| |
| |||||||
Log-Analyse und Auswertung: Windows 7: es öffnet ständig Werbefenster, Webseiten werden auf Werbung umgeleitet, Wörter sind z.T unterstrichen.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.11.2014, 09:17
| #1 |
| |  Windows 7: es öffnet ständig Werbefenster, Webseiten werden auf Werbung umgeleitet, Wörter sind z.T unterstrichen. Hallo, Wenn ich eine Webseite öffne öffnet es immer mehrere Fenster mit Werbungen (z.B hxxp://mwl.petuniasaucecockup.com/) und auch auf der Seite auf der ich mich befinde kommen ständig Fenster und Anzeigen. Wörter auf Webseiten sind z.T Doppelt unterstrichen und verlinkt. Mein Coputer ist dadurch seehr langsam und auch laut.. Bin neu hier und hoffe die Beschreibung reicht aus. lg Yasemin Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-05 08:40:28
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LH00 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Yasemin\AppData\Local\Temp\kwldqpod.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83476A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834B0212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtCreateFile + 6 7705560E 4 Bytes [28, 34, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtCreateFile + B 77055613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtMapViewOfSection + 6 77055C6E 4 Bytes [28, 37, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtMapViewOfSection + B 77055C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenFile + 6 77055D1E 4 Bytes [68, 34, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenFile + B 77055D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenProcess + 6 77055DCE 4 Bytes [A8, 35, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenProcess + B 77055DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenProcessToken + B 77055DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenProcessTokenEx + 6 77055DEE 4 Bytes [A8, 36, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenProcessTokenEx + B 77055DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenThread + 6 77055E4E 4 Bytes [68, 35, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenThread + B 77055E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenThreadToken + 6 77055E5E 4 Bytes [68, 36, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenThreadToken + B 77055E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtOpenThreadTokenEx + B 77055E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtQueryAttributesFile + 6 77055F7E 4 Bytes [A8, 34, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtQueryAttributesFile + B 77055F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtQueryFullAttributesFile + B 77056033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtSetInformationFile + 6 7705667E 4 Bytes [28, 35, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtSetInformationFile + B 77056683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtSetInformationThread + 6 770566DE 4 Bytes [28, 36, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtSetInformationThread + B 770566E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtUnmapViewOfSection + 6 770569FE 4 Bytes [68, 37, 41, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2484] ntdll.dll!NtUnmapViewOfSection + B 77056A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtCreateFile + 6 7705560E 4 Bytes [28, 7C, 17, 00] {SUB [EDI+EDX+0x0], BH}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtCreateFile + B 77055613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtMapViewOfSection + 6 77055C6E 4 Bytes [28, 7F, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtMapViewOfSection + B 77055C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenFile + 6 77055D1E 4 Bytes [68, 7C, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenFile + B 77055D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenProcess + 6 77055DCE 4 Bytes [A8, 7D, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenProcess + B 77055DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenProcessToken + B 77055DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenProcessTokenEx + 6 77055DEE 4 Bytes [A8, 7E, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenProcessTokenEx + B 77055DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenThread + 6 77055E4E 4 Bytes [68, 7D, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenThread + B 77055E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenThreadToken + 6 77055E5E 4 Bytes [68, 7E, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenThreadToken + B 77055E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtOpenThreadTokenEx + B 77055E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtQueryAttributesFile + 6 77055F7E 4 Bytes [A8, 7C, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtQueryAttributesFile + B 77055F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtQueryFullAttributesFile + B 77056033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtSetInformationFile + 6 7705667E 4 Bytes [28, 7D, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtSetInformationFile + B 77056683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtSetInformationThread + 6 770566DE 4 Bytes [28, 7E, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtSetInformationThread + B 770566E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtUnmapViewOfSection + 6 770569FE 4 Bytes [68, 7F, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!NtUnmapViewOfSection + B 77056A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtMapViewOfSection + 6 77055C6E 4 Bytes [18, 20, 1F, 71]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5196] ntdll.dll!NtMapViewOfSection + B 77055C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtCreateFile + 6 7705560E 4 Bytes [28, 78, 8E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtCreateFile + B 77055613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtMapViewOfSection + 6 77055C6E 4 Bytes [28, 7B, 8E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtMapViewOfSection + B 77055C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenFile + 6 77055D1E 4 Bytes [68, 78, 8E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenFile + B 77055D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenProcess + 6 77055DCE 4 Bytes [A8, 79, 8E, 00] {TEST AL, 0x79; MOV ES, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenProcess + B 77055DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenProcessToken + B 77055DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenProcessTokenEx + 6 77055DEE 4 Bytes [A8, 7A, 8E, 00] {TEST AL, 0x7a; MOV ES, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenProcessTokenEx + B 77055DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenThread + 6 77055E4E 4 Bytes [68, 79, 8E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenThread + B 77055E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenThreadToken + 6 77055E5E 4 Bytes [68, 7A, 8E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenThreadToken + B 77055E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenThreadTokenEx + B 77055E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtQueryAttributesFile + 6 77055F7E 4 Bytes [A8, 78, 8E, 00] {TEST AL, 0x78; MOV ES, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtQueryAttributesFile + B 77055F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtQueryFullAttributesFile + B 77056033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtSetInformationFile + 6 7705667E 4 Bytes [28, 79, 8E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtSetInformationFile + B 77056683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtSetInformationThread + 6 770566DE 4 Bytes [28, 7A, 8E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtSetInformationThread + B 770566E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtUnmapViewOfSection + 6 770569FE 4 Bytes [68, 7B, 8E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtUnmapViewOfSection + B 77056A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtCreateFile + 6 7705560E 4 Bytes [28, 40, ED, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtCreateFile + B 77055613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtMapViewOfSection + 6 77055C6E 4 Bytes [28, 43, ED, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtMapViewOfSection + B 77055C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenFile + 6 77055D1E 4 Bytes [68, 40, ED, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenFile + B 77055D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenProcess + 6 77055DCE 4 Bytes [A8, 41, ED, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenProcess + B 77055DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenProcessToken + B 77055DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenProcessTokenEx + 6 77055DEE 4 Bytes [A8, 42, ED, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenProcessTokenEx + B 77055DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenThread + 6 77055E4E 4 Bytes [68, 41, ED, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenThread + B 77055E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenThreadToken + 6 77055E5E 4 Bytes [68, 42, ED, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenThreadToken + B 77055E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenThreadTokenEx + B 77055E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtQueryAttributesFile + 6 77055F7E 4 Bytes [A8, 40, ED, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtQueryAttributesFile + B 77055F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtQueryFullAttributesFile + B 77056033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtSetInformationFile + 6 7705667E 4 Bytes [28, 41, ED, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtSetInformationFile + B 77056683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtSetInformationThread + 6 770566DE 4 Bytes [28, 42, ED, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtSetInformationThread + B 770566E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtUnmapViewOfSection + 6 770569FE 4 Bytes [68, 43, ED, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtUnmapViewOfSection + B 77056A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtCreateFile + 6 7705560E 4 Bytes [28, 3C, D1, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtCreateFile + B 77055613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtMapViewOfSection + 6 77055C6E 4 Bytes [28, 3F, D1, 00] {SUB [EDI], BH; ROL DWORD [EAX], 0x1}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtMapViewOfSection + B 77055C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenFile + 6 77055D1E 4 Bytes [68, 3C, D1, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenFile + B 77055D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcess + 6 77055DCE 4 Bytes [A8, 3D, D1, 00] {TEST AL, 0x3d; ROL DWORD [EAX], 0x1}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcess + B 77055DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcessToken + B 77055DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcessTokenEx + 6 77055DEE 4 Bytes [A8, 3E, D1, 00] {TEST AL, 0x3e; ROL DWORD [EAX], 0x1}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenProcessTokenEx + B 77055DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThread + 6 77055E4E 4 Bytes [68, 3D, D1, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThread + B 77055E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThreadToken + 6 77055E5E 4 Bytes [68, 3E, D1, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThreadToken + B 77055E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtOpenThreadTokenEx + B 77055E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtQueryAttributesFile + 6 77055F7E 4 Bytes [A8, 3C, D1, 00] {TEST AL, 0x3c; ROL DWORD [EAX], 0x1}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtQueryAttributesFile + B 77055F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtQueryFullAttributesFile + B 77056033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtSetInformationFile + 6 7705667E 4 Bytes [28, 3D, D1, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtSetInformationFile + B 77056683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtSetInformationThread + 6 770566DE 4 Bytes [28, 3E, D1, 00] {SUB [ESI], BH; ROL DWORD [EAX], 0x1}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtSetInformationThread + B 770566E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtUnmapViewOfSection + 6 770569FE 4 Bytes [68, 3F, D1, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5448] ntdll.dll!NtUnmapViewOfSection + B 77056A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtCreateFile + 6 7705560E 4 Bytes [28, 0C, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtCreateFile + B 77055613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtMapViewOfSection + 6 77055C6E 4 Bytes [28, 0F, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtMapViewOfSection + B 77055C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenFile + 6 77055D1E 4 Bytes [68, 0C, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenFile + B 77055D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcess + 6 77055DCE 4 Bytes [A8, 0D, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcess + B 77055DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcessToken + B 77055DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcessTokenEx + 6 77055DEE 4 Bytes [A8, 0E, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenProcessTokenEx + B 77055DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThread + 6 77055E4E 4 Bytes [68, 0D, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThread + B 77055E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThreadToken + 6 77055E5E 4 Bytes [68, 0E, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThreadToken + B 77055E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtOpenThreadTokenEx + B 77055E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtQueryAttributesFile + 6 77055F7E 4 Bytes [A8, 0C, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtQueryAttributesFile + B 77055F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtQueryFullAttributesFile + B 77056033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtSetInformationFile + 6 7705667E 4 Bytes [28, 0D, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtSetInformationFile + B 77056683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtSetInformationThread + 6 770566DE 4 Bytes [28, 0E, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtSetInformationThread + B 770566E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtUnmapViewOfSection + 6 770569FE 4 Bytes [68, 0F, 93, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5464] ntdll.dll!NtUnmapViewOfSection + B 77056A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtCreateFile + 6 7705560E 4 Bytes [28, 44, 1F, 00] {SUB [EDI+EBX+0x0], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtCreateFile + B 77055613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtMapViewOfSection + 6 77055C6E 4 Bytes [28, 47, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtMapViewOfSection + B 77055C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenFile + 6 77055D1E 4 Bytes [68, 44, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenFile + B 77055D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenProcess + 6 77055DCE 4 Bytes [A8, 45, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenProcess + B 77055DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenProcessToken + B 77055DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenProcessTokenEx + 6 77055DEE 4 Bytes [A8, 46, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenProcessTokenEx + B 77055DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenThread + 6 77055E4E 4 Bytes [68, 45, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenThread + B 77055E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenThreadToken + 6 77055E5E 4 Bytes [68, 46, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenThreadToken + B 77055E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenThreadTokenEx + B 77055E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtQueryAttributesFile + 6 77055F7E 4 Bytes [A8, 44, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtQueryAttributesFile + B 77055F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtQueryFullAttributesFile + B 77056033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtSetInformationFile + 6 7705667E 4 Bytes [28, 45, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtSetInformationFile + B 77056683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtSetInformationThread + 6 770566DE 4 Bytes [28, 46, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtSetInformationThread + B 770566E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtUnmapViewOfSection + 6 770569FE 4 Bytes [68, 47, 1F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtUnmapViewOfSection + B 77056A03 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtCreateFile + 6 7705560E 4 Bytes [28, 8C, AA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtCreateFile + B 77055613 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtMapViewOfSection + 6 77055C6E 4 Bytes [28, 8F, AA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtMapViewOfSection + B 77055C73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenFile + 6 77055D1E 4 Bytes [68, 8C, AA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenFile + B 77055D23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcess + 6 77055DCE 4 Bytes [A8, 8D, AA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcess + B 77055DD3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcessToken + B 77055DE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcessTokenEx + 6 77055DEE 4 Bytes [A8, 8E, AA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcessTokenEx + B 77055DF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThread + 6 77055E4E 4 Bytes [68, 8D, AA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThread + B 77055E53 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThreadToken + 6 77055E5E 4 Bytes [68, 8E, AA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThreadToken + B 77055E63 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThreadTokenEx + B 77055E73 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtQueryAttributesFile + 6 77055F7E 4 Bytes [A8, 8C, AA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtQueryAttributesFile + B 77055F83 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtQueryFullAttributesFile + B 77056033 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtSetInformationFile + 6 7705667E 4 Bytes [28, 8D, AA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtSetInformationFile + B 77056683 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtSetInformationThread + 6 770566DE 4 Bytes [28, 8E, AA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtSetInformationThread + B 770566E3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtUnmapViewOfSection + 6 770569FE 4 Bytes [68, 8F, AA, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtUnmapViewOfSection + B 77056A03 1 Byte [E2]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713d41209
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713d41209@0022989cd691 0x64 0x04 0xAA 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713d41209@ac932fb2b2b4 0x54 0xE0 0x26 0xBD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713d41209@a071a9d28809 0xBC 0xA1 0xB5 0x6B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713d41209 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713d41209@0022989cd691 0x64 0x04 0xAA 0xE8 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713d41209@ac932fb2b2b4 0x54 0xE0 0x26 0xBD ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713d41209@a071a9d28809 0xBC 0xA1 0xB5 0x6B ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@30D81AD4 1566
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{83B37DC7-69F3-11DF-8781-806E6F6E6963} 8415149240
---- EOF - GMER 2.1 ----
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-11-2014
Ran by Yasemin at 2014-11-05 08:04:10
Running from C:\Users\Yasemin\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.6.602.180 - Adobe Systems Incorporated)
airView - 192.168.1.20 (HKCU\...\airView - 192.168.1.20) (Version: - Ubiquiti Networks, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
AutoCAD 2011 - Deutsch (HKLM\...\AutoCAD 2011 - Deutsch) (Version: 18.1.49.0 - Autodesk)
AutoCAD 2011 - Deutsch (Version: 18.1.49.0 - Autodesk) Hidden
AutoCAD 2011 Language Pack - Deutsch (Version: 18.1.49.0 - Autodesk) Hidden
Autodesk Material Library 2011 (HKLM\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Base Image library (HKLM\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk)
Broadcom 2070 Bluetooth 2.1 + EDR (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
FARO LS 1.1.406.58 (HKLM\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM\...\{206E1EEB-027A-4FC0-B4ED-6E48203BD49A}) (Version: 1.1.1.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{9161546B-336A-4E3D-B049-F25A400558C6}) (Version: 3.5.14.1 - Hewlett-Packard Company)
HP Setup (HKLM\...\{1E6219D4-027E-47EE-AB83-DD2F26E31A32}) (Version: 1.2.3557.3169 - Hewlett-Packard)
HP SoftPaq Download Manager (HKLM\...\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}) (Version: 3.0.5.0 - Hewlett-Packard Company)
HP Software Framework (HKLM\...\{223E2363-6643-49CB-A062-59A9858EE8EE}) (Version: 3.5.17.1 - Hewlett-Packard Company)
HP Software Setup (HKLM\...\{04801E42-B1A6-4C52-9F3D-CADB5A050433}) (Version: 7.0.1.6 - Hewlett-Packard Company)
HP Support Assistant (HKLM\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP User Guides 0190 (HKLM\...\{5B0D9F1A-425E-46C4-B06D-2C0736C1E804}) (Version: 1.00.0000 - Hewlett-Packard)
HP Webcam (HKLM\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.25.0 - Roxio)
HP Webcam Driver (HKLM\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.0049 - Realtek Semiconductor Corp.)
