|
Plagegeister aller Art und deren Bekämpfung: Pc keine Verbindung obwohl es unten angezeigt wirdWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.12.2014, 23:25 | #1 |
| Pc keine Verbindung obwohl es unten angezeigt wird Also ich habe keine Ahnung wieso aber mein pc verbindet sich nicht mit dem Internet bzw unten steht er ist verbunden aber steam und Origin sagen was anderes und die Browser reagieren nicht mal mehr richtig Kann mir jemand helfen? Ach und habe heute cloned files Scanner durchlaufen lassen und hab den Tube up runtergeladen um ihn zu aktivieren da mein Laufwerk nicht funktioniert hat ,das mal als Info Geändert von Johnny123456 (13.12.2014 um 23:58 Uhr) |
14.12.2014, 10:32 | #2 |
/// the machine /// TB-Ausbilder | Pc keine Verbindung obwohl es unten angezeigt wird hi,
__________________von einem andern Rechner laden. Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Und Satzzeichen wären cool.
__________________ |
14.12.2014, 15:53 | #3 |
| Pc keine Verbindung obwohl es unten angezeigt wird Ich habe nur zugriff auf diesen pc und habe auch keinen USB stick
__________________FRST.text FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-12-2014 Ran by Dilan (administrator) on DIYAR-PC on 14-12-2014 15:37:57 Running from E:\ Loaded Profile: Dilan (Available profiles: Diyar & Plan b & Dilan & ümit & Gast) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe (IObit) C:\Program Files\IObit\Advanced SystemCare 8\Suo10_SmartRAM.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] => TTIME HKLM\...\Run: [VirtualCloneDrive] => N.EXE" /S HKLM\...\Run: [HP Software Update] => FTWARE UPDATE\HPWUSCHD.EXE" HKLM\...\Run: [HP Component Manager] => RETECH\HPCMPMGR.EXE" HKLM\...\Run: [SunJavaUpdateSched] => N FILES\JAVA\JAVA UPDATE\JUSCHED.EXE" HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748256 2014-09-15] (Advanced Micro Devices, Inc.) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess? HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2425632 2014-11-07] (IObit) HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\...\Run: [SmartRAM] => C:\Program Files\IObit\Advanced SystemCare 8\Suo10_SmartRAM.exe [535840 2014-09-02] (IObit) HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\...\RunOnce: [Adobe Speed Launcher] => 1418564410 HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun Startup: C:\Users\Plan b\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKLM - (No Name) - {192a6019-26d2-4611-aead-07cd7733b146} - No File StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = SearchScopes: HKU\S-1-5-21-2244397687-2994677012-3856678615-1007 -> DefaultScope {D3D2BF91-3DFC-4D43-9DB5-CBC0F1DFBE71} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE0D20140110&p={SearchTerms} SearchScopes: HKU\S-1-5-21-2244397687-2994677012-3856678615-1007 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D121314-AB747CC590BEC44CD91F&form=CONBDF&conlogo=CT3330962&q={searchTerms} SearchScopes: HKU\S-1-5-21-2244397687-2994677012-3856678615-1007 -> {D3D2BF91-3DFC-4D43-9DB5-CBC0F1DFBE71} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE0D20140110&p={SearchTerms} BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> No File BHO: mySecureSurfer -> {52EA1989-D16E-4560-9021-F0AD247DE4D1} -> C:\Users\Dilan\AppData\LocalLow\mySecureSurfer\IE\mySecureSurfer.dll (Soft-Ware International Ltd.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) Handler: livecall - No CLSID Value - Handler: msnim - No CLSID Value - Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll File Not found () Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll File Not found () Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll File Not found () Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll File Not found () Winsock: Catalog9 29 C:\Windows\system32\MyOSProtect.dll File Not found () Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Dilan\AppData\Roaming\Mozilla\Firefox\Profiles\uj6owbww.default-1417512113460 FF NewTab: about:blank FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2244397687-2994677012-3856678615-1007: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dilan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKU\S-1-5-21-2244397687-2994677012-3856678615-1007: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dilan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF user.js: detected! => C:\Users\Dilan\AppData\Roaming\Mozilla\Firefox\Profiles\uj6owbww.default-1417512113460\user.js FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml FF Extension: SparPilot - Gutscheine & mehr... - C:\Users\Dilan\AppData\Roaming\Mozilla\Firefox\Profiles\uj6owbww.default-1417512113460\Extensions\sparpilot@sparpilot.com [2014-12-13] FF Extension: {10688ffe-50ac-46ae-a40c-b393e967575e} - C:\Users\Dilan\AppData\Roaming\Mozilla\Firefox\Profiles\uj6owbww.default-1417512113460\Extensions\{10688ffe-50ac-46ae-a40c-b393e967575e}.xpi [2014-12-13] FF Extension: Adblock Plus - C:\Users\Dilan\AppData\Roaming\Mozilla\Firefox\Profiles\uj6owbww.default-1417512113460\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-13] FF Extension: No Name - C:\Users\Dilan\AppData\Roaming\Mozilla\Firefox\Profiles\uj6owbww.default-1417512113460\extensions\iobitascsurfingprotection@iobit.com [Not Found] FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [Not Found] Chrome: ======= CHR Profile: C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (ProxFlow) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-09-20] CHR Extension: (Google Präsentationen) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-20] CHR Extension: (McAfee SafeKey) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2014-09-20] CHR Extension: (Google Docs) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-20] CHR Extension: (Google Drive) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-20] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-20] CHR Extension: (YouTube) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-20] CHR Extension: (Google-Suche) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-20] CHR Extension: (Google Tabellen) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-20] CHR Extension: (Avira Browser Safety) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-20] CHR Extension: (Google Wallet) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-20] CHR Extension: (Google Mail) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-20] CHR HKLM\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Diyar\AppData\LocalLow\proxtube\CHROME\proxtube.crx [2012-04-19] CHR HKLM\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files\SafeKey\lpchrome.crx [2013-09-23] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG) S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) <==== ATTENTION R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S4 Origin Client Service; D:\origin\OriginClientService.exe [1900400 2014-12-01] (Electronic Arts) S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2012-01-30] () S3 Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [569024 2014-09-16] (Valve Corporation) [File not signed] S2 c67abfdb; "C:\Windows\system32\rundll32.exe" "c:\progra~1\sw-boo~1\AssistantSvc.dll",service S3 MyOSProtect; C:\Program Files\Web Protect\MyOSProtect.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 65006428; C:\Windows\System32\DRIVERS\65006428.sys [133208 2013-08-30] (Kaspersky Lab ZAO) R0 AFS; C:\Windows\system32\Drivers\AFS.sys [77004 2014-09-07] (Oak Technology Inc.) [File not signed] R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [83872 2012-07-08] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-08-15] (Avira Operations GmbH & Co. KG) R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG) S3 EverestDriver; C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [7168 2005-08-18] () [File not signed] S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2008-12-13] () [File not signed] R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed] S3 hamachi_oem; C:\Windows\System32\DRIVERS\gan_adapter.sys [10664 2006-08-28] (Applied Networking Inc.) [File not signed] R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2012-07-08] () S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy) S3 nocashio; C:\Windows\System32\drivers\nocashio.sys [4096 2011-08-23] () [File not signed] S3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [154752 2005-10-18] (PixArt Imaging Inc.) R1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys [20480 2014-09-01] () [File not signed] <==== ATTENTION R3 phaudlwr; C:\Windows\System32\DRIVERS\phaudlwr.sys [89648 2009-10-20] (Philips Applied Technologies) S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware) R3 SPC620; C:\Windows\System32\drivers\SPC620.sys [484352 2007-09-28] (Philips ) R3 SPC620m; C:\Windows\System32\drivers\SPC620m.sys [7680 2007-09-28] (Philips ) R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-08-15] (Avira GmbH) R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2011-06-24] (Acronis) S3 WinRing0_1_2_0; C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [14416 2010-11-01] (OpenLibSys.org) S3 cpuz137; \??\C:\Users\Dilan\AppData\Local\Temp\cpuz137\cpuz137_x32.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] U4 RDSessMgr; No ImagePath S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2099-05-21 16:14 - 9514-05-21 16:27 - 00000000 ____D () C:\Users\Diyar\AppData\Local\Apps\2.0 2099-05-21 16:14 - 2014-09-06 10:55 - 00000000 ____D () C:\Users\Diyar\AppData\Local\Deployment 2099-05-21 16:09 - 9514-05-21 16:09 - 00000000 ____D () C:\Users\Diyar\Documents\Optimizer Pro 2099-05-21 16:09 - 9514-05-21 16:09 - 00000000 ____D () C:\Users\Diyar\AppData\Roaming\Optimizer Pro 2099-05-21 16:04 - 9514-05-21 16:22 - 00000000 ____D () C:\Program Files\webget 2099-05-21 16:04 - 9514-05-21 16:21 - 00000000 ____D () C:\Users\Diyar\AppData\Roaming\loadtbs 2099-05-21 16:04 - 9514-05-21 16:04 - 00000000 ____D () C:\Users\Diyar\AppData\Roaming\Speedial 2099-05-21 16:04 - 9514-05-21 16:04 - 00000000 ____D () C:\Program Files\Speedial 2014-12-14 15:37 - 2014-12-14 15:38 - 00000000 ____D () C:\FRST 2014-12-14 13:43 - 2014-12-14 13:43 - 00000000 __SHD () C:\Users\Diyar\AppData\Local\EmieBrowserModeList 2014-12-13 23:57 - 2014-12-13 23:57 - 00000000 __SHD () C:\Users\ümit\AppData\Local\EmieUserList 2014-12-13 23:57 - 2014-12-13 23:57 - 00000000 __SHD () C:\Users\ümit\AppData\Local\EmieSiteList 2014-12-13 23:57 - 2014-12-13 23:57 - 00000000 __SHD () C:\Users\ümit\AppData\Local\EmieBrowserModeList 2014-12-13 23:49 - 2014-12-13 23:49 - 00000000 ____D () C:\Users\ümit\AppData\Roaming\Avira 2014-12-13 23:44 - 2014-12-14 11:08 - 00000000 ____D () C:\Users\ümit 2014-12-13 23:44 - 2014-12-13 23:44 - 00110064 _____ () C:\Users\ümit\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-13 23:44 - 2014-12-13 23:44 - 00001425 _____ () C:\Users\ümit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-12-13 23:44 - 2014-12-13 23:44 - 00000482 __RSH () C:\Users\ümit\ntuser.pol 2014-12-13 23:44 - 2014-12-13 23:44 - 00000020 ___SH () C:\Users\ümit\ntuser.ini 2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 _SHDL () C:\Users\ümit\Startmenü 2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 _SHDL () C:\Users\ümit\Netzwerkumgebung 2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 _SHDL () C:\Users\ümit\Druckumgebung 2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 _SHDL () C:\Users\ümit\Documents\Eigene Musik 2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 _SHDL () C:\Users\ümit\Documents\Eigene Bilder 2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 _SHDL () C:\Users\ümit\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 _SHDL () C:\Users\ümit\AppData\Local\Verlauf 2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 ____D () C:\Users\ümit\AppData\Roaming\ATI 2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 ____D () C:\Users\ümit\AppData\Roaming\Adobe 2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 ____D () C:\Users\ümit\AppData\Local\ATI 2014-12-13 23:44 - 2014-12-09 18:59 - 00000000 ____D () C:\Users\ümit\AppData\Roaming\IObit 2014-12-13 23:44 - 2012-04-11 23:59 - 00000000 ____D () C:\Users\ümit\AppData\Local\Microsoft Help 2014-12-13 23:44 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\ümit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-12-13 23:44 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\ümit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-12-13 22:33 - 2014-12-14 14:39 - 00000336 _____ () C:\Windows\setupact.log 2014-12-13 22:33 - 2014-12-13 22:33 - 00000000 _____ () C:\Windows\setuperr.log 2014-12-13 22:20 - 2014-12-13 22:20 - 00003748 _____ () C:\Windows\PFRO.log 2014-12-13 22:00 - 2014-12-13 22:00 - 29741056 _____ () C:\Windows\system32\config\components.iobit 2014-12-13 21:53 - 2014-12-13 21:53 - 00000000 ____D () C:\Users\Plan b\AppData\Roaming\ProductData 2014-12-13 20:16 - 2014-12-13 20:16 - 00000000 ____D () C:\Users\Plan b\AppData\Roaming\TuneUp Software 2014-12-13 20:10 - 2014-12-13 20:10 - 00000000 ____D () C:\Users\Plan b\AppData\Roaming\IObit 2014-12-13 18:42 - 2014-12-13 18:42 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\TuneUp Software 2014-12-13 18:38 - 2014-12-13 18:38 - 00004616 _____ () C:\Windows\system32\LavasoftTcpService.ini 2014-12-13 18:38 - 2014-12-13 18:38 - 00002448 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini 2014-12-13 18:37 - 2014-11-27 10:44 - 00312424 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll 2014-12-13 18:36 - 2014-12-13 18:36 - 00001288 _____ () C:\Users\Dilan\Desktop\Cloned Files Scanner.lnk 2014-12-13 18:35 - 2014-12-13 18:35 - 00598912 _____ () C:\Users\Dilan\Downloads\TuneUpUtilities2013_de-DE.exe 2014-12-10 16:59 - 2014-12-10 17:59 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe 2014-12-09 19:52 - 2014-12-09 22:35 - 00000704 _____ () C:\Windows\Tasks\OpenCandyHelperRunAA747FB84C99428893401EAD6DC44017.job 