| |
| |||||||
Log-Analyse und Auswertung: Windows 8/ ungewollte AddOns, langsam, sehr viel WerbungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.03.2015, 18:27
| #1 |
| |  Windows 8/ ungewollte AddOns, langsam, sehr viel Werbung Hallo Laute, Seit circa 2 Wochen fällt mir auf das mein Laptop im Wohnzimmer (welcher von allerlei verschiedenen Leuten genutzt wird ) extrem langsam läuft und sich die Werbung immer weiter anhäuft. Mittlerweile komme ich kaum noch auf irgendeine Seite ohne das mir gleich mehrere Werbungsfenster angezeigt werden. Ich habe soeben den Einsteiger Thread gelesen und muss sagen das ich leider schon etwas versucht habe bevor ich auf dieses Forum gestoßen bin. Ich habe einige unbekannte Programme deinstalliert und Malwarebytes und Adaware über meinen Computer laufen lassen. Ich würde mich sehr über eure Hilfe freuen! Im folgenden das was ich bisher gemacht habe und die dazugehörigen Logs in chronologischer Reihenfolge (also in der wie sie erstellt wurden): 1.Malwarebytes : Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 09.03.2015 Scan Time: 17:11:24 Logfile: MalwarebytesLog.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.03.09.04 Rootkit Database: v2015.02.25.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Mahir Sari Scan Type: Threat Scan Result: Completed Objects Scanned: 419933 Time Elapsed: 35 min, 31 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 17 PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, , [f3854bf8a4e63ff75e24d2de5da648b8], PUP.Optional.ViView.A, HKLM\SOFTWARE\WOW6432NODE\vi-viewSoftware, , [f583aa995832db5bcd651d95aa59b24e], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, , [5e1a66dd4f3b43f3d071ab1bca39a55b], PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [11675be8c1c926102755e4d7e32045bb], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3833586203-542032726-2374544835-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [bbbd0241d8b257dfcc12b242a2610000], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3833586203-542032726-2374544835-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [96e2251e14769a9ca11a6c9e53b2e719], PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\TYPELIB\{41F978F3-431A-4464-A789-5C0692D562FB}, , [b4c4370c29617fb7d6720566e51ec43c], PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\INTERFACE\{138E44EF-8988-4DC7-8F48-FBC4FCEF83D1}, , [b4c4370c29617fb7d6720566e51ec43c], PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\INTERFACE\{BB50CC62-09E1-4DD9-912C-F1DA4D6D71D8}, , [b4c4370c29617fb7d6720566e51ec43c], PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\INTERFACE\{E481A870-86C7-44E1-97DF-E759FC147CBE}, , [b4c4370c29617fb7d6720566e51ec43c], PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\INTERFACE\{FE332809-93C1-48DF-929F-AEC0BC4BFCFE}, , [b4c4370c29617fb7d6720566e51ec43c], PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{138E44EF-8988-4DC7-8F48-FBC4FCEF83D1}, , [b4c4370c29617fb7d6720566e51ec43c], PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BB50CC62-09E1-4DD9-912C-F1DA4D6D71D8}, , [b4c4370c29617fb7d6720566e51ec43c], PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E481A870-86C7-44E1-97DF-E759FC147CBE}, , [b4c4370c29617fb7d6720566e51ec43c], PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FE332809-93C1-48DF-929F-AEC0BC4BFCFE}, , [b4c4370c29617fb7d6720566e51ec43c], PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{41F978F3-431A-4464-A789-5C0692D562FB}, , [b4c4370c29617fb7d6720566e51ec43c], PUP.Optional.BlockTheAds.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37476589-E48E-439E-A706-56189E2ED4C4}_is1, , [d4a4a69df59573c33f167b201ce7649c], Registry Values: 3 PUP.Optional.FFToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|fftoolbar2014@etech.com, C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\extensions\fftoolbar2014@etech.com, , [90e8bf84474342f4829c3d7348bb5ca4] PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, cor, , [5e1a66dd4f3b43f3d071ab1bca39a55b] PUP.Optional.InstallCore.A, HKU\S-1-5-21-3833586203-542032726-2374544835-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0V1D1S1R1D0V1O, , [96e2251e14769a9ca11a6c9e53b2e719] Registry Data: 0 (No malicious items detected) Folders: 28 PUP.Optional.OpenCandy, C:\Users\Mahir Sari\AppData\Roaming\OpenCandy, , [591fcb78c1c94aec46fee58443c06898], PUP.Optional.OpenCandy, C:\Users\Mahir Sari\AppData\Roaming\OpenCandy\ADD2ADCE5A054E30AA7F6539D9F8AA16, , [591fcb78c1c94aec46fee58443c06898], PUP.Optional.Multiplug, C:\Program Files (x86)\youtubeadblocker, , [b4c4370c29617fb7d6720566e51ec43c], PUP.Optional.Babylon.A, C:\Users\Mahir Sari\AppData\LocalLow\BabylonToolbar, , [b4c47fc46327b680b6d1552540c3ed13], PUP.Optional.Babylon.A, C:\Users\Mahir Sari\AppData\LocalLow\BabylonToolbar\BabylonToolbar, , [b4c47fc46327b680b6d1552540c3ed13], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, , [1c5c241faae03cfa422291ef20e37090], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, , [1c5c241faae03cfa422291ef20e37090], PUP.Optional.MinimumPrice.A, C:\Program Files (x86)\MINimumPrice, , [c8b0281b6f1bd95da12f2c592dd62fd1], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Roaming\PriceFountain, , [1a5e360d27634fe7ab8f8b02768d827e], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Roaming\PriceFountain\UpdateProc, , [1a5e360d27634fe7ab8f8b02768d827e], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Local\PriceFountain, , [3b3d50f3b7d3b38352e99bf2f310b050], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Local\PriceFountain\logs, , [3b3d50f3b7d3b38352e99bf2f310b050], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Local\PriceFountain\logs\col, , [3b3d50f3b7d3b38352e99bf2f310b050], PUP.Optional.UniDeals.A, C:\Program Files (x86)\UniDeals, , [bcbcd27198f23afcedb27221b25141bf], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceFountain, , [4434e063ff8b171f4b786e29a45f649c], PUP.Optional.BlockTheAds.A, C:\ProgramData\Block The Ads, , [d4a4a69df59573c33f167b201ce7649c], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\images, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\images\code, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\log, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.EzDownloader.A, C:\Users\Mahir Sari\AppData\Roaming\EZDownloader, , [12665fe41b6f5fd77b38fba19d6645bb], PUP.Optional.EzDownloader.A, C:\Users\Mahir Sari\AppData\Roaming\EZDownloader\Errors, , [12665fe41b6f5fd77b38fba19d6645bb], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, , [7dfb8ab96b1fdd594eade1bba063758b], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, , [7dfb8ab96b1fdd594eade1bba063758b], PUP.Optional.FFToolbar.A, C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\extensions\fftoolbar2014@etech.com, , [e593ee55107a50e62009118c5da6936d], PUP.Optional.FFToolbar.A, C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\extensions\fftoolbar2014@etech.com\chrome, , [e593ee55107a50e62009118c5da6936d], PUP.Optional.FFToolbar.A, C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\extensions\fftoolbar2014@etech.com\chrome\content, , [e593ee55107a50e62009118c5da6936d], PUP.Optional.FFToolbar.A, C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\extensions\fftoolbar2014@etech.com\chrome\skin, , [e593ee55107a50e62009118c5da6936d], Files: 78 PUP.Optional.Multiplug, C:\Program Files (x86)\JeonICaoupon\HFoneZz0pe8nuS.x64.dll, , [2652cf749cee3303a9c6f23e08fae020], PUP.Optional.Multiplug, C:\Program Files (x86)\TakeTheCooUpon\mEJdIpjCUAAm3w.x64.dll, , [f6820c37cac0bf77c6a97eb2a06235cb], Backdoor.Bot, C:\Users\Mahir Sari\Downloads\VisualBoyAdvance - CHIP-Installer.exe, , [fe7ac47f5c2e6bcb16f3ee7f6b952ed2], PUP.Optional.Installex, C:\Users\Mahir Sari\Downloads\community-repilot-ger-5483378.exe, , [2256a3a01971fc3a7aa6f88ca95813ed], PUP.Optional.OutBrowse, C:\Users\Mahir Sari\Downloads\setup (2).exe, , [b3c584bf2d5d20163b324f51e120669a], PUP.Optional.OutBrowse, C:\Users\Mahir Sari\Downloads\setup (3).exe, , [babeab98ff8b3afc1b52dec28879d12f], PUP.Optional.MindSpark.A, C:\Users\Mahir Sari\Downloads\EliteUnzipSetup.EliteUnzip_aa.gafhhbahpojnjfhpepjjfjojbphnogmn.ch.exe, , [6a0e01429cee22141170ec03ee13f40c], PUP.Optional.PriceFountain.A, C:\Windows\Tasks\Price Fountain.job, , [2850ad967e0ca88e3a46f6c0d72c8779], PUP.Optional.PriceFountain.A, C:\Windows\System32\Tasks\Price Fountain, , [98e064dff8920f2783fed0e6c043df21], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\searchplugins\vi-view.xml, , [d7a173d0a5e5c472c676a62310f312ee], PUP.Optional.WebSearch.A, C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\searchplugins\WebSearch.xml, , [eb8ddb68a2e8b18594a88c5f41c29a66], PUP.Optional.OpenCandy, C:\Users\Mahir Sari\AppData\Roaming\OpenCandy\ADD2ADCE5A054E30AA7F6539D9F8AA16\Trial-14.0.1000.89_de-DE_1004732_DE-1.exe, , [591fcb78c1c94aec46fee58443c06898], PUP.Optional.Multiplug, C:\Program Files (x86)\youtubeadblocker\1gbyQQJjdcgN73.dat, , [b4c4370c29617fb7d6720566e51ec43c], PUP.Optional.Multiplug, C:\Program Files (x86)\youtubeadblocker\1gbyQQJjdcgN73.tlb, , [b4c4370c29617fb7d6720566e51ec43c], PUP.Optional.Multiplug, C:\Program Files (x86)\youtubeadblocker\1gbyQQJjdcgN73.x64.dll, , [b4c4370c29617fb7d6720566e51ec43c], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, , [1c5c241faae03cfa422291ef20e37090], PUP.Optional.MinimumPrice.A, C:\Program Files (x86)\MINimumPrice\MINimumPrice.dat, , [c8b0281b6f1bd95da12f2c592dd62fd1], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Roaming\PriceFountain\UpdateProc\info.dat, , [1a5e360d27634fe7ab8f8b02768d827e], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Roaming\PriceFountain\UpdateProc\STTL.DAT, , [1a5e360d27634fe7ab8f8b02768d827e], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Roaming\PriceFountain\UpdateProc\TTL.DAT, , [1a5e360d27634fe7ab8f8b02768d827e], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Local\PriceFountain\prfo.dll, , [3b3d50f3b7d3b38352e99bf2f310b050], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Local\PriceFountain\pricefountain.exe, , [3b3d50f3b7d3b38352e99bf2f310b050], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Local\PriceFountain\PriceFountainFirefox.xpi, , [3b3d50f3b7d3b38352e99bf2f310b050], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Local\PriceFountain\PriceFountainIE.dll, , [3b3d50f3b7d3b38352e99bf2f310b050], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Local\PriceFountain\PriceFountainUpdateVer.exe, , [3b3d50f3b7d3b38352e99bf2f310b050], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Local\PriceFountain\sfx.exe, , [3b3d50f3b7d3b38352e99bf2f310b050], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Local\PriceFountain\logs\dlllog.log, , [3b3d50f3b7d3b38352e99bf2f310b050], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Local\PriceFountain\logs\installation.log, , [3b3d50f3b7d3b38352e99bf2f310b050], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Local\PriceFountain\logs\main.log, , [3b3d50f3b7d3b38352e99bf2f310b050], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Local\PriceFountain\logs\wd.log, , [3b3d50f3b7d3b38352e99bf2f310b050], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Local\PriceFountain\logs\col\dlllog.log, , [3b3d50f3b7d3b38352e99bf2f310b050], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Local\PriceFountain\logs\col\installation.log, , [3b3d50f3b7d3b38352e99bf2f310b050], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Local\PriceFountain\logs\col\main.log, , [3b3d50f3b7d3b38352e99bf2f310b050], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Local\PriceFountain\logs\col\PriceFountain_1.0.8.6_Logs_39383135353739323161667465724f6e65486f75724c6f6773.zip, , [3b3d50f3b7d3b38352e99bf2f310b050], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Local\PriceFountain\logs\col\PriceFountain_1.0.8.6_Logs_646c6c496e6a4661696c.zip, , [3b3d50f3b7d3b38352e99bf2f310b050], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Local\PriceFountain\logs\col\PriceFountain_1.0.8.6_Logs_696e6a656374696f6e4661696c6564.zip, , [3b3d50f3b7d3b38352e99bf2f310b050], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Local\PriceFountain\logs\col\wd.log, , [3b3d50f3b7d3b38352e99bf2f310b050], PUP.Optional.UniDeals.A, C:\Program Files (x86)\UniDeals\y5wDloAeQajSa5.dat, , [bcbcd27198f23afcedb27221b25141bf], PUP.Optional.UniDeals.A, C:\Program Files (x86)\UniDeals\y5wDloAeQajSa5.tlb, , [bcbcd27198f23afcedb27221b25141bf], PUP.Optional.UniDeals.A, C:\Program Files (x86)\UniDeals\y5wDloAeQajSa5.x64.dll, , [bcbcd27198f23afcedb27221b25141bf], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceFountain\PriceFountain Help.url, , [4434e063ff8b171f4b786e29a45f649c], PUP.Optional.PriceFountain.A, C:\Users\Mahir Sari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceFountain\PriceFountain.url, , [4434e063ff8b171f4b786e29a45f649c], PUP.Optional.BlockTheAds.A, C:\ProgramData\Block The Ads\Block The