HP Wireless Assistant (HKLM\...\{1061DF04-CF33-40B0-8360-D07C9BBEB122}) (Version: 3.50.10.1 - Hewlett-Packard)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6300.0 - IDT)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2057 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java(TM) 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MiKTeX 2.9 (HKCU\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mobile Broadband HL Service (HKLM\...\Mobile Broadband HL Service) (Version: 22.001.10.00.03 - Huawei Technologies Co.,Ltd)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nuance PDF Professional 6 (HKLM\...\{BDB494AE-3597-41E7-8B6A-F6BAF4E514EE}) (Version: 6.00.3205 - Nuance Communications, Inc)
Nuance PDF Reader (HKLM\...\{5F6C549F-78DA-4E0E-AE70-0BD981936D99}) (Version: 7.00.0000 - Nuance Communications, Inc.)
REALTEK Wireless LAN Software (HKLM\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0104 - REALTEK Semiconductor Corp.)
Scansoft PDF Professional (Version: - ) Hidden
Skype™ 6.10 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.10.104 - Skype Technologies S.A.)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.4.0 - Synaptics Incorporated)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Windows 7 Default Setting (HKLM\...\{5BF8E079-D6E2-4323-B794-75152371122A}) (Version: 1.0.1.6 - Hewlett-Packard Company)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414) (HKLM\...\0973B297E079B467E3776E59F763D63FD557795B) (Version: 12/16/2009 6.2.0.9414 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\E77704EF5E71F4F18CADFBFA68595AFE036D5D97) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
WinZip 12.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Yasemin\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Yasemin\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2011\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Yasemin\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2011\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2011\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2011\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-775044091-3129311835-2082847881-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Yasemin\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
==================== Restore Points =========================
12-10-2014 08:33:30 Windows Update
15-10-2014 17:33:04 Windows Update
16-10-2014 19:49:12 Windows Update
20-10-2014 23:00:40 Windows Update
25-10-2014 19:06:00 Windows Update
28-10-2014 21:06:50 Windows Update
01-11-2014 13:26:43 Windows Update
04-11-2014 19:15:09 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2014-11-01 18:30 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {01EE3230-6FE6-44DC-84DC-3677063E40B2} - System32\Tasks\{895A450F-3FB7-4492-821D-6EBE64233EC1} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.60.106/de/go/help.faq.installer?LastError=1603
Task: {0E73BCA4-E031-4120-9284-AE0A2C3B8FF3} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-775044091-3129311835-2082847881-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {146F0F89-361C-45F4-8200-BDC96BF039D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {200B9E92-C258-4C3E-8BD7-CA73212D42D8} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {239364E9-7BB3-4534-AA48-792A620E2736} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-775044091-3129311835-2082847881-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {2A33B83E-1DAD-459D-BFC6-CA0EB84A44BC} - System32\Tasks\{532C4AE6-67BA-4633-9C1D-C747ECF4D199} => C:\Users\Yasemin\Downloads\KARTALCELLConnectionManager.exe
Task: {2FC296EC-EBDE-4D80-92A4-508A7794362C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {3192D309-D252-4FA4-974D-6E4DB3050F4E} - System32\Tasks\{8E9E3C8F-740F-410D-B666-CE6F49CB5291} => C:\Users\Yasemin\Downloads\KARTALCELLConnectionManager.exe
Task: {34CF5AB6-4B80-4147-A09D-19BC6F12A60F} - System32\Tasks\{9EE636DC-04F9-4829-9206-B060781B9537} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.0.104/de/go/help.faq.installer?LastError=1603
Task: {3C2A34D0-9878-4AB5-8439-2C36ACA3DA70} - System32\Tasks\{CBE8DDBA-63C6-40C9-9C44-5686CC9FF9A0} => C:\Users\Yasemin\Downloads\KARTALCELLConnectionManager.exe
Task: {3EFD0CAE-2947-4D20-B1FB-DE21EB87B747} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {50344D16-116E-47EC-AEF5-E1D33091FCE1} - System32\Tasks\{A63776A1-A5DF-4A06-A2C7-17A7E48F05B1} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.60.104/de/go/help.faq.installer?LastError=1603
Task: {5302E3AA-DF67-4BD6-9477-D0344124C96E} - System32\Tasks\{EBAB3818-77ED-43D9-A8E1-71AFC07AF55A} => C:\Users\Yasemin\Downloads\KARTALCELLConnectionManager.exe
Task: {54622B0C-4A6D-4365-8242-9C89C3C733AE} - System32\Tasks\{4F245382-1EA7-43CA-810B-EA656D9388E1} => C:\Program Files\KARTALCELLConnectionManager\KARTALCELLConnectionManager.exe
Task: {5EDB74B6-21C6-478B-AD78-7C3A5D858405} - System32\Tasks\{09DC06D9-B307-499E-84B8-2E3A5F9B8875} => C:\Program Files\KARTALCELLConnectionManager\KARTALCELLConnectionManager.exe
Task: {68B29BD1-61BE-4CFC-8ABD-D86C219E3217} - System32\Tasks\{87CEF544-6FC0-4D06-B16F-F1FC26A4FBA3} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/de/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {74807195-5D53-4513-A5E7-C88112578B96} - System32\Tasks\{019A5DCD-C67D-49C9-87D1-C1F4A19A4AA5} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1603
Task: {75D274B3-E20B-42D0-8A1C-247BB9970970} - System32\Tasks\{16DFD35E-7CB3-4E2C-802A-ECEEE1842F60} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.60.106/de/go/help.faq.installer?LastError=1603
Task: {849EF2F9-F886-41E4-B2C6-D4B8FA03B182} - System32\Tasks\{C13A5F54-ED37-46C4-9070-BE41C8F6C7A3} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/de/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {86D2AA7C-5C99-4761-ACBE-9963B31352D9} - System32\Tasks\{5691B8AE-3591-4E7E-B62D-B871E2DAA14D} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.0.104/de/go/help.faq.installer?LastError=1603
Task: {9378BF31-F45C-4B4B-88FD-030F84F738C8} - System32\Tasks\PC Rambazamba => C:\Program Files\Langmeier Software\PC Rambazamba\pcrambazamba.exe
Task: {95B010BC-BF43-46AA-93DB-7F662D7ACE71} - System32\Tasks\{C4E3F0DF-7E52-4F78-AA55-3D240D216004} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.60.104/de/go/help.faq.installer?LastError=1603
Task: {9C8C9C25-DB15-436A-875E-CBCEB8CF363C} - System32\Tasks\{03A532B0-20D6-4259-AD68-C75E98A22A32} => C:\Program Files\KARTALCELLConnectionManager\KARTALCELLConnectionManager.exe
Task: {A1CEEE58-2985-4CD1-A079-45886949A81D} - System32\Tasks\{2947A8CC-EA0C-4F95-B798-D95C8924EA28} => C:\Users\Yasemin\Downloads\KARTALCELLConnectionManager.exe
Task: {A32DD7D0-2F52-4255-AFE3-5C987C09659C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {A4AA761D-7EBC-4900-A070-3FBBEA027E58} - System32\Tasks\{01047A8B-71AD-4588-8FFE-8AB9C70E9F4C} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.0.104/de/go/help.faq.installer?LastError=1603
Task: {A6E057AE-F2DD-423E-BD01-191C58B45138} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-10-21] (Microsoft)
Task: {BB8BF9BD-F3E7-4912-B5D9-6DF49C89226F} - System32\Tasks\{B9A79358-96C0-4165-82EF-317D834C4978} => C:\Users\Yasemin\Downloads\KARTALCELLConnectionManager.exe
Task: {C0328437-9518-4086-A81F-59C937494EA0} - System32\Tasks\{C8B91321-60E9-41A9-BEE7-2CD2053F9B61} => C:\Users\Yasemin\Downloads\KARTALCELLConnectionManager.exe
Task: {C6AE8857-0C79-444B-B229-71FBD5271143} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {DCE47A7E-DE4B-4849-9C8E-F754DE1CDF4A} - System32\Tasks\{0FB27FDB-994A-45D2-AEB7-54660739C236} => C:\Users\Yasemin\Downloads\KARTALCELLConnectionManager.exe
Task: {E38649D2-2597-4A1C-A336-5E8285187ECB} - System32\Tasks\{EE6B47E2-519E-4254-8EDF-4830D6B7807B} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.60.106/de/go/help.faq.installer?LastError=1603
Task: {F5D3DFFF-E20F-4B1A-AF98-3800D714461D} - System32\Tasks\HPCeeScheduleForYasemin => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {FC4664BE-7317-4207-8547-21433737B6F5} - System32\Tasks\{FC43AD21-D397-43B9-84B5-8895ED7CAF55} => C:\Program Files\KARTALCELLConnectionManager\KARTALCELLConnectionManager.exe
Task: {FFBDD08A-3FBB-48AE-98BD-A4B8D3FB0EC3} - System32\Tasks\{AB9B7DD6-1763-421C-95E4-6C70368B8CA8} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.60.106/de/go/help.faq.installer?LastError=1603
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForYasemin.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2007-01-26 10:17 - 2007-01-26 10:17 - 00022723 _____ () C:\windows\System32\ssgh1l3.dll
2014-04-07 20:16 - 2014-04-07 20:16 - 00230240 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2009-12-29 21:31 - 2009-12-29 21:31 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2009-07-01 23:44 - 2009-07-01 23:44 - 00632888 ____R () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
2014-11-05 07:32 - 2014-11-05 07:32 - 00043008 _____ () c:\users\yasemin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphg4var.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\libcef.dll
2014-10-28 22:00 - 2014-10-22 05:04 - 01042760 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-28 22:00 - 2014-10-22 05:04 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-28 22:00 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 22:00 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-11-01 00:54 - 2014-11-05 07:33 - 00123632 _____ () C:\ProgramData\e435d908-8e15-4e0c-ae35-3dc1cb10ee1e\maintainer.exe
2014-10-28 22:00 - 2014-10-22 05:05 - 14902600 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
2014-11-05 07:56 - 2014-11-05 07:56 - 00050477 _____ () C:\Users\Yasemin\Downloads\Defogger.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-775044091-3129311835-2082847881-500 - Administrator - Disabled)
Gast (S-1-5-21-775044091-3129311835-2082847881-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-775044091-3129311835-2082847881-1003 - Limited - Enabled)
Yasemin (S-1-5-21-775044091-3129311835-2082847881-1001 - Administrator - Enabled) => C:\Users\Yasemin
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/05/2014 07:38:37 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "130290". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.
Error: (11/05/2014 07:38:37 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (11/04/2014 08:08:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "130110". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.
Error: (11/04/2014 08:08:05 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (11/04/2014 00:09:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "129930". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.
Error: (11/04/2014 00:09:07 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (11/04/2014 00:04:52 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "129750". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.
Error: (11/04/2014 00:04:52 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (11/04/2014 01:01:00 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "129570". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.