2014-12-09 19:00 - 2014-12-09 19:00 - 00000000 ____D () C:\Users\Diyar\AppData\Roaming\ProductData 2014-12-09 18:59 - 2014-12-09 18:59 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit 2014-12-09 18:59 - 2014-12-09 18:59 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit 2014-12-08 22:53 - 2014-12-08 22:54 - 00880784 _____ (Google Inc.) C:\Users\Diyar\Downloads\ChromeSetup.exe 2014-12-08 22:51 - 2014-12-08 22:51 - 00000000 ____D () C:\Users\Diyar\AppData\Local\Macromedia 2014-12-08 22:50 - 2014-12-08 22:57 - 00000000 ____D () C:\Users\Diyar\AppData\Roaming\IObit 2014-12-08 22:17 - 2014-12-09 22:35 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1007UA.job 2014-12-08 22:17 - 2014-12-09 22:35 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1007Core.job 2014-12-08 22:17 - 2014-12-08 22:18 - 00000000 ____D () C:\Users\Dilan\AppData\Local\Facebook 2014-12-08 22:17 - 2014-12-08 22:17 - 00501248 _____ (Facebook Inc.) C:\Users\Dilan\Downloads\FacebookVideoCallSetup_v1.2.205.0(1).exe 2014-12-07 14:53 - 2014-12-07 14:53 - 00651264 _____ () C:\Users\Dilan\Downloads\Detection(3).msi 2014-12-07 14:49 - 2014-12-07 14:49 - 00651264 _____ () C:\Users\Dilan\Downloads\Detection(2).msi 2014-12-07 14:08 - 2014-12-02 10:27 - 00000216 _____ () C:\Users\Dilan\Desktop\Tomb Raider.url 2014-12-06 21:18 - 2014-12-06 21:18 - 04117346 _____ () C:\Users\Dilan\Downloads\MotioninJoy_071001_signed(2).zip 2014-12-06 21:09 - 2014-12-06 21:09 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\MotioninJoy 2014-12-06 21:08 - 2014-12-06 21:18 - 00001080 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk 2014-12-06 21:08 - 2014-12-06 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy 2014-12-06 21:08 - 2014-12-06 21:18 - 00000000 ____D () C:\Program Files\MotioninJoy 2014-12-06 21:08 - 2014-12-06 21:08 - 04117346 _____ () C:\Users\Dilan\Downloads\MotioninJoy_071001_signed(1).zip 2014-12-06 21:08 - 2011-12-07 19:42 - 00255496 _____ (Logitech Inc.) C:\Windows\system32\MijFrc.dll 2014-12-06 20:31 - 2012-05-12 12:31 - 00099400 _____ (MotioninJoy) C:\Windows\system32\Drivers\MijXfilt.sys 2014-12-06 20:30 - 2014-12-06 20:30 - 04117346 _____ () C:\Users\Dilan\Downloads\MotioninJoy_071001_signed.zip 2014-12-06 20:29 - 2014-12-06 20:29 - 01174352 _____ () C:\Users\Dilan\Downloads\MotioninJoy - CHIP-Installer.exe 2014-12-06 20:25 - 2014-12-06 20:26 - 00000000 ____D () C:\Users\Dilan\AppData\Local\BetterDS3 2014-12-06 20:24 - 2014-12-06 20:24 - 00759932 _____ () C:\Users\Dilan\Downloads\BetterDS3_1.5.3.zip 2014-12-06 20:23 - 2014-12-06 20:23 - 01174352 _____ () C:\Users\Dilan\Downloads\Better DS3 - CHIP-Installer.exe 2014-12-06 20:19 - 2014-12-06 20:19 - 04115757 _____ () C:\Users\Dilan\Downloads\MotioninJoy_070000_signed.zip 2014-12-06 20:04 - 2014-12-06 20:04 - 00804491 _____ () C:\Users\Dilan\Downloads\x360ce.App-2.1.2.191.zip 2014-12-06 19:53 - 2014-12-06 19:53 - 00000000 ____D () C:\Program Files\VID_0E8F&PID_3075 2014-12-06 19:52 - 2014-12-06 19:52 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\InstallShield 2014-12-05 12:29 - 2014-12-05 12:29 - 61407232 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak 2014-12-05 12:29 - 2014-12-05 12:29 - 00368640 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak 2014-12-05 12:29 - 2014-12-05 12:29 - 00098304 _____ () C:\Windows\system32\config\SAM.iodefrag.bak 2014-12-05 12:29 - 2014-12-05 12:29 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak 2014-12-04 21:34 - 2014-12-04 21:34 - 00001216 _____ () C:\Users\Dilan\Desktop\Smart RAM.lnk 2014-12-04 21:21 - 2014-12-04 21:21 - 00001144 _____ () C:\Users\Public\Desktop\Switch to Gaming Mode.lnk 2014-12-04 21:21 - 2014-12-04 21:21 - 00001132 _____ () C:\Users\Public\Desktop\Game Booster 3.lnk 2014-12-04 21:21 - 2014-12-04 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3 2014-12-04 21:02 - 2014-12-13 22:00 - 61423616 _____ () C:\Windows\system32\config\SOFTWARE.iobit 2014-12-04 21:02 - 2014-12-13 22:00 - 00372736 _____ () C:\Windows\system32\config\DEFAULT.iobit 2014-12-04 21:02 - 2014-12-13 22:00 - 00098304 _____ () C:\Windows\system32\config\SAM.iobit 2014-12-04 21:02 - 2014-12-13 22:00 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit 2014-12-04 21:02 - 2014-10-16 10:27 - 00024352 _____ (IObit) C:\Windows\system32\RegistryDefragBootTime.exe 2014-12-04 20:10 - 2014-12-04 20:10 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\ProductData 2014-12-04 20:08 - 2014-12-13 22:16 - 00002131 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk 2014-12-04 20:08 - 2014-12-04 22:17 - 00000000 ____D () C:\ProgramData\IObit 2014-12-04 20:08 - 2014-12-04 22:16 - 00000000 ____D () C:\ProgramData\ProductData 2014-12-04 20:08 - 2014-12-04 21:21 - 00000000 ____D () C:\Program Files\IObit 2014-12-04 20:08 - 2014-12-04 20:10 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\IObit 2014-12-04 20:08 - 2014-12-04 20:08 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled 2014-12-04 20:08 - 2014-12-04 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8 2014-12-04 20:08 - 2014-12-04 20:08 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} 2014-12-04 20:08 - 2014-12-04 20:08 - 00000000 ____D () C:\Program Files\Common Files\IObit 2014-12-04 20:06 - 2014-12-04 20:07 - 43183800 _____ (IObit ) C:\Users\Dilan\Downloads\advanced-systemcare-setup_v8.0.3.exe 2014-12-03 19:04 - 2014-12-03 19:04 - 01174352 _____ () C:\Users\Dilan\Downloads\Wise Registry Cleaner - CHIP-Installer.exe 2014-12-03 18:26 - 2014-12-03 18:26 - 00002247 _____ () C:\Users\Plan b\Desktop\Skyrim (SKSE).lnk 2014-12-03 18:26 - 2014-12-03 18:26 - 00002247 _____ () C:\Users\Gast.Diyar-PC\Desktop\Skyrim (SKSE).lnk 2014-12-03 18:26 - 2014-12-03 18:26 - 00002247 _____ () C:\Users\Diyar\Desktop\Skyrim (SKSE).lnk 2014-12-03 18:26 - 2014-12-03 18:26 - 00002247 _____ () C:\Users\Dilan\Desktop\Skyrim (SKSE).lnk 2014-12-03 18:25 - 2014-12-03 18:25 - 00313875 _____ () C:\Users\Dilan\Downloads\skse_1_07_01_installer.exe 2014-12-03 08:42 - 2014-12-03 08:42 - 00394347 _____ (Ray Siegl ) C:\Users\Dilan\Downloads\ram_clean_tool_setup.exe 2014-12-02 19:45 - 2014-12-02 19:45 - 00000000 ____D () C:\Windows\pss 2014-12-02 15:43 - 2014-12-12 16:20 - 00008598 _____ () C:\Users\Dilan\Documents\TombRaider.log 2014-12-02 10:10 - 2014-12-02 10:10 - 00250760 _____ () C:\Users\Dilan\Documents\ts3_clientui-win32-1407159763-2014-12-02 10_10_29.027026.dmp 2014-11-30 15:28 - 2014-12-04 22:34 - 00007609 _____ () C:\Users\Dilan\AppData\Local\Resmon.ResmonCfg 2014-11-30 15:12 - 2011-11-11 07:48 - 00002940 _____ () C:\Users\Dilan\Desktop\SkyrimPrefs.ini 2014-11-30 15:11 - 2014-11-30 15:12 - 00000000 ____D () C:\Users\Dilan\Desktop\Saves 2014-11-30 12:13 - 2014-11-30 12:13 - 00000000 ____D () C:\ProgramData\ATI 2014-11-30 12:12 - 2014-11-30 12:12 - 00000000 ____D () C:\ProgramData\AMD 2014-11-30 12:12 - 2014-11-30 12:12 - 00000000 ____D () C:\Program Files\AMD AVT 2014-11-30 12:11 - 2014-11-30 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2014-11-30 12:05 - 2014-11-30 12:05 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\ATI 2014-11-30 12:05 - 2014-11-30 12:05 - 00000000 ____D () C:\Users\Dilan\AppData\Local\ATI 2014-11-30 12:04 - 2014-11-30 12:04 - 00000000 ____D () C:\Program Files\AMD 2014-11-30 11:59 - 2014-11-30 11:59 - 00000000 ____D () C:\AMD 2014-11-30 11:52 - 2014-11-30 11:52 - 00891224 _____ (AMD) C:\Users\Dilan\Downloads\amddriverdownloader.exe 2014-11-30 10:50 - 2014-12-02 10:08 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\TS3Client 2014-11-30 10:50 - 2014-11-30 10:50 - 00001211 _____ () C:\Users\Dilan\Desktop\TeamSpeak 3 Client.lnk 2014-11-30 10:50 - 2014-11-30 10:50 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2014-11-30 10:49 - 2014-11-30 10:50 - 00000000 ____D () C:\Users\Dilan\AppData\Local\TeamSpeak 3 Client 2014-11-30 10:48 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll 2014-11-30 10:48 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll 2014-11-30 10:46 - 2014-11-30 10:47 - 01174352 _____ () C:\Users\Dilan\Downloads\TeamSpeak 3 32 Bit - CHIP-Installer.exe 2014-11-30 10:30 - 2014-11-30 10:30 - 00651264 _____ () C:\Users\Dilan\Downloads\Detection(1).msi 2014-11-30 10:29 - 2014-12-14 14:04 - 00000000 ____D () C:\Program Files\Steam 2014-11-30 10:29 - 2014-11-30 10:29 - 01142392 _____ () C:\Users\Dilan\Downloads\SteamSetup.exe 2014-11-30 10:29 - 2014-11-30 10:29 - 00000925 _____ () C:\Users\Public\Desktop\Steam.lnk 2014-11-30 10:29 - 2014-11-30 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2014-11-26 13:36 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-26 13:36 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-26 13:36 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-26 13:36 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-26 13:35 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-26 13:35 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-26 13:35 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-26 13:34 - 2014-11-30 15:15 - 00000000 ____D () C:\Users\Dilan\Documents\My Games 2014-11-26 13:34 - 2014-11-30 15:01 - 00000000 ____D () C:\Users\Dilan\AppData\Local\Skyrim 2014-11-26 13:34 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-26 13:34 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-26 13:34 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-26 13:34 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-26 13:34 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-26 13:34 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-26 13:32 - 2014-11-26 13:32 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\Unity 2014-11-26 13:31 - 2014-11-26 13:31 - 00000000 ____D () C:\Users\Dilan\AppData\Local\Unity 2014-11-26 13:30 - 2014-11-26 13:30 - 01081992 _____ (Unity Technologies ApS) C:\Users\Dilan\Downloads\UnityWebPlayer.exe 2014-11-21 14:24 - 2014-11-21 14:24 - 00000000 __SHD () C:\Users\Dilan\AppData\Local\EmieBrowserModeList 2014-11-17 22:04 - 2014-11-05 18:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-17 22:04 - 2014-11-05 18:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-17 22:04 - 2014-11-05 18:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-17 22:04 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-17 22:04 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-17 22:04 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-17 22:04 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-17 22:04 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-17 22:04 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-17 22:04 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-17 22:04 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-17 22:04 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-17 22:04 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-17 22:04 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-17 22:04 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-17 22:03 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-17 22:03 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-17 22:03 - 2014-11-06 04:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-17 22:03 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-17 22:03 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-17 22:03 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-17 22:03 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-17 22:03 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-17 22:03 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-17 22:03 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-17 22:03 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-17 22:03 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-17 22:03 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-17 22:03 - 2014-11-06 03:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-17 22:03 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-17 22:03 - 2014-11-06 03:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-17 22:03 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-17 22:03 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-17 22:03 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-17 22:03 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-17 22:03 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-17 22:03 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-17 22:03 - 2014-11-06 03:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-17 22:03 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-17 22:03 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-17 22:03 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-17 22:03 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-17 22:03 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-17 22:03 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-17 22:03 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-17 21:55 - 2014-11-17 21:55 - 01557060 _____ (TeamExtreme) C:\Users\Dilan\Downloads\Minecraft Cracked Launcher.exe 2014-11-17 21:47 - 2014-11-17 21:47 - 00651264 _____ () C:\Users\Dilan\Downloads\Detection.msi 2014-11-17 21:43 - 2014-11-26 13:43 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\.minecraft 2014-11-17 21:40 - 2014-11-17 21:40 - 00675988 _____ () C:\Users\Dilan\Downloads\Minecraft.