612340 _____ (CMI Limited) C:\Users\Yasemin\AppData\Local\nsv3841.tmp 2014-11-01 18:02 - 2014-11-01 18:26 - 00000000 ____D () C:\ProgramData\Unchecky 2014-11-01 18:00 - 2014-11-01 18:00 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{DC665227-362B-4910-A702-B0B4DDDB4E62} 2014-11-01 17:27 - 2014-11-05 07:33 - 00000000 ____D () C:\ProgramData\e435d908-8e15-4e0c-ae35-3dc1cb10ee1e 2014-11-01 17:02 - 2014-11-01 17:02 - 00627776 _____ (CMI Limited) C:\Users\Yasemin\AppData\Local\nsaBD94.tmp 2014-11-01 15:50 - 2014-11-01 18:21 - 00000000 ___HD () C:\Users\Public\Temp 2014-11-01 15:49 - 2014-11-01 15:49 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\com 2014-10-30 10:00 - 2014-10-30 10:11 - 338479810 _____ () C:\Users\Yasemin\Downloads\Video_Korngrößenanalyse.avi 2014-10-30 10:00 - 2014-10-30 10:10 - 196485870 _____ () C:\Users\Yasemin\Downloads\Video_Probenahme.avi 2014-10-30 09:35 - 2014-10-30 09:35 - 00019384 _____ () C:\windows\system32\Drivers\SPPD.sys 2014-10-29 22:09 - 2014-10-29 22:10 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{ECCC11D8-BFDC-42A5-BF3E-9FA8F0BA3978} 2014-10-29 16:00 - 2014-10-29 16:00 - 00216045 _____ () C:\Users\Yasemin\Downloads\Civic Agriculture.pptx 2014-10-29 15:59 - 2014-10-29 15:59 - 00216045 _____ () C:\Users\Yasemin\Documents\Civic Agriculture.pptx 2014-10-29 08:21 - 2014-10-29 08:21 - 00000000 __SHD () C:\Users\Yasemin\AppData\Local\EmieUserList 2014-10-29 08:21 - 2014-10-29 08:21 - 00000000 __SHD () C:\Users\Yasemin\AppData\Local\EmieSiteList 2014-10-29 07:59 - 2014-10-29 07:59 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{A5057E4B-D961-4A78-8AE6-4173EBFBB39A} 2014-10-28 15:05 - 2014-10-28 15:05 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{46A452F7-F6DD-4E22-AC71-158DF198CC1C} 2014-10-26 18:29 - 2014-11-01 18:26 - 00010716 _____ () C:\windows\patsearch.bin 2014-10-26 18:29 - 2014-10-26 18:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf 2014-10-26 18:22 - 2014-10-26 18:22 - 00081816 _____ () C:\Users\Yasemin\Downloads\HDVidCodec.exe 2014-10-26 18:12 - 2014-10-26 18:12 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{FC73EAD5-365A-4FD1-BD1C-0C801A807B87} 2014-10-25 19:54 - 2014-10-25 19:54 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{37F12E2C-57BF-43CD-B472-140391FB281E} 2014-10-24 08:19 - 2014-10-24 08:25 - 00000000 ____D () C:\Users\Yasemin\Desktop\Gemüse Zierpflanzenbau 2014-10-24 08:13 - 2014-10-24 08:13 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{6989C24B-47A3-4CE4-8280-0D1B9443DF5F} 2014-10-23 22:01 - 2014-10-23 22:02 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{46AE8C96-BEC1-4CE4-A87C-ACD06906F81C} 2014-10-23 09:38 - 2014-10-23 09:38 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{5881D8A7-B744-4CF0-B5D8-B976AF30811C} 2014-10-22 12:11 - 2014-10-22 12:11 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{739728A3-2169-4642-801F-6D116CA938DA} 2014-10-21 11:11 - 2014-10-21 11:11 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{1C6E2562-F44F-46DD-B7B5-E2FBA4C75FB8} 2014-10-21 11:00 - 2014-10-21 11:00 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{281048AE-1B50-4EBA-8A24-52CE0E015370} 2014-10-19 07:03 - 2014-10-19 07:03 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{B16E8F8D-93E8-4C19-9E74-7073E2D456CA} 2014-10-17 13:18 - 2014-10-17 13:19 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{9401D811-A95B-46E0-8E8F-CCC1C7778097} 2014-10-17 06:32 - 2014-10-17 06:32 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{E5AC8A70-46FC-4606-9155-9BC1034D6414} 2014-10-16 14:02 - 2014-10-16 14:02 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{57E8DD28-6CCB-4C75-9E14-2C1022CB8F78} 2014-10-16 09:41 - 2014-10-10 02:44 - 00396288 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-10-16 09:41 - 2014-10-10 02:44 - 00230912 