Error: (11/04/2014 01:00:59 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
System errors:
=============
Error: (11/05/2014 07:32:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/04/2014 11:53:15 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (11/04/2014 11:14:17 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (11/04/2014 11:05:19 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (11/04/2014 10:51:04 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (11/04/2014 08:07:50 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.6
registriert werden. Der Computer mit IP-Adresse 192.168.1.2 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (11/04/2014 08:03:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/04/2014 00:03:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/04/2014 00:54:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/03/2014 11:53:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SeaPort" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (06/19/2014 11:20:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 709 seconds with 660 seconds of active time. This session ended with a crash.
Error: (01/23/2012 00:30:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1363 seconds with 1200 seconds of active time. This session ended with a crash.
Error: (01/22/2012 01:44:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 875 seconds with 540 seconds of active time. This session ended with a crash.
Error: (06/11/2011 01:53:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 8338 seconds with 2460 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 87%
Total physical RAM: 3000.27 MB
Available physical RAM: 363.81 MB
Total Pagefile: 5998.82 MB
Available Pagefile: 2407.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.52 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:448.47 GB) (Free:48.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 3C5F7C9A)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)
==================== End Of Log ============================
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-11-2014 Ran by Yasemin (administrator) on 1907FB on 05-11-2014 08:01:46 Running from C:\Users\Yasemin\Downloads Loaded Profiles: Yasemin & (Available profiles: Yasemin) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe () C:\ProgramData\MobileBrServ\mbbService.exe (Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 6\PdfPro6Hook.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Akamai Technologies, Inc.) C:\Users\Yasemin\AppData\Local\Akamai\netsession_win.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Akamai Technologies, Inc.) C:\Users\Yasemin\AppData\Local\Akamai\netsession_win.exe () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe (Dropbox, Inc.) C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe () C:\ProgramData\e435d908-8e15-4e0c-ae35-3dc1cb10ee1e\maintainer.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe () C:\Users\Yasemin\Downloads\Defogger.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [QLBController] => C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-01-28] (Hewlett-Packard Company) HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1684776 2010-01-22] (Synaptics Incorporated) HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard) HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Professional 6\pdfpro6hook.exe [1277952 2009-11-13] (Nuance Communications, Inc.) HKLM\...\Run: [PDF6 Registry Controller] => C:\Program Files\Nuance\PDF Professional 6\RegistryController.exe [110880 2009-11-03] (Nuance Communications, Inc.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2012-03-31] (IDT, Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files\Nuance\PDF Reader\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.) HKLM\...\Run: [Lexmark X1100 Series] => "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard) HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2013-03-21] (Microsoft Corporation) HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-775044091-3129311835-2082847881-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-775044091-3129311835-2082847881-1001\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden HKU\S-1-5-21-775044091-3129311835-2082847881-1001\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKU\S-1-5-21-775044091-3129311835-2082847881-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Yasemin\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-775044091-3129311835-2082847881-1001\...\MountPoints2: {360e4847-359c-11e2-9e29-81f343ed3cbc} - D:\Windows/Autorun.exe AUTORUN=1 HKU\S-1-5-21-775044091-3129311835-2082847881-1001\...\MountPoints2: {42cbf559-316a-11e0-9e7c-002713d41209} - D:\Autorun.exe HKU\S-1-5-21-775044091-3129311835-2082847881-1001\...\MountPoints2: {a07f38c4-0fa6-11e2-8d58-c2adeb74a1b3} - D:\AutoRun.exe HKU\S-1-5-21-775044091-3129311835-2082847881-1001\...\MountPoints2: {d475885a-4bce-11e4-845a-e1a8a5d2a7b5} - D:\AutoRun.exe HKU\S-1-5-21-775044091-3129311835-2082847881-1001\...\MountPoints2: {d47588ad-4bce-11e4-845a-e1a8a5d2a7b5} - D:\AutoRun.exe HKU\S-1-5-21-775044091-3129311835-2082847881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-775044091-3129311835-2082847881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden HKU\S-1-5-21-775044091-3129311835-2082847881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKU\S-1-5-21-775044091-3129311835-2082847881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Yasemin\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-775044091-3129311835-2082847881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {360e4847-359c-11e2-9e29-81f343ed3cbc} - D:\Windows/Autorun.exe AUTORUN=1 HKU\S-1-5-21-775044091-3129311835-2082847881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {42cbf559-316a-11e0-9e7c-002713d41209} - D:\Autorun.exe HKU\S-1-5-21-775044091-3129311835-2082847881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a07f38c4-0fa6-11e2-8d58-c2adeb74a1b3} - D:\AutoRun.exe HKU\S-1-5-21-775044091-3129311835-2082847881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d475885a-4bce-11e4-845a-e1a8a5d2a7b5} - D:\AutoRun.exe HKU\S-1-5-21-775044091-3129311835-2082847881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d47588ad-4bce-11e4-845a-e1a8a5d2a7b5} - D:\AutoRun.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2013-03-21] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Yasemin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [Symbol-Overlay-Steuerprogramm für AutoCAD Digitale Signaturen] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll (Autodesk, Inc.) BootExecute: autocheck autochk /r \??\E:autocheck autochk * GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: http=127.0.0.1:53171;https=127.0.0.1:53171 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com URLSearchHook: HKCU - (No Name) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - No File SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/result.htm?q={searchTerms}&SearchMashine=true SearchScopes: HKCU - {03FB391B-FE35-48EF-AB11-37A4F4E47EA7} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 SearchScopes: HKCU - {276EF2C9-813B-4791-96B6-171F89DF6552} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie SearchScopes: HKCU - {7D82C5DC-2488-4168-BC1B-DCC0DFB292C3} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {A48B372B-AA81-4EA7-A412-41869B2F8DAC} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7NDKB_deAT530 SearchScopes: HKCU - {F5673F48-9211-493D-BE3F-B48D9BA90E7F} URL = hxxp://go.gmx.at/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {FE6AECCA-1DF5-4C90-B3BD-3FFF08707767} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll (Zeon Corporation) BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll No File BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No File DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u20-windows-i586.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{45E701E5-882B-4E68-8DD9-5EE480C2D7AC}: [NameServer] 192.168.1.20 Tcpip\..\Interfaces\{6C9216B0-B258-44CB-B803-DEAF94FD53C4}: [NameServer] 8.8.8.8,8.8.4.4 FireFox: ======== FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: ZEON/PDF,version=2.0 -> C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF HKCU\...\Firefox\Extensions: [{BE0CA9DB-3581-BB94-42A6-BD0A2ED1AA2B}] - C:\Program Files\ver9BetterMarkIt\181.xpi Chrome: ======= CHR HomePage: Default -> hxxp://www.google.at/ CHR DefaultSearchKeyword: Default -> ecosia.org CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-23] CHR Extension: (Google Drive) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-23] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07] CHR Extension: (YouTube) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-23] CHR Extension: (bnhdeincpllgeldajmlncemfloafomon) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnhdeincpllgeldajmlncemfloafomon [2014-11-01] CHR Extension: (Adblock Plus) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-23] CHR Extension: (Ecosia - Die Suchmaschine, die Bäume pflanzt) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\clellnciejhoedgepbdilbkdkaoecgpc [2014-05-07] CHR Extension: (Google-Suche) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-23] CHR Extension: (Krab Web) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlbonldcgbaeiljcefjhaofjcpdnmhoc [2014-11-01] CHR Extension: (TheHDvid-Codec V10) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjmhjjohhiehaoljianalpmfcceojaff [2014-11-01] CHR Extension: (Google Wallet) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-23] CHR Extension: (Google Mail) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-23] CHR HKLM\...\Chrome\Extension: [nlafpokblfobdnjhhggocaanijghemnd] - C:\Users\Yasemin\AppData\Local\CRE\nlafpokblfobdnjhhggocaanijghemnd.crx [2012-07-05] CHR HKCU\...\Chrome\Extension: [nlafpokblfobdnjhhggocaanijghemnd] - C:\Users\Yasemin\AppData\Local\CRE\nlafpokblfobdnjhhggocaanijghemnd.crx [2012-07-05] CHR StartMenuInternet: Google Chrome - chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 HP Support Assistant Service; C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed] R2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [265272 2010-01-28] (Hewlett-Packard Company) R2 MaintainerSvc1.05.7044970; C:\ProgramData\e435d908-8e15-4e0c-ae35-3dc1cb10ee1e\maintainer.exe [123632 2014-11-05] () R3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [230240 2014-04-07] () R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation) R2 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [134944 2009-11-03] (Nuance Communications, Inc.) R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [254034 2012-03-31] (IDT, Inc.) S2 SeaPort; "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-05] (Malwarebytes Corporation) R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation) S3 OlyCamComm; C:\windows\System32\DRIVERS\OlyCamComm.sys [21648 2009-09-14] (OLYMPUS IMAGING CORP.) R3 rtsuvc; C:\windows\System32\DRIVERS\rtsuvc.sys [78848 2012-04-01] (Realtek Semiconductor Corp.) S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-05 08:01 - 2014-11-05 08:02 - 00022527 _____ () C:\Users\Yasemin\Downloads\FRST.txt 2014-11-05 08:01 - 2014-11-05 08:02 - 00000000 ____D () C:\FRST 2014-11-05 08:00 - 2014-11-05 08:00 - 01106432 _____ (Farbar) C:\Users\Yasemin\Downloads\FRST.exe 2014-11-05 07:57 - 2014-11-05 07:57 - 00000476 _____ () C:\Users\Yasemin\Downloads\defogger_disable.log 2014-11-05 07:57 - 2014-11-05 07:57 - 00000000 _____ () C:\Users\Yasemin\defogger_reenable 2014-11-05 07:56 - 2014-11-05 07:56 - 00050477 _____ () C:\Users\Yasemin\Downloads\Defogger.exe 2014-11-05 07:32 - 2014-11-05 07:33 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{FF8DC1DC-C907-4676-B0F1-87A7A6F480B4} 2014-11-04 12:06 - 2014-11-04 12:06 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{D31A0991-D9A4-41D2-A001-62762534366D} 2014-11-03 17:19 - 2014-11-03 17:20 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{2214D6F5-7207-4405-8E05-ABA258A6FAF5} 2014-11-02 09:36 - 2014-11-02 09:36 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{F5535A71-F606-4593-B741-8C5D4EDE036A} 2014-11-01 19:09 - 2014-11-01 19:09 - 01998336 _____ () C:\Users\Yasemin\Downloads\adwcleaner_4.002 (1).exe 2014-11-01 18:56 - 2014-11-01 18:56 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Yasemin\Downloads\rkill.exe 2014-11-01 18:42 - 2014-11-01 19:12 - 00000000 ____D () C:\AdwCleaner 2014-11-01 18:38 - 2014-11-05 07:48 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-01 18:38 - 2014-11-01 18:38 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-01 18:38 - 2014-11-01 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-01 18:37 - 2014-11-01 18:38 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-11-01 18:37 - 2014-11-01 18:37 - 01998336 _____ () C:\Users\Yasemin\Downloads\adwcleaner_4.002.exe 2014-11-01 18:37 - 2014-11-01 18:37 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-01 18:37 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-11-01 18:37 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-11-01 18:37 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-11-01 18:35 - 2014-11-01 18:37 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Yasemin\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-01 18:09 - 2014-11-01 18:09 - 00612340 _____ (CMI Limited) C:\Users\Yasemin\AppData\Local\nsv3841.tmp 2014-11-01 18:02 - 2014-11-01 18:26 - 00000000 ____D () C:\ProgramData\Unchecky 2014-11-01 18:00 - 2014-11-01 18:00 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{DC665227-362B-4910-A702-B0B4DDDB4E62} 2014-11-01 17:27 - 2014-11-05 07:33 - 00000000 ____D () C:\ProgramData\e435d908-8e15-4e0c-ae35-3dc1cb10ee1e 2014-11-01 17:02 - 2014-11-01 17:02 - 00627776 _____ (CMI Limited) C:\Users\Yasemin\AppData\Local\nsaBD94.tmp 2014-11-01 15:50 - 2014-11-01 18:21 - 00000000 ___HD () C:\Users\Public\Temp 2014-11-01 15:49 - 2014-11-01 15:49 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\com 2014-10-30 10:00 - 2014-10-30 10:11 - 338479810 _____ () C:\Users\Yasemin\Downloads\Video_Korngrößenanalyse.avi 2014-10-30 10:00 - 2014-10-30 10:10 - 196485870 _____ () C:\Users\Yasemin\Downloads\Video_Probenahme.avi 2014-10-30 09:35 - 2014-10-30 09:35 - 00019384 _____ () C:\windows\system32\Drivers\SPPD.sys 2014-10-29 22:09 - 2014-10-29 22:10 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{ECCC11D8-BFDC-42A5-BF3E-9FA8F0BA3978} 2014-10-29 16:00 - 2014-10-29 