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2099-05-21 16:21 - 2011-11-11 14:02 - 00000000 ____D () C:\ProgramData\PMB Files 2014-12-14 15:37 - 2011-06-24 16:03 - 01629284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-14 15:22 - 2011-06-24 15:55 - 01791427 _____ () C:\Windows\WindowsUpdate.log 2014-12-14 15:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-12-14 14:46 - 2009-07-14 05:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-14 14:46 - 2009-07-14 05:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-14 14:39 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-14 14:39 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-14 14:04 - 2012-05-27 19:11 - 00000000 ____D () C:\Users\Plan b\Tracing 2014-12-14 13:48 - 2011-10-22 10:57 - 00000000 ____D () C:\Users\Plan b 2014-12-14 13:41 - 2011-06-24 15:58 - 00000000 ____D () C:\Users\Diyar 2014-12-14 11:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing 2014-12-14 11:09 - 2014-09-13 11:54 - 00000000 ____D () C:\Users\Dilan 2014-12-14 11:08 - 2014-09-12 19:57 - 00000000 ____D () C:\Users\Gast.Diyar-PC 2014-12-14 11:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration 2014-12-13 23:43 - 2013-02-02 12:02 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-12-13 22:20 - 2011-06-24 16:48 - 00000000 ____D () C:\Windows\Panther 2014-12-13 21:59 - 2014-10-02 16:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-13 20:42 - 2014-09-20 18:48 - 00000000 ____D () C:\Users\Dilan\AppData\Local\Microsoft Games 2014-12-13 18:50 - 2014-09-05 14:34 - 00000000 ____D () C:\Program Files\GUM3AEE.tmp 2014-12-13 18:50 - 2012-01-19 16:51 - 00000000 ____D () C:\Users\Diyar\AppData\Local\Oblivion 2014-12-13 18:50 - 2011-12-29 20:43 - 00000000 ____D () C:\Users\Plan b\AppData\Local\Skyrim 2014-12-13 18:49 - 2014-09-20 17:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-12-13 18:49 - 2014-09-09 16:41 - 00000000 ____D () C:\Users\Diyar\AppData\Local\Gameo 2014-12-10 17:59 - 2013-01-09 20:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-12-10 17:59 - 2013-01-09 20:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-12-09 19:50 - 2014-09-06 11:08 - 00000000 ____D () C:\Users\Diyar\Desktop\Unused Shortcut(CU) 2014-12-09 19:50 - 2012-01-15 23:12 - 00000000 ____D () C:\Program Files\Prince of Persia 2014-12-09 19:50 - 2011-12-09 17:27 - 00000000 ____D () C:\Users\Diyar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-12-09 19:50 - 2011-11-11 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire Europe 2014-12-09 19:50 - 2011-08-01 10:21 - 00000000 ____D () C:\Users\Diyar\Desktop\Ümit 2014-12-09 19:09 - 2013-04-11 19:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-09 19:02 - 2014-05-21 16:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-12-09 19:00 - 2012-05-23 18:29 - 00000000 ____D () C:\Users\Diyar\AppData\Roaming\Skype 2014-12-09 13:58 - 2014-09-20 13:53 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-12-09 13:58 - 2014-09-20 13:53 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-09 13:58 - 2014-09-20 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-12-09 13:58 - 2014-09-20 13:53 - 00000000 ____D () C:\Program Files\Avira 2014-12-09 12:18 - 2012-01-09 22:37 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-12-09 12:16 - 2011-06-24 18:50 - 00000000 ____D () C:\Program Files\Windows Live 2014-12-09 12:14 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-12-08 23:01 - 2011-11-11 14:02 - 00000000 ____D () C:\Users\Diyar\AppData\Local\PMB Files 2014-12-08 22:59 - 2011-06-24 16:05 - 00000000 ____D () C:\Users\Diyar\AppData\Local\Google 2014-12-08 22:51 - 2012-04-21 16:13 - 00000000 ____D () C:\Users\Diyar\AppData\Local\Akamai 2014-12-07 17:13 - 2013-09-23 16:24 - 00000000 ____D () C:\Program Files\SafeKey 2014-12-07 14:53 - 2011-10-21 17:40 - 00000000 ____D () C:\Program Files\SystemRequirementsLab 2014-12-06 19:53 - 2011-08-21 22:54 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-12-06 11:04 - 2013-07-14 14:36 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1003UA.job 2014-12-06 11:04 - 2013-07-14 14:36 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1003Core.job 2014-12-06 11:04 - 2011-10-19 19:00 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1001UA.job 2014-12-06 11:04 - 2011-10-19 19:00 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1001Core.job 2014-12-04 22:29 - 2013-05-13 14:26 - 00000000 ____D () C:\ProgramData\Sony Ericsson 2014-12-04 22:29 - 2013-05-13 14:26 - 00000000 ____D () C:\Program Files\Sony Ericsson 2014-12-04 22:17 - 2013-02-09 09:44 - 00000000 ____D () C:\Fraps 2014-12-04 22:15 - 2014-10-09 20:22 - 00000000 ____D () C:\ProgramData\Origin 2014-12-04 21:38 - 2012-01-02 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC2 server emulator 2014-12-04 21:38 - 2011-06-24 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SBMAV Disk Cleaner 2014-12-04 20:09 - 2014-09-13 12:05 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\Apple Computer 2014-12-03 19:14 - 2009-07-14 03:03 - 64487424 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-12-03 19:14 - 2009-07-14 03:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-12-03 19:14 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-12-03 19:14 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-12-03 13:24 - 2011-12-19 15:11 - 00000000 ____D () C:\ProgramData\Ubisoft 2014-12-03 08:50 - 2011-12-29 23:30 - 00000000 ____D () C:\Program Files\SpeedFan 2014-12-01 18:05 - 2014-10-09 20:25 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\Origin 2014-12-01 18:05 - 2014-10-09 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2014-11-30 15:23 - 2012-04-21 16:39 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin 2014-11-30 15:21 - 2011-07-30 18:36 - 00000000 ____D () C:\Program Files\Google 2014-11-30 12:35 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-11-30 12:10 - 2013-01-31 16:38 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-11-28 23:02 - 2011-06-24 16:57 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-28 18:55 - 2014-09-10 17:18 - 00000000 ____D () C:\Program Files\MyPC Backup 2014-11-27 13:24 - 2009-07-14 05:33 - 00409800 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-26 13:57 - 2011-06-24 16:14 - 00110064 _____ () C:\Users\Diyar\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-21 21:03 - 2012-10-08 13:10 - 00000000 ____D () C:\Users\Plan b\AppData\Local\Google 2014-11-21 13:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-11-21 12:25 - 2012-04-01 17:20 - 00110064 _____ () C:\Users\Plan b\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-21 12:21 - 2014-05-22 12:22 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-21 12:16 - 2014-09-13 11:57 - 00110064 _____ () C:\Users\Dilan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-17 22:13 - 2014-01-02 03:35 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-17 22:13 - 2014-01-01 11:43 - 00000000 ____D () C:\Windows\system32\MpEngineStore 2014-11-17 22:06 - 2011-06-24 18:35 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ZeroAccess: C:\$Recycle.Bin\S-1-5-21-2244397687-2994677012-3856678615-1001\$9f114d5ed76ce9597dec2519af199e16 ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$9f114d5ed76ce9597dec2519af199e16 Files to move or delete: ==================== C:\Users\Diyar\GeoGebra-Windows-Installer-3-2-46-0.exe C:\Users\Diyar\PhotoScapeSetup_V3.5.exe Some content of TEMP: ==================== C:\Users\Dilan\AppData\Local\Temp\avgnt.exe C:\Users\Diyar\AppData\Local\Temp\avgnt.exe C:\Users\Plan b\AppData\Local\Temp\avgnt.exe C:\Users\ümit\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender LastRegBack: 2013-04-18 18:20 ==================== End Of Log ============================ --- --- --- --- --- --- AdditionFRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-12-2014 Ran by Dilan at 2014-12-14 15:39:36 Running from E:\ Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) AC2 server emulator 0.44 by Dormine (HKLM\...\{675DD1E6-637A-4F0E-B6DE-26F45CC26092}_is1) (Version: - bjamikel) Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.) Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit) Airfoil (HKLM\...\Airfoil) (Version: 3.5.3 - Rogue Amoeba) AMD Catalyst Install Manager (HKLM\...\{319271B3-E2AA-F623-928E-245C9EBF16F7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Assassin's Creed Brotherhood (HKLM\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.00 - Ubisoft) Avira (HKLM\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG) Avira (Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) BrowserSafeguard with RocketTab (HKLM\...\RocketTab) (Version: - BrowserSafeguard with RocketTab) <==== ATTENTION BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden BurnAware Free 3.0.3 (HKLM\...\BurnAware Free_is1) (Version: - Burnaware Technologies) CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform) CPUID CPU-Z 1.67 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden DeleteAd (HKLM\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - DeleteAd) <==== ATTENTION EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc) Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Formelrechner (HKLM\...\{69F0CEA4-43E2-4CBB-92DF-41860A40A631}) (Version: 1.00.0000 - Cornelsen Verlag) Game Booster 3 (HKLM\...\Game Booster_is1) (Version: 3.4 - IObit) GeoGebra (HKLM\...\GeoGebra) (Version: 3.2.46.0 - International GeoGebra Institute) hp deskjet 5100 (HKLM\...\{15C165F1-1DAE-4476-AFB6-8723729B41E7}) (Version: 1.03.0000 - Hewlett-Packard) hp print screen utility (HKLM\...\hp print screen utility) (Version: - ) HP Scanjet G2410 and 2400 (HKLM\...\{E5B04674-1885-4B08-BAE7-ECDEC1F84677}) (Version: 13.0 - HP) HP Speicher-Disc (HKLM\...\{B376402D-58EA-45EA-BD50-DD924EB67A70}) (Version: 1.0.4.805 - Hewlett-Packard Company) hpg2410 (Version: 13.0.0.0 - Ihr Firmenname) Hidden iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.) iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.) Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden McAfee SafeKey(uninstall only) (HKLM\...\safekey) (Version: - McAfee, Inc.) MegaTrainer eXperience V1.2.1.3 (HKLM\...\MegaTrainer eXperience_is1) (Version: - ) Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Morrowind (HKLM\...\{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}) (Version: - ) MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - MotioninJoy | Playstation 3|Xbox 360|Dualshock 3|Sixaxis|Game|Driver|) Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla) MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION NVIDIA PhysX (HKLM\...\{54194F60-988C-4D03-B922-C2B00EFDA39A}) (Version: 9.10.0222 - NVIDIA Corporation) Oblivion (HKLM\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks) OpenAL (HKLM\...\OpenAL) (Version: - ) Origin (HKLM\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.) osu! (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy) Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.6.0 - Pando Networks Inc.) PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia) Philips SPC620NC Webcam (HKLM\...\{5CA6F170-E18D-4B4C-8670-3ED096478C41}) (Version: 1.00.000 - Philips) Philips VLounge (HKLM\...\{EA57A1B9-0DD2-44DD-9B70-64E8DA553F6F}) (Version: - ArcSoft) PhotoScape (HKLM\...\PhotoScape) (Version: - ) PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.) QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.) Remote Mouse version 2.56 (HKLM\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 2.56 - Remote Mouse) S.T.A.L.K.E.R. - Clear Sky [v1.0003] (HKLM\...\S.T.A.L.K.E.R. - Clear Sky_is1) (Version: 1.0003 - Deep Silver) Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden SBMAV Disk Cleaner 3 (HKLM\...\SBMAV Disk Cleaner_is1) (Version: - SBMAV Software) Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype Web Plugin (HKLM\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.) Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - ) Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) Startup Booster v2.4 (HKLM\...\Startup Booster_is1) (Version: 2.4 - Smart PC Solutions) Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SW-Booster (HKLM\...\S-792098896) (Version: 2.2.0.1111 - PremiumSoft) <==== ATTENTION swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden SW-Sustainer 1.80 (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c67abfdb}) (Version: - Certified Publisher) <==== ATTENTION System Requirements Lab CYRI (HKLM\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC) System Requirements Lab Detection (HKLM\...\{1AAE7ACD-816D-4982-A16B-4B724EBC1139}) (Version: 2.2.3.0 - Husdawg, LLC) TeamSpeak 3 Client (HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TES Construction Set (HKLM\...\{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}) (Version: - ) The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios) Tomb Raider (HKLM\...\Steam App 203160) (Version: - Crystal Dynamics) Unity Web Player (HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\...\UnityWebPlayer) (Version: 4.6.0f3 - Unity Technologies ApS) VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes) Web Protect for Windows (HKLM\...\wp-adinject-adk) (Version: 10.0.0 - Web Protect) <==== ATTENTION WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden Win7codecs (HKLM\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.5.5 - Shark007) Windows 7 Manager (HKLM\...