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2014-10-16 09:41 - 2014-10-10 02:39 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-10-16 09:41 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-10-16 09:41 - 2014-09-29 01:41 - 02379264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-10-16 09:41 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-10-16 09:41 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-10-16 09:41 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-10-16 09:41 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-10-16 09:41 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-10-16 09:41 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-10-16 09:41 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-10-16 09:41 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-10-16 09:41 - 2014-09-19 02:14 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-10-16 09:41 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-10-16 09:41 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-10-16 09:41 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-10-16 09:41 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-10-16 09:41 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-10-16 09:41 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-10-16 09:41 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-10-16 09:41 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-10-16 09:41 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-10-16 09:41 - 2014-09-19 01:50 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-10-16 09:41 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-10-16 09:41 - 2014-09-19 01:44 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-10-16 09:41 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-10-16 09:41 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-10-16 09:41 - 2014-09-19 01:20 - 00677888 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-10-16 09:41 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-10-16 09:41 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-10-16 09:41 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-10-16 09:41 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-10-16 09:41 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-10-16 09:41 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll 2014-10-16 09:41 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll 2014-10-16 09:41 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll 2014-10-16 09:41 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll 2014-10-16 09:40 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\windows\system32\msi.dll 2014-10-16 09:40 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\packager.dll 2014-10-16 09:40 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll 2014-10-16 09:40 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2014-10-16 09:40 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe 2014-10-16 09:40 - 2014-07-17 02:39 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll 2014-10-16 09:40 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe 2014-10-16 09:40 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll 2014-10-16 09:40 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll 2014-10-16 09:40 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2014-10-16 09:40 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2014-10-16 09:40 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys 2014-10-16 09:40 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys 2014-10-11 15:51 - 2014-10-11 15:51 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{CD4C9674-DD8B-4966-8D87-2F49EB542E0E} 2014-10-10 22:35 - 2014-10-10 22:35 - 05686784 _____ () C:\Users\Yasemin\Downloads\LA CASA TORCIDA (1).pps 2014-10-10 22:24 - 