Ads.exe, , [d4a4a69df59573c33f167b201ce7649c], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\337.json, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\MessageBox.xml, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\un.ini, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\uninstallDlg2.xml, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\UninstallManager.exe, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\images\bg.png, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\images\bg1.png, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\images\bk_shadow.png, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\images\button.png, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\images\button1.png, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\images\checkbox.png, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\images\checkbox_select.png, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\images\checked.png, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\images\close.png, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\images\loading_bg.png, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\images\loading_light.png, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\images\min.png, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\images\scrollbar.bmp, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\images\Thumbs.db, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\images\unchecked.png, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\images\code\code1.jpg, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\images\code\code2.jpg, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\images\code\code3.jpg, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\images\code\code4.jpg, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\images\code\code5.jpg, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\images\code\code6.jpg, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\images\code\Thumbs.db, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.ViView.A, C:\Users\Mahir Sari\AppData\Roaming\vi-view\log\UninstallManager_2015-03-08[15-49-14-398].log, , [c8b0ee553d4d9b9b09108517f80b5da3], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, , [7dfb8ab96b1fdd594eade1bba063758b], PUP.Optional.FFToolbar.A, C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\extensions\fftoolbar2014@etech.com\chrome.manifest, , [e593ee55107a50e62009118c5da6936d], PUP.Optional.FFToolbar.A, C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\extensions\fftoolbar2014@etech.com\install.rdf, , [e593ee55107a50e62009118c5da6936d], PUP.Optional.FFToolbar.A, C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\extensions\fftoolbar2014@etech.com\chrome\content\toolbar.js, , [e593ee55107a50e62009118c5da6936d], PUP.Optional.FFToolbar.A, C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\extensions\fftoolbar2014@etech.com\chrome\content\toolbar.xul, , [e593ee55107a50e62009118c5da6936d], PUP.Optional.FFToolbar.A, C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\extensions\fftoolbar2014@etech.com\chrome\skin\icon.png, , [e593ee55107a50e62009118c5da6936d], PUP.Optional.SwellSearch.A, C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "hxxp://websearch.swellsearch.info/?pid=20289&r=2015/03/06&hid=1132005440912941336&lg=EN&cc=DE&unqvl=84&l=1&q=");), ,[60184ef511791422c3989a81de28e51b] Physical Sectors: 0 (No malicious items detected) (end) Adaware ist auchmal zur Hälfte durchgelaufen. 2. Den Thread hier gelesen und gleichmal defogger ausgeführt. 3. Dem Thread zufolge FRST runtergeladen und ausgeführt: FRST.txt -> FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03
Ran by Mahir Sari (administrator) on MAHIR on 09-03-2015 17:53:52
Running from C:\Users\Mahir Sari\Downloads
Loaded Profiles: Mahir Sari (Available profiles: Mahir Sari & Administrator)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.1.4\LavasoftTcpService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
() C:\Users\Mahir Sari\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ASUSQuickGesture(x86)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352 2012-08-05] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ASUSTPLoader(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [169856 2012-08-05] (AsusTek)
HKLM\...\Run: [ASUSQuickGesture(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [22400 2012-08-05] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [90832 2012-06-07] (ASUS)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-08-23] (Alcor Micro Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3833586203-542032726-2374544835-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1380672 2015-01-23] (Lavasoft)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3833586203-542032726-2374544835-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {FDB1A04D-42F0-4F28-B407-7117916D2B2F} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=20289&r=2015/03/06&hid=1132005440912941336&lg=EN&cc=DE&unqvl=84
SearchScopes: HKU\S-1-5-21-3833586203-542032726-2374544835-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=20289&r=2015/03/06&hid=1132005440912941336&lg=EN&cc=DE&unqvl=84
SearchScopes: HKU\S-1-5-21-3833586203-542032726-2374544835-1001 -> {FDB1A04D-42F0-4F28-B407-7117916D2B2F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-02-09] (Oracle Corporation)
BHO: ASUS Browser Extension x64 -> {78234974-0C4B-4111-BDEB-D9A104418772} -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll [2012-08-05] (ASUSTeK Computer Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-02-09] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-02-14] (Oracle Corporation)
BHO-x32: ASUS Browser Extension x86 -> {78234974-0C4B-4111-BDEB-D9A104418771} -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll [2012-08-05] (ASUSTeK Computer Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-02-14] (Oracle Corporation)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\WINDOWS\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.swellsearch.info/?pid=20289&r=2015/03/06&hid=1132005440912941336&lg=EN&cc=DE&unqvl=84&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: vi-view
FF SelectedSearchEngine,S: WebSearch
FF Keyword.URL: hxxp://websearch.swellsearch.info/?pid=20289&r=2015/03/06&hid=1132005440912941336&lg=EN&cc=DE&unqvl=84&l=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-02-09] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-02-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF user.js: detected! => C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\user.js [2015-03-08]
FF SearchPlugin: C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\searchplugins\search_engine.xml [2014-03-03]
FF SearchPlugin: C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\searchplugins\vi-view.xml [2015-03-09]
FF SearchPlugin: C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\searchplugins\WebSearch.xml [2015-03-07]
FF Extension: UniDaealsi - C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\Extensions\8J1S0k@eWJ.net [2015-03-07]
FF Extension: Amazon-Icon - C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\Extensions\amazon-icon@giga.de [2014-03-22]
FF Extension: youtubeadblocker - C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\Extensions\C8rr@Clu.org [2015-03-07]
FF Extension: FF Toolbar - C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\Extensions\fftoolbar2014@etech.com [2015-01-08]
FF Extension: FunDDeaolSS - C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\Extensions\r@M.co.uk [2015-02-17]
FF Extension: MINimumPrice - C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\Extensions\zEV8q15P6@L.net [2015-02-17]
FF Extension: ProxTube - C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\Extensions\ich@maltegoetz.de.xpi [2014-10-28]
FF Extension: PriceFountain - C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\Extensions\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi [2015-01-08]
FF Extension: Adblock Plus - C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-28]
FF Extension: Youtube Video Replay - C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\Extensions\{e1aaa9f8-4500-47f1-9a0a-b02bd60e4076}.xpi [2014-10-28]
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\extensions\fftoolbar2014@etech.com
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://websearch.swellsearch.info/?pid=20289&r=2015/03/06&hid=1132005440912941336&lg=EN&cc=DE&unqvl=84"
CHR Profile: C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-20]
CHR Extension: (Google Docs) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-20]
CHR Extension: (Google Drive) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-20]
CHR Extension: (YouTube) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-20]
CHR Extension: (Google Search) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-20]
CHR Extension: (Google Sheets) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-20]
CHR Extension: (Google Wallet) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-20]
CHR Extension: (Gmail) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-20]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Mahir Sari\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-03-22]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.1.4\LavasoftTcpService.exe [1364392 2015-01-23] (Lavasoft Limited)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2015-01-23] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [50848 2012-08-05] (ASUS Corporation)
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2014-10-09] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2014-10-09] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2014-10-09] (BitDefender)
R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2014-10-09] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2014-10-09] (BitDefender LLC)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2015-02-16] (GFI Software)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-10-09] (BitDefender LLC)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-10-09] (BitDefender S.R.L.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 VIAHdAudAddService; \SystemRoot\system32\drivers\viahduaa.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-09 17:53 - 2015-03-09 17:54 - 00021669 _____ () C:\Users\Mahir Sari\Downloads\FRST.txt
2015-03-09 17:53 - 2015-03-09 17:53 - 00000000 ____D () C:\FRST
2015-03-09 17:52 - 2015-03-09 17:53 - 00000482 _____ () C:\Users\Mahir Sari\Downloads\defogger_disable.log
2015-03-09 17:52 - 2015-03-09 17:52 - 00000000 _____ () C:\Users\Mahir Sari\defogger_reenable
2015-03-09 17:36 - 2015-03-09 17:36 - 00380416 _____ () C:\Users\Mahir Sari\Downloads\Gmer-19357.exe
2015-03-09 17:19 - 2015-03-09 17:19 - 02095104 _____ (Farbar) C:\Users\Mahir Sari\Downloads\FRST64.exe
2015-03-09 17:18 - 2015-03-09 17:18 - 00050477 _____ () C:\Users\Mahir Sari\Downloads\Defogger.exe
2015-03-09 17:11 - 2015-03-09 17:11 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-09 17:09 - 2015-03-09 17:09 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-09 17:09 - 2015-03-09 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-03-09 17:09 - 2015-03-09 17:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-09 17:09 - 2015-03-09 17:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-03-09 17:09 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-09 17:09 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-09 17:09 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-09 17:06 - 2015-03-09 17:06 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Mahir Sari\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-09 16:51 - 2015-03-09 17:01 - 00000000 ____D () C:\ProgramData\SecTaskMan
2015-03-09 16:51 - 2015-03-09 16:51 - 00001172 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-03-09 16:51 - 2015-03-09 16:51 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-03-09 16:51 - 2015-03-09 16:51 - 00001149 _____ () C:\Users\Public\Desktop\Security Task Manager.lnk
2015-03-09 16:51 - 2015-03-09 16:51 - 00000000 ____D () C:\Users\Mahir Sari\AppData\Local\SecTaskMan
2015-03-09 16:51 - 2015-03-09 16:51 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2015-03-09 16:50 - 2015-03-09 16:51 - 02931056 _____ () C:\Users\Mahir Sari\Downloads\SecurityTaskManager_Setup.exe
2015-03-08 15:58 - 2015-03-08 15:58 - 00000784 _____ () C:\WINDOWS\PFRO.log
2015-03-08 15:52 - 2015-03-08 16:00 - 00001005 _____ () C:\WINDOWS\setupact.log
2015-03-08 15:52 - 2015-03-08 15:52 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-03-06 21:36 - 2015-03-09 16:53 - 00225046 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-06 18:48 - 2015-03-06 18:48 - 00000000 ____D () C:\Users\Mahir Sari\AppData\Roaming\EZDownloader
2015-03-06 18:39 - 2015-03-06 19:04 - 00000000 ____D () C:\Program Files (x86)\UniDaealsi
2015-03-06 18:39 - 2015-03-06 18:41 - 00000000 ____D () C:\Program Files (x86)\gemoji chrome
2015-03-06 18:39 - 2015-03-06 18:40 - 00000000 ____D () C:\Program Files (x86)\youtubeadblocker
2015-03-06 18:39 - 2015-03-06 18:40 - 00000000 ____D () C:\Program Files (x86)\UniDeals
2015-03-06 18:38 - 2015-03-06 18:38 - 00000000 ____D () C:\ProgramData\cppcjhjlhgncgomhenpbfbgccgikhbda
2015-03-06 18:36 - 2015-03-06 18:45 - 00000000 ____D () C:\ProgramData\{12368ffe-1867-483c-1236-68ffe1863ff8}
2015-02-25 12:49 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 12:49 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-25 12:49 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-25 12:49 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-25 12:49 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-25 12:49 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-20 22:21 - 2015-02-20 22:21 - 00000000 ____D () C:\Users\Mahir Sari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-20 22:20 - 2015-02-20 22:20 - 00002269 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-20 22:20 - 2015-02-20 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-20 22:17 - 2015-02-20 22:17 - 00880208 _____ (Google Inc.) C:\Users\Mahir Sari\Downloads\ChromeSetup(1).exe
2015-02-20 21:16 - 2015-02-20 21:16 - 00000000 __SHD () C:\Users\Mahir Sari\AppData\Local\EmieBrowserModeList
2015-02-17 14:47 - 2015-02-19 18:02 - 00000020 _____ () C:\Users\Mahir Sari\AppData\Roaming\appdataFr3.bin
2015-02-17 06:50 - 2015-02-17 06:50 - 00000000 ____D () C:\ProgramData\Block The Ads
2015-02-16 22:46 - 2015-02-16 22:46 - 00000000 ____D () C:\ProgramData\BitDefender
2015-02-16 22:34 - 2015-02-17 06:45 - 00000000 ____D () C:\Program Files (x86)\DownSaave
2015-02-16 22:33 - 2015-03-09 17:14 - 00000000 ____D () C:\Program Files (x86)\TakeTheCooUpon
2015-02-16 22:33 - 2015-03-09 17:14 - 00000000 ____D () C:\Program Files (x86)\JeonICaoupon
2015-02-16 22:33 - 2015-03-06 18:39 - 00000000 ____D () C:\ProgramData\15636640369140828091