16:00 - 00216045 _____ () C:\Users\Yasemin\Downloads\Civic Agriculture.pptx 2014-10-29 15:59 - 2014-10-29 15:59 - 00216045 _____ () C:\Users\Yasemin\Documents\Civic Agriculture.pptx 2014-10-29 08:21 - 2014-10-29 08:21 - 00000000 __SHD () C:\Users\Yasemin\AppData\Local\EmieUserList 2014-10-29 08:21 - 2014-10-29 08:21 - 00000000 __SHD () C:\Users\Yasemin\AppData\Local\EmieSiteList 2014-10-29 07:59 - 2014-10-29 07:59 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{A5057E4B-D961-4A78-8AE6-4173EBFBB39A} 2014-10-28 15:05 - 2014-10-28 15:05 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{46A452F7-F6DD-4E22-AC71-158DF198CC1C} 2014-10-26 18:29 - 2014-11-01 18:26 - 00010716 _____ () C:\windows\patsearch.bin 2014-10-26 18:29 - 2014-10-26 18:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf 2014-10-26 18:22 - 2014-10-26 18:22 - 00081816 _____ () C:\Users\Yasemin\Downloads\HDVidCodec.exe 2014-10-26 18:12 - 2014-10-26 18:12 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{FC73EAD5-365A-4FD1-BD1C-0C801A807B87} 2014-10-25 19:54 - 2014-10-25 19:54 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{37F12E2C-57BF-43CD-B472-140391FB281E} 2014-10-24 08:19 - 2014-10-24 08:25 - 00000000 ____D () C:\Users\Yasemin\Desktop\Gemüse Zierpflanzenbau 2014-10-24 08:13 - 2014-10-24 08:13 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{6989C24B-47A3-4CE4-8280-0D1B9443DF5F} 2014-10-23 22:01 - 2014-10-23 22:02 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{46AE8C96-BEC1-4CE4-A87C-ACD06906F81C} 2014-10-23 09:38 - 2014-10-23 09:38 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{5881D8A7-B744-4CF0-B5D8-B976AF30811C} 2014-10-22 12:11 - 2014-10-22 12:11 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{739728A3-2169-4642-801F-6D116CA938DA} 2014-10-21 11:11 - 2014-10-21 11:11 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{1C6E2562-F44F-46DD-B7B5-E2FBA4C75FB8} 2014-10-21 11:00 - 2014-10-21 11:00 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{281048AE-1B50-4EBA-8A24-52CE0E015370} 2014-10-19 07:03 - 2014-10-19 07:03 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{B16E8F8D-93E8-4C19-9E74-7073E2D456CA} 2014-10-17 13:18 - 2014-10-17 13:19 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{9401D811-A95B-46E0-8E8F-CCC1C7778097} 2014-10-17 06:32 - 2014-10-17 06:32 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{E5AC8A70-46FC-4606-9155-9BC1034D6414} 2014-10-16 14:02 - 2014-10-16 14:02 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{57E8DD28-6CCB-4C75-9E14-2C1022CB8F78} 2014-10-16 09:41 - 2014-10-10 02:44 - 00396288 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-10-16 09:41 - 2014-10-10 02:44 - 00230912 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2014-10-16 09:41 - 2014-10-10 02:39 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-10-16 09:41 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-10-16 09:41 - 2014-09-29 01:41 - 02379264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-10-16 09:41 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-10-16 09:41 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-10-16 09:41 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-10-16 09:41 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-10-16 09:41 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-10-16 09:41 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-10-16 09:41 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-10-16 09:41 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-10-16 09:41 - 2014-09-19 02:14 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-10-16 09:41 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-10-16 09:41 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-10-16 09:41 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-10-16 09:41 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-10-16 09:41 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-10-16 09:41 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-10-16 09:41 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-10-16 09:41 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-10-16 09:41 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-10-16 09:41 - 2014-09-19 01:50 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-10-16 09:41 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-10-16 09:41 - 2014-09-19 01:44 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-10-16 09:41 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-10-16 09:41 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-10-16 09:41 - 2014-09-19 01:20 - 00677888 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-10-16 09:41 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-10-16 09:41 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-10-16 09:41 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-10-16 09:41 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-10-16 09:41 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-10-16 09:41 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll 2014-10-16 09:41 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll 2014-10-16 09:41 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll 2014-10-16 09:41 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll 2014-10-16 09:40 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\windows\system32\msi.dll 2014-10-16 09:40 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\packager.dll 2014-10-16 09:40 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll 2014-10-16 09:40 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2014-10-16 09:40 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe 2014-10-16 09:40 - 2014-07-17 02:39 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll 2014-10-16 09:40 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe 2014-10-16 09:40 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll 2014-10-16 09:40 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll 2014-10-16 09:40 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2014-10-16 09:40 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2014-10-16 09:40 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys 2014-10-16 09:40 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys 2014-10-11 15:51 - 2014-10-11 15:51 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{CD4C9674-DD8B-4966-8D87-2F49EB542E0E} 2014-10-10 22:35 - 2014-10-10 22:35 - 05686784 _____ () C:\Users\Yasemin\Downloads\LA CASA TORCIDA (1).pps 2014-10-10 22:24 - 2014-10-10 22:24 - 05688832 _____ () C:\Users\Yasemin\Downloads\LA CASA TORCIDA.pps 2014-10-10 20:51 - 2014-10-10 20:51 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{3C761EB3-CD7A-4ADA-9B33-25F9BC50F4F0} 2014-10-10 08:12 - 2014-10-10 08:12 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{37316AA8-E9B1-451A-BF0D-882951DBB51C} 2014-10-08 20:18 - 2014-10-08 20:19 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{09BA593E-B989-47EC-9B8C-F73D6B6E72B8} 2014-10-08 07:47 - 2014-10-08 07:47 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{2BE1B370-8B6C-4106-87B7-FE8BFE017E1A} 2014-10-08 07:37 - 2014-10-08 07:37 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{5F0AD047-AD45-447D-A5AD-C0C721BE1766} 2014-10-07 11:28 - 2014-10-07 11:28 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{A726889F-074B-465A-A495-5D4E7B206976} 2014-10-06 16:27 - 2014-10-06 16:29 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\{A1D4DF58-D546-45FC-87D7-6B8DE764BE6C} ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-05 07:57 - 2010-10-06 22:05 - 00000000 ____D () C:\Users\Yasemin 2014-11-05 07:42 - 2011-07-03 11:37 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-05 07:39 - 2009-07-14 05:34 - 00022688 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-05 07:39 - 2009-07-14 05:34 - 00022688 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-05 07:38 - 2010-03-31 04:00 - 00449506 _____ () C:\windows\system32\PerfStringBackup.INI 2014-11-05 07:35 - 2010-05-28 01:57 - 01959458 _____ () C:\windows\WindowsUpdate.log 2014-11-05 07:32 - 2013-01-09 16:42 - 00000374 _____ () C:\windows\system32\Drivers\etc\hosts.ics 2014-11-05 07:32 - 2012-08-28 10:53 - 00000000 ___RD () C:\Users\Yasemin\Dropbox 2014-11-05 07:32 - 2012-08-28 10:51 - 00000000 ____D () C:\Users\Yasemin\AppData\Roaming\Dropbox 2014-11-05 07:32 - 2011-07-03 11:37 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-05 07:32 - 2010-10-20 22:27 - 00000000 ____D () C:\Users\Yasemin\Tracing 2014-11-05 07:32 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-11-05 07:32 - 2009-07-14 05:39 - 00188590 _____ () C:\windows\setupact.log 2014-11-05 00:33 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\NDF 2014-11-04 23:58 - 2010-11-06 17:13 - 00000000 ____D () C:\Users\Yasemin\AppData\Roaming\Skype 2014-11-04 21:07 - 2014-08-14 13:27 - 00000328 _____ () C:\windows\Tasks\HPCeeScheduleForYasemin.job 2014-11-04 12:03 - 2010-03-31 04:47 - 00285078 _____ () C:\windows\PFRO.log 2014-11-03 00:46 - 2009-07-27 09:31 - 00000000 ____D () C:\windows\Panther 2014-11-03 00:43 - 2014-10-04 15:12 - 00000000 ____D () C:\ProgramData\H3G 2014-11-03 00:43 - 2014-10-04 15:03 - 00000000 ____D () C:\ProgramData\DatacardService 2014-11-01 21:13 - 2014-05-13 18:25 - 00000000 ____D () C:\Users\Yasemin\Desktop\ToDo 2014-11-01 21:06 - 2012-07-19 10:00 - 00393728 ___SH () C:\Users\Yasemin\Downloads\Thumbs.db 2014-11-01 19:12 - 2013-12-23 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-11-01 19:11 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Globalization 2014-11-01 18:30 - 2013-03-02 16:46 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-11-01 18:30 - 2010-10-21 16:49 - 00000052 _____ () C:\windows\system32\DOErrors.log 2014-11-01 18:19 - 2009-07-14 03:04 - 00000580 _____ () C:\windows\win.ini 2014-11-01 15:50 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public 2014-10-30 12:24 - 2010-10-21 19:18 - 00229000 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2014-10-30 08:11 - 2011-12-26 13:18 - 00000000 ____D () C:\Users\Yasemin\Desktop\Neuer Ordner 2014-10-19 07:42 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\rescache 2014-10-17 13:53 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Microsoft.NET 2014-10-17 06:31 - 2009-07-14 05:33 - 00542736 _____ () C:\windows\system32\FNTCACHE.DAT 2014-10-17 06:28 - 2014-05-08 17:23 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-10-17 06:28 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\de-DE 2014-10-16 20:55 - 2010-03-31 04:25 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-07 17:21 - 2014-08-30 20:23 - 00002505 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-10-07 17:21 - 2014-08-30 20:23 - 00000000 ___RD () C:\Program Files\Skype 2014-10-07 17:21 - 2014-08-30 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-10-07 17:21 - 2010-05-28 02:09 - 00000000 ____D () C:\ProgramData\Skype Some content of TEMP: ==================== C:\Users\Yasemin\AppData\Local\Temp\08055776-560B-EC93-50DA-7884ACB85C4A.exe C:\Users\Yasemin\AppData\Local\Temp\11CB8872-6360-2BA6-0D11-5C9D4110A6BC.dll C:\Users\Yasemin\AppData\Local\Temp\11CB8872-6360-2BA6-0D11-5C9D4110A6BC.exe C:\Users\Yasemin\AppData\Local\Temp\AcDeltree.exe C:\Users\Yasemin\AppData\Local\Temp\BingBarSetup-Partner.exe C:\Users\Yasemin\AppData\Local\Temp\CWPCUNLR.dll C:\Users\Yasemin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphg4var.dll C:\Users\Yasemin\AppData\Local\Temp\DSP.dll C:\Users\Yasemin\AppData\Local\Temp\Extract.exe C:\Users\Yasemin\AppData\Local\Temp\FileSystemView.dll C:\Users\Yasemin\AppData\Local\Temp\FNP_ACT_InstallerCA.dll C:\Users\Yasemin\AppData\Local\Temp\GLF28F4.tmp.ConduitEngineSetup.exe C:\Users\Yasemin\AppData\Local\Temp\GLF28F4.tmp.tbDVDV.dll C:\Users\Yasemin\AppData\Local\Temp\GLFBF61.tmp.ConduitEngineSetup.exe C:\Users\Yasemin\AppData\Local\Temp\HPHelpUpdater.exe C:\Users\Yasemin\AppData\Local\Temp\HPQSi.exe C:\Users\Yasemin\AppData\Local\Temp\ICSW_0L1L2X1P.exe C:\Users\Yasemin\AppData\Local\Temp\mfcm80.dll C:\Users\Yasemin\AppData\Local\Temp\mfcm80u.dll C:\Users\Yasemin\AppData\Local\Temp\MSNEE94.exe C:\Users\Yasemin\AppData\Local\Temp\msvcm80.dll C:\Users\Yasemin\AppData\Local\Temp\ose00000.exe C:\Users\Yasemin\AppData\Local\Temp\ose00002.exe C:\Users\Yasemin\AppData\Local\Temp\OSU.exe C:\Users\Yasemin\AppData\Local\Temp\pdfiutil.exe C:\Users\Yasemin\AppData\Local\Temp\prxGLF28F4.tmp.tbDVDV.dll C:\Users\Yasemin\AppData\Local\Temp\prxGLFBF61.tmp.tbDVDV.dll C:\Users\Yasemin\AppData\Local\Temp\Quarantine.exe C:\Users\Yasemin\AppData\Local\Temp\Resource.exe C:\Users\Yasemin\AppData\Local\Temp\SkypeSetup.exe C:\Users\Yasemin\AppData\Local\Temp\SP49029.exe C:\Users\Yasemin\AppData\Local\Temp\SP51129.exe C:\Users\Yasemin\AppData\Local\Temp\SP51765.exe C:\Users\Yasemin\AppData\Local\Temp\SP52407.exe C:\Users\Yasemin\AppData\Local\Temp\sp54620.exe C:\Users\Yasemin\AppData\Local\Temp\sp58915.exe C:\Users\Yasemin\AppData\Local\Temp\sqdkrvym.dll C:\Users\Yasemin\AppData\Local\Temp\sqlite3.dll C:\Users\Yasemin\AppData\Local\Temp\tbDVDV.dll C:\Users\Yasemin\AppData\Local\Temp\tbFree.dll C:\Users\Yasemin\AppData\Local\Temp\UninstallHPSA.exe C:\Users\Yasemin\AppData\Local\Temp\UninstallHPTCA.exe C:\Users\Yasemin\AppData\Local\Temp\WtgDriverInstallX.dll C:\Users\Yasemin\AppData\Local\Temp\WTGXMLUtil.dll C:\Users\Yasemin\AppData\Local\Temp\~convert5582160642845438257.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-29 14:10 ==================== End Of Log ============================ |
|
05.11.2014, 13:53
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: es öffnet ständig Werbefenster, Webseiten werden auf Werbung umgeleitet, Wörter sind z.T unterstrichen. hi,
__________________Scan mit Combofix
__________________ |
|
05.11.2014, 23:45
| #3 |
| | Windows 7: es öffnet ständig Werbefenster, Webseiten werden auf Werbung umgeleitet, Wörter sind z.T unterstrichen. dANKE DIR
__________________Code:
ATTFilter ComboFix 14-10-29.01 - Yasemin 05.11.2014 23:01:33.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.3000.1493 [GMT 1:00]
ausgeführt von:: c:\users\Yasemin\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1ACCC4CDC6.sys
c:\programdata\lx__Dashboard.log
c:\programdata\SPLC66B.tmp
C:\Thumbs.db
c:\users\Yasemin\4.0
c:\users\Yasemin\AppData\Local\nsaBD94.tmp
c:\users\Yasemin\AppData\Local\nsv3841.tmp
c:\windows\patsearch.bin
c:\windows\security\logs\scecomp.log
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-10-05 bis 2014-11-05 ))))))))))))))))))))))))))))))
.