\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}) (Version: 1.2.4 - Yamicsoft) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2244397687-2994677012-3856678615-1007_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Dilan\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS) CustomCLSID: HKU\S-1-5-21-2244397687-2994677012-3856678615-1007_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Dilan\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.) CustomCLSID: HKU\S-1-5-21-2244397687-2994677012-3856678615-1007_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Dilan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2011-12-27 23:20 - 00001052 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 static3.cdn.ubi.com 127.0.0.1 ubisoft-orbit.s3.amazonaws.com 127.0.0.1 onlineconfigservice.ubi.com 127.0.0.1 orbitservice.ubi.com 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0287347F-A494-40A6-80A7-79332DD6FCDF} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe [2014-12-04] () Task: {0393DB74-93FA-4C14-9A1A-912851F854E1} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files\RocketTab\Client.exe" /Preferred=true <==== ATTENTION Task: {09CB0658-D38A-429B-8689-FF55D3D736F1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {209B2B82-0027-40A1-9A39-D184D960369D} - System32\Tasks\{36BFCFFA-0D1F-4AC9-BFA0-DB8E2A24399D} => D:\ds spiele 2011\assassino\AssassinsCreed_Launcher.exe [2008-02-22] (Ubisoft) Task: {240AAF96-D29C-4A96-A93B-37C0975C1337} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1003Core => C:\Users\Plan b\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: {26DE445F-319D-4E5B-9C91-8875EF2AE392} - System32\Tasks\RocketTab Update Task => C:\Program Files\RocketTab\uninstall.exe <==== ATTENTION Task: {33B714B5-A3A0-4EDC-BE19-38C19AE6B87A} - System32\Tasks\{2C903AF0-4B97-4152-92F4-AD248E3C39DD} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}\setup.exe" -c -runfromtemp -l0x0007 -removeonly Task: {40AE8109-5676-4B67-A920-8149CBF4554A} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe [2014-11-10] (IObit) Task: {42777146-01BD-4275-AF2E-8EE21B9B9589} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated) Task: {47A214F6-D248-4BD8-8300-BEFE5DAC03E7} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe [2014-11-13] (MyPC Backup) <==== ATTENTION Task: {49A8D5A1-100A-4ACF-AA67-6397372ADC19} - System32\Tasks\{43494C23-39CF-4CB7-AE22-A9011C268D9C} => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd) Task: {550A0356-ACC0-4AFB-8DDD-3FBC4345694B} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2244397687-2994677012-3856678615-1007 Task: {60D5985A-52AC-40D2-8AA3-D805A78C9A27} - System32\Tasks\{4DBA4EFA-5763-471B-AEBE-4312DE7BB6F8} => D:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe [2009-07-07] () Task: {61424186-3346-4140-80A8-C93CF4CD2489} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1001UA => C:\Users\Diyar\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: {78A06E16-66E1-4670-B681-6D1FACF285C1} - System32\Tasks\OpenCandyHelperRunAA747FB84C99428893401EAD6DC44017 => Rundll32.exe "C:\Users\Diyar\AppData\Roaming\OpenCandy\6D7FCDBD763F4E7B8DC17972DF6EC147\OCBrowserHelper_1.0.4.106.dll",_OCRestartDll@16 Task: {8EF48CA0-8074-4B72-A1F0-19606C512BD8} - System32\Tasks\ASC8_SkipUac_Dilan => C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe [2014-11-07] (IObit) Task: {9EEAEB29-1CAF-4506-83A3-C43A1D4EC9EB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1001Core => C:\Users\Diyar\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: {AB158445-097D-4E6D-A487-F37DE12E7F2B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1007Core => C:\Users\Dilan\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: {B81CE756-FD0E-49D9-A7CD-7AA53D4D5E6A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1003UA => C:\Users\Plan b\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: {D65BE0E9-D7A6-4A5A-A924-649EE8323671} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1007UA => C:\Users\Dilan\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: {FC8F0631-F614-4F0C-A14A-15745614A35D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1001Core.job => C:\Users\Diyar\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1001UA.job => C:\Users\Diyar\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1003Core.job => C:\Users\Plan b\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1003UA.job => C:\Users\Plan b\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1007Core.job => C:\Users\Dilan\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1007UA.job => C:\Users\Dilan\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\OpenCandyHelperRunAA747FB84C99428893401EAD6DC44017.job => C:\Users\Diyar\AppData\Roaming\OpenCandy\6D7FCDBD763F4E7B8DC17972DF6EC147\OCBrowserHelper_1.0.4.106.dll ==================== Loaded Modules (whitelisted) ============= 2014-12-04 20:08 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 8\sqlite3.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2014-12-04 20:08 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files\IObit\Advanced SystemCare 8\webres.dll 2014-12-04 20:08 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madExcept_.bpl 2014-12-04 20:08 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madBasic_.bpl 2014-12-04 20:08 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madDisAsm_.bpl 2014-11-13 10:59 - 2014-11-13 10:57 - 00270336 _____ () C:\Program Files\MyPC Backup\AlphaFS.dll 2014-11-13 10:59 - 2014-11-13 10:57 - 00060928 _____ () C:\Program Files\MyPC Backup\LinqBridge.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:CC2DDA0D ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: PnkBstrA => 2 MSCONFIG\Services: ServiceLayer => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install SafeKey IE RunOnce.lnk => C:\Windows\pss\Install SafeKey IE RunOnce.lnk.CommonStartup MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-2244397687-2994677012-3856678615-500 - Administrator - Disabled) Dilan (S-1-5-21-2244397687-2994677012-3856678615-1007 - Administrator - Enabled) => C:\Users\Dilan Diyar (S-1-5-21-2244397687-2994677012-3856678615-1001 - Limited - Enabled) => C:\Users\Diyar Gast (S-1-5-21-2244397687-2994677012-3856678615-501 - Limited - Disabled) => C:\Users\Gast.Diyar-PC HomeGroupUser$ (S-1-5-21-2244397687-2994677012-3856678615-1002 - Limited - Enabled) Plan b (S-1-5-21-2244397687-2994677012-3856678615-1003 - Limited - Enabled) => C:\Users\Plan b ümit (S-1-5-21-2244397687-2994677012-3856678615-1008 - Limited - Enabled) => C:\Users\ümit ==================== Faulty Device Manager Devices ============= Name: hp scanjet scanner Description: hp scanjet scanner Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: TSSTcorp DVD-ROM SH-D163B Description: TSSTcorp DVD-ROM SH-D163B Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (12/14/2014 02:41:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.ServiceHost.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException Stapel: bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition) bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean) bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore() bei System.ComponentModel.Composition.Primitives.Export.get_Value() bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export) bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String) bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (12/14/2014 02:41:05 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.ServiceHost.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException Stapel: bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition) bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean) bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore() bei System.ComponentModel.Composition.Primitives.Export.get_Value() bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export) bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String) bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (12/14/2014 02:40:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.ServiceHost.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException Stapel: bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition) bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean) bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore() bei System.ComponentModel.Composition.Primitives.Export.get_Value() bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export) bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String) bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (12/14/2014 02:39:42 PM) (Source: Schedule) (EventID: 0) (User: ) Description: Schedule error: 10106Initialize call failed, bailing out Error: (12/14/2014 02:24:52 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: ) Description: Die Schnittstelle ist unbekannt Error: (12/14/2014 02:24:52 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: ) Description: Das Handle ist ungültig Error: (12/14/2014 02:24:18 PM) (Source: Schedule) (EventID: 0) (User: ) Description: Schedule error: 10106Initialize call failed, bailing out Error: (12/14/2014 02:18:12 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: ) Description: Das Handle ist ungültig Error: (12/14/2014 02:18:12 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: ) Description: Das Handle ist ungültig Error: (12/14/2014 01:41:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Skype.exe, Version: 6.18.0.106, Zeitstempel: 0x53d13f6d Name des fehlerhaften Moduls: Skype.exe, Version: 6.18.0.106, Zeitstempel: 0x53d13f6d Ausnahmecode: 0x40000015 Fehleroffset: 0x00bd336e ID des fehlerhaften Prozesses: 0xec8 Startzeit der fehlerhaften Anwendung: 0xSkype.exe0 Pfad der fehlerhaften Anwendung: Skype.exe1 Pfad des fehlerhaften Moduls: Skype.exe2 Berichtskennung: Skype.exe3 System errors: ============= Error: (12/14/2014 03:28:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891 Error: (12/14/2014 03:28:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147024891 Error: (12/14/2014 03:24:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147024891 Error: (12/14/2014 03:24:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891 Error: (12/14/2014 03:22:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147014790 Error: (12/14/2014 03:21:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147014790 Error: (12/14/2014 03:21:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147014790 Error: (12/14/2014 03:20:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147014790 Error: (12/14/2014 03:20:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147014790 Error: (12/14/2014 03:19:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147014790 Microsoft Office Sessions: ========================= Error: (12/14/2014 02:41:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.ServiceHost.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException Stapel: bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition) bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean) bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore() bei System.ComponentModel.Composition.Primitives.Export.get_Value() bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export) bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String) bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (12/14/2014 02:41:05 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.ServiceHost.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException Stapel: bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition) bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean) bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore() bei System.ComponentModel.Composition.Primitives.Export.get_Value() bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export) bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String) bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (12/14/2014 02:40:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.OE.ServiceHost.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException Stapel: bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition) bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean) bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore() bei System.ComponentModel.Composition.Primitives.Export.get_Value() bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export) bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String) bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (12/14/2014 02:39:42 PM) (Source: Schedule) (EventID: 0) (User: ) Description: Schedule error: 10106Initialize call failed, bailing out Error: (12/14/2014 02:24:52 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: ) Description: Die Schnittstelle ist unbekannt Error: (12/14/2014 02:24:52 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: ) Description: Das Handle ist ungültig Error: (12/14/2014 02:24:18 PM) (Source: Schedule) (EventID: 0) (User: ) Description: Schedule error: 10106Initialize call failed, bailing out Error: (12/14/2014 02:18:12 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: ) Description: Das Handle ist ungültig Error: (12/14/2014 02:18:12 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: ) Description: Das Handle ist ungültig Error: (12/14/2014 01:41:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Skype.exe6.18.0.10653d13f6dSkype.exe6.18.0.10653d13f6d4000001500bd336eec801d0179b46751714C:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Skype\Phone\Skype.exe896da725-838e-11e4-92f7-001e8cb6cc4d ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz Percentage of memory in use: 48% Total physical RAM: 2047.29 MB Available physical RAM: 1051.4 MB Total Pagefile: 2047.29 MB Available Pagefile: 1017.22 MB Total Virtual: 2047.88 MB Available Virtual: 1894.2 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:139.55 GB) (Free:19.57 GB) NTFS Drive d: () (Fixed) (Total:195.7 GB) (Free:24.51 GB) NTFS Drive e: () (Removable) (Total:14.98 GB) (Free:5.63 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 335.4 GB) (Disk ID: 1549F232) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=139.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=195.7 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (Size: 15 GB) (Disk ID: 99BE69B9) Partition 1: (Not Active) - (Size=15 GB) - (Type=0C) ==================== End Of Log ============================ |
14.12.2014, 23:34 | #4 |
/// the machine /// TB-Ausbilder | Pc keine Verbindung obwohl es unten angezeigt wird Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
15.12.2014, 13:19 | #5 |
| Pc keine Verbindung obwohl es unten angezeigt wird Hey Ich habe vorhin das Programm runtergeladen und ausgeführt. Auf der Suche nach den Programmen zum Deinstalieren fand ich aber nichts. Kein einziges, die von dir aufgezählten Programme, werden bei mir angezeigt, was nun ? |
15.12.2014, 21:02 | #6 |
/// the machine /// TB-Ausbilder | Pc keine Verbindung obwohl es unten angezeigt wird Schau mal ob Du sie unter WIndows findest zum Deinstallieren, dann dort deinstallieren. Egal ob ja oder nein, direkt weiter mit dem Rest von oben.