2014-10-10 22:24 - 05688832 _____ () C:\Users\Yasemin\Downloads\LA CASA TORCIDA.pps 2014-10-10 20:51 - 2014-10-10 20:51 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{3C761EB3-CD7A-4ADA-9B33-25F9BC50F4F0} 2014-10-10 08:12 - 2014-10-10 08:12 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{37316AA8-E9B1-451A-BF0D-882951DBB51C} 2014-10-08 20:18 - 2014-10-08 20:19 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{09BA593E-B989-47EC-9B8C-F73D6B6E72B8} 2014-10-08 07:47 - 2014-10-08 07:47 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{2BE1B370-8B6C-4106-87B7-FE8BFE017E1A} 2014-10-08 07:37 - 2014-10-08 07:37 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{5F0AD047-AD45-447D-A5AD-C0C721BE1766} 2014-10-07 11:28 - 2014-10-07 11:28 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{A726889F-074B-465A-A495-5D4E7B206976} 2014-10-06 16:27 - 2014-10-06 16:29 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{A1D4DF58-D546-45FC-87D7-6B8DE764BE6C} ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-05 07:57 - 2010-10-06 22:05 - 00000000 ____D () C:\Users\Yasemin 2014-11-05 07:42 - 2011-07-03 11:37 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-05 07:39 - 2009-07-14 05:34 - 00022688 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-05 07:39 - 2009-07-14 05:34 - 00022688 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-05 07:38 - 2010-03-31 04:00 - 00449506 _____ () C:\windows\system32\PerfStringBackup.INI 2014-11-05 07:35 - 2010-05-28 01:57 - 01959458 _____ () C:\windows\WindowsUpdate.log 2014-11-05 07:32 - 2013-01-09 16:42 - 00000374 _____ () C:\windows\system32\Drivers\etc\hosts.ics 2014-11-05 07:32 - 2012-08-28 10:53 - 00000000 ___RD () C:\Users\Yasemin\Dropbox 2014-11-05 07:32 - 2012-08-28 10:51 - 00000000 ____D () C:\Users\Yasemin\AppData\Roaming\Dropbox 2014-11-05 07:32 - 2011-07-03 11:37 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-05 07:32 - 2010-10-20 22:27 - 00000000 ____D () C:\Users\Yasemin\Tracing 2014-11-05 07:32 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-11-05 07:32 - 2009-07-14 05:39 - 00188590 _____ () C:\windows\setupact.log 2014-11-05 00:33 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\NDF 2014-11-04 23:58 - 2010-11-06 17:13 - 00000000 ____D () C:\Users\Yasemin\AppData\Roaming\Skype 2014-11-04 21:07 - 2014-08-14 13:27 - 00000328 _____ () C:\windows\Tasks\HPCeeScheduleForYasemin.job 2014-11-04 12:03 - 2010-03-31 04:47 - 00285078 _____ () C:\windows\PFRO.log 2014-11-03 00:46 - 2009-07-27 09:31 - 00000000 ____D () C:\windows\Panther 2014-11-03 00:43 - 2014-10-04 15:12 - 00000000 ____D () C:\ProgramData\H3G 2014-11-03 00:43 - 2014-10-04 15:03 - 00000000 ____D () C:\ProgramData\DatacardService 2014-11-01 21:13 - 2014-05-13 18:25 - 00000000 ____D () C:\Users\Yasemin\Desktop\ToDo 2014-11-01 21:06 - 2012-07-19 10:00 - 00393728 ___SH () C:\Users\Yasemin\Downloads\Thumbs.db 2014-11-01 19:12 - 2013-12-23 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-11-01 19:11 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Globalization 2014-11-01 18:30 - 2013-03-02 16:46 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-11-01 18:30 - 2010-10-21 16:49 - 00000052 _____ () C:\windows\system32\DOErrors.log 2014-11-01 18:19 - 2009-07-14 03:04 - 00000580 _____ () C:\windows\win.ini 2014-11-01 15:50 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public 2014-10-30 12:24 - 2010-10-21 19:18 - 00229000 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2014-10-30 08:11 - 2011-12-26 13:18 - 00000000 ____D () C:\Users\Yasemin\Desktop\Neuer Ordner 2014-10-19 07:42 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\rescache 2014-10-17 13:53 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Microsoft.NET 2014-10-17 06:31 - 2009-07-14 05:33 - 00542736 _____ () C:\windows\system32\FNTCACHE.DAT 