.
2014-11-05 22:11 . 2014-11-05 22:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-05 07:01 . 2014-11-05 07:06 -------- d-----w- C:\FRST
2014-11-01 17:42 . 2014-11-01 18:12 -------- d-----w- C:\AdwCleaner
2014-11-01 17:37 . 2014-11-01 17:37 -------- d-----w- c:\programdata\Malwarebytes
2014-11-01 17:02 . 2014-11-01 17:26 -------- d-----w- c:\programdata\Unchecky
2014-11-01 16:27 . 2014-11-05 21:45 -------- d-----w- c:\programdata\e435d908-8e15-4e0c-ae35-3dc1cb10ee1e
2014-11-01 14:50 . 2014-11-01 17:21 -------- d--h--w- c:\users\Public\Temp
2014-11-01 14:49 . 2014-11-01 14:49 -------- d-----w- c:\users\Yasemin\AppData\Local\com
2014-11-01 14:47 . 2014-11-01 14:47 -------- d-----w- c:\users\Yasemin\AppData\Local\Programs
2014-10-30 08:35 . 2014-10-30 08:35 19384 ----a-w- c:\windows\system32\drivers\SPPD.sys
2014-10-29 07:21 . 2014-10-29 07:21 -------- d-sh--w- c:\users\Yasemin\AppData\Local\EmieUserList
2014-10-29 07:21 . 2014-10-29 07:21 -------- d-sh--w- c:\users\Yasemin\AppData\Local\EmieSiteList
2014-10-16 08:40 . 2014-07-17 01:39 3221504 ----a-w- c:\windows\system32\mstscax.dll
2014-10-16 08:40 . 2014-07-17 01:39 1051136 ----a-w- c:\windows\system32\mstsc.exe
2014-10-16 08:40 . 2014-07-17 01:40 157696 ----a-w- c:\windows\system32\winsta.dll
2014-10-16 08:40 . 2014-07-17 01:39 523264 ----a-w- c:\windows\system32\termsrv.dll
2014-10-16 08:40 . 2014-07-17 01:39 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-10-16 08:40 . 2014-07-17 01:39 130048 ----a-w- c:\windows\system32\rdpcorekmts.dll
2014-10-16 08:40 . 2014-07-17 01:39 131584 ----a-w- c:\windows\system32\aaclient.dll
2014-10-16 08:40 . 2014-07-17 01:39 304128 ----a-w- c:\windows\system32\winlogon.exe
2014-10-16 08:40 . 2014-07-17 01:03 184320 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-10-16 08:40 . 2014-07-17 01:39 17408 ----a-w- c:\windows\system32\credssp.dll
2014-10-16 08:40 . 2014-07-17 01:02 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-10-16 08:40 . 2014-09-18 01:32 2363904 ----a-w- c:\windows\system32\msi.dll
2014-10-16 08:40 . 2014-09-13 01:40 67072 ----a-w- c:\windows\system32\packager.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-30 11:24 . 2010-10-21 18:18 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-09-25 01:40 . 2014-10-04 14:17 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-09 21:47 . 2014-10-04 14:16 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-29 16:33 . 2012-06-25 17:53 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 01:46 . 2014-08-28 18:18 305152 ----a-w- c:\windows\system32\gdi32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Yasemin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Yasemin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Yasemin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"Akamai NetSession Interface"="c:\users\Yasemin\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-01-28 256056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-22 1684776]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-12 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-12 166936]
"PDFHook"="c:\program files\Nuance\PDF Professional 6\pdfpro6hook.exe" [2009-11-13 1277952]
"PDF6 Registry Controller"="c:\program files\Nuance\PDF Professional 6\RegistryController.exe" [2009-11-03 110880]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2012-03-31 495708]
"Nuance PDF Reader-reminder"="c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe" [2010-07-05 333088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-10-21 21720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-21 280576]
.
c:\users\Yasemin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Yasemin\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\E:\0autocheck autochk *
.
R2 MaintainerSvc1.05.7044970;MaintainerSvc1.05.7044970;c:\programdata\e435d908-8e15-4e0c-ae35-3dc1cb10ee1e\maintainer.exe [2014-11-05 123632]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe [2014-04-07 230240]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 30312]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 29472]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-09-19 108032]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [x]
R3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\DRIVERS\OlyCamComm.sys [2009-09-14 21648]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-21 1343400]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2012-03-31 81920]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-01-28 265272]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [2009-11-03 134944]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 122880]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-01-20 996896]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [2012-04-01 00:38 78848]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - NisDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-28 20:59 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-03 14:37]
.
2014-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-03 14:37]
.
2014-11-04 c:\windows\Tasks\HPCeeScheduleForYasemin.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = www.google.com
uInternet Settings,ProxyOverride = <-loopback>;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:53171;https=127.0.0.1:53171
IE: An vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Linkinhalt an vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Mit Nuance PDF Converter 6.0 öffnen - c:\program files\Nuance\PDF Professional 6\cnvres_ger.dll /100
IE: Mit PDF Professional 6 öffnen - c:\program files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: PDF-Datei aus Linkinhalt erstellen - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Datei erstellen - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Dateien aus den ausgewählten Links erstellen - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{45E701E5-882B-4E68-8DD9-5EE480C2D7AC}: NameServer = 192.168.1.20
TCP: Interfaces\{6C9216B0-B258-44CB-B803-DEAF94FD53C4}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{6C9216B0-B258-44CB-B803-DEAF94FD53C4}\24F4B455D2055726C69636D2546756E647: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{6C9216B0-B258-44CB-B803-DEAF94FD53C4}\64259445A51224F68702733333030235C4: NameServer = 8.8.4.4
TCP: Interfaces\{6C9216B0-B258-44CB-B803-DEAF94FD53C4}\86F6368626564747368656E6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{6C9216B0-B258-44CB-B803-DEAF94FD53C4}\D6961657D6961657: NameServer = 8.8.8.8,8.8.4.4
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
WebBrowser-{7E111A5C-3D11-4F56-9463-5310C3C69025} - (no file)
HKCU-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
HKLM-Run-Lexmark X1100 Series - c:\program files\Lexmark X1100 Series\lxbkbmgr.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-11-05 23:13:51
ComboFix-quarantined-files.txt 2014-11-05 22:13
.
Vor Suchlauf: 20 Verzeichnis(se), 51.289.903.104 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 54.371.704.832 Bytes frei
.
- - End Of File - - BFB6C298D1E137351EA7FBF78E8B6868
5C616939100B85E558DA92B899A0FC36
|
|
06.11.2014, 14:47
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: es öffnet ständig Werbefenster, Webseiten werden auf Werbung umgeleitet, Wörter sind z.T unterstrichen. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.11.2014, 17:12
| #5 |
| | Windows 7: es öffnet ständig Werbefenster, Webseiten werden auf Werbung umgeleitet, Wörter sind z.T unterstrichen. habe die mbam, frst und JRT Dateien im Anhang, da sie zu groß waren lg Code:
ATTFilter # AdwCleaner v4.002 - Bericht erstellt am 06/11/2014 um 16:10:59
# DB v2014-11-02.1
# Aktualisiert 27/10/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Yasemin - 1907FB
# Gestartet von : C:\Users\Yasemin\Downloads\AdwCleaner_4.002 (2).exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
Datei Gelöscht : C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
***** [ Browser ] *****
-\\ Internet Explorer v0.0.0.0
-\\ Google Chrome v38.0.2125.111
*************************
AdwCleaner[R0].txt - [11318 octets] - [01/11/2014 19:10:19]
AdwCleaner[R1].txt - [1597 octets] - [06/11/2014 15:55:55]
AdwCleaner[S0].txt - [11458 octets] - [01/11/2014 19:12:22]
AdwCleaner[S1].txt - [1510 octets] - [06/11/2014 16:10:59]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1570 octets] ##########
|
|
07.11.2014, 08:48
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7: es öffnet ständig Werbefenster, Webseiten werden auf Werbung umgeleitet, Wörter sind z.T unterstrichen. Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Windows 7: es öffnet ständig Werbefenster, Webseiten werden auf Werbung umgeleitet, Wörter sind z.T unterstrichen. |
|
09.11.2014, 22:21
| #7 |
| | Windows 7: es öffnet ständig Werbefenster, Webseiten werden auf Werbung umgeleitet, Wörter sind z.T unterstrichen.Code:
ATTFilter Results of screen317's Security Check version 0.99.89 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java(TM) 6 Update 20 Java version out of Date! Google Chrome 37.0.2062.124 Google Chrome 38.0.2125.111 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d10f8de47959c14dacf68cddbf13a30e
# engine=21005
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-09 06:32:41
# local_time=2014-11-09 07:32:41 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 218371 167189152 0 0
# scanned=331654
# found=21
# cleaned=0
# scan_time=7896
sh=1E2DCB2D17CF02D751C2A0D570B9750972D16C2A ft=1 fh=ff656fe8aeb340ad vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yasemin\AppData\Local\Temp\OCS\ocs_v6g.exe.vir"
sh=B58D5AA8A12DDB74DDE97C9541B2242941BA4E3B ft=1 fh=77045453f77bcb91 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Yasemin\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\b441594ae6e3615fc17be3c3dd0973fd\freeware_Toolbar_setup.exe.vir"
sh=355EF3DF30DB2A249AB12BA8939C6E1CC9DE9078 ft=1 fh=36dbadd70f91bf18 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\system32\roboot.exe.vir"
sh=5677DDD2FF68671496B81CE2B16A1C1D6828A10D ft=1 fh=f0df70336cda98f7 vn="Variante von Win32/Adware.AddLyrics.CS Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\system32\drivers\webinstrNew.sys.vir"
sh=E9C624410F2F0B4E1494E69B2A79CEB748B5E45B ft=1 fh=0b11845634e2e7b8 vn="Win32/BrowseFox.V evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\e435d908-8e15-4e0c-ae35-3dc1cb10ee1e\maintainer.bak"
sh=E9C624410F2F0B4E1494E69B2A79CEB748B5E45B ft=1 fh=0b11845634e2e7b8 vn="Win32/BrowseFox.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\e435d908-8e15-4e0c-ae35-3dc1cb10ee1e\maintainer.bak"
sh=2C20F5E04C0B6084BA470B1CC99F70E1FDCE7362 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlbonldcgbaeiljcefjhaofjcpdnmhoc\1.0.1_0\background.js"
sh=5EB48ADBD91133EDBBA14F2321362C669367666F ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlbonldcgbaeiljcefjhaofjcpdnmhoc\1.0.1_0\content.js"
sh=77AF6A9051D7A9688CA9D7981F6BAD6A4FB482B6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjmhjjohhiehaoljianalpmfcceojaff\16783.9890.9714_0\extensionData\plugins\91.js"
sh=D61802E338AD3A688BA7A26B7CBE33619A52AFB3 ft=1 fh=12464c6ac3f87084 vn="Variante von Win32/Adware.ConvertAd.E Anwendung" ac=I fn="C:\Users\Yasemin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BZ3L10R\ConvertAdSetup[1].exe"
sh=C578F99C5A935B4EB11AE6704C7EB57E8B33AC24 ft=1 fh=ee1e04a3b0ca8ca0 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Yasemin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BZ3L10R\Setup[1].exe"
sh=0A12774E4D19A9867069C8D3CD3E380D7CB2F59C ft=1 fh=c950eacd9b1cc265 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Yasemin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BZ3L10R\WajamChecker[1].exe"
sh=CBE2078498AD3DD590226B685F6F77260604426A ft=1 fh=6be7e480a097a1d8 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Yasemin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYY9U5Q3\BlockAndSurf_2222-5510[1].exe"
sh=92FD6ED6960F55B84A467B4E512D5450A8591085 ft=1 fh=bb94196b00039046 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Yasemin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KYY9U5Q3\Setup[2].exe"
sh=4F58D143BCFCEA14AF5DCDF1DDEFD61D30976858 ft=1 fh=3c7876362ced579f vn="Win32/InstallMonetizer.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Yasemin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PSYAR0F8\20141101138907[1].exe"
sh=F2F1BFF4AF607BF08AAA12F92F8A70A8016DEF86 ft=1 fh=25b7de66b0ca8ca0 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Yasemin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PSYAR0F8\Setup[1].exe"
sh=CBF94750D9889304B7C1FDD49D74342B4C1D203B ft=1 fh=d292994704b3b77c vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Yasemin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PSYAR0F8\setup_mbot_de[1].exe"
sh=917CC7803B3B9507E8617EA40B1B8E752E89354E ft=1 fh=9688fbb33ead9a4a vn="Variante von Win32/BrowseFox.O evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Yasemin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PSYAR0F8\surfslide[1].dll"
sh=F272FC0C03251D83A16C9241D10095DD1BFF2906 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Yasemin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\27a4dcdd-66cf82de"
sh=EA5511C52CC65C6D2AF8082979068E5058CE4BDC ft=1 fh=6b535597e13dacda vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Yasemin\Downloads\Programme\FreeYouTubeDownload.exe"
sh=250AD920C538EBAC63102E368FB642EE33AD0593 ft=1 fh=8e020e8f8829bf65 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Yasemin\Downloads\Programme\FreeYouTubeToMP3Converter.exe"
ESETSmartInstaller@High as downloader log:
all ok