__________________ --> Pc keine Verbindung obwohl es unten angezeigt wird |
17.12.2014, 17:46 | #7 |
| Pc keine Verbindung obwohl es unten angezeigt wird Ich krieg die Sachen nicht weg hab's mit 4 Programmen versucht |
17.12.2014, 21:11 | #8 | ||
/// the machine /// TB-Ausbilder | Pc keine Verbindung obwohl es unten angezeigt wirdZitat:
Was versucht weg zu bekommen? Mit was? Mach doch einfach was oben steht! Sachen deinstallieren mit Revo. Geht nit? Dann wie oben beschrieben in Windows schauen zum Deinstallieren. Geht nit, dann steht oben schon gleich die nächste Anweisung. Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
18.12.2014, 15:33 | #9 |
| Pc keine Verbindung obwohl es unten angezeigt wird Also, ich weiß zwar nicht wie aber der Pc hat wieder Verbindung zum Internet Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2014 Ran by Dilan at 2014-12-18 15:27:01 Running from C:\Users\Dilan\Desktop\Neuer Ordner\Neuer Ordner\Neuer Ordner Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) AC2 server emulator 0.44 by Dormine (HKLM\...\{675DD1E6-637A-4F0E-B6DE-26F45CC26092}_is1) (Version: - bjamikel) Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.) Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit) Airfoil (HKLM\...\Airfoil) (Version: 3.5.3 - Rogue Amoeba) AMD Catalyst Install Manager (HKLM\...\{319271B3-E2AA-F623-928E-245C9EBF16F7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Assassin's Creed Brotherhood (HKLM\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.00 - Ubisoft) Avira (HKLM\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG) Avira (Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden BurnAware Free 3.0.3 (HKLM\...\BurnAware Free_is1) (Version: - Burnaware Technologies) CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform) CPUID CPU-Z 1.67 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Driver Booster 2 (HKLM\...\Driver Booster_is1) (Version: 2.0 - IObit) EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc) Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Formelrechner (HKLM\...\{69F0CEA4-43E2-4CBB-92DF-41860A40A631}) (Version: 1.00.0000 - Cornelsen Verlag) Game Booster 3 (HKLM\...\Game Booster_is1) (Version: 3.4 - IObit) GeoGebra (HKLM\...\GeoGebra) (Version: 3.2.46.0 - International GeoGebra Institute) hp deskjet 5100 (HKLM\...\{15C165F1-1DAE-4476-AFB6-8723729B41E7}) (Version: 1.03.0000 - Hewlett-Packard) hp print screen utility (HKLM\...\hp print screen utility) (Version: - ) HP Scanjet G2410 and 2400 (HKLM\...\{E5B04674-1885-4B08-BAE7-ECDEC1F84677}) (Version: 13.0 - HP) HP Speicher-Disc (HKLM\...\{B376402D-58EA-45EA-BD50-DD924EB67A70}) (Version: 1.0.4.805 - Hewlett-Packard Company) hpg2410 (Version: 13.0.0.0 - Ihr Firmenname) Hidden iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.) IObit Malware Fighter (HKLM\...\IObit Malware Fighter_is1) (Version: 2.5 - IObit) iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.) Java 7 Update 72 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) McAfee SafeKey(uninstall only) (HKLM\...\safekey) (Version: - McAfee, Inc.) MegaTrainer eXperience V1.2.1.3 (HKLM\...\MegaTrainer eXperience_is1) (Version: - ) Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Morrowind (HKLM\...\{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}) (Version: - ) MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com) Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla) MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA PhysX (HKLM\...\{54194F60-988C-4D03-B922-C2B00EFDA39A}) (Version: 9.10.0222 - NVIDIA Corporation) Oblivion (HKLM\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks) OpenAL (HKLM\...\OpenAL) (Version: - ) Origin (HKLM\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.) osu! (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy) Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.6.0 - Pando Networks Inc.) PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia) Philips SPC620NC Webcam (HKLM\...\{5CA6F170-E18D-4B4C-8670-3ED096478C41}) (Version: 1.00.000 - Philips) Philips VLounge (HKLM\...\{EA57A1B9-0DD2-44DD-9B70-64E8DA553F6F}) (Version: - ArcSoft) PhotoScape (HKLM\...\PhotoScape) (Version: - ) PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.) QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.) Remote Mouse version 2.56 (HKLM\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 2.56 - Remote Mouse) Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) S.T.A.L.K.E.R. - Clear Sky [v1.0003] (HKLM\...\S.T.A.L.K.E.R. - Clear Sky_is1) (Version: 1.0003 - Deep Silver) Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden SBMAV Disk Cleaner 3 (HKLM\...\SBMAV Disk Cleaner_is1) (Version: - SBMAV Software) Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden Scribblenauts Unlimited (HKLM\...\Steam App 218680) (Version: - 5th Cell Media) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype Web Plugin (HKLM\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.) Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - ) Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) Startup Booster v2.4 (HKLM\...\Startup Booster_is1) (Version: 2.4 - Smart PC Solutions) Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Requirements Lab CYRI (HKLM\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC) System Requirements Lab Detection (HKLM\...\{1AAE7ACD-816D-4982-A16B-4B724EBC1139}) (Version: 2.2.3.0 - Husdawg, LLC) TeamSpeak 3 Client (HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TES Construction Set (HKLM\...\{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}) (Version: - ) The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios) Tomb Raider (HKLM\...\Steam App 203160) (Version: - Crystal Dynamics) Unity Web Player (HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS) VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes) Web Protect for Windows (HKLM\...\wp-adinject-adk) (Version: 10.0.0 - Web Protect) <==== ATTENTION WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden Win7codecs (HKLM\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.5.5 - Shark007) Windows 7 Manager (HKLM\...\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}) (Version: 1.2.4 - Yamicsoft) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2244397687-2994677012-3856678615-1007_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Dilan\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS) CustomCLSID: HKU\S-1-5-21-2244397687-2994677012-3856678615-1007_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Dilan\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.) CustomCLSID: HKU\S-1-5-21-2244397687-2994677012-3856678615-1007_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Dilan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) ==================== Restore Points ========================= 18-12-2014 13:10:28 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2011-12-27 23:20 - 00001052 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 static3.cdn.ubi.com 127.0.0.1 ubisoft-orbit.s3.amazonaws.com 127.0.0.1 onlineconfigservice.ubi.com 127.0.0.1 orbitservice.ubi.com 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0287347F-A494-40A6-80A7-79332DD6FCDF} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe [2014-12-04] () Task: {09CB0658-D38A-429B-8689-FF55D3D736F1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {209B2B82-0027-40A1-9A39-D184D960369D} - System32\Tasks\{36BFCFFA-0D1F-4AC9-BFA0-DB8E2A24399D} => D:\ds spiele 2011\assassino\AssassinsCreed_Launcher.exe [2008-02-22] (Ubisoft) Task: {240AAF96-D29C-4A96-A93B-37C0975C1337} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1003Core => C:\Users\Plan b\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: {33B714B5-A3A0-4EDC-BE19-38C19AE6B87A} - System32\Tasks\{2C903AF0-4B97-4152-92F4-AD248E3C39DD} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}\setup.exe" -c -runfromtemp -l0x0007 -removeonly Task: {40AE8109-5676-4B67-A920-8149CBF4554A} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe [2014-11-10] (IObit) Task: {42777146-01BD-4275-AF2E-8EE21B9B9589} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-17] (Adobe Systems Incorporated) Task: {49A8D5A1-100A-4ACF-AA67-6397372ADC19} - System32\Tasks\{43494C23-39CF-4CB7-AE22-A9011C268D9C} => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd) Task: {550A0356-ACC0-4AFB-8DDD-3FBC4345694B} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2244397687-2994677012-3856678615-1007 Task: {60D5985A-52AC-40D2-8AA3-D805A78C9A27} - System32\Tasks\{4DBA4EFA-5763-471B-AEBE-4312DE7BB6F8} => D:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe [2009-07-07] () Task: {61424186-3346-4140-80A8-C93CF4CD2489} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1001UA => C:\Users\Diyar\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: {78A06E16-66E1-4670-B681-6D1FACF285C1} - \OpenCandyHelperRunAA747FB84C99428893401EAD6DC44017 No Task File <==== ATTENTION Task: {8EF48CA0-8074-4B72-A1F0-19606C512BD8} - System32\Tasks\ASC8_SkipUac_Dilan => C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe [2014-11-07] (IObit) Task: {9EEAEB29-1CAF-4506-83A3-C43A1D4EC9EB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1001Core => C:\Users\Diyar\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: {AB158445-097D-4E6D-A487-F37DE12E7F2B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1007Core => C:\Users\Dilan\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: {B81CE756-FD0E-49D9-A7CD-7AA53D4D5E6A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1003UA => C:\Users\Plan b\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: {D65BE0E9-D7A6-4A5A-A924-649EE8323671} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1007UA => C:\Users\Dilan\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: {FC8F0631-F614-4F0C-A14A-15745614A35D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Driver Booster Scan.job => C:\Program Files\IObit\Driver Booster\Scheduler.exe Task: C:\Windows\Tasks\Driver Booster SkipUAC (Dilan).job => C:\Program Files\IObit\Driver Booster\DriverBooster.exe Task: C:\Windows\Tasks\Driver Booster Update.job => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1001Core.job => C:\Users\Diyar\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1001UA.job => C:\Users\Diyar\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1003Core.job => C:\Users\Plan b\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1003UA.job => C:\Users\Plan b\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1007Core.job => C:\Users\Dilan\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1007UA.job => C:\Users\Dilan\AppData\Local\Facebook\Update\FacebookUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-12-04 20:08 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 8\sqlite3.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2014-12-04 21:21 - 2014-12-04 21:21 - 00801304 _____ () C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe 2014-12-04 20:08 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madExcept_.bpl 2014-12-04 20:08 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madBasic_.bpl 2014-12-04 20:08 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madDisAsm_.bpl 2014-12-04 20:08 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files\IObit\Advanced SystemCare 8\ProductStatistics.dll 2014-12-04 20:08 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files\IObit\Advanced SystemCare 8\webres.dll 2014-12-17 19:53 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files\IObit\IObit Malware Fighter\madExcept_.bpl 2014-12-17 19:53 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files\IObit\IObit Malware Fighter\madBasic_.bpl 2014-12-17 19:53 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files\IObit\IObit Malware Fighter\madDisAsm_.bpl 2014-12-17 19:53 - 2013-12-12 18:46 - 08001344 _____ () C:\Program Files\IObit\IObit Malware Fighter\WebUI.dll 2014-12-17 19:53 - 2013-05-16 19:26 - 00182080 _____ () C:\Program Files\IObit\IObit Malware Fighter\unrar.dll 2014-12-17 19:53 - 2013-10-16 22:17 - 00185168 _____ () C:\Program Files\IObit\IObit Malware Fighter\libcurl-4.dll 2014-12-17 19:53 - 2013-05-16 19:26 - 00145216 _____ () C:\Program Files\IObit\IObit Malware Fighter\zlibwapi.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:CC2DDA0D ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: PnkBstrA => 2 MSCONFIG\Services: ServiceLayer => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install SafeKey IE RunOnce.lnk => C:\Windows\pss\Install SafeKey IE RunOnce.lnk.CommonStartup MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-2244397687-2994677012-3856678615-500 - Administrator - Disabled) Dilan (S-1-5-21-2244397687-2994677012-3856678615-1007 - Administrator - Enabled) => C:\Users\Dilan Diyar (S-1-5-21-2244397687-2994677012-3856678615-1001 - Limited - Enabled) => C:\Users\Diyar Gast (S-1-5-21-2244397687-2994677012-3856678615-501 - Limited - Disabled) => C:\Users\Gast.Diyar-PC HomeGroupUser$ (S-1-5-21-2244397687-2994677012-3856678615-1002 - Limited - Enabled) Plan b (S-1-5-21-2244397687-2994677012-3856678615-1003 - Limited - Enabled) => C:\Users\Plan b ümit (S-1-5-21-2244397687-2994677012-3856678615-1008 - Limited - Enabled) => C:\Users\ümit ==================== Faulty Device Manager Devices ============= Name: TSSTcorp DVD-ROM SH-D163B Description: TSSTcorp DVD-ROM SH-D163B Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (12/18/2014 00:33:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 34.0.5.5443, Zeitstempel: 0x5475dd5d Name des fehlerhaften Moduls: mozalloc.dll, Version: 34.0.5.5443, Zeitstempel: 0x5475d664 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001425 ID des fehlerhaften Prozesses: 0xc64 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (12/17/2014 10:26:48 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: ) Description: Das Handle ist ungültig Error: (12/17/2014 10:26:48 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: ) Description: Das Handle ist ungültig Error: (12/17/2014 10:03:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.711, Zeitstempel: 0x542b53ec Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0xd3c Startzeit der fehlerhaften Anwendung: 0xmbam.exe0 Pfad der fehlerhaften Anwendung: mbam.exe1 Pfad des fehlerhaften Moduls: mbam.exe2 Berichtskennung: mbam.exe3 Error: (12/17/2014 09:12:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: TombRaider.exe, Version: 1.1.748.0, Zeitstempel: 0x519379a7 Name des fehlerhaften Moduls: TombRaider.exe, Version: 1.1.748.0, Zeitstempel: 0x519379a7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000d9c3a ID des fehlerhaften Prozesses: 0xa60 Startzeit der fehlerhaften Anwendung: 0xTombRaider.exe0 Pfad der fehlerhaften Anwendung: TombRaider.exe1 Pfad des fehlerhaften Moduls: TombRaider.exe2 Berichtskennung: TombRaider.exe3 Error: (12/17/2014 09:09:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.0.8.1, Zeitstempel: 0x546e4a58 Name des fehlerhaften Moduls: mbamservice.exe, Version: 3.0.8.1, Zeitstempel: 0x546e4a58 Ausnahmecode: 0x40000015 Fehleroffset: 0x0008f796 ID des fehlerhaften Prozesses: 0x848 Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0 Pfad der fehlerhaften Anwendung: mbamservice.exe1 Pfad des fehlerhaften Moduls: mbamservice.exe2 Berichtskennung: mbamservice.exe3 Error: (12/17/2014 08:54:37 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Error: Failed to add firewall exception for C:\Program Files\Steam\steam.exe Error: (12/17/2014 08:22:51 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: ) Description: Das Handle ist ungültig Error: (12/17/2014 07:56:44 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {801d3d3d-75e3-476c-803d-17b5191ca3f6} System errors: ============= Error: (12/18/2014 03:19:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "UrlFilter" wurde aufgrund folgenden Fehlers nicht gestartet: %%1753 Error: (12/18/2014 03:18:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891 Error: (12/18/2014 03:18:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147024891 Error: (12/18/2014 03:18:31 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: Der Dienst "MBAMWebAccessControl" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error: (12/18/2014 03:18:30 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: Der Dienst "MBAMWebAccessControl" ist von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert. Error: (12/18/2014 03:17:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: %%-2147024891 Error: (12/18/2014 03:16:40 PM) (Source: volmgr) (EventID: 46) (User: ) Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen. Error: (12/18/2014 00:35:52 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error: (12/18/2014 00:35:52 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Multimediaklassenplaner" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error: (12/18/2014 00:33:57 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Microsoft Office Sessions: ========================= Error: (12/18/2014 00:33:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d6648000000300001425c6401d01ab629d5a9f3C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dllb7a114e3-86a9-11e4-8325-001e8cb6cc4d Error: (12/17/2014 10:26:48 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: ) Description: Das Handle ist ungültig Error: (12/17/2014 10:26:48 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: ) Description: Das Handle ist ungültig Error: (12/17/2014 10:03:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbam.exe1.0.1.711542b53ecMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdd3c01d01a3cc054cbd5C:\Program Files\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files\ Malwarebytes Anti-Malware \MSVCR100.dll14e58de8-8630-11e4-ab3a-001e8cb6cc4d Error: (12/17/2014 09:12:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: TombRaider.exe1.1.748.0519379a7TombRaider.exe1.1.748.0519379a7c0000005000d9c3aa6001d01a35bddc92f3C:\Program Files\Steam\steamapps\common\Tomb Raider\TombRaider.exeC:\Program Files\Steam\steamapps\common\Tomb Raider\TombRaider.exefba51a55-8628-11e4-ab3a-001e8cb6cc4d Error: (12/17/2014 09:09:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mbamservice.exe3.0.8.1546e4a58mbamservice.exe3.0.8.1546e4a58400000150008f79684801d01a31cec22843C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exeC:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exeab1ec27e-8628-11e4-ab3a-001e8cb6cc4d Error: (12/17/2014 08:54:37 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Failed to add firewall exception for C:\Program Files\Steam\steam.exe Error: (12/17/2014 08:22:51 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: ) Description: Das Handle ist ungültig Error: (12/17/2014 07:56:44 PM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Zugriff verweigert Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {801d3d3d-75e3-476c-803d-17b5191ca3f6} ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz Percentage of memory in use: 93% Total physical RAM: 2047.23 MB Available physical RAM: 133.93 MB Total Pagefile: 2047.23 MB Available Pagefile: 141.09 MB Total Virtual: 2047.88 MB Available Virtual: 1917.48 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:139.55 GB) (Free:16.24 GB) NTFS Drive d: () (Fixed) (Total:195.7 GB) (Free:24.51 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 335.4 GB) (Disk ID: 1549F232) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=139.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=195.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2014 Ran by Dilan (administrator) on DIYAR-PC on 18-12-2014 15:19:42 Running from C:\Users\Dilan\Desktop\Neuer Ordner\Neuer Ordner\Neuer Ordner Loaded Profile: Dilan (Available profiles: Diyar & Plan b & Dilan & ümit & Gast) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe (AMD) C:\Windows\System32\atiesrxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (AMD) C:\Windows\System32\atieclxx.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe () C:\Program Files\IObit\Game Booster 3\Autoupdate.exe (IObit) C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (IObit) C:\Program Files\IObit\Advanced SystemCare 8\Suo10_SmartRAM.exe (IObit) C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] => TTIME HKLM\...\Run: [VirtualCloneDrive] => N.EXE" /S HKLM\...\Run: [HP Software Update] => FTWARE UPDATE\HPWUSCHD.EXE" HKLM\...\Run: [HP Component Manager] => RETECH\HPCMPMGR.EXE" HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748256 2014-09-15] (Advanced Micro Devices, Inc.) HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [1802048 2014-10-13] (IObit) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-12-17] (Realtek Semiconductor) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess? HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2425632 2014-11-07] (IObit) HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\...\Run: [SmartRAM] => C:\Program Files\IObit\Advanced SystemCare 8\Suo10_SmartRAM.exe [535840 2014-09-02] (IObit) HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\...\RunOnce: [Adobe Speed Launcher] => 1418912295 HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKLM - (No Name) - {192a6019-26d2-4611-aead-07cd7733b146} - No File StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2244397687-2994677012-3856678615-1007 -> {D3D2BF91-3DFC-4D43-9DB5-CBC0F1DFBE71} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE0D20140110&p={SearchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) Handler: livecall - No CLSID Value - Handler: msnim - No CLSID Value - Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Dilan\AppData\Roaming\Mozilla\Firefox\Profiles\uj6owbww.default-1417512113460 FF NewTab: about:blank FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2244397687-2994677012-3856678615-1007: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dilan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKU\S-1-5-21-2244397687-2994677012-3856678615-1007: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dilan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml FF Extension: Ads Removal - C:\Users\Dilan\AppData\Roaming\Mozilla\Firefox\Profiles\uj6owbww.default-1417512113460\Extensions\adremoveext@adremoveext.net [2014-12-18] FF Extension: {10688ffe-50ac-46ae-a40c-b393e967575e} - C:\Users\Dilan\AppData\Roaming\Mozilla\Firefox\Profiles\uj6owbww.default-1417512113460\Extensions\{10688ffe-50ac-46ae-a40c-b393e967575e}.xpi [2014-12-13] FF Extension: Adblock Plus - C:\Users\Dilan\AppData\Roaming\Mozilla\Firefox\Profiles\uj6owbww.default-1417512113460\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-13] Chrome: ======= CHR Profile: C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (ProxFlow) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-09-20] CHR Extension: (Google Präsentationen) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-20] CHR Extension: (McAfee SafeKey) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2014-09-20] CHR Extension: (Google Docs) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-20] CHR Extension: (Google Drive) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-20] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-20] CHR Extension: (YouTube) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-20] CHR Extension: (Google-Suche) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-20] CHR Extension: (Google Tabellen) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-20] CHR Extension: (Avira Browser Safety) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-20] CHR Extension: (Google Wallet) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-20] CHR Extension: (Google Mail) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-20] CHR HKLM\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Diyar\AppData\LocalLow\proxtube\CHROME\proxtube.crx [2012-04-19] CHR HKLM\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files\SafeKey\lpchrome.crx [2013-09-23] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [344896 2014-09-30] (IObit) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S4 Origin Client Service; D:\origin\OriginClientService.exe [1900400 2014-12-01] (Electronic Arts) S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2012-01-30] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [251096 2014-12-17] (Realtek Semiconductor) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 65006428; C:\Windows\System32\DRIVERS\65006428.sys [133208 2013-08-30] (Kaspersky Lab ZAO) R0 AFS; C:\Windows\system32\Drivers\AFS.sys [77004 2014-09-07] (Oak Technology Inc.) [File not signed] R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [83872 2012-07-08] () R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG) S3 EverestDriver; C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [7168 2005-08-18] () [File not signed] R3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [21480 2013-03-23] (IObit) S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2008-12-13] () [File not signed] R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed] S3 hamachi_oem; C:\Windows\System32\DRIVERS\gan_adapter.sys [10664 2006-08-28] (Applied Networking Inc.) [File not signed] R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2012-07-08] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy) S3 nocashio; C:\Windows\System32\drivers\nocashio.sys [4096 2011-08-23] () [File not signed] S3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [154752 2005-10-18] (PixArt Imaging Inc.) R3 phaudlwr; C:\Windows\System32\DRIVERS\phaudlwr.sys [89648 2009-10-20] (Philips Applied Technologies) R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [32288 2013-11-19] (IObit.com) S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [28656 2014-12-17] (Synaptics Incorporated) R3 SPC620; C:\Windows\System32\drivers\SPC620.sys [484352 2007-09-28] (Philips ) R3 SPC620m; C:\Windows\System32\drivers\SPC620m.sys [7680 2007-09-28] (Philips ) R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software) R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2011-06-24] (Acronis) S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [20944 2013-11-19] (IObit.com) S3 WinRing0_1_2_0; C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [14416 2010-11-01] (OpenLibSys.org) S3 cpuz137; \??\C:\Users\Dilan\AppData\Local\Temp\cpuz137\cpuz137_x32.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] U4 RDSessMgr; No ImagePath S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2099-05-21 16:14 - 9514-05-21 16:27 - 00000000 ____D () C:\Users\Diyar\AppData\Local\Apps\2.0 2099-05-21 16:14 - 2014-09-06 10:55 - 00000000 ____D () C:\Users\Diyar\AppData\Local\Deployment 2014-12-18 12:40 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-17 21:02 - 2014-12-17 21:19 - 00006113 _____ () C:\Users\ümit\Documents\TombRaider.log 2014-12-17 20:57 - 2014-12-17 20:57 - 00000000 ____D () C:\Users\ümit\Documents\My Games 2014-12-17 20:56 - 2014-12-17 20:56 - 00000000 ____D () C:\Users\ümit\AppData\Roaming\MotioninJoy 2014-12-17 20:52 - 2014-12-17 20:52 - 00000000 ____D () C:\Users\ümit\AppData\Roaming\Macromedia 2014-12-17 20:48 - 2014-12-17 20:49 - 00000000 ____D () C:\Users\ümit\AppData\Roaming\Origin 2014-12-17 20:48 - 2014-12-17 20:49 - 00000000 ____D () C:\Users\ümit\AppData\Local\Origin 2014-12-17 20:34 - 2014-12-18 15:16 - 00005558 _____ () C:\Windows\PFRO.log 2014-12-17 20:34 - 2014-12-17 20:44 - 00409800 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-17 20:08 - 2014-12-18 15:19 - 00000000 ____D () C:\Users\Dilan\Desktop\Neuer Ordner 2014-12-17 20:05 - 2014-12-17 20:05 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-12-17 20:05 - 2014-12-17 20:04 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-12-17 20:04 - 2014-12-17 20:04 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-12-17 20:04 - 2014-12-17 20:04 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-12-17 20:04 - 2014-12-17 20:04 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-12-17 20:04 - 2014-12-17 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-12-17 20:02 - 2014-12-17 20:02 - 00719064 _____ (Realtek ) C:\Windows\system32\Drivers\Rt86win7.sys 2014-12-17 20:02 - 2014-12-17 20:02 - 00100896 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst32.dll 2014-12-17 20:02 - 2014-12-17 20:02 - 00076872 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp32.dll 2014-12-17 20:02 - 2014-12-17 20:02 - 00028656 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys 2014-12-17 20:02 - 2014-12-17 20:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf 2014-12-17 20:02 - 2014-12-17 20:02 - 00000000 ____D () C:\Program Files\Synaptics 2014-12-17 19:58 - 2014-12-17 19:58 - 00000000 ____D () C:\Windows\system32\SRSLabs 2014-12-17 19:57 - 2014-12-17 19:57 - 60636160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes.dat 2014-12-17 19:57 - 2014-12-17 19:57 - 03086040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys 2014-12-17 19:57 - 2014-12-17 19:57 - 02566872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll 2014-12-17 19:57 - 2014-12-17 19:57 - 02474200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO.dll 2014-12-17 19:57 - 2014-12-17 19:57 - 02421792 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll 2014-12-17 19:57 - 2014-12-17 19:57 - 01892056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl 2014-12-17 19:57 - 2014-12-17 19:57 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT 2014-12-17 19:57 - 2014-12-17 19:57 - 00916696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll 2014-12-17 19:57 - 2014-12-17 19:57 - 00782040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll 2014-12-17 