2015-02-16 22:33 - 2015-02-17 06:45 - 00000000 ____D () C:\Program Files (x86)\The Amazing Spiderman Movie Game
2015-02-16 22:33 - 2015-02-17 06:45 - 00000000 ____D () C:\Program Files (x86)\MINimumPrice
2015-02-16 22:33 - 2015-02-17 06:45 - 00000000 ____D () C:\Program Files (x86)\FunDDeaolSS
2015-02-16 22:21 - 2015-02-16 22:21 - 00005120 _____ () C:\WINDOWS\SysWOW64\LavasoftTcpService.ini
2015-02-16 22:21 - 2015-02-16 22:21 - 00002816 _____ () C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-02-16 22:21 - 2015-02-16 22:21 - 00002816 _____ () C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-02-16 22:21 - 2015-02-16 22:21 - 00000000 ____D () C:\Users\Mahir Sari\AppData\Local\Lavasoft
2015-02-16 22:21 - 2015-01-23 06:39 - 00378832 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-02-16 22:21 - 2015-01-23 06:39 - 00332216 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-02-16 22:20 - 2015-02-17 06:33 - 00000000 ____D () C:\Users\Mahir Sari\AppData\Roaming\Lavasoft
2015-02-16 22:20 - 2015-02-16 22:20 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2015-02-16 22:19 - 2015-03-08 16:00 - 00002347 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-02-16 22:19 - 2015-02-16 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-02-16 22:19 - 2014-10-09 10:09 - 02084072 _____ (Bitdefender) C:\WINDOWS\system32\bdnc.dll
2015-02-16 22:19 - 2014-10-09 10:08 - 01061776 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdsmtpp.dll
2015-02-16 22:19 - 2014-10-09 10:08 - 00209984 _____ (BitDefender) C:\WINDOWS\system32\BdFirewallSDK.dll
2015-02-16 22:19 - 2014-10-09 10:08 - 00195016 _____ (BitDefender) C:\WINDOWS\system32\httproxy.dll
2015-02-16 22:19 - 2014-10-09 10:08 - 00156936 _____ () C:\WINDOWS\system32\bdfwcore.dll
2015-02-16 22:19 - 2014-10-09 10:08 - 00155912 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdpop3p.dll
2015-02-16 22:19 - 2014-10-09 10:08 - 00122928 _____ (BitDefender) C:\WINDOWS\system32\OEMbdpredir.dll
2015-02-16 22:19 - 2014-10-09 10:08 - 00096160 _____ (BitDefender) C:\WINDOWS\system32\bdpredir.dll
2015-02-16 22:16 - 2015-02-16 22:16 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-02-16 22:14 - 2015-02-16 22:14 - 00000000 ____D () C:\Program Files\Lavasoft
2015-02-16 21:04 - 2015-02-19 18:37 - 00000000 ____D () C:\Program Files (x86)\SystemContinue
2015-02-16 18:55 - 2015-02-16 18:55 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-02-16 18:53 - 2015-02-16 22:20 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-02-16 18:53 - 2015-02-16 18:53 - 01937320 _____ () C:\Users\Mahir Sari\Downloads\AdAware115WebInstaller.exe
2015-02-16 18:52 - 2015-02-16 18:52 - 00047496 _____ (GFI Software) C:\WINDOWS\system32\sbbd.exe
2015-02-16 18:52 - 2015-02-16 18:52 - 00014456 _____ (GFI Software) C:\WINDOWS\system32\Drivers\gfibto.sys
2015-02-16 18:52 - 2015-02-16 18:52 - 00000000 ____D () C:\Users\Mahir Sari\AppData\Roaming\LavasoftStatistics
2015-02-16 18:52 - 2015-02-16 18:52 - 00000000 ____D () C:\Users\Mahir Sari\AppData\Roaming\Ad-Aware Antivirus
2015-02-15 15:09 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-15 15:09 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-10 21:20 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-10 21:20 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-10 21:20 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-10 21:20 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-10 21:20 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-10 21:20 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-10 21:20 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-10 21:20 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-10 21:20 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-10 21:19 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-10 21:19 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-10 21:19 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-10 21:19 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-10 21:19 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-10 21:19 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-10 21:19 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-10 21:19 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-10 21:19 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-10 21:19 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-10 21:19 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-10 21:19 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-10 21:19 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-10 21:19 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-10 21:19 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-10 21:19 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-10 21:19 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-10 21:19 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-10 21:19 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-10 21:19 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-10 21:19 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-10 21:19 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-10 21:19 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-10 21:19 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-10 21:19 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-10 21:19 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-10 21:19 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-10 21:19 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-10 21:19 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-10 21:19 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-10 21:19 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-10 21:19 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-10 21:19 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-10 21:19 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-10 21:19 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-10 21:19 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-10 21:19 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-10 21:19 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-10 21:19 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-10 21:19 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-10 21:19 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-10 21:19 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-10 21:19 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-10 21:19 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-10 21:19 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-10 21:19 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-10 21:19 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-10 21:19 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-10 21:19 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-10 21:19 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-10 21:19 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-10 21:19 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-10 21:19 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-10 21:19 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-10 21:19 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-10 21:19 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-10 21:19 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-10 21:19 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-10 21:19 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-10 21:19 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-10 21:19 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-10 21:19 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-09 17:52 - 2014-09-24 13:30 - 00000000 ____D () C:\Users\Mahir Sari
2015-03-09 17:16 - 2014-02-07 20:45 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3833586203-542032726-2374544835-1001
2015-03-09 17:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-09 16:55 - 2015-01-08 22:50 - 00000000 ____D () C:\Users\Mahir Sari\AppData\Local\PriceFountain
2015-03-09 16:51 - 2015-01-08 23:51 - 00000090 _____ () C:\Users\Mahir Sari\AppData\Roaming\WB.CFG
2015-03-09 16:45 - 2014-02-19 02:19 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-09 16:33 - 2014-10-17 17:32 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A5614B99-CEAB-4FC4-9AF1-E541BC921472}
2015-03-09 16:31 - 2014-02-07 20:45 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-08 16:24 - 2014-02-07 20:45 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-08 15:59 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-08 15:58 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-08 15:52 - 2012-09-20 21:42 - 00000000 ____D () C:\Program Files (x86)\VIA
2015-03-08 15:51 - 2015-01-08 22:51 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-03-08 15:49 - 2015-01-08 22:50 - 00000000 ____D () C:\Users\Mahir Sari\AppData\Roaming\vi-view
2015-03-08 15:33 - 2014-10-01 07:58 - 00285696 ___SH () C:\Users\Mahir Sari\Desktop\Thumbs.db
2015-03-06 18:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-05 16:41 - 2015-01-08 22:51 - 00000320 _____ () C:\WINDOWS\Tasks\Price Fountain.job
2015-02-26 22:38 - 2015-01-08 22:50 - 00000000 ____D () C:\Users\Mahir Sari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceFountain
2015-02-26 22:38 - 2012-11-21 10:49 - 00000000 ____D () C:\Users\Mahir Sari\Desktop\Mahir
2015-02-25 13:01 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-20 22:20 - 2014-02-07 20:45 - 00000000 ____D () C:\Users\Mahir Sari\AppData\Local\Google
2015-02-20 22:20 - 2014-02-07 20:45 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-20 22:19 - 2014-02-07 20:45 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-20 22:19 - 2014-02-07 20:45 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-20 22:12 - 2014-09-24 14:17 - 00000000 __RDO () C:\Users\Mahir Sari\OneDrive
2015-02-20 21:51 - 2014-10-18 20:27 - 01796096 ___SH () C:\Users\Mahir Sari\Downloads\Thumbs.db
2015-02-20 21:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\tracing
2015-02-20 21:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-20 21:24 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-20 21:14 - 2012-09-20 21:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-20 02:13 - 2014-11-18 01:50 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-17 06:30 - 2015-01-30 21:56 - 00000000 ____D () C:\ProgramData\{57ee7147-e78d-5268-57ee-e7147e78c51f}
2015-02-16 22:49 - 2015-01-08 22:51 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-02-15 16:16 - 2015-01-30 21:54 - 00000000 ____D () C:\ProgramData\{63f6be61-98e3-529c-63f6-6be6198ef986}
2015-02-15 16:16 - 2014-02-07 21:56 - 00000000 ____D () C:\Users\Mahir Sari\AppData\Local\Microsoft Help
2015-02-14 16:38 - 2013-08-22 15:44 - 00482624 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-14 16:36 - 2014-03-02 16:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-14 16:35 - 2014-12-13 11:18 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-14 16:35 - 2014-07-12 23:14 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-11 20:30 - 2014-02-09 00:07 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 20:22 - 2014-02-09 00:07 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 18:44 - 2014-02-07 21:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 18:44 - 2012-07-26 06:26 - 00000199 _____ () C:\WINDOWS\win.ini
==================== Files in the root of some directories =======
2015-02-17 14:47 - 2015-02-19 18:02 - 0000020 _____ () C:\Users\Mahir Sari\AppData\Roaming\appdataFr3.bin
2014-02-07 20:39 - 2014-03-04 17:54 - 0000380 _____ () C:\Users\Mahir Sari\AppData\Roaming\sp_data.sys
2015-01-08 23:51 - 2015-03-09 16:51 - 0000090 _____ () C:\Users\Mahir Sari\AppData\Roaming\WB.CFG
2014-11-06 23:41 - 2014-11-06 23:41 - 0002089 _____ () C:\Users\Mahir Sari\AppData\Local\recently-used.xbel
2014-04-04 13:20 - 2014-04-04 13:20 - 0007597 _____ () C:\Users\Mahir Sari\AppData\Local\Resmon.ResmonCfg
2012-08-17 01:52 - 2012-07-30 07:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-17 01:52 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-20 22:06
==================== End Of Log ============================
Addition.txt -> Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2015 03
Ran by Mahir Sari at 2015-03-09 17:55:10
Running from C:\Users\Mahir Sari\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Ad-Aware Antivirus (HKLM\...\{A5C0392D-46A7-4CB3-800B-5794909453BD}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft)
Ad-Aware Web Companion (x32 Version: 1.1.862.1653 - Lavasoft) Hidden
AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.6.142.61624 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.6.142.61624 - Alcor Micro Corp.) Hidden
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.29 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0002 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
AvcEngine (Version: 3.10.7820.0 - Lavasoft) Hidden
Block The Ads (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - Block The Ads) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
CrystalDiskInfo 6.1.8 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.1.8 - Crystal Dew World)
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
GameRanger (HKU\S-1-5-21-3833586203-542032726-2374544835-1001\...\GameRanger) (Version: - GameRanger Technologies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Haskell Platform 2013.2.0.0 (HKLM-x32\...\HaskellPlatform-2013.2.0.0) (Version: - Haskell.org)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java SE Development Kit 7 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
LavasoftTcpService (x32 Version: 2.3.1.4 - Lavasoft) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-3833586203-542032726-2374544835-1001\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
PriceFountain (remove only) (HKU\S-1-5-21-3833586203-542032726-2374544835-1001\...\PriceFountain) (Version: 1.0.8.6 - Price Fountain) <==== ATTENTION!