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2014 01 Ran by Yasemin (administrator) on 1907FB on 09-11-2014 22:12:43 Running from C:\Users\Yasemin\Downloads Loaded Profile: Yasemin (Available profiles: Yasemin) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe () C:\ProgramData\MobileBrServ\mbbService.exe (Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 6\PdfPro6Hook.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Akamai Technologies, Inc.) C:\Users\Yasemin\AppData\Local\Akamai\netsession_win.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Dropbox, Inc.) C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Akamai Technologies, Inc.) C:\Users\Yasemin\AppData\Local\Akamai\netsession_win.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe () C:\Users\Yasemin\Downloads\SecurityCheck.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [QLBController] => C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-01-28] (Hewlett-Packard Company) HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1684776 2010-01-22] (Synaptics Incorporated) HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard) HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Professional 6\pdfpro6hook.exe [1277952 2009-11-13] (Nuance Communications, Inc.) HKLM\...\Run: [PDF6 Registry Controller] => C:\Program Files\Nuance\PDF Professional 6\RegistryController.exe [110880 2009-11-03] (Nuance Communications, Inc.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2012-03-31] (IDT, Inc.) HKLM\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files\Nuance\PDF Reader\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.) HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard) HKU\S-1-5-21-775044091-3129311835-2082847881-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-775044091-3129311835-2082847881-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Yasemin\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2013-03-21] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\Yasemin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [Symbol-Overlay-Steuerprogramm für AutoCAD Digitale Signaturen] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll (Autodesk, Inc.) BootExecute: autocheck autochk /r \??\E:autocheck autochk * GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: http=127.0.0.1:53171;https=127.0.0.1:53171 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-775044091-3129311835-2082847881-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/result.htm?q={searchTerms}&SearchMashine=true SearchScopes: HKCU - {276EF2C9-813B-4791-96B6-171F89DF6552} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie SearchScopes: HKCU - {7D82C5DC-2488-4168-BC1B-DCC0DFB292C3} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {A48B372B-AA81-4EA7-A412-41869B2F8DAC} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7NDKB_deAT530 SearchScopes: HKCU - {F5673F48-9211-493D-BE3F-B48D9BA90E7F} URL = hxxp://go.gmx.at/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {FE6AECCA-1DF5-4C90-B3BD-3FFF08707767} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll (Zeon Corporation) BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll No File BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u20-windows-i586.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 Tcpip\..\Interfaces\{45E701E5-882B-4E68-8DD9-5EE480C2D7AC}: [NameServer] 192.168.1.20 Tcpip\..\Interfaces\{6C9216B0-B258-44CB-B803-DEAF94FD53C4}: [NameServer] 8.8.8.8,8.8.4.4 FireFox: ======== FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: ZEON/PDF,version=2.0 -> C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.at/ CHR DefaultSearchKeyword: Default -> ecosia.org CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-23] CHR Extension: (Google Drive) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-23] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07] CHR Extension: (YouTube) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-23] CHR Extension: (bnhdeincpllgeldajmlncemfloafomon) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnhdeincpllgeldajmlncemfloafomon [2014-11-01] CHR Extension: (Adblock Plus) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-23] CHR Extension: (Ecosia - Die Suchmaschine, die Bäume pflanzt) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\clellnciejhoedgepbdilbkdkaoecgpc [2014-05-07] CHR Extension: (Google-Suche) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-23] CHR Extension: (Krab Web) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlbonldcgbaeiljcefjhaofjcpdnmhoc [2014-11-01] CHR Extension: (TheHDvid-Codec V10) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjmhjjohhiehaoljianalpmfcceojaff [2014-11-01] CHR Extension: (Google Wallet) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-23] CHR Extension: (Google Mail) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-23] CHR HKLM\...\Chrome\Extension: [nlafpokblfobdnjhhggocaanijghemnd] - C:\Users\Yasemin\AppData\Local\CRE\nlafpokblfobdnjhhggocaanijghemnd.crx [2012-07-05] CHR StartMenuInternet: Google Chrome - chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 HP Support Assistant Service; C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed] R2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [265272 2010-01-28] (Hewlett-Packard Company) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [230240 2014-04-07] () R2 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [134944 2009-11-03] (Nuance Communications, Inc.) R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [254034 2012-03-31] (IDT, Inc.) S2 SeaPort; "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-09] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation) S3 OlyCamComm; C:\windows\System32\DRIVERS\OlyCamComm.sys [21648 2009-09-14] (OLYMPUS IMAGING CORP.) R3 rtsuvc; C:\windows\System32\DRIVERS\rtsuvc.sys [78848 2012-04-01] (Realtek Semiconductor Corp.) U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\Yasemin\AppData\Local\Temp\catchme.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-09 22:12 - 2014-11-09 22:12 - 00000000 ____D () C:\Users\Yasemin\Downloads\FRST-OlderVersion 2014-11-09 20:32 - 2014-11-09 20:33 - 00854448 _____ () C:\Users\Yasemin\Downloads\SecurityCheck.exe 2014-11-09 17:15 - 2014-11-09 17:15 - 02347384 _____ (ESET) C:\Users\Yasemin\Downloads\esetsmartinstaller_deu.exe 2014-11-09 17:15 - 2014-11-09 17:15 - 00000000 ____D () C:\Program Files\ESET 2014-11-06 17:16 - 2014-11-06 17:16 - 00001650 _____ () C:\Users\Yasemin\Desktop\AdwCleaner[S1].txt 2014-11-06 16:54 - 2014-11-06 16:54 - 00042260 _____ () C:\Users\Yasemin\Desktop\TrojBrd.zip 2014-11-06 16:52 - 2014-11-06 16:52 - 00041978 _____ () C:\Users\Yasemin\Desktop\trj.zip 2014-11-06 16:49 - 2014-11-06 16:49 - 00035729 _____ () C:\Users\Yasemin\Desktop\FRST(2).txt 2014-11-06 16:20 - 2014-11-06 17:16 - 00147610 _____ () C:\Users\Yasemin\Desktop\JRT.txt 2014-11-06 16:17 - 2014-11-06 16:17 - 00000000 ____D () C:\windows\ERUNT 2014-11-06 16:16 - 2014-11-06 16:16 - 01706939 _____ (Thisisu) C:\Users\Yasemin\Downloads\JRT.exe 2014-11-06 15:53 - 2014-11-06 15:53 - 01998336 _____ () C:\Users\Yasemin\Downloads\AdwCleaner_4.002 (2).exe 2014-11-06 15:53 - 2014-11-06 15:53 - 00002435 _____ () C:\Users\Yasemin\Desktop\mbam.txt 2014-11-06 15:30 - 2014-11-09 21:31 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-06 15:30 - 2014-11-06 15:30 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-06 15:30 - 2014-11-06 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-06 15:29 - 2014-11-06 15:30 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-11-06 15:29 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-11-06 15:29 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-11-06 15:29 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-11-06 15:27 - 2014-11-06 15:29 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Yasemin\Downloads\mbam-setup-2.0.3.1025 (1).exe 2014-11-06 07:58 - 2014-11-07 07:43 - 00000374 _____ () C:\windows\system32\Drivers\etc\hosts.ics 2014-11-05 23:13 - 2014-11-05 23:13 - 00016240 _____ () C:\ComboFix.txt 2014-11-05 22:58 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe 2014-11-05 22:58 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe 2014-11-05 22:58 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2014-11-05 22:58 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2014-11-05 22:58 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2014-11-05 22:58 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe 2014-11-05 22:58 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe 2014-11-05 22:58 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe 2014-11-05 14:39 - 2014-11-05 14:39 - 00217743 _____ () C:\Users\Yasemin\Desktop\Civic Agriculture (1).pptx 2014-11-05 14:33 - 2014-11-05 23:13 - 00000000 ____D () C:\Qoobox 2014-11-05 14:31 - 2014-11-05 23:12 - 00000000 ____D () C:\windows\erdnt 2014-11-05 14:27 - 2014-11-05 22:53 - 05591672 ____R (Swearware) C:\Users\Yasemin\Downloads\ComboFix.exe 2014-11-05 13:15 - 2014-11-05 14:39 - 00217743 _____ () C:\Users\Yasemin\Downloads\Civic Agriculture (1).pptx 2014-11-05 08:11 - 2014-11-05 08:11 - 00380416 _____ () C:\Users\Yasemin\Downloads\Gmer-19357.exe 2014-11-05 08:10 - 2014-11-05 08:10 - 00043087 _____ () C:\Users\Yasemin\Desktop\FRST.txt 2014-11-05 08:04 - 2014-11-05 08:06 - 00035032 _____ () C:\Users\Yasemin\Downloads\Addition.txt 2014-11-05 08:01 - 2014-11-09 22:13 - 00018077 _____ () C:\Users\Yasemin\Downloads\FRST.txt 2014-11-05 08:01 - 2014-11-09 22:12 - 00000000 ____D () C:\FRST 2014-11-05 08:00 - 2014-11-09 22:12 - 01107968 _____ (Farbar) C:\Users\Yasemin\Downloads\FRST.exe 2014-11-05 07:57 - 2014-11-05 07:57 - 00000000 _____ () C:\Users\Yasemin\defogger_reenable 2014-11-05 07:56 - 2014-11-05 07:56 - 00050477 _____ () C:\Users\Yasemin\Downloads\Defogger.exe 2014-11-01 19:09 - 2014-11-01 19:09 - 01998336 _____ () C:\Users\Yasemin\Downloads\adwcleaner_4.002 (1).exe 2014-11-01 18:56 - 2014-11-01 18:56 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Yasemin\Downloads\rkill.exe 2014-11-01 18:42 - 2014-11-06 16:10 - 00000000 ____D () C:\AdwCleaner 2014-11-01 18:37 - 2014-11-01 18:37 - 01998336 _____ () C:\Users\Yasemin\Downloads\adwcleaner_4.002.exe 2014-11-01 18:37 - 2014-11-01 18:37 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-01 18:35 - 2014-11-01 18:37 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Yasemin\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-01 18:02 - 2014-11-01 18:26 - 00000000 ____D () C:\ProgramData\Unchecky 2014-11-01 17:27 - 2014-11-06 15:46 - 00000000 ____D () C:\ProgramData\e435d908-8e15-4e0c-ae35-3dc1cb10ee1e 2014-11-01 15:50 - 2014-11-01 18:21 - 00000000 ___HD () C:\Users\Public\Temp 2014-11-01 15:49 - 2014-11-01 15:49 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\com 2014-10-30 10:00 - 2014-10-30 10:11 - 338479810 _____ () C:\Users\Yasemin\Downloads\Video_Korngrößenanalyse.avi 2014-10-30 10:00 - 2014-10-30 10:10 - 196485870 _____ () C:\Users\Yasemin\Downloads\Video_Probenahme.avi 2014-10-30 09:35 - 2014-10-30 09:35 - 00019384 _____ () C:\windows\system32\Drivers\SPPD.sys 2014-10-29 16:00 - 2014-10-29 16:00 - 00216045 _____ () C:\Users\Yasemin\Downloads\Civic Agriculture.pptx 2014-10-29 15:59 - 2014-10-29 15:59 - 00216045 _____ () C:\Users\Yasemin\Documents\Civic Agriculture.pptx 2014-10-29 08:21 - 2014-10-29 08:21 - 00000000 __SHD () C:\Users\Yasemin\AppData\Local\EmieUserList 2014-10-29 08:21 - 2014-10-29 08:21 - 00000000 __SHD () C:\Users\Yasemin\AppData\Local\EmieSiteList 2014-10-26 18:29 - 2014-10-26 18:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf 2014-10-26 18:22 - 2014-10-26 18:22 - 00081816 _____ () C:\Users\Yasemin\Downloads\HDVidCodec.exe 2014-10-24 08:19 - 2014-10-24 08:25 - 00000000 ____D () C:\Users\Yasemin\Desktop\Gemüse Zierpflanzenbau 2014-10-16 09:41 - 2014-10-10 02:44 - 00396288 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-10-16 09:41 - 2014-10-10 02:44 - 00230912 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2014-10-16 09:41 - 2014-10-10 02:39 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-10-16 09:41 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-10-16 09:41 - 2014-09-29 01:41 - 02379264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-10-16 09:41 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-10-16 09:41 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-10-16 09:41 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-10-16 09:41 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-10-16 09:41 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-10-16 09:41 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-10-16 09:41 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-10-16 09:41 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-10-16 09:41 - 2014-09-19 02:14 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-10-16 09:41 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-10-16 09:41 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-10-16 09:41 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-10-16 09:41 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-10-16 09:41 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-10-16 09:41 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-10-16 09:41 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-10-16 09:41 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-10-16 09:41 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-10-16 09:41 - 2014-09-19 01:50 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-10-16 09:41 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-10-16 09:41 - 2014-09-19 01:44 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-10-16 09:41 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-10-16 09:41 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-10-16 09:41 - 2014-09-19 01:20 - 00677888 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-10-16 09:41 