19:57 - 2014-12-17 19:57 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll 2014-12-17 19:57 - 2014-12-17 19:57 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll 2014-12-17 19:57 - 2014-12-17 19:57 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll 2014-12-17 19:57 - 2014-12-17 19:57 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll 2014-12-17 19:57 - 2014-12-17 19:57 - 00214368 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK.dll 2014-12-17 19:57 - 2014-12-17 19:57 - 00214352 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFFXProc.dll 2014-12-17 19:57 - 2014-12-17 19:57 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll 2014-12-17 19:57 - 2014-12-17 19:57 - 00182472 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll 2014-12-17 19:57 - 2014-12-17 19:57 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll 2014-12-17 19:57 - 2014-12-17 19:57 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll 2014-12-17 19:57 - 2014-12-17 19:57 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll 2014-12-17 19:57 - 2014-12-17 19:57 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll 2014-12-17 19:57 - 2014-12-17 19:57 - 00092584 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll 2014-12-17 19:57 - 2014-12-17 19:57 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll 2014-12-17 19:57 - 2014-12-17 19:57 - 00078672 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFFXComm.dll 2014-12-17 19:57 - 2014-12-17 19:57 - 00074080 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM.dll 2014-12-17 19:57 - 2014-12-17 19:57 - 00074064 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFFXSAPO.dll 2014-12-17 19:57 - 2014-12-17 19:57 - 00074064 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFFXHAPO.dll 2014-12-17 19:57 - 2014-12-17 19:57 - 00074064 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFFXDAPO.dll 2014-12-17 19:57 - 2014-12-17 19:57 - 00068960 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO.dll 2014-12-17 19:57 - 2014-12-17 19:57 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll 2014-12-17 19:57 - 2014-12-17 19:57 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll 2014-12-17 19:53 - 2014-12-17 19:53 - 00001135 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk 2014-12-17 19:53 - 2014-12-17 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter 2014-12-17 19:52 - 2014-12-17 20:06 - 00002096 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk 2014-12-17 19:52 - 2014-12-17 19:52 - 00000272 _____ () C:\Windows\Tasks\Driver Booster Update.job 2014-12-17 19:52 - 2014-12-17 19:52 - 00000270 _____ () C:\Windows\Tasks\Driver Booster Scan.job 2014-12-17 19:52 - 2014-12-17 19:52 - 00000236 _____ () C:\Windows\Tasks\Driver Booster SkipUAC (Dilan).job 2014-12-17 19:52 - 2014-12-17 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2 2014-12-17 19:49 - 2014-12-17 19:49 - 00000216 _____ () C:\Users\Dilan\Desktop\Scribblenauts Unlimited.url 2014-12-17 19:27 - 2014-12-17 19:27 - 00110064 _____ () C:\Users\Dilan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-17 19:23 - 2014-12-18 15:17 - 00001307 _____ () C:\Windows\setupact.log 2014-12-17 19:23 - 2014-12-17 19:23 - 00000000 _____ () C:\Windows\setuperr.log 2014-12-17 12:47 - 2014-12-17 12:47 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-17 07:17 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-17 07:17 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-12-17 07:17 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-12-17 07:17 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-12-17 07:17 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-12-17 04:29 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-17 04:29 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-17 04:29 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-17 04:29 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-17 04:29 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-17 04:29 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-17 04:29 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-17 04:29 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2014-12-17 04:29 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-17 04:29 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-17 04:29 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-17 04:29 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-17 04:29 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-17 04:29 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-17 04:29 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-17 04:29 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-17 04:29 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-17 04:29 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-17 04:29 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-17 04:29 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-17 04:29 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-17 04:29 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-17 04:29 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-17 04:29 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-17 04:29 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-17 04:29 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-17 04:29 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-17 04:29 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-17 04:29 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-17 04:29 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-17 04:29 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-17 04:29 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-17 04:29 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-17 04:29 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-17 04:29 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-17 04:29 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-17 04:29 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-17 04:29 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-17 04:29 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-17 04:28 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-17 04:28 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-17 04:28 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-17 04:28 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-17 04:28 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-17 04:28 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-17 04:28 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-16 22:54 - 2014-12-17 16:44 - 00000000 ____D () C:\AdwCleaner 2014-12-16 22:53 - 2014-12-16 22:53 - 00000000 ____D () C:\Windows\ERUNT 2014-12-15 15:46 - 2014-12-15 15:46 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\WinBatch 2014-12-15 12:34 - 2014-12-15 13:32 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-12-14 15:57 - 2014-12-18 15:18 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-14 15:57 - 2014-12-14 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-14 15:57 - 2014-12-14 15:57 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-12-14 15:57 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-14 15:57 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-14 15:57 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-14 15:37 - 2014-12-18 15:19 - 00000000 ____D () C:\FRST 2014-12-14 13:43 - 2014-12-14 13:43 - 00000000 __SHD () C:\Users\Diyar\AppData\Local\EmieBrowserModeList 2014-12-13 23:57 - 2014-12-13 23:57 - 00000000 __SHD () C:\Users\ümit\AppData\Local\EmieUserList 2014-12-13 23:57 - 2014-12-13 23:57 - 00000000 __SHD () C:\Users\ümit\AppData\Local\EmieSiteList 2014-12-13 23:57 - 2014-12-13 23:57 - 00000000 __SHD () C:\Users\ümit\AppData\Local\EmieBrowserModeList 2014-12-13 23:44 - 2014-12-17 20:45 - 00000000 ____D () C:\Users\ümit\AppData\Roaming\IObit 2014-12-13 23:44 - 2014-12-14 16:42 - 00000000 ____D () C:\Users\ümit 2014-12-13 23:44 - 2014-12-13 23:44 - 00110064 _____ () C:\Users\ümit\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-13 23:44 - 2014-12-13 23:44 - 00001425 _____ () C:\Users\ümit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-12-13 23:44 - 2014-12-13 23:44 - 00000482 __RSH () C:\Users\ümit\ntuser.pol 2014-12-13 23:44 - 2014-12-13 23:44 - 00000020 ___SH () C:\Users\ümit\ntuser.ini 2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 _SHDL () C:\Users\ümit\Startmenü 2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 _SHDL () C:\Users\ümit\Netzwerkumgebung 2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 _SHDL () C:\Users\ümit\Druckumgebung 2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 _SHDL () C:\Users\ümit\Documents\Eigene Musik 2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 _SHDL () C:\Users\ümit\Documents\Eigene Bilder 2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 _SHDL () C:\Users\ümit\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 _SHDL () C:\Users\ümit\AppData\Local\Verlauf 2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 ____D () C:\Users\ümit\AppData\Roaming\ATI 2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 ____D () C:\Users\ümit\AppData\Roaming\Adobe 2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 ____D () C:\Users\ümit\AppData\Local\ATI 2014-12-13 23:44 - 2012-04-11 23:59 - 00000000 ____D () C:\Users\ümit\AppData\Local\Microsoft Help 2014-12-13 23:44 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\ümit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-12-13 23:44 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\ümit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-12-13 22:00 - 2014-12-13 22:00 - 29741056 _____ () C:\Windows\system32\config\components.iobit 2014-12-13 21:53 - 2014-12-13 21:53 - 00000000 ____D () C:\Users\Plan b\AppData\Roaming\ProductData 2014-12-13 20:16 - 2014-12-13 20:16 - 00000000 ____D () C:\Users\Plan b\AppData\Roaming\TuneUp Software 2014-12-13 20:10 - 2014-12-13 20:10 - 00000000 ____D () C:\Users\Plan b\AppData\Roaming\IObit 2014-12-13 18:42 - 2014-12-13 18:42 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\TuneUp Software 2014-12-13 18:38 - 2014-12-13 18:38 - 00004616 _____ () C:\Windows\system32\LavasoftTcpService.ini 2014-12-13 18:38 - 2014-12-13 18:38 - 00002448 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini 2014-12-13 18:37 - 2014-11-27 10:44 - 00312424 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll 2014-12-13 18:36 - 2014-12-13 18:36 - 00001288 _____ () C:\Users\Dilan\Desktop\Cloned Files Scanner.lnk 2014-12-10 16:59 - 2014-12-10 17:59 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe 2014-12-09 19:00 - 2014-12-09 19:00 - 00000000 ____D () C:\Users\Diyar\AppData\Roaming\ProductData 2014-12-09 18:59 - 2014-12-09 18:59 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit 2014-12-09 18:59 - 2014-12-09 18:59 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit 2014-12-08 22:53 - 2014-12-08 22:54 - 00880784 _____ (Google Inc.) C:\Users\Diyar\Downloads\ChromeSetup.exe 2014-12-08 22:51 - 2014-12-08 22:51 - 00000000 ____D () C:\Users\Diyar\AppData\Local\Macromedia 2014-12-08 22:50 - 2014-12-08 22:57 - 00000000 ____D () C:\Users\Diyar\AppData\Roaming\IObit 2014-12-08 22:17 - 2014-12-09 22:35 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1007UA.job 2014-12-08 22:17 - 2014-12-09 22:35 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1007Core.job 2014-12-08 22:17 - 2014-12-08 22:18 - 00000000 ____D () C:\Users\Dilan\AppData\Local\Facebook 2014-12-08 22:17 - 2014-12-08 22:17 - 00501248 _____ (Facebook Inc.) C:\Users\Dilan\Downloads\FacebookVideoCallSetup_v1.2.205.0(1).exe 2014-12-07 14:53 - 2014-12-07 14:53 - 00651264 _____ () C:\Users\Dilan\Downloads\Detection(3).msi 2014-12-07 14:49 - 2014-12-07 14:49 - 00651264 _____ () C:\Users\Dilan\Downloads\Detection(2).msi 2014-12-07 14:08 - 2014-12-02 10:27 - 00000216 _____ () C:\Users\Dilan\Desktop\Tomb Raider.url 2014-12-06 21:18 - 2014-12-06 21:18 - 04117346 _____ () C:\Users\Dilan\Downloads\MotioninJoy_071001_signed(2).zip 2014-12-06 21:09 - 2014-12-06 21:09 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\MotioninJoy 2014-12-06 21:08 - 2014-12-06 21:18 - 00001080 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk 2014-12-06 21:08 - 2014-12-06 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy 2014-12-06 21:08 - 2014-12-06 21:18 - 00000000 ____D () C:\Program Files\MotioninJoy 2014-12-06 21:08 - 2014-12-06 21:08 - 04117346 _____ () C:\Users\Dilan\Downloads\MotioninJoy_071001_signed(1).zip 2014-12-06 21:08 - 2011-12-07 19:42 - 00255496 _____ (Logitech Inc.) C:\Windows\system32\MijFrc.dll 2014-12-06 20:31 - 2012-05-12 12:31 - 00099400 _____ (MotioninJoy) C:\Windows\system32\Drivers\MijXfilt.sys 2014-12-06 20:30 - 2014-12-06 20:30 - 04117346 _____ () C:\Users\Dilan\Downloads\MotioninJoy_071001_signed.zip 2014-12-06 20:29 - 2014-12-06 20:29 - 01174352 _____ () C:\Users\Dilan\Downloads\MotioninJoy - CHIP-Installer.exe 2014-12-06 20:25 - 2014-12-06 20:26 - 00000000 ____D () C:\Users\Dilan\AppData\Local\BetterDS3 2014-12-06 20:24 - 2014-12-06 20:24 - 00759932 _____ () C:\Users\Dilan\Downloads\BetterDS3_1.5.3.zip 2014-12-06 20:23 - 2014-12-06 20:23 - 01174352 _____ () C:\Users\Dilan\Downloads\Better DS3 - CHIP-Installer.exe 2014-12-06 20:19 - 2014-12-06 20:19 - 04115757 _____ () C:\Users\Dilan\Downloads\MotioninJoy_070000_signed.zip 2014-12-06 20:04 - 2014-12-06 20:04 - 00804491 _____ () C:\Users\Dilan\Downloads\x360ce.App-2.1.2.191.zip 2014-12-06 19:53 - 2014-12-06 19:53 - 00000000 ____D () C:\Program Files\VID_0E8F&PID_3075 2014-12-06 19:52 - 2014-12-06 19:52 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\InstallShield 2014-12-05 12:29 - 2014-12-05 12:29 - 61407232 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak 2014-12-05 12:29 - 2014-12-05 12:29 - 00368640 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak 2014-12-05 12:29 - 2014-12-05 12:29 - 00098304 _____ () C:\Windows\system32\config\SAM.iodefrag.bak 2014-12-05 12:29 - 2014-12-05 12:29 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak 2014-12-04 21:34 - 2014-12-04 21:34 - 00001216 _____ () C:\Users\Dilan\Desktop\Smart RAM.lnk 2014-12-04 21:21 - 2014-12-04 21:21 - 00001144 _____ () C:\Users\Public\Desktop\Switch to Gaming Mode.lnk 2014-12-04 21:21 - 2014-12-04 21:21 - 00001132 _____ () C:\Users\Public\Desktop\Game Booster 3.lnk 2014-12-04 21:21 - 2014-12-04 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3 2014-12-04 21:02 - 2014-12-13 22:00 - 61423616 _____ () C:\Windows\system32\config\SOFTWARE.iobit 2014-12-04 21:02 - 2014-12-13 22:00 - 00372736 _____ () C:\Windows\system32\config\DEFAULT.iobit 2014-12-04 21:02 - 2014-12-13 22:00 - 00098304 _____ () C:\Windows\system32\config\SAM.iobit 2014-12-04 21:02 - 2014-12-13 22:00 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit 2014-12-04 21:02 - 2014-10-16 10:27 - 00024352 _____ (IObit) C:\Windows\system32\RegistryDefragBootTime.exe 2014-12-04 20:10 - 2014-12-04 20:10 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\ProductData 2014-12-04 20:08 - 2014-12-17 19:53 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\IObit 2014-12-04 20:08 - 2014-12-17 19:53 - 00000000 ____D () C:\ProgramData\ProductData 2014-12-04 20:08 - 2014-12-17 19:53 - 00000000 ____D () C:\Program Files\IObit 2014-12-04 20:08 - 2014-12-17 19:52 - 00000000 ____D () C:\ProgramData\IObit 2014-12-04 20:08 - 2014-12-16 22:52 - 00002131 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk 2014-12-04 20:08 - 2014-12-04 20:08 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled 2014-12-04 20:08 - 2014-12-04 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8 2014-12-04 20:08 - 2014-12-04 20:08 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} 2014-12-04 20:08 - 2014-12-04 20:08 - 00000000 ____D () C:\Program Files\Common Files\IObit 2014-12-04 20:06 - 2014-12-04 20:07 - 43183800 _____ (IObit ) C:\Users\Dilan\Downloads\advanced-systemcare-setup_v8.0.3.exe 2014-12-03 19:04 - 2014-12-03 19:04 - 01174352 _____ () C:\Users\Dilan\Downloads\Wise Registry Cleaner - CHIP-Installer.exe 2014-12-03 18:26 - 2014-12-03 18:26 - 00002247 _____ () C:\Users\Plan b\Desktop\Skyrim (SKSE).lnk 2014-12-03 18:26 - 2014-12-03 18:26 - 00002247 _____ () C:\Users\Gast.Diyar-PC\Desktop\Skyrim (SKSE).lnk 2014-12-03 18:26 - 2014-12-03 18:26 - 00002247 _____ () C:\Users\Diyar\Desktop\Skyrim (SKSE).lnk 2014-12-03 18:26 - 2014-12-03 18:26 - 00002247 _____ () C:\Users\Dilan\Desktop\Skyrim (SKSE).lnk 2014-12-03 18:25 - 2014-12-03 18:25 - 00313875 _____ () C:\Users\Dilan\Downloads\skse_1_07_01_installer.exe 2014-12-03 08:42 - 2014-12-03 08:42 - 00394347 _____ (Ray Siegl ) C:\Users\Dilan\Downloads\ram_clean_tool_setup.exe 2014-12-02 19:45 - 2014-12-02 19:45 - 00000000 ____D () C:\Windows\pss 2014-12-02 15:43 - 2014-12-17 22:26 - 00008089 _____ () C:\Users\Dilan\Documents\TombRaider.log 2014-12-02 10:10 - 2014-12-02 10:10 - 00250760 _____ () C:\Users\Dilan\Documents\ts3_clientui-win32-1407159763-2014-12-02 10_10_29.027026.dmp 2014-11-30 15:28 - 2014-12-04 22:34 - 00007609 _____ () C:\Users\Dilan\AppData\Local\Resmon.ResmonCfg 2014-11-30 15:12 - 2011-11-11 07:48 - 00002940 _____ () C:\Users\Dilan\Desktop\SkyrimPrefs.ini 2014-11-30 15:11 - 2014-11-30 15:12 - 00000000 ____D () C:\Users\Dilan\Desktop\Saves 2014-11-30 12:13 - 2014-11-30 12:13 - 00000000 ____D () C:\ProgramData\ATI 2014-11-30 12:12 - 2014-11-30 12:12 - 00000000 ____D () C:\ProgramData\AMD 2014-11-30 12:12 - 2014-11-30 12:12 - 00000000 ____D () C:\Program Files\AMD AVT 2014-11-30 12:11 - 2014-11-30 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2014-11-30 12:05 - 2014-11-30 12:05 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\ATI 2014-11-30 12:05 - 2014-11-30 12:05 - 00000000 ____D () C:\Users\Dilan\AppData\Local\ATI 2014-11-30 12:04 - 2014-11-30 12:04 - 00000000 ____D () C:\Program Files\AMD 2014-11-30 11:59 - 2014-11-30 11:59 - 00000000 ____D () C:\AMD 2014-11-30 11:52 - 2014-11-30 11:52 - 00891224 _____ (AMD) C:\Users\Dilan\Downloads\amddriverdownloader.exe 2014-11-30 10:50 - 2014-12-02 10:08 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\TS3Client 2014-11-30 10:50 - 2014-11-30 10:50 - 00001211 _____ () C:\Users\Dilan\Desktop\TeamSpeak 3 Client.lnk 2014-11-30 10:50 - 2014-11-30 10:50 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2014-11-30 10:49 - 2014-11-30 10:50 - 00000000 ____D () C:\Users\Dilan\AppData\Local\TeamSpeak 3 Client 2014-11-30 10:48 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll 2014-11-30 10:48 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll 2014-11-30 10:46 - 2014-11-30 10:47 - 01174352 _____ () C:\Users\Dilan\Downloads\TeamSpeak 3 32 Bit - CHIP-Installer.exe 2014-11-30 10:30 - 2014-11-30 10:30 - 00651264 _____ () C:\Users\Dilan\Downloads\Detection(1).msi 2014-11-30 10:29 - 2014-12-17 21:27 - 00000000 ____D () C:\Program Files\Steam 2014-11-30 10:29 - 2014-11-30 10:29 - 01142392 _____ () C:\Users\Dilan\Downloads\SteamSetup.exe 2014-11-30 10:29 - 2014-11-30 10:29 - 00000925 _____ () C:\Users\Public\Desktop\Steam.lnk 2014-11-30 10:29 - 2014-11-30 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2014-11-26 13:36 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-26 13:36 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-26 13:36 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-26 13:36 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-26 13:35 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-26 13:35 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-26 13:35 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-26 13:34 - 2014-11-30 15:15 - 00000000 ____D () C:\Users\Dilan\Documents\My Games 2014-11-26 13:34 - 2014-11-30 15:01 - 00000000 ____D () C:\Users\Dilan\AppData\Local\Skyrim 2014-11-26 13:34 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-26 13:34 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-26 13:34 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-26 13:34 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-26 13:34 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-26 13:34 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-26 13:32 - 2014-11-26 13:32 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\Unity 2014-11-26 13:31 - 2014-12-17 20:34 - 00000000 ____D () C:\Users\Dilan\AppData\Local\Unity 2014-11-26 13:30 - 2014-11-26 13:30 - 01081992 _____ (Unity Technologies ApS) C:\Users\Dilan\Downloads\UnityWebPlayer.exe 2014-11-21 14:24 - 2014-11-21 14:24 - 00000000 __SHD () C:\Users\Dilan\AppData\Local\EmieBrowserModeList 2014-11-19 04:31 - 2014-11-19 04:31 - 01217192 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2099-05-21 16:21 - 2011-11-11 14:02 - 00000000 ____D () C:\ProgramData\PMB Files 2014-12-18 15:24 - 2009-07-14 05:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-18 15:24 - 2009-07-14 05:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-18 15:23 - 2011-06-24 15:55 - 01592537 _____ () C:\Windows\WindowsUpdate.log 2014-12-18 15:17 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-18 12:59 - 2014-10-02 16:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-18 12:27 - 2014-09-20 13:53 - 00000000 ____D () C:\Program Files\Avira 2014-12-17 21:27 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-12-17 21:25 - 2014-09-20 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-12-17 21:25 - 2012-10-06 23:41 - 00000000 ____D () C:\ProgramData\Avira 2014-12-17 20:54 - 2011-12-03 18:06 - 00000000 ____D () C:\Program Files\Common Files\Steam 2014-12-17 20:48 - 2014-10-09 20:22 - 00000000 ____D () C:\ProgramData\Origin 2014-12-17 20:44 - 2014-09-01 20:13 - 00000442 __RSH () C:\ProgramData\ntuser.pol 2014-12-17 20:06 - 2013-01-09 20:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-12-17 20:06 - 2013-01-09 20:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-12-17 20:06 - 2012-01-03 00:57 - 00444952 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll 2014-12-17 20:06 - 2012-01-03 00:57 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll 2014-12-17 20:06 - 2012-01-03 00:57 - 00000000 ____D () C:\Program Files\OpenAL 2014-12-17 20:05 - 2011-10-16 10:39 - 00000000 ____D () C:\Windows\system32\Adobe 2014-12-17 19:58 - 2011-06-24 18:19 - 00000000 ____D () C:\Windows\system32\RTCOM 2014-12-17 19:48 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-17 16:45 - 2011-08-21 22:55 - 00000000 ____D () C:\Windows\Philips 2014-12-17 12:48 - 2014-05-22 12:22 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-17 12:48 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat 2014-12-17 12:47 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-12-17 07:18 - 2011-06-24 16:57 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-17 07:14 - 2014-01-02 03:35 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-17 07:14 - 2014-01-01 11:43 - 00000000 ____D () C:\Windows\system32\MpEngineStore 2014-12-17 07:10 - 2011-06-24 18:35 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-17 07:06 - 2011-12-29 23:30 - 00000000 ____D () C:\Program Files\SpeedFan 2014-12-16 23:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing 2014-12-16 23:11 - 2014-09-13 11:54 - 00000000 ____D () C:\Users\Dilan 2014-12-14 16:52 - 2012-05-28 00:02 - 00000000 ____D () C:\ProgramData\InstallMate 2014-12-14 16:42 - 2014-09-12 19:57 - 00000000 ____D () C:\Users\Gast.Diyar-PC 2014-12-14 15:37 - 2011-06-24 16:03 - 01629284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-14 14:04 - 2012-05-27 19:11 - 00000000 ____D () C:\Users\Plan b\Tracing 2014-12-14 13:48 - 2011-10-22 10:57 - 00000000 ____D () C:\Users\Plan b 2014-12-14 13:41 - 2011-06-24 15:58 - 00000000 ____D () C:\Users\Diyar 2014-12-14 11:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration 2014-12-13 23:43 - 2013-02-02 12:02 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-12-13 22:20 - 2011-06-24 16:48 - 00000000 ____D () C:\Windows\Panther 2014-12-13 20:42 - 2014-09-20 18:48 - 00000000 ____D () C:\Users\Dilan\AppData\Local\Microsoft Games 2014-12-13 18:50 - 2014-09-05 14:34 - 00000000 ____D () C:\Program Files\GUM3AEE.tmp 2014-12-13 18:50 - 2012-01-19 16:51 - 00000000 ____D () C:\Users\Diyar\AppData\Local\Oblivion 2014-12-13 18:50 - 2011-12-29 20:43 - 00000000 ____D () C:\Users\Plan b\AppData\Local\Skyrim 2014-12-13 18:49 - 2014-09-20 17:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-12-13 18:49 - 2014-09-09 16:41 - 00000000 ____D () C:\Users\Diyar\AppData\Local\Gameo 2014-12-09 19:50 - 2014-09-06 11:08 - 00000000 ____D () C:\Users\Diyar\Desktop\Unused Shortcut(CU) 2014-12-09 19:50 - 2012-01-15 23:12 - 00000000 ____D () C:\Program Files\Prince of Persia 2014-12-09 19:50 - 2011-12-09 17:27 - 00000000 ____D () C:\Users\Diyar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-12-09 19:50 - 2011-11-11 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire Europe 2014-12-09 19:50 - 2011-08-01 10:21 - 00000000 ____D () C:\Users\Diyar\Desktop\Ümit 2014-12-09 19:09 - 2013-04-11 19:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-09 19:02 - 2014-05-21 16:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-12-09 19:00 - 2012-05-23 18:29 - 00000000 ____D () C:\Users\Diyar\AppData\Roaming\Skype 2014-12-09 13:58 - 2014-09-20 13:53 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-12-09 13:58 - 2014-09-20 13:53 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-09 12:18 - 2012-01-09 22:37 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-12-09 12:16 - 2011-06-24 18:50 - 00000000 ____D () C:\Program Files\Windows Live 2014-12-09 12:14 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-12-08 23:01 - 2011-11-11 14:02 - 00000000 ____D () C:\Users\Diyar\AppData\Local\PMB Files 2014-12-08 22:59 - 2011-06-24 16:05 - 00000000 ____D () C:\Users\Diyar\AppData\Local\Google 2014-12-08 22:51 - 2012-04-21 16:13 - 00000000 ____D () C:\Users\Diyar\AppData\Local\Akamai 2014-12-07 17:13 - 2013-09-23 16:24 - 00000000 ____D () C:\Program Files\SafeKey 2014-12-07 14:53 - 2011-10-21 17:40 - 00000000 ____D () C:\Program Files\SystemRequirementsLab 2014-12-06 19:53 - 2011-08-21 22:54 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-12-06 11:04 - 2013-07-14 14:36 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1003UA.job 2014-12-06 11:04 - 2013-07-14 14:36 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1003Core.job 2014-12-06 11:04 - 2011-10-19 19:00 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1001UA.job 2014-12-06 11:04 - 2011-10-19 19:00 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1001Core.job 2014-12-04 22:29 - 2013-05-13 14:26 - 00000000 ____D () C:\ProgramData\Sony Ericsson 2014-12-04 22:29 - 2013-05-13 14:26 - 00000000 ____D () C:\Program Files\Sony Ericsson 2014-12-04 22:17 - 2013-02-09 09:44 - 00000000 ____D () C:\Fraps 2014-12-04 21:38 - 2012-01-02 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC2 server emulator 2014-12-04 21:38 - 2011-06-24 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SBMAV Disk Cleaner 2014-12-04 20:09 - 2014-09-13 12:05 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\Apple Computer 2014-12-03 19:14 - 2009-07-14 03:03 - 64487424 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-12-03 19:14 - 2009-07-14 03:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-12-03 19:14 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-12-03 19:14 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-12-03 13:24 - 2011-12-19 15:11 - 00000000 ____D () C:\ProgramData\Ubisoft 2014-12-01 18:05 - 2014-10-09 20:25 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\Origin 2014-12-01 18:05 - 2014-10-09 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2014-11-30 15:21 - 2011-07-30 18:36 - 00000000 ____D () C:\Program Files\Google 2014-11-30 12:35 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-11-30 12:10 - 2013-01-31 16:38 - 00000000 ____D () C:\Program Files\ATI Technologies 2014-11-26 13:57 - 2011-06-24 16:14 - 00110064 _____ () C:\Users\Diyar\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-26 13:43 - 2014-11-17 21:43 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\.minecraft 2014-11-21 21:03 - 2012-10-08 13:10 - 00000000 ____D () C:\Users\Plan b\AppData\Local\Google 2014-11-21 12:25 - 2012-04-01 17:20 - 00110064 _____ () C:\Users\Plan b\AppData\Local\GDIPFONTCACHEV1.DAT ZeroAccess: C:\$Recycle.Bin\S-1-5-21-2244397687-2994677012-3856678615-1001\$9f114d5ed76ce9597dec2519af199e16 ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$9f114d5ed76ce9597dec2519af199e16 Files to move or delete: ==================== C:\Users\Diyar\GeoGebra-Windows-Installer-3-2-46-0.exe C:\Users\Diyar\PhotoScapeSetup_V3.5.exe Some content of TEMP: ==================== C:\Users\Dilan\AppData\Local\Temp\avgnt.exe C:\Users\Dilan\AppData\Local\Temp\Quarantine.exe C:\Users\Dilan\AppData\Local\Temp\sfamcc00001.dll C:\Users\Dilan\AppData\Local\Temp\sqlite3.dll C:\Users\Diyar\AppData\Local\Temp\avgnt.exe C:\Users\Plan b\AppData\Local\Temp\avgnt.exe C:\Users\ümit\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender LastRegBack: 2013-04-18 18:20 ==================== End Of Log ============================ |
18.12.2014, 21:28 | #10 |
/// the machine /// TB-Ausbilder | Pc keine Verbindung obwohl es unten angezeigt wird
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Pc keine Verbindung obwohl es unten angezeigt wird |
aktiviere, aktivieren, angezeigt, bluescreen 0x80070005, deletead entfernen, fehlercode 0x40000015, fehlercode 0x80000003, fehlercode 0xc0000005, fehlercode 28, fehlercode windows, funktionier, funktioniert, keine ahnung, keine verbindung, laufwerk, mypc backup entfernen, probleme, runtergeladen, sw-booster entfernen, sw-sustainer 1.80 entfernen, verbindet, verbindung, verbunden, web protect for windows entfernen |