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.) Hidden
Security Task Manager 2.0d (HKLM-x32\...\Security Task Manager) (Version: 2.0d - Neuber Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Web Companion (HKLM-x32\...\{8BC95771-8634-499F-9EA5-1498A2701C7A}_WebCompanion) (Version: 1.1.862.1653 - Lavasoft)
Windows Driver Package - ASUS (ATP) Mouse (07/28/2012 1.0.0.108) (HKLM\...\9B634C8DF2662B6B0212BF0B7547894BF2B5359F) (Version: 07/28/2012 1.0.0.108 - ASUS)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
16-02-2015 18:53:36 AA11
20-02-2015 21:04:45 Removed Shared C Run-time for x64
20-02-2015 21:52:30 Wiederherstellungsvorgang
25-02-2015 13:01:10 Windows Update
06-03-2015 18:55:25 Geplanter Prüfpunkt
08-03-2015 15:50:02 Configured Platform
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0D59662F-FBB7-47E5-93BF-001DF2442F5F} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {1A04BB49-6C2C-4C31-AFB5-3E50558F876E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-20] (Google Inc.)
Task: {23A76240-7204-46E5-A94A-CCB9F24213D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {287F14A0-5042-4A9E-B0A7-EA8238065563} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {418C4ABF-32C7-447C-AF5F-83C8AA5FD74E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {4C184365-FABD-4044-A4A0-AEB9FA888E6C} - System32\Tasks\Price Fountain => C:\Users\MAHIRS~1\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {5B73B3FB-4C3A-4015-8FE3-8F2B763FD99E} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {88B39870-3732-4340-9BB8-0FED8160F04C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-20] (Google Inc.)
Task: {8E8307D5-CC3B-4387-8B3C-FCCFAC4E23A6} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15] (Adobe Systems Incorporated)
Task: {B67B031B-7ECE-4CC5-8791-DB59C59FA9BE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B92849C6-F449-43C0-8EEE-47F2B5D4461E} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {BD51E409-FDE8-4A12-92A6-6FF936D264AD} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {D4B8EB45-7125-4508-B699-29054A01B76B} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-04] (ASUS)
Task: {DABB7BC5-506F-43EA-824B-96A6541D52AB} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Price Fountain.job => C:\Users\MAHIRS~1\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013.job =>
==================== Loaded Modules (whitelisted) ==============
2014-07-16 09:24 - 2014-07-16 09:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2012-08-04 10:34 - 2012-08-04 10:34 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-08-28 07:21 - 2012-08-15 18:52 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-01-23 06:38 - 2015-01-23 06:38 - 00015208 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-01-23 06:38 - 2015-01-23 06:38 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-01-23 06:38 - 2015-01-23 06:38 - 00032616 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2015-03-09 17:18 - 2015-03-09 17:18 - 00050477 _____ () C:\Users\Mahir Sari\Downloads\Defogger.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-20 21:42 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-02-20 22:20 - 2015-02-17 23:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-20 22:20 - 2015-02-17 23:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-20 22:20 - 2015-02-17 23:44 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll
2015-02-20 22:20 - 2015-02-17 23:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Mahir Sari\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Mahir Sari\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "ASUSQuickGesture(x86)"
HKLM\...\StartupApproved\Run: => "ASUSTPLoader(x64)"
HKLM\...\StartupApproved\Run: => "ASUSQuickGesture(x64)"
HKLM\...\StartupApproved\Run: => "ACMON"
HKLM\...\StartupApproved\Run32: => "AmIcoSinglun64"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
==================== Accounts: =============================
Administrator (S-1-5-21-3833586203-542032726-2374544835-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-3833586203-542032726-2374544835-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3833586203-542032726-2374544835-1003 - Limited - Enabled)
Mahir Sari (S-1-5-21-3833586203-542032726-2374544835-1001 - Administrator - Enabled) => C:\Users\Mahir Sari
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/09/2015 05:31:12 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: MAHIR)
Description: Microsoft.Media.PlayReadyClient_8wekyb3d8bbwe1009
Error: (03/09/2015 05:25:26 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: MAHIR)
Description: Microsoft.Media.PlayReadyClient_8wekyb3d8bbwe1009
Error: (03/09/2015 05:25:17 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: MAHIR)
Description: Microsoft.Media.PlayReadyClient_8wekyb3d8bbwe1009
Error: (03/09/2015 04:30:34 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: MAHIR)
Description: Microsoft.Media.PlayReadyClient_8wekyb3d8bbwe1009
Error: (03/09/2015 04:30:32 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhostex (4528) WebCacheLocal: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1216 auf.
Error: (03/09/2015 04:30:32 PM) (Source: ESENT) (EventID: 494) (User: )
Description: taskhostex (4528) WebCacheLocal: Bei der Datenbankwiederherstellung ist ein Fehler aufgetreten (Fehler -1216), da Verweise auf Datenbank "C:\Users\Mahir Sari\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" festgestellt wurden, die nicht mehr vorhanden ist. Die Datenbank wurde nicht sauber heruntergefahren, bevor sie entfernt (oder möglicherweise verschoben oder umbenannt) wurde. Das Datenbankmodul lässt den Abschluss der Wiederherstellung für diese Instanz erst dann zu, wenn die fehlende Datenbank wieder verfügbar gemacht wird. Wenn die Datenbank tatsächlich nicht mehr verfügbar oder nicht mehr erforderlich ist, finden Sie Informationen zum Beheben dieses Fehlers in der Microsoft Knowledge Base oder unter dem Link "Weitere Informationen" am Ende dieser Meldung.
Error: (03/08/2015 03:55:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17284 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 26c
Startzeit: 01d04d51ef29f4b7
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\Explorer.EXE
Berichts-ID: d92f1002-c5a1-11e4-beb4-50465ddd90ff
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2015 03:52:48 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: MAHIR)
Description: Microsoft.Media.PlayReadyClient_8wekyb3d8bbwe1009
Error: (03/08/2015 03:50:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddWin32ServiceFiles: Unable to back up image of service IHProtect Service since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (03/08/2015 03:47:35 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: MAHIR)
Description: Microsoft.Media.PlayReadyClient_8wekyb3d8bbwe1009
System errors:
=============
Error: (03/09/2015 05:51:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/09/2015 04:57:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "IE Search Set" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/08/2015 04:02:28 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422
Error: (03/08/2015 04:02:28 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422
Error: (03/06/2015 07:21:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ATKGFNEX Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/06/2015 07:17:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "IHProtect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/03/2015 02:33:29 AM) (Source: DCOM) (EventID: 10010) (User: MAHIR)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (03/03/2015 02:33:29 AM) (Source: DCOM) (EventID: 10010) (User: MAHIR)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (02/21/2015 05:18:33 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "OS" wurde eine Beschädigung erkannt.
Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0x40000000245e5. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".
Error: (02/21/2015 05:18:07 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT)
Description: In der Dateisystemstruktur auf Volume "OS" wurde eine Beschädigung erkannt.
Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz. Die Dateireferenznummer ist 0xa000000018367. Der Name der Datei ist "<Dateiname kann nicht bestimmt werden>".