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-10-16 09:41 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-10-16 09:41 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-10-16 09:41 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-10-16 09:41 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-10-16 09:41 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll 2014-10-16 09:41 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll 2014-10-16 09:41 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll 2014-10-16 09:41 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll 2014-10-16 09:40 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\windows\system32\msi.dll 2014-10-16 09:40 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\packager.dll 2014-10-16 09:40 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll 2014-10-16 09:40 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2014-10-16 09:40 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe 2014-10-16 09:40 - 2014-07-17 02:39 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll 2014-10-16 09:40 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe 2014-10-16 09:40 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll 2014-10-16 09:40 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll 2014-10-16 09:40 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2014-10-16 09:40 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2014-10-16 09:40 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys 2014-10-16 09:40 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys 2014-10-10 22:35 - 2014-10-10 22:35 - 05686784 _____ () C:\Users\Yasemin\Downloads\LA CASA TORCIDA (1).pps 2014-10-10 22:24 - 2014-10-10 22:24 - 05688832 _____ () C:\Users\Yasemin\Downloads\LA CASA TORCIDA.pps ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-09 21:55 - 2010-11-06 17:13 - 00000000 ____D () C:\Users\Yasemin\AppData\Roaming\Skype 2014-11-09 21:42 - 2011-07-03 11:37 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-09 20:01 - 2010-05-28 01:57 - 01102909 _____ () C:\windows\WindowsUpdate.log 2014-11-09 17:32 - 2010-10-21 16:49 - 00000052 _____ () C:\windows\system32\DOErrors.log 2014-11-09 17:31 - 2013-03-02 16:46 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-11-09 17:12 - 2011-07-03 11:37 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-09 16:57 - 2014-08-14 13:27 - 00000328 _____ () C:\windows\Tasks\HPCeeScheduleForYasemin.job 2014-11-07 07:50 - 2009-07-14 05:34 - 00022688 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-07 07:50 - 2009-07-14 05:34 - 00022688 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-07 07:47 - 2012-08-28 10:53 - 00000000 ___RD () C:\Users\Yasemin\Dropbox 2014-11-07 07:47 - 2012-08-28 10:51 - 00000000 ____D () C:\Users\Yasemin\AppData\Roaming\Dropbox 2014-11-07 07:47 - 2010-03-31 04:00 - 00449506 _____ () C:\windows\system32\PerfStringBackup.INI 2014-11-07 07:42 - 2010-10-06 22:08 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-11-07 07:42 - 2010-03-31 04:47 - 00293190 _____ () C:\windows\PFRO.log 2014-11-07 07:42 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-11-07 07:42 - 2009-07-14 05:39 - 00188982 _____ () C:\windows\setupact.log 2014-11-07 07:42 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Speech 2014-11-07 01:28 - 2010-05-28 02:09 - 00000000 ____D () C:\ProgramData\Skype 2014-11-06 12:35 - 2010-03-31 04:25 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-05 23:13 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default 2014-11-05 23:13 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public 2014-11-05 23:11 - 2009-07-14 03:04 - 00000215 _____ () C:\windows\system.ini 2014-11-05 23:10 - 2010-10-06 22:05 - 00000000 ____D () C:\Users\Yasemin 2014-11-05 22:57 - 2011-01-29 18:19 - 00001912 _____ () C:\windows\epplauncher.mif 2014-11-05 22:33 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\NDF 2014-11-05 22:14 - 2010-10-20 22:27 - 00000000 ____D () C:\Users\Yasemin\Tracing 2014-11-03 00:46 - 2009-07-27 09:31 - 00000000 ____D () C:\windows\Panther 2014-11-03 00:43 - 2014-10-04 15:12 - 00000000 ____D () C:\ProgramData\H3G 2014-11-03 00:43 - 2014-10-04 15:03 - 00000000 ____D () C:\ProgramData\DatacardService 2014-11-01 21:13 - 2014-05-13 18:25 - 00000000 ____D () C:\Users\Yasemin\Desktop\ToDo 2014-11-01 21:06 - 2012-07-19 10:00 - 00393728 ___SH () C:\Users\Yasemin\Downloads\Thumbs.db 2014-11-01 19:12 - 2013-12-23 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-11-01 19:11 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Globalization 2014-11-01 18:19 - 2009-07-14 03:04 - 00000580 _____ () C:\windows\win.ini 2014-10-30 08:11 - 2011-12-26 13:18 - 00000000 ____D () C:\Users\Yasemin\Desktop\Neuer Ordner 2014-10-28 05:35 - 2010-10-21 19:18 - 00229000 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2014-10-19 07:42 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\rescache 2014-10-17 13:53 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Microsoft.NET 2014-10-17 06:31 - 2009-07-14 05:33 - 00542736 _____ () C:\windows\system32\FNTCACHE.DAT 2014-10-17 06:28 - 2014-05-08 17:23 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-10-17 06:28 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\de-DE Some content of TEMP: ==================== C:\Users\Yasemin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgs6smm.dll C:\Users\Yasemin\AppData\Local\Temp\Quarantine.exe C:\Users\Yasemin\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-05 23:31 ==================== End Of Log ============================ |
|
10.11.2014, 16:48
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7: es öffnet ständig Werbefenster, Webseiten werden auf Werbung umgeleitet, Wörter sind z.T unterstrichen. Java updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: http=127.0.0.1:53171;https=127.0.0.1:53171
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-775044091-3129311835-2082847881-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.11.2014, 16:46
| #9 |
| | Windows 7: es öffnet ständig Werbefenster, Webseiten werden auf Werbung umgeleitet, Wörter sind z.T unterstrichen.Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-11-2014 01
Ran by Yasemin at 2014-11-11 16:36:17 Run:1
Running from C:\Users\Yasemin\Downloads
Loaded Profile: Yasemin (Available profiles: Yasemin)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: http=127.0.0.1:53171;https=127.0.0.1:53171
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-775044091-3129311835-2082847881-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Emptytemp:
*****************
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-775044091-3129311835-2082847881-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
EmptyTemp: => Removed 1.6 GB temporary data.
The system needed a reboot.
==== End of Fixlog ====
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2014 01 Ran by Yasemin (administrator) on 1907FB on 11-11-2014 16:43:05 Running from C:\Users\Yasemin\Downloads Loaded Profile: Yasemin (Available profiles: Yasemin) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe () C:\ProgramData\MobileBrServ\mbbService.exe (Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 6\PdfPro6Hook.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Akamai Technologies, Inc.) C:\Users\Yasemin\AppData\Local\Akamai\netsession_win.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Dropbox, Inc.) C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Akamai Technologies, Inc.) C:\Users\Yasemin\AppData\Local\Akamai\netsession_win.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPAsset\HPAsset.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [QLBController] => C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-01-28] (Hewlett-Packard Company) HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1684776 2010-01-22] (Synaptics Incorporated) HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard) HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Professional 6\pdfpro6hook.exe [1277952 2009-11-13] (Nuance Communications, Inc.) HKLM\...\Run: [PDF6 Registry Controller] => C:\Program Files\Nuance\PDF Professional 6\RegistryController.exe [110880 2009-11-03] (Nuance Communications, Inc.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2012-03-31] (IDT, Inc.) HKLM\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files\Nuance\PDF Reader\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard) HKU\S-1-5-21-775044091-3129311835-2082847881-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-775044091-3129311835-2082847881-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Yasemin\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2013-03-21] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\Yasemin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Yasemin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [Symbol-Overlay-Steuerprogramm für AutoCAD Digitale Signaturen] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll (Autodesk, Inc.) BootExecute: autocheck autochk /r \??\E:autocheck autochk * ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com SearchScopes: HKCU - Plasmoo URL = hxxp://plasmoo.com/result.htm?q={searchTerms}&SearchMashine=true SearchScopes: HKCU - {276EF2C9-813B-4791-96B6-171F89DF6552} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie SearchScopes: HKCU - {7D82C5DC-2488-4168-BC1B-DCC0DFB292C3} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {A48B372B-AA81-4EA7-A412-41869B2F8DAC} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7NDKB_deAT530 SearchScopes: HKCU - {F5673F48-9211-493D-BE3F-B48D9BA90E7F} URL = hxxp://go.gmx.at/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKCU - {FE6AECCA-1DF5-4C90-B3BD-3FFF08707767} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll (Zeon Corporation) BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll No File BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll (Zeon Corporation) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u20-windows-i586.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{45E701E5-882B-4E68-8DD9-5EE480C2D7AC}: [NameServer] 192.168.1.20 Tcpip\..\Interfaces\{6C9216B0-B258-44CB-B803-DEAF94FD53C4}: [NameServer] 8.8.8.8,8.8.4.4 FireFox: ======== FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: ZEON/PDF,version=2.0 -> C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.at/ CHR DefaultSearchKeyword: Default -> ecosia.org CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-23] CHR Extension: (Google Drive) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-23] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-07] CHR Extension: (YouTube) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-23] CHR Extension: (bnhdeincpllgeldajmlncemfloafomon) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnhdeincpllgeldajmlncemfloafomon [2014-11-01] CHR Extension: (Adblock Plus) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-23] CHR Extension: (Ecosia - Die Suchmaschine, die Bäume pflanzt) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\clellnciejhoedgepbdilbkdkaoecgpc [2014-05-07] CHR Extension: (Google-Suche) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-23] CHR Extension: (Krab Web) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlbonldcgbaeiljcefjhaofjcpdnmhoc [2014-11-01] CHR Extension: (TheHDvid-Codec V10) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjmhjjohhiehaoljianalpmfcceojaff [2014-11-01] CHR Extension: (Google Wallet) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-23] CHR Extension: (Google Mail) - C:\Users\Yasemin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-23] CHR HKLM\...\Chrome\Extension: [nlafpokblfobdnjhhggocaanijghemnd] - C:\Users\Yasemin\AppData\Local\CRE\nlafpokblfobdnjhhggocaanijghemnd.crx [2012-07-05] CHR StartMenuInternet: Google Chrome - chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 HP Support Assistant Service; C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed] R2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [265272 2010-01-28] (Hewlett-Packard Company) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [230240 2014-04-07] () R2 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [134944 2009-11-03] (Nuance Communications, Inc.) R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [254034 2012-03-31] (IDT, Inc.) S2 SeaPort; "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-11] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation) S3 OlyCamComm; C:\windows\System32\DRIVERS\OlyCamComm.sys [21648 2009-09-14] (OLYMPUS IMAGING CORP.) R3 rtsuvc; C:\windows\System32\DRIVERS\rtsuvc.sys [78848 2012-04-01] (Realtek Semiconductor Corp.) U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\Yasemin\AppData\Local\Temp\catchme.