2014-10-17 06:28 - 2014-05-08 17:23 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-10-17 06:28 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\de-DE 2014-10-16 20:55 - 2010-03-31 04:25 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-07 17:21 - 2014-08-30 20:23 - 00002505 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-10-07 17:21 - 2014-08-30 20:23 - 00000000 ___RD () C:\Program Files\Skype 2014-10-07 17:21 - 2014-08-30 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-10-07 17:21 - 2010-05-28 02:09 - 00000000 ____D () C:\ProgramData\Skype Some content of TEMP: ==================== C:\Users\Yasemin\AppData\Local\Temp\08055776-560B-EC93-50DA-7884ACB85C4A.exe C:\Users\Yasemin\AppData\Local\Temp\11CB8872-6360-2BA6-0D11-5C9D4110A6BC.dll C:\Users\Yasemin\AppData\Local\Temp\11CB8872-6360-2BA6-0D11-5C9D4110A6BC.exe C:\Users\Yasemin\AppData\Local\Temp\AcDeltree.exe C:\Users\Yasemin\AppData\Local\Temp\BingBarSetup-Partner.exe C:\Users\Yasemin\AppData\Local\Temp\CWPCUNLR.dll C:\Users\Yasemin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphg4var.dll C:\Users\Yasemin\AppData\Local\Temp\DSP.dll C:\Users\Yasemin\AppData\Local\Temp\Extract.exe C:\Users\Yasemin\AppData\Local\Temp\FileSystemView.dll C:\Users\Yasemin\AppData\Local\Temp\FNP_ACT_InstallerCA.dll C:\Users\Yasemin\AppData\Local\Temp\GLF28F4.tmp.ConduitEngineSetup.exe C:\Users\Yasemin\AppData\Local\Temp\GLF28F4.tmp.tbDVDV.dll C:\Users\Yasemin\AppData\Local\Temp\GLFBF61.tmp.ConduitEngineSetup.exe C:\Users\Yasemin\AppData\Local\Temp\HPHelpUpdater.exe C:\Users\Yasemin\AppData\Local\Temp\HPQSi.exe C:\Users\Yasemin\AppData\Local\Temp\ICSW_0L1L2X1P.exe C:\Users\Yasemin\AppData\Local\Temp\mfcm80.dll C:\Users\Yasemin\AppData\Local\Temp\mfcm80u.dll C:\Users\Yasemin\AppData\Local\Temp\MSNEE94.exe C:\Users\Yasemin\AppData\Local\Temp\msvcm80.dll C:\Users\Yasemin\AppData\Local\Temp\ose00000.exe C:\Users\Yasemin\AppData\Local\Temp\ose00002.exe C:\Users\Yasemin\AppData\Local\Temp\OSU.exe C:\Users\Yasemin\AppData\Local\Temp\pdfiutil.exe C:\Users\Yasemin\AppData\Local\Temp\prxGLF28F4.tmp.tbDVDV.dll C:\Users\Yasemin\AppData\Local\Temp\prxGLFBF61.tmp.tbDVDV.dll C:\Users\Yasemin\AppData\Local\Temp\Quarantine.exe C:\Users\Yasemin\AppData\Local\Temp\Resource.exe C:\Users\Yasemin\AppData\Local\Temp\SkypeSetup.exe C:\Users\Yasemin\AppData\Local\Temp\SP49029.exe C:\Users\Yasemin\AppData\Local\Temp\SP51129.exe C:\Users\Yasemin\AppData\Local\Temp\SP51765.exe C:\Users\Yasemin\AppData\Local\Temp\SP52407.exe C:\Users\Yasemin\AppData\Local\Temp\sp54620.exe C:\Users\Yasemin\AppData\Local\Temp\sp58915.exe C:\Users\Yasemin\AppData\Local\Temp\sqdkrvym.dll C:\Users\Yasemin\AppData\Local\Temp\sqlite3.dll C:\Users\Yasemin\AppData\Local\Temp\tbDVDV.dll C:\Users\Yasemin\AppData\Local\Temp\tbFree.dll C:\Users\Yasemin\AppData\Local\Temp\UninstallHPSA.exe C:\Users\Yasemin\AppData\Local\Temp\UninstallHPTCA.exe C:\Users\Yasemin\AppData\Local\Temp\WtgDriverInstallX.dll C:\Users\Yasemin\AppData\Local\Temp\WTGXMLUtil.dll C:\Users\Yasemin\AppData\Local\Temp\~convert5582160642845438257.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-29 14:10 ==================== End Of Log ============================ |
| Themen zu Windows 7: es öffnet ständig Werbefenster, Webseiten werden auf Werbung umgeleitet, Wörter sind z.T unterstrichen. |
| auf werbung umgeleitet, bettermarkit, device driver, fehlercode 0x5, fehlercode windows, flash player, homepage, js/toolbar.crossrider.b, suchmaschine, svchost.exe, teredo, this device cannot start. (code10), werbefenster, win32/adware.addlyrics.cs, win32/adware.convertad.e, win32/browsefox.o, win32/browsefox.q, win32/browsefox.v, win32/downloadsponsor.a, win32/installcore.pk, win32/installcore.po, win32/installmonetizer.bc, win32/systweak.a, win32/toolbar.conduit, win32/wajam.f |
Baum-Darstellung