Microsoft Office Sessions:
=========================
Error: (03/09/2015 05:31:12 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: MAHIR)
Description: Microsoft.Media.PlayReadyClient_8wekyb3d8bbwe1009
Error: (03/09/2015 05:25:26 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: MAHIR)
Description: Microsoft.Media.PlayReadyClient_8wekyb3d8bbwe1009
Error: (03/09/2015 05:25:17 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: MAHIR)
Description: Microsoft.Media.PlayReadyClient_8wekyb3d8bbwe1009
Error: (03/09/2015 04:30:34 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: MAHIR)
Description: Microsoft.Media.PlayReadyClient_8wekyb3d8bbwe1009
Error: (03/09/2015 04:30:32 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhostex4528WebCacheLocal: -1216
Error: (03/09/2015 04:30:32 PM) (Source: ESENT) (EventID: 494) (User: )
Description: taskhostex4528WebCacheLocal: -1216C:\Users\Mahir Sari\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
Error: (03/08/2015 03:55:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.1728426c01d04d51ef29f4b74294967295C:\WINDOWS\Explorer.EXEd92f1002-c5a1-11e4-beb4-50465ddd90ff
Error: (03/08/2015 03:52:48 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: MAHIR)
Description: Microsoft.Media.PlayReadyClient_8wekyb3d8bbwe1009
Error: (03/08/2015 03:50:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service IHProtect Service since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (03/08/2015 03:47:35 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: MAHIR)
Description: Microsoft.Media.PlayReadyClient_8wekyb3d8bbwe1009
CodeIntegrity Errors:
===================================
Date: 2015-02-15 15:21:58.001
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-01-30 21:55:46.195
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-01-30 21:55:46.085
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-01-16 00:35:11.945
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-01-15 00:03:39.771
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-01-04 14:52:10.566
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-13 11:47:40.061
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-26 18:24:40.112
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-19 00:36:12.737
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-15 15:39:35.430
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 53%
Total physical RAM: 3979.69 MB
Available physical RAM: 1836.5 MB
Total Pagefile: 8075.69 MB
Available Pagefile: 5899.26 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:185.52 GB) (Free:97.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.45 GB) (Free:258.3 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4F41109B)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter MER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-09 18:12:32
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000030 TOSHIBA_MQ01ABD050 rev.AX002J 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\MAHIRS~1\AppData\Local\Temp\uxldypod.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\System32\igfxpers.exe[5176] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffc40fd169a 4 bytes [FD, 40, FC, 7F]
.text C:\Windows\System32\igfxpers.exe[5176] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffc40fd16a2 4 bytes [FD, 40, FC, 7F]
.text C:\Windows\System32\igfxpers.exe[5176] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffc40fd181a 4 bytes [FD, 40, FC, 7F]
.text C:\Windows\System32\igfxpers.exe[5176] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffc40fd1832 4 bytes [FD, 40, FC, 7F]
.text C:\Windows\System32\SettingSyncHost.exe[4756] C:\WINDOWS\system32\KERNEL32.DLL!SetFileCompletionNotificationModes 00007ffc42d3ba00 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2180] C:\WINDOWS\system32\KERNEL32.DLL!SetFileCompletionNotificationModes 00007ffc42d3ba00 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2180] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffc38081f6a 4 bytes [08, 38, FC, 7F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2180] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffc38081f82 4 bytes [08, 38, FC, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [560:584] fffff96000917b90
Thread C:\WINDOWS\system32\svchost.exe [780:808] 000000c27f5ef080
Thread C:\WINDOWS\system32\svchost.exe [780:812] 000000c27f5ef080
Thread C:\WINDOWS\system32\svchost.exe [780:816] 000000c27f5ef080
Thread C:\WINDOWS\system32\svchost.exe [780:820] 000000c27f5ef080
Thread C:\WINDOWS\system32\svchost.exe [932:1236] 000000f3ae0ef080
Thread C:\WINDOWS\system32\svchost.exe [932:1240] 000000f3ae0ef080
Thread C:\WINDOWS\system32\svchost.exe [932:1244] 000000f3ae0ef080
Thread C:\WINDOWS\system32\svchost.exe [932:1248] 000000f3ae0ef080
Thread C:\WINDOWS\System32\svchost.exe [1020:3008] 000000f26e61f080
Thread C:\WINDOWS\System32\svchost.exe [1020:4616] 000000f26e61f080
Thread C:\WINDOWS\System32\svchost.exe [1020:740] 000000f26e61f080
Thread C:\WINDOWS\System32\svchost.exe [1020:4504] 000000f26e61f080
Thread C:\WINDOWS\System32\spoolsv.exe [1276:1308] 000000000117f080
Thread C:\WINDOWS\System32\spoolsv.exe [1276:1312] 000000000117f080
Thread C:\WINDOWS\System32\spoolsv.exe [1276:1316] 000000000117f080
Thread C:\WINDOWS\System32\spoolsv.exe [1276:1320] 000000000117f080
Thread C:\WINDOWS\system32\svchost.exe [1344:1492] 000000b99bdbf080
Thread C:\WINDOWS\system32\svchost.exe [1344:1496] 000000b99bdbf080
Thread C:\WINDOWS\system32\svchost.exe [1344:1500] 000000b99bdbf080
Thread C:\WINDOWS\system32\svchost.exe [1344:1504] 000000b99bdbf080
Thread C:\WINDOWS\system32\svchost.exe [1344:1356] 00007ffc27dd4608
Thread C:\WINDOWS\system32\svchost.exe [1344:3652] 00007ffc27f91584
Thread C:\WINDOWS\system32\svchost.exe [1344:2208] 00007ffc27a41b40
Thread C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [2996:3148] 000000001ac1f080
Thread C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [2996:3152] 000000001ac1f080
Thread C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [2996:3156] 000000001ac1f080
Thread C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [2996:3160] 000000001ac1f080
Thread C:\Windows\System32\SettingSyncHost.exe [4756:1668] 0000000ea56af080
Thread C:\Windows\System32\SettingSyncHost.exe [4756:5972] 0000000ea56af080
Thread C:\Windows\System32\SettingSyncHost.exe [4756:3620] 0000000ea56af080
Thread C:\Windows\System32\SettingSyncHost.exe [4756:864] 0000000ea56af080
Thread C:\Windows\System32\SettingSyncHost.exe [4756:2040] 0000000ea56ceb80
Thread C:\Windows\System32\SettingSyncHost.exe [4756:5104] 00007ffc42cf161c
Thread C:\Windows\System32\SettingSyncHost.exe [4756:5948] 0000000ea56ceb80
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2180:1640] 000000aa0a95f080
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2180:2812] 000000aa0a95f080
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2180:4976] 000000aa0a95f080
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2180:424] 000000aa0a95f080
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2180:4972] 000000aa0a97eb80
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2180:5920] 000000aa0a97eb80
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
 CrystalDiskInfo-> Code:
ATTFilter ----------------------------------------------------------------------------
CrystalDiskInfo 6.1.8 (C) 2008-2014 hiyohiyo
Crystal Dew World : hxxp://crystalmark.info/
----------------------------------------------------------------------------
OS : Windows 8.1 [6.3 Build 9600] (x64)
Date : 2015/03/09 18:26:58
-- Controller Map ----------------------------------------------------------
+ Intel(R) 7 Series Chipset Family SATA AHCI Controller [ATA]
- TOSHIBA MQ01ABD050
- MATSHITADVD-RAM
- Microsoft-Controller für Speicherplätze [SCSI]
-- Disk List ---------------------------------------------------------------
(1) TOSHIBA MQ01ABD050 : 500,1 GB [0/0/0, pd1]
----------------------------------------------------------------------------
(1) TOSHIBA MQ01ABD050
----------------------------------------------------------------------------
Model : TOSHIBA MQ01ABD050
Firmware : AX002J
Serial Number : 528ES5YVS
Disk Size : 500,1 GB (8,4/137,4/500,1/500,1)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ----
Transfer Mode : SATA/600 | SATA/600
Power On Hours : 5930 Std.
Power On Count : 4325 mal
Temperature : 41 C (105 F)
Health Status : Vorsicht
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 0080h [ON]
AAM Level : ----
-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _50 000000000000 Lesefehlerrate
02 100 100 _50 000000000000 Leistungsfähigkeit
03 100 100 __1 00000000040D Beschleunigungszeit
04 100 100 __0 0000000011B5 Start/Stop des Spindels
05 100 100 _50 000000000000 Neu zugewiesene Sektoren
07 100 100 _50 000000000000 Suchfehlerrate
08 100 100 _50 000000000000 Suchzeitleistung
09 _86 _86 __0 00000000172A Eingeschaltete Stunden
0A 190 100 _30 000000000000 Drehwiederholungen
0C 100 100 __0 0000000010E5 Ein-/Ausschaltungen
BF 100 100 __0 000000000706 G-Sense Fehlerrate
C0 100 100 __0 000000000035 Ausschaltungsabbrüche
C1 _89 _89 __0 00000001BE52 Laden/Entladen Zyklus
C2 100 100 __0 0031000D0029 Temperatur
C4 100 100 __0 000000000000 Neuzuweisungsereignisse
C5 100 100 __0 000000000008 Aktuell schwebende Sektoren
C6 100 100 __0 000000000000 Unkorrigierbare Sektoren
C7 200 200 __0 000000000003 UltraDMA CRC Fehler
DC 100 100 __0 000000000000 Festplattenverschiebung
DE _88 _88 __0 000000001429 Stunden geladen
DF 100 100 __0 000000000000 Laden/Entladen Wiederholungen
E0 100 100 __0 000000000000 Ladereibung
E2 100 100 __0 0000000000AD Ladezeit
F0 100 100 __1 000000000000 Kopfpositionierungszeit
-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 2035 3238 4553 3559 5653
020: 0000 4000 0000 4158 3030 324A 2020 544F 5348 4942
030: 4120 4D51 3031 4142 4430 3530 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0000 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0007 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 8F0E 0006 004C 0048
080: 01F8 0000 746B 7D09 6163 7469 BC09 6163 203F 003A
090: 003A 0080 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 0000 6003 0000 5000 0394
110: 05C8 2A5F 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 003D 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 103F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0080 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 AFA5
-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 0B 00 64 64 00 00 00 00 00 00 00 02 05
010: 00 64 64 00 00 00 00 00 00 00 03 27 00 64 64 0D
020: 04 00 00 00 00 00 04 32 00 64 64 B5 11 00 00 00
030: 00 00 05 33 00 64 64 00 00 00 00 00 00 00 07 0B
040: 00 64 64 00 00 00 00 00 00 00 08 05 00 64 64 00
050: 00 00 00 00 00 00 09 32 00 56 56 2A 17 00 00 00
060: 00 00 0A 33 00 BE 64 00 00 00 00 00 00 00 0C 32
070: 00 64 64 E5 10 00 00 00 00 00 BF 32 00 64 64 06
080: 07 00 00 00 00 00 C0 32 00 64 64 35 00 00 00 00
090: 00 00 C1 32 00 59 59 52 BE 01 00 00 00 00 C2 22
0A0: 00 64 64 29 00 0D 00 31 00 00 C4 32 00 64 64 00
0B0: 00 00 00 00 00 00 C5 32 00 64 64 08 00 00 00 00
0C0: 00 00 C6 30 00 64 64 00 00 00 00 00 00 00 C7 32
0D0: 00 C8 C8 03 00 00 00 00 00 00 DC 02 00 64 64 00
0E0: 00 00 00 00 00 00 DE 32 00 58 58 29 14 00 00 00
0F0: 00 00 DF 32 00 64 64 00 00 00 00 00 00 00 E0 22
100: 00 64 64 00 00 00 00 00 00 00 E2 26 00 64 64 AD
110: 00 00 00 00 00 00 F0 01 00 64 64 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 5B
170: 03 00 01 00 02 7B 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38
-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 32 00 00 00 00 00 00 00 00 00 00 02 32
010: 00 00 00 00 00 00 00 00 00 00 03 01 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 32 00 00 00 00 00 00 00 00 00 00 07 32
040: 00 00 00 00 00 00 00 00 00 00 08 32 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 1E 00 00 00 00 00 00 00 00 00 00 0C 00
070: 00 00 00 00 00 00 00 00 00 00 BF 00 00 00 00 00
080: 00 00 00 00 00 00 C0 00 00 00 00 00 00 00 00 00
090: 00 00 C1 00 00 00 00 00 00 00 00 00 00 00 C2 00
0A0: 00 00 00 00 00 00 00 00 00 00 C4 00 00 00 00 00
0B0: 00 00 00 00 00 00 C5 00 00 00 00 00 00 00 00 00
0C0: 00 00 C6 00 00 00 00 00 00 00 00 00 00 00 C7 00
0D0: 00 00 00 00 00 00 00 00 00 00 DC 00 00 00 00 00
0E0: 00 00 00 00 00 00 DE 00 00 00 00 00 00 00 00 00
0F0: 00 00 DF 00 00 00 00 00 00 00 00 00 00 00 E0 00
100: 00 00 00 00 00 00 00 00 00 00 E2 00 00 00 00 00
110: 00 00 00 00 00 00 F0 01 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36
|
|
09.03.2015, 18:44
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 8/ ungewollte AddOns, langsam, sehr viel Werbung hi,
__________________Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
09.03.2015, 19:34
| #3 |
| | Windows 8/ ungewollte AddOns, langsam, sehr viel Werbung Hi, Danke für deine zügige Antwort!
__________________-Habe soeben "Block the Ads" und "PriceFountain" mit Revo Uninstaller entfernt. -Dann habe ich den ADWcleaner durchlaufen lassen. Code:
ATTFilter # AdwCleaner v4.111 - Bericht erstellt 09/03/2015 um 18:58:34
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-03-05.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Mahir Sari - MAHIR
# Gestarted von : C:\Users\Mahir Sari\Downloads\AdwCleaner_4.111.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\SecTaskMan
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\IHProtectUpDate
Ordner Gelöscht : C:\ProgramData\15636640369140828091
Ordner Gelöscht : C:\Program Files (x86)\XTab
Ordner Gelöscht : C:\Program Files (x86)\DownSaave
Ordner Gelöscht : C:\Program Files (x86)\FunDDeaolSS
Ordner Gelöscht : C:\Program Files (x86)\JeonICaoupon
Ordner Gelöscht : C:\Program Files (x86)\MINimumPrice
Ordner Gelöscht : C:\Program Files (x86)\TakeTheCooUpon
Ordner Gelöscht : C:\Program Files (x86)\UniDaealsi
Ordner Gelöscht : C:\Program Files (x86)\UniDeals
Ordner Gelöscht : C:\Program Files (x86)\youtubeadblocker
Ordner Gelöscht : C:\Users\Mahir Sari\AppData\Local\SecTaskMan
Ordner Gelöscht : C:\Users\Mahir Sari\AppData\Local\PriceFountain
Ordner Gelöscht : C:\Users\Mahir Sari\AppData\LocalLow\adawaretb
Ordner Gelöscht : C:\Users\Mahir Sari\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Mahir Sari\AppData\Roaming\EZDownloader
Ordner Gelöscht : C:\Users\Mahir Sari\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Mahir Sari\AppData\Roaming\vi-view
Ordner Gelöscht : C:\Users\Mahir Sari\AppData\Roaming\PriceFountain
Ordner Gelöscht : C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\Extensions\fftoolbar2014@etech.com
Ordner Gelöscht : C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\Extensions\8J1S0k@eWJ.net
Ordner Gelöscht : C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\Extensions\C8rr@Clu.org
Ordner Gelöscht : C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\Extensions\r@M.co.uk
Ordner Gelöscht : C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\Extensions\zEV8q15P6@L.net
Ordner Gelöscht : C:\ProgramData\cppcjhjlhgncgomhenpbfbgccgikhbda
Datei Gelöscht : C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\Extensions\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi
Datei Gelöscht : C:\Users\Mahir Sari\Favorites\Startfenster.lnk
Datei Gelöscht : C:\Users\Mahir Sari\Favorites\Links\Startfenster.lnk
Datei Gelöscht : C:\Users\Mahir Sari\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Datei Gelöscht : C:\Users\Mahir Sari\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk
Datei Gelöscht : C:\Users\Mahir Sari\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\searchplugins\WebSearch.xml
Datei Gelöscht : C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\user.js
Datei Gelöscht : C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\searchplugins\vi-view.xml
***** [ Geplante Tasks ] *****
Task Gelöscht : Price Fountain
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{57B0DCF0-8B40-4449-8AA4-E297D6E779D4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FDB1A04D-42F0-4F28-B407-7117916D2B2F}
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\IHProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\vi-viewSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v35.0.1 (x86 de)
[nxz1uzj1.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch");
[nxz1uzj1.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.swellsearch.info/?pid=20289&r=2015/03/06&hid=1132005440912941336&lg=EN&cc=DE&unqvl=84&l=1&q=");
[nxz1uzj1.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "WebSearch");
[nxz1uzj1.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1,S", "WebSearch");
[nxz1uzj1.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "vi-view");
[nxz1uzj1.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://myhome.vi-view.com/favicon.ico");
[nxz1uzj1.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "vi-view");
[nxz1uzj1.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://myhome.vi-view.com/web/?type=ds&ts=1420753811&from=cor&uid=TOSHIBAXMQ01ABD050_528ES5YVSXX528ES5YVS&q={searchTerms}");
[nxz1uzj1.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "vi-view");
[nxz1uzj1.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");
[nxz1uzj1.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.YLEqp4qnjDVD6jCA.url", "hxxp://websolutiion.in/sync2/?q=hfZ9oe4MhyhHhdUMCyVUojsErTY4tMqLDe49CNU0mwkMCMlNhd9FqjaHrdgFqHr4rdnMBzqUojw8rdrEqHwErHkErch7hfs0pihPBMn0rTw6qTn9rTaFpjr6qH[...]
[nxz1uzj1.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[nxz1uzj1.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[nxz1uzj1.default\prefs.js] - Zeile Gelöscht : user_pref("keyword.URL", "hxxp://websearch.swellsearch.info/?pid=20289&r=2015/03/06&hid=1132005440912941336&lg=EN&cc=DE&unqvl=84&l=1&q=");
-\\ Google Chrome v40.0.2214.115
[C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sm.de/?q={searchTerms}
[C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=20289&r=2015/03/06&hid=1132005440912941336&lg=EN&cc=DE&unqvl=84
*************************
AdwCleaner[R0].txt - [10605 Bytes] - [09/03/2015 18:56:44]
AdwCleaner[S0].txt - [10246 Bytes] - [09/03/2015 18:58:34]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10306 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 8.1 x64
Ran by Mahir Sari on 09.03.2015 at 19:05:25,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Mahir Sari\AppData\Roaming\mozilla\firefox\profiles\nxz1uzj1.default\prefs.js
user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "cor");
user_pref("browser.search.searchengine.uid", "TOSHIBAXMQ01ABD050_528ES5YVSXX528ES5YVS");
user_pref("extensions.MT5XVaa8FvExkbwO.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjwHrTaEqjn9rdUFrTU9rjrHqY\")>-1){return;}}catch(e){}try{var d=[[\"acebo
user_pref("extensions.YLEqp4qnjDVD6jCA.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjwHrTaEqjn9rdUFrTU9rjrHqY\")>-1){return;}}catch(e){}try{var d=[[\"acebo
user_pref("extensions.jur7V7qiS8y4HjmH.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjwHrTaEqjn9rdUFrTU9rjrHqY\")>-1){return;}}catch(e){}try{var d=[[\"acebo
user_pref("extensions.jur7V7qiS8y4HjmH.url", "hxxp://jpisyncs.info/sync2/?q=hfZ9ofV9CShEAen0rTaGpdUMg708BNmGWj8wmihGheDUojw8rdrEqTw6rHUHqShIC7n0rjkErHa6rjaHqjaEtNhVCT94tMVKhd9
user_pref("extensions.kV59ozOieiDfymYE.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjwHrTaEqjn9rdUFrTU9rjrHqY\")>-1){return;}}catch(e){}try{var d=[[\"acebo
Emptied folder: C:\Users\Mahir Sari\AppData\Roaming\mozilla\firefox\profiles\nxz1uzj1.default\minidumps [8 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.03.2015 at 19:16:18,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03 Ran by Mahir Sari (administrator) on MAHIR on 09-03-2015 19:25:34 Running from C:\Users\Mahir Sari\Downloads Loaded Profiles: Mahir Sari (Available profiles: Mahir Sari & Administrator) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.1.4\LavasoftTcpService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe (Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ASUSQuickGesture(x86)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352 2012-08-05] (ASUSTeK Computer Inc.) HKLM\...\Run: [ASUSTPLoader(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [169856 2012-08-05] (AsusTek) HKLM\...\Run: [ASUSQuickGesture(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [22400 2012-08-05] (ASUSTeK Computer Inc.) HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [90832 2012-06-07] (ASUS) HKLM\...\Run: [] => [X] HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] () HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-08-23] (Alcor Micro Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3833586203-542032726-2374544835-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1380672 2015-01-23] (Lavasoft) ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3833586203-542032726-2374544835-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3833586203-542032726-2374544835-1001 -> {FDB1A04D-42F0-4F28-B407-7117916D2B2F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-02-09] (Oracle Corporation) BHO: ASUS Browser Extension x64 -> {78234974-0C4B-4111-BDEB-D9A104418772} -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll [2012-08-05] (ASUSTeK Computer Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-02-09] (Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-02-14] (Oracle Corporation) BHO-x32: ASUS Browser Extension x86 -> {78234974-0C4B-4111-BDEB-D9A104418771} -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll [2012-08-05] (ASUSTeK Computer Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-02-14] (Oracle Corporation) Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited) Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited) Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited) Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited) Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited) Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited) Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited) Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited) Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited) Winsock: Catalog9-x64 15 C:\WINDOWS\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-09] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-02-09] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-14] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-02-14] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-20] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-20] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN) FF SearchPlugin: C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\searchplugins\search_engine.xml [2014-03-03] FF Extension: Amazon-Icon - C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\Extensions\amazon-icon@giga.de [2014-03-22] FF Extension: ProxTube - C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\Extensions\ich@maltegoetz.de.xpi [2014-10-28] FF Extension: Adblock Plus - C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-28] FF Extension: Youtube Video Replay - C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\Extensions\{e1aaa9f8-4500-47f1-9a0a-b02bd60e4076}.xpi [2014-10-28] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR StartupUrls: Default -> "hxxp://websearch.swellsearch.info/?pid=20289&r=2015/03/06&hid=1132005440912941336&lg=EN&cc=DE&unqvl=84" CHR Profile: C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-20] CHR Extension: (Google Docs) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-20] CHR Extension: (Google Drive) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-20] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-20] CHR Extension: (YouTube) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-20] CHR Extension: (Google Search) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-20] CHR Extension: (Google Sheets) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-20] CHR Extension: (Google Wallet) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-20] CHR Extension: (Gmail) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-20] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] () R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.1.4\LavasoftTcpService.exe [1364392 2015-01-23] (Lavasoft Limited) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2015-01-23] () R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [50848 2012-08-05] (ASUS Corporation) R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2014-10-09] (BitDefender) R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2014-10-09] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2014-10-09] (BitDefender) R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2014-10-09] (BitDefender LLC) R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2014-10-09] (BitDefender LLC) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2015-02-16] (GFI Software) R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-10-09] (BitDefender LLC) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-09] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-10-09] (BitDefender S.R.L.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software) S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 VIAHdAudAddService; \SystemRoot\system32\drivers\viahduaa.