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-09 22:12 - 2014-11-11 16:34 - 00000000 ____D () C:\Users\Yasemin\Downloads\FRST-OlderVersion 2014-11-09 20:32 - 2014-11-09 20:33 - 00854448 _____ () C:\Users\Yasemin\Downloads\SecurityCheck.exe 2014-11-09 17:15 - 2014-11-09 17:15 - 02347384 _____ (ESET) C:\Users\Yasemin\Downloads\esetsmartinstaller_deu.exe 2014-11-06 17:16 - 2014-11-06 17:16 - 00001650 _____ () C:\Users\Yasemin\Desktop\AdwCleaner[S1].txt 2014-11-06 16:54 - 2014-11-06 16:54 - 00042260 _____ () C:\Users\Yasemin\Desktop\TrojBrd.zip 2014-11-06 16:52 - 2014-11-06 16:52 - 00041978 _____ () C:\Users\Yasemin\Desktop\trj.zip 2014-11-06 16:49 - 2014-11-06 16:49 - 00035729 _____ () C:\Users\Yasemin\Desktop\FRST(2).txt 2014-11-06 16:20 - 2014-11-06 17:16 - 00147610 _____ () C:\Users\Yasemin\Desktop\JRT.txt 2014-11-06 16:17 - 2014-11-06 16:17 - 00000000 ____D () C:\windows\ERUNT 2014-11-06 16:16 - 2014-11-06 16:16 - 01706939 _____ (Thisisu) C:\Users\Yasemin\Downloads\JRT.exe 2014-11-06 15:53 - 2014-11-06 15:53 - 01998336 _____ () C:\Users\Yasemin\Downloads\AdwCleaner_4.002 (2).exe 2014-11-06 15:53 - 2014-11-06 15:53 - 00002435 _____ () C:\Users\Yasemin\Desktop\mbam.txt 2014-11-06 15:30 - 2014-11-11 16:39 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-06 15:30 - 2014-11-06 15:30 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-06 15:30 - 2014-11-06 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-06 15:29 - 2014-11-06 15:30 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-11-06 15:29 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-11-06 15:29 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-11-06 15:29 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-11-06 15:27 - 2014-11-06 15:29 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Yasemin\Downloads\mbam-setup-2.0.3.1025 (1).exe 2014-11-06 07:58 - 2014-11-11 16:38 - 00000374 _____ () C:\windows\system32\Drivers\etc\hosts.ics 2014-11-05 23:13 - 2014-11-05 23:13 - 00016240 _____ () C:\ComboFix.txt 2014-11-05 22:58 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe 2014-11-05 22:58 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe 2014-11-05 22:58 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2014-11-05 22:58 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2014-11-05 22:58 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2014-11-05 22:58 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe 2014-11-05 22:58 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe 2014-11-05 22:58 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe 2014-11-05 14:39 - 2014-11-05 14:39 - 00217743 _____ () C:\Users\Yasemin\Desktop\Civic Agriculture (1).pptx 2014-11-05 14:33 - 2014-11-05 23:13 - 00000000 ____D () C:\Qoobox 2014-11-05 14:31 - 2014-11-05 23:12 - 00000000 ____D () C:\windows\erdnt 2014-11-05 14:27 - 2014-11-05 22:53 - 05591672 ____R (Swearware) C:\Users\Yasemin\Downloads\ComboFix.exe 2014-11-05 13:15 - 2014-11-05 14:39 - 00217743 _____ () C:\Users\Yasemin\Downloads\Civic Agriculture (1).pptx 2014-11-05 08:11 - 2014-11-05 08:11 - 00380416 _____ () C:\Users\Yasemin\Downloads\Gmer-19357.exe 2014-11-05 08:10 - 2014-11-05 08:10 - 00043087 _____ () C:\Users\Yasemin\Desktop\FRST.txt 2014-11-05 08:04 - 2014-11-05 08:06 - 00035032 _____ () C:\Users\Yasemin\Downloads\Addition.txt 2014-11-05 08:01 - 2014-11-11 16:43 - 00017646 _____ () C:\Users\Yasemin\Downloads\FRST.txt 2014-11-05 08:01 - 2014-11-11 16:43 - 00000000 ____D () C:\FRST 2014-11-05 08:00 - 2014-11-09 22:12 - 01107968 _____ (Farbar) C:\Users\Yasemin\Downloads\FRST.exe 2014-11-05 07:57 - 2014-11-05 07:57 - 00000000 _____ () C:\Users\Yasemin\defogger_reenable 2014-11-05 07:56 - 2014-11-05 07:56 - 00050477 _____ () C:\Users\Yasemin\Downloads\Defogger.exe 2014-11-01 19:09 - 2014-11-01 19:09 - 01998336 _____ () C:\Users\Yasemin\Downloads\adwcleaner_4.002 (1).exe 2014-11-01 18:56 - 2014-11-01 18:56 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Yasemin\Downloads\rkill.exe 2014-11-01 18:42 - 2014-11-06 16:10 - 00000000 ____D () C:\AdwCleaner 2014-11-01 18:37 - 2014-11-01 18:37 - 01998336 _____ () C:\Users\Yasemin\Downloads\adwcleaner_4.002.exe 2014-11-01 18:37 - 2014-11-01 18:37 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-01 18:35 - 2014-11-01 18:37 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Yasemin\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-01 18:02 - 2014-11-01 18:26 - 00000000 ____D () C:\ProgramData\Unchecky 2014-11-01 17:27 - 2014-11-06 15:46 - 00000000 ____D () C:\ProgramData\e435d908-8e15-4e0c-ae35-3dc1cb10ee1e 2014-11-01 15:50 - 2014-11-01 18:21 - 00000000 ___HD () C:\Users\Public\Temp 2014-11-01 15:49 - 2014-11-01 15:49 - 00000000 ____D () C:\Users\Yasemin\AppData\Local\com 2014-10-30 10:00 - 2014-10-30 10:11 - 338479810 _____ () C:\Users\Yasemin\Downloads\Video_Korngrößenanalyse.avi 2014-10-30 10:00 - 2014-10-30 10:10 - 196485870 _____ () C:\Users\Yasemin\Downloads\Video_Probenahme.avi 2014-10-30 09:35 - 2014-10-30 09:35 - 00019384 _____ () C:\windows\system32\Drivers\SPPD.sys 2014-10-29 16:00 - 2014-10-29 16:00 - 00216045 _____ () C:\Users\Yasemin\Downloads\Civic Agriculture.pptx 2014-10-29 15:59 - 2014-10-29 15:59 - 00216045 _____ () C:\Users\Yasemin\Documents\Civic Agriculture.pptx 2014-10-29 08:21 - 2014-10-29 08:21 - 00000000 __SHD () C:\Users\Yasemin\AppData\Local\EmieUserList 2014-10-29 08:21 - 2014-10-29 08:21 - 00000000 __SHD () C:\Users\Yasemin\AppData\Local\EmieSiteList 2014-10-26 18:29 - 2014-10-26 18:29 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf 2014-10-26 18:22 - 2014-10-26 18:22 - 00081816 _____ () C:\Users\Yasemin\Downloads\HDVidCodec.exe 2014-10-24 08:19 - 2014-10-24 08:25 - 00000000 ____D () C:\Users\Yasemin\Desktop\Gemüse Zierpflanzenbau 2014-10-16 09:41 - 2014-10-10 02:44 - 00396288 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-10-16 09:41 - 2014-10-10 02:44 - 00230912 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2014-10-16 09:41 - 2014-10-10 02:39 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-10-16 09:41 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-10-16 09:41 - 2014-09-29 01:41 - 02379264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-10-16 09:41 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-10-16 09:41 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-10-16 09:41 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-10-16 09:41 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-10-16 09:41 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-10-16 09:41 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-10-16 09:41 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-10-16 09:41 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-10-16 09:41 - 2014-09-19 02:14 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-10-16 09:41 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-10-16 09:41 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-10-16 09:41 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-10-16 09:41 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-10-16 09:41 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-10-16 09:41 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-10-16 09:41 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-10-16 09:41 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-10-16 09:41 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-10-16 09:41 - 2014-09-19 01:50 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-10-16 09:41 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-10-16 09:41 - 2014-09-19 01:44 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-10-16 09:41 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-10-16 09:41 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-10-16 09:41 - 2014-09-19 01:20 - 00677888 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-10-16 09:41 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-10-16 09:41 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-10-16 09:41 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-10-16 09:41 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-10-16 09:41 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-10-16 09:41 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll 2014-10-16 09:41 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll 2014-10-16 09:41 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll 2014-10-16 09:41 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll 2014-10-16 09:40 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\windows\system32\msi.dll 2014-10-16 09:40 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\packager.dll 2014-10-16 09:40 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll 2014-10-16 09:40 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2014-10-16 09:40 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe 2014-10-16 09:40 - 2014-07-17 02:39 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll 2014-10-16 09:40 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe 2014-10-16 09:40 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll 2014-10-16 09:40 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll 2014-10-16 09:40 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2014-10-16 09:40 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2014-10-16 09:40 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys 2014-10-16 09:40 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-11 16:42 - 2011-07-03 11:37 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-11 16:42 - 2011-07-03 11:37 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-11 16:39 - 2012-08-28 10:53 - 00000000 ___RD () C:\Users\Yasemin\Dropbox 2014-11-11 16:39 - 2012-08-28 10:51 - 00000000 ____D () C:\Users\Yasemin\AppData\Roaming\Dropbox 2014-11-11 16:38 - 2010-10-06 22:08 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-11-11 16:38 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-11-11 16:38 - 2009-07-14 05:39 - 00189318 _____ () C:\windows\setupact.log 2014-11-11 16:37 - 2010-05-28 01:57 - 01192930 _____ () C:\windows\WindowsUpdate.log 2014-11-11 16:36 - 2009-07-14 03:37 - 00000000 ___HD () C:\windows\system32\GroupPolicy 2014-11-11 16:28 - 2009-07-14 05:34 - 00022688 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-11 16:28 - 2009-07-14 05:34 - 00022688 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-11 16:26 - 2010-03-31 04:00 - 00449506 _____ () C:\windows\system32\PerfStringBackup.INI 2014-11-10 17:10 - 2009-07-14 05:53 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT 2014-11-10 16:47 - 2012-04-01 21:13 - 00000000 ____D () C:\Users\Yasemin\AppData\Roaming\vlc 2014-11-10 14:54 - 2012-04-01 21:13 - 00000000 ____D () C:\Users\Yasemin\AppData\Roaming\dvdcss 2014-11-10 14:52 - 2010-03-31 04:47 - 00295566 _____ () C:\windows\PFRO.log 2014-11-09 22:23 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Web 2014-11-09 21:55 - 2010-11-06 17:13 - 00000000 ____D () C:\Users\Yasemin\AppData\Roaming\Skype 2014-11-09 17:32 - 2010-10-21 16:49 - 00000052 _____ () C:\windows\system32\DOErrors.log 2014-11-09 17:31 - 2013-03-02 16:46 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-11-09 16:57 - 2014-08-14 13:27 - 00000328 _____ () C:\windows\Tasks\HPCeeScheduleForYasemin.job 2014-11-07 07:42 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Speech 2014-11-07 01:28 - 2010-05-28 02:09 - 00000000 ____D () C:\ProgramData\Skype 2014-11-06 12:35 - 2010-03-31 04:25 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-05 23:13 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default 2014-11-05 23:13 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public 2014-11-05 23:11 - 2009-07-14 03:04 - 00000215 _____ () C:\windows\system.ini 2014-11-05 23:10 - 2010-10-06 22:05 - 00000000 ____D () C:\Users\Yasemin 2014-11-05 22:57 - 2011-01-29 18:19 - 00001912 _____ () C:\windows\epplauncher.mif 2014-11-05 22:33 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\NDF 2014-11-05 22:14 - 2010-10-20 22:27 - 00000000 ____D () C:\Users\Yasemin\Tracing 2014-11-03 00:46 - 2009-07-27 09:31 - 00000000 ____D () C:\windows\Panther 2014-11-03 00:43 - 2014-10-04 15:12 - 00000000 ____D () C:\ProgramData\H3G 2014-11-03 00:43 - 2014-10-04 15:03 - 00000000 ____D () C:\ProgramData\DatacardService 2014-11-01 21:13 - 2014-05-13 18:25 - 00000000 ____D () C:\Users\Yasemin\Desktop\ToDo 2014-11-01 21:06 - 2012-07-19 10:00 - 00393728 ___SH () C:\Users\Yasemin\Downloads\Thumbs.db 2014-11-01 19:12 - 2013-12-23 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-11-01 19:11 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Globalization 2014-11-01 18:19 - 2009-07-14 03:04 - 00000580 _____ () C:\windows\win.ini 2014-10-30 08:11 - 2011-12-26 13:18 - 00000000 ____D () C:\Users\Yasemin\Desktop\Neuer Ordner 2014-10-28 05:35 - 2010-10-21 19:18 - 00229000 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2014-10-19 07:42 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\rescache 2014-10-17 13:53 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Microsoft.NET 2014-10-17 06:31 - 2009-07-14 05:33 - 00542736 _____ () C:\windows\system32\FNTCACHE.DAT 2014-10-17 06:28 - 2014-05-08 17:23 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-10-17 06:28 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\de-DE Some content of TEMP: ==================== C:\Users\Yasemin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmflrwo.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-05 23:31 ==================== End Of Log ============================ |
|
12.11.2014, 10:44
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7: es öffnet ständig Werbefenster, Webseiten werden auf Werbung umgeleitet, Wörter sind z.T unterstrichen. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.11.2014, 00:25
| #11 |
| | Windows 7: es öffnet ständig Werbefenster, Webseiten werden auf Werbung umgeleitet, Wörter sind z.T unterstrichen. vielen dank dir!! es passt alles.  |
|
13.11.2014, 17:22
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7: es öffnet ständig Werbefenster, Webseiten werden auf Werbung umgeleitet, Wörter sind z.T unterstrichen. Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7: es öffnet ständig Werbefenster, Webseiten werden auf Werbung umgeleitet, Wörter sind z.T unterstrichen. |
| auf werbung umgeleitet, bettermarkit, device driver, fehlercode 0x5, fehlercode windows, flash player, homepage, js/toolbar.crossrider.b, suchmaschine, svchost.exe, teredo, this device cannot start. (code10), werbefenster, win32/adware.addlyrics.cs, win32/adware.convertad.e, win32/browsefox.o, win32/browsefox.q, win32/browsefox.v, win32/downloadsponsor.a, win32/installcore.pk, win32/installcore.po, win32/installmonetizer.bc, win32/systweak.a, win32/toolbar.conduit, win32/wajam.f |
Linear-Darstellung