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-09 19:23 - 2015-03-09 19:23 - 00002138 _____ () C:\Users\Mahir Sari\Desktop\JRT2.txt 2015-03-09 19:16 - 2015-03-09 19:16 - 00002138 _____ () C:\Users\Mahir Sari\Desktop\JRT.txt 2015-03-09 19:02 - 2015-03-09 19:02 - 00010435 _____ () C:\Users\Mahir Sari\Desktop\AdwCleaner[S0].txt 2015-03-09 18:56 - 2015-03-09 18:58 - 00000000 ____D () C:\AdwCleaner 2015-03-09 18:51 - 2015-03-09 18:51 - 00001282 _____ () C:\Users\Mahir Sari\Desktop\Revo Uninstaller.lnk 2015-03-09 18:51 - 2015-03-09 18:51 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-03-09 18:50 - 2015-03-09 18:50 - 02126848 _____ () C:\Users\Mahir Sari\Downloads\AdwCleaner_4.111.exe 2015-03-09 18:50 - 2015-03-09 18:50 - 01388333 _____ (Thisisu) C:\Users\Mahir Sari\Downloads\JRT.exe 2015-03-09 18:49 - 2015-03-09 18:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Mahir Sari\Downloads\revosetup95.exe 2015-03-09 18:37 - 2015-03-09 18:37 - 00000254 _____ () C:\Users\Mahir Sari\Downloads\defogger_enable.log 2015-03-09 18:12 - 2015-03-09 18:12 - 00008220 _____ () C:\Users\Mahir Sari\Desktop\gemr.log 2015-03-09 17:58 - 2015-03-09 17:36 - 00380416 _____ () C:\Users\Mahir Sari\Desktop\Gmer-19357.exe 2015-03-09 17:55 - 2015-03-09 17:55 - 00028943 _____ () C:\Users\Mahir Sari\Downloads\Addition.txt 2015-03-09 17:53 - 2015-03-09 19:25 - 00019682 _____ () C:\Users\Mahir Sari\Downloads\FRST.txt 2015-03-09 17:53 - 2015-03-09 19:25 - 00000000 ____D () C:\FRST 2015-03-09 17:52 - 2015-03-09 18:37 - 00000482 _____ () C:\Users\Mahir Sari\Downloads\defogger_disable.log 2015-03-09 17:36 - 2015-03-09 17:36 - 00380416 _____ () C:\Users\Mahir Sari\Downloads\Gmer-19357.exe 2015-03-09 17:19 - 2015-03-09 17:19 - 02095104 _____ (Farbar) C:\Users\Mahir Sari\Downloads\FRST64.exe 2015-03-09 17:18 - 2015-03-09 17:18 - 00050477 _____ () C:\Users\Mahir Sari\Downloads\Defogger.exe 2015-03-09 17:11 - 2015-03-09 19:01 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-03-09 17:09 - 2015-03-09 17:09 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-09 17:09 - 2015-03-09 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-09 17:09 - 2015-03-09 17:09 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-09 17:09 - 2015-03-09 17:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-09 17:09 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-03-09 17:09 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-03-09 17:09 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-03-09 17:06 - 2015-03-09 17:06 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Mahir Sari\Downloads\mbam-setup-2.0.4.1028.exe 2015-03-09 16:51 - 2015-03-09 16:51 - 00001172 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk 2015-03-09 16:51 - 2015-03-09 16:51 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk 2015-03-09 16:51 - 2015-03-09 16:51 - 00001149 _____ () C:\Users\Public\Desktop\Security Task Manager.lnk 2015-03-09 16:51 - 2015-03-09 16:51 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager 2015-03-09 16:50 - 2015-03-09 16:51 - 02931056 _____ () C:\Users\Mahir Sari\Downloads\SecurityTaskManager_Setup.exe 2015-03-08 15:58 - 2015-03-09 18:02 - 00001152 _____ () C:\WINDOWS\PFRO.log 2015-03-08 15:52 - 2015-03-09 18:59 - 00001159 _____ () C:\WINDOWS\setupact.log 2015-03-08 15:52 - 2015-03-08 15:52 - 00000000 _____ () C:\WINDOWS\setuperr.log 2015-03-06 21:36 - 2015-03-09 18:59 - 00305279 _____ () C:\WINDOWS\WindowsUpdate.log 2015-03-06 18:39 - 2015-03-06 18:41 - 00000000 ____D () C:\Program Files (x86)\gemoji chrome 2015-03-06 18:36 - 2015-03-06 18:45 - 00000000 ____D () C:\ProgramData\{12368ffe-1867-483c-1236-68ffe1863ff8} 2015-02-25 12:49 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls 2015-02-25 12:49 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls 2015-02-25 12:49 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2015-02-25 12:49 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll 2015-02-25 12:49 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2015-02-25 12:49 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll 2015-02-20 22:21 - 2015-02-20 22:21 - 00000000 ____D () C:\Users\Mahir Sari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-02-20 22:20 - 2015-02-20 22:20 - 00002269 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-20 22:20 - 2015-02-20 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-02-20 22:17 - 2015-02-20 22:17 - 00880208 _____ (Google Inc.) C:\Users\Mahir Sari\Downloads\ChromeSetup(1).exe 2015-02-20 21:16 - 2015-02-20 21:16 - 00000000 __SHD () C:\Users\Mahir Sari\AppData\Local\EmieBrowserModeList 2015-02-17 14:47 - 2015-02-19 18:02 - 00000020 _____ () C:\Users\Mahir Sari\AppData\Roaming\appdataFr3.bin 2015-02-16 22:46 - 2015-02-16 22:46 - 00000000 ____D () C:\ProgramData\BitDefender 2015-02-16 22:33 - 2015-02-17 06:45 - 00000000 ____D () C:\Program Files (x86)\The Amazing Spiderman Movie Game 2015-02-16 22:21 - 2015-02-16 22:21 - 00005120 _____ () C:\WINDOWS\SysWOW64\LavasoftTcpService.ini 2015-02-16 22:21 - 2015-02-16 22:21 - 00002816 _____ () C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini 2015-02-16 22:21 - 2015-02-16 22:21 - 00002816 _____ () C:\WINDOWS\system32\LavasoftTcpServiceOff.ini 2015-02-16 22:21 - 2015-02-16 22:21 - 00000000 ____D () C:\Users\Mahir Sari\AppData\Local\Lavasoft 2015-02-16 22:21 - 2015-01-23 06:39 - 00378832 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll 2015-02-16 22:21 - 2015-01-23 06:39 - 00332216 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll 2015-02-16 22:20 - 2015-02-17 06:33 - 00000000 ____D () C:\Users\Mahir Sari\AppData\Roaming\Lavasoft 2015-02-16 22:20 - 2015-02-16 22:20 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2015-02-16 22:19 - 2015-03-09 19:01 - 00002347 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2015-02-16 22:19 - 2015-02-16 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2015-02-16 22:19 - 2014-10-09 10:09 - 02084072 _____ (Bitdefender) C:\WINDOWS\system32\bdnc.dll 2015-02-16 22:19 - 2014-10-09 10:08 - 01061776 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdsmtpp.dll 2015-02-16 22:19 - 2014-10-09 10:08 - 00209984 _____ (BitDefender) C:\WINDOWS\system32\BdFirewallSDK.dll 2015-02-16 22:19 - 2014-10-09 10:08 - 00195016 _____ (BitDefender) C:\WINDOWS\system32\httproxy.dll 2015-02-16 22:19 - 2014-10-09 10:08 - 00156936 _____ () C:\WINDOWS\system32\bdfwcore.dll 2015-02-16 22:19 - 2014-10-09 10:08 - 00155912 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdpop3p.dll 2015-02-16 22:19 - 2014-10-09 10:08 - 00122928 _____ (BitDefender) C:\WINDOWS\system32\OEMbdpredir.dll 2015-02-16 22:19 - 2014-10-09 10:08 - 00096160 _____ (BitDefender) C:\WINDOWS\system32\bdpredir.dll 2015-02-16 22:16 - 2015-02-16 22:16 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf 2015-02-16 22:14 - 2015-02-16 22:14 - 00000000 ____D () C:\Program Files\Lavasoft 2015-02-16 21:04 - 2015-02-19 18:37 - 00000000 ____D () C:\Program Files (x86)\SystemContinue 2015-02-16 18:55 - 2015-02-16 18:55 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2015-02-16 18:53 - 2015-02-16 22:20 - 00000000 ____D () C:\ProgramData\Lavasoft 2015-02-16 18:53 - 2015-02-16 18:53 - 01937320 _____ () C:\Users\Mahir Sari\Downloads\AdAware115WebInstaller.exe 2015-02-16 18:52 - 2015-02-16 18:52 - 00047496 _____ (GFI Software) C:\WINDOWS\system32\sbbd.exe 2015-02-16 18:52 - 2015-02-16 18:52 - 00014456 _____ (GFI Software) C:\WINDOWS\system32\Drivers\gfibto.sys 2015-02-16 18:52 - 2015-02-16 18:52 - 00000000 ____D () C:\Users\Mahir Sari\AppData\Roaming\LavasoftStatistics 2015-02-16 18:52 - 2015-02-16 18:52 - 00000000 ____D () C:\Users\Mahir Sari\AppData\Roaming\Ad-Aware Antivirus 2015-02-15 15:09 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-02-15 15:09 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-02-10 21:20 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-02-10 21:20 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2015-02-10 21:20 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2015-02-10 21:20 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2015-02-10 21:20 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll 2015-02-10 21:20 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2015-02-10 21:20 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2015-02-10 21:20 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll 2015-02-10 21:20 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2015-02-10 21:19 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2015-02-10 21:19 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-02-10 21:19 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-02-10 21:19 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-02-10 21:19 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-02-10 21:19 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-02-10 21:19 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2015-02-10 21:19 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-02-10 21:19 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-02-10 21:19 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-02-10 21:19 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-02-10 21:19 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-02-10 21:19 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-02-10 21:19 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-02-10 21:19 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-02-10 21:19 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2015-02-10 21:19 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-02-10 21:19 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-02-10 21:19 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-02-10 21:19 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-02-10 21:19 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-02-10 21:19 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-02-10 21:19 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-02-10 21:19 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-02-10 21:19 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-02-10 21:19 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-02-10 21:19 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-02-10 21:19 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2015-02-10 21:19 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-02-10 21:19 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-02-10 21:19 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-02-10 21:19 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-02-10 21:19 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-02-10 21:19 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-02-10 21:19 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-02-10 21:19 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-02-10 21:19 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-02-10 21:19 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-02-10 21:19 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-02-10 21:19 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-02-10 21:19 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-02-10 21:19 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-02-10 21:19 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-02-10 21:19 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-02-10 21:19 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-02-10 21:19 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-02-10 21:19 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-02-10 21:19 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-02-10 21:19 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-02-10 21:19 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2015-02-10 21:19 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2015-02-10 21:19 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll 2015-02-10 21:19 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll 2015-02-10 21:19 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-02-10 21:19 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2015-02-10 21:19 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll 2015-02-10 21:19 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll 2015-02-10 21:19 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll 2015-02-10 21:19 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll 2015-02-10 21:19 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe 2015-02-10 21:19 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe 2015-02-10 21:19 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-09 19:24 - 2014-02-07 20:45 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-09 19:19 - 2014-02-07 20:45 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3833586203-542032726-2374544835-1001 2015-03-09 19:01 - 2014-09-24 14:17 - 00000000 __RDO () C:\Users\Mahir Sari\OneDrive 2015-03-09 19:00 - 2014-02-07 20:45 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-09 18:59 - 2014-09-24 13:30 - 00000000 ____D () C:\Users\Mahir Sari 2015-03-09 18:59 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-03-09 18:59 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-03-09 18:13 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-03-09 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-03-09 16:51 - 2015-01-08 23:51 - 00000090 _____ () C:\Users\Mahir Sari\AppData\Roaming\WB.CFG 2015-03-09 16:45 - 2014-02-19 02:19 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-03-09 16:33 - 2014-10-17 17:32 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A5614B99-CEAB-4FC4-9AF1-E541BC921472} 2015-03-08 15:52 - 2012-09-20 21:42 - 00000000 ____D () C:\Program Files (x86)\VIA 2015-03-08 15:33 - 2014-10-01 07:58 - 00285696 ___SH () C:\Users\Mahir Sari\Desktop\Thumbs.db 2015-02-26 22:38 - 2012-11-21 10:49 - 00000000 ____D () C:\Users\Mahir Sari\Desktop\Mahir 2015-02-25 13:01 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-02-20 22:20 - 2014-02-07 20:45 - 00000000 ____D () C:\Users\Mahir Sari\AppData\Local\Google 2015-02-20 22:20 - 2014-02-07 20:45 - 00000000 ____D () C:\Program Files (x86)\Google 2015-02-20 22:19 - 2014-02-07 20:45 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-20 22:19 - 2014-02-07 20:45 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-20 21:51 - 2014-10-18 20:27 - 01796096 ___SH () C:\Users\Mahir Sari\Downloads\Thumbs.db 2015-02-20 21:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\tracing 2015-02-20 21:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-02-20 21:24 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-02-20 21:14 - 2012-09-20 21:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-02-20 02:13 - 2014-11-18 01:50 - 00000000 ____D () C:\WINDOWS\Minidump 2015-02-17 06:30 - 2015-01-30 21:56 - 00000000 ____D () C:\ProgramData\{57ee7147-e78d-5268-57ee-e7147e78c51f} 2015-02-15 16:16 - 2015-01-30 21:54 - 00000000 ____D () C:\ProgramData\{63f6be61-98e3-529c-63f6-6be6198ef986} 2015-02-15 16:16 - 2014-02-07 21:56 - 00000000 ____D () C:\Users\Mahir Sari\AppData\Local\Microsoft Help 2015-02-14 16:38 - 2013-08-22 15:44 - 00482624 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-02-14 16:36 - 2014-03-02 16:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-02-14 16:35 - 2014-12-13 11:18 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2015-02-14 16:35 - 2014-07-12 23:14 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2015-02-11 20:30 - 2014-02-09 00:07 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-02-11 20:22 - 2014-02-09 00:07 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-02-11 18:44 - 2014-02-07 21:56 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-11 18:44 - 2012-07-26 06:26 - 00000199 _____ () C:\WINDOWS\win.ini ==================== Files in the root of some directories ======= 2015-02-17 14:47 - 2015-02-19 18:02 - 0000020 _____ () C:\Users\Mahir Sari\AppData\Roaming\appdataFr3.bin 2014-02-07 20:39 - 2014-03-04 17:54 - 0000380 _____ () C:\Users\Mahir Sari\AppData\Roaming\sp_data.sys 2015-01-08 23:51 - 2015-03-09 16:51 - 0000090 _____ () C:\Users\Mahir Sari\AppData\Roaming\WB.CFG 2014-11-06 23:41 - 2014-11-06 23:41 - 0002089 _____ () C:\Users\Mahir Sari\AppData\Local\recently-used.xbel 2014-04-04 13:20 - 2014-04-04 13:20 - 0007597 _____ () C:\Users\Mahir Sari\AppData\Local\Resmon.ResmonCfg 2012-08-17 01:52 - 2012-07-30 07:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd 2012-08-17 01:52 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe Files to move or delete: ==================== C:\ProgramData\SetStretch.exe Some content of TEMP: ==================== C:\Users\Mahir Sari\AppData\Local\Temp\Quarantine.exe C:\Users\Mahir Sari\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-09 18:49 ==================== End Of Log ============================ |
|
10.03.2015, 13:28
| #4 |
| /// the machine /// TB-Ausbilder | Windows 8/ ungewollte AddOns, langsam, sehr viel WerbungESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.03.2015, 17:11
| #5 |
| | Windows 8/ ungewollte AddOns, langsam, sehr viel Werbung Hi schrauber, Danke für deine schnelle Hilfe, alles scheint wieder in Ordnung zu sein. Das hoffe ich zumindest ESET wurde ja fündig, aber wir haben nichts gelöscht oder? Sollte man das nicht besser löschen? ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=652072f9d41224459a570ff4956f1adc
# engine=22839
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-10 03:50:52
# local_time=2015-03-10 04:50:52 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1899766 16306971 0 0
# compatibility_mode_1='Ad-Aware Antivirus'
# compatibility_mode=14086 16777214 100 100 1881096 13156966 0 0
# scanned=195924
# found=12
# cleaned=0
# scan_time=9900
sh=140BD6D6196665EEC90D33445B1B98EC8A27B82C ft=1 fh=c71c0011cbac2e01 vn="Variante von Win32/DealPly.AC evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3833586203-542032726-2374544835-1001\$R7SJFSS.dll"
sh=55F33FA1F9F94B31DF8E9F29D5017CCFA5F5C257 ft=1 fh=74ad20b550617962 vn="Variante von Win32/DealPly.Z evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3833586203-542032726-2374544835-1001\$R9H8VN3.exe"
sh=69B58A10E879A90F731EB213CECF8CAD5FF24AA0 ft=1 fh=9e4205ae35d72bd2 vn="Variante von Win32/DealPly.AC evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3833586203-542032726-2374544835-1001\$RK5CZ6W.exe"
sh=AEC5139CAF9D9546C7E844DB0ACF1D4EB85CF2A2 ft=1 fh=aaa7e26cc62629a2 vn="Variante von Win32/DealPly.AC evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3833586203-542032726-2374544835-1001\$RMQP2QG.exe"
sh=58B064263C28386BCA546ABFE4EC9A40BA339CBE ft=1 fh=ea4c23b39865fc39 vn="Variante von Win32/DealPly.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SecTaskMan\pricefountainw.exe.q_Quarantine_2651C07_q.vir"
sh=ED32B7A94AE323EEB84A9D06E43810E872F9C783 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.RevMob.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mahir Sari\Documents\samsung\Kies3\backup\GT-I9300\GT-I9300_\GT-I9300_20141028181018\Others\Download\mediadrug-android-1.apk"
sh=ED32B7A94AE323EEB84A9D06E43810E872F9C783 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.RevMob.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mahir Sari\Documents\samsung\Kies3\backup\GT-I9300\GT-I9300_\GT-I9300_20141028181018\Others\Download\mediadrug-android.apk"
sh=ED32B7A94AE323EEB84A9D06E43810E872F9C783 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.RevMob.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mahir Sari\Documents\samsung\Kies3\backup\GT-I9300\GT-I9300_\GT-I9300_20150130154202\Others\Download\mediadrug-android-1.apk"
sh=ED32B7A94AE323EEB84A9D06E43810E872F9C783 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.RevMob.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mahir Sari\Documents\samsung\Kies3\backup\GT-I9300\GT-I9300_\GT-I9300_20150130154202\Others\Download\mediadrug-android.apk"
sh=E7163819BE91435A250EE40424CDECCFB7296821 ft=1 fh=bd4151a1d421120b vn="Variante von Win32/InstallCore.UF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mahir Sari\Downloads\DownloadManagerSetup.exe"
sh=667AAF6C3359389963EF99EE399415F202802CB7 ft=1 fh=d3b4bb9d13887d8e vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mahir Sari\Downloads\Dungeon-Keeper-3-lnstall.exe"
sh=DE0F453AD7E45914C2F6E2A6BC782AFB6DB94B9D ft=1 fh=1f461786edf5f19c vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\Users\Mahir Sari\Downloads\vlc-2.1.3-win32.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.97
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Ad-Aware Antivirus
Windows Defender
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
TuneUp Utilities 2014
TuneUp Utilities 2014 (de-DE)
TuneUp Utilities 2014
Java 7 Update 51
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Mozilla Firefox 35.0.1 Firefox out of Date!
Google Chrome (40.0.2214.115)
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.5.202.7299\AdAwareTray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03
Ran by Mahir Sari (administrator) on MAHIR on 10-03-2015 17:01:33
Running from C:\Users\Mahir Sari\Desktop\Mahir\logs
Loaded Profiles: Mahir Sari (Available profiles: Mahir Sari & Administrator)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ASUSQuickGesture(x86)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352 2012-08-05] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ASUSTPLoader(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [169856 2012-08-05] (AsusTek)
HKLM\...\Run: [ASUSQuickGesture(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [22400 2012-08-05] (ASUSTeK Computer Inc.)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [90832 2012-06-07] (ASUS)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3833586203-542032726-2374544835-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1380672 2015-01-23] (Lavasoft)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3833586203-542032726-2374544835-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3833586203-542032726-2374544835-1001 -> {FDB1A04D-42F0-4F28-B407-7117916D2B2F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=securitascout
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-02-09] (Oracle Corporation)
BHO: ASUS Browser Extension x64 -> {78234974-0C4B-4111-BDEB-D9A104418772} -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll [2012-08-05] (ASUSTeK Computer Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-02-09] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-02-14] (Oracle Corporation)
BHO-x32: ASUS Browser Extension x86 -> {78234974-0C4B-4111-BDEB-D9A104418771} -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll [2012-08-05] (ASUSTeK Computer Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-02-14] (Oracle Corporation)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\WINDOWS\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-02-09] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-02-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF SearchPlugin: C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\searchplugins\search_engine.xml [2014-03-03]
FF Extension: Amazon-Icon - C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\Extensions\amazon-icon@giga.de [2014-03-22]
FF Extension: ProxTube - C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\Extensions\ich@maltegoetz.de.xpi [2014-10-28]
FF Extension: Adblock Plus - C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-28]
FF Extension: Youtube Video Replay - C:\Users\Mahir Sari\AppData\Roaming\Mozilla\Firefox\Profiles\nxz1uzj1.default\Extensions\{e1aaa9f8-4500-47f1-9a0a-b02bd60e4076}.xpi [2014-10-28]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://websearch.swellsearch.info/?pid=20289&r=2015/03/06&hid=1132005440912941336&lg=EN&cc=DE&unqvl=84"
CHR Profile: C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-20]
CHR Extension: (Google Docs) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-20]
CHR Extension: (Google Drive) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-20]
CHR Extension: (YouTube) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-20]
CHR Extension: (Google Search) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-20]
CHR Extension: (Google Sheets) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-20]
CHR Extension: (Google Wallet) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-20]
CHR Extension: (Gmail) - C:\Users\Mahir Sari\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-20]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
S2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.1.4\LavasoftTcpService.exe [1364392 2015-01-23] (Lavasoft Limited)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2015-01-23] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [50848 2012-08-05] (ASUS Corporation)
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2014-10-09] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2014-10-09] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2014-10-09] (BitDefender)
R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2014-10-09] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2014-10-09] (BitDefender LLC)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2015-02-16] (GFI Software)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-10-09] (BitDefender LLC)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-10-09] (BitDefender S.R.L.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 VIAHdAudAddService; \SystemRoot\system32\drivers\viahduaa.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-10 17:00 - 2015-03-10 17:00 - 00001225 _____ () C:\Users\Mahir Sari\Desktop\checkup.txt
2015-03-10 14:10 - 2015-03-10 14:10 - 00852604 _____ () C:\Users\Mahir Sari\Downloads\SecurityCheck.exe
2015-03-10 14:00 - 2015-03-10 14:00 - 01388333 _____ (Thisisu) C:\Users\Mahir Sari\Downloads\JRT (1).exe
2015-03-10 13:59 - 2015-03-10 13:59 - 02347384 _____ (ESET) C:\Users\Mahir Sari\Downloads\esetsmartinstaller_deu.exe
2015-03-09 18:56 - 2015-03-09 18:58 - 00000000 ____D () C:\AdwCleaner
2015-03-09 18:51 - 2015-03-09 18:51 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-09 18:50 - 2015-03-09 18:50 - 02126848 _____ () C:\Users\Mahir Sari\Downloads\AdwCleaner_4.111.exe
2015-03-09 18:50 - 2015-03-09 18:50 - 01388333 _____ (Thisisu) C:\Users\Mahir Sari\Downloads\JRT.exe
2015-03-09 18:49 - 2015-03-09 18:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Mahir Sari\Downloads\revosetup95.exe
2015-03-09 18:37 - 2015-03-09 18:37 - 00000254 _____ () C:\Users\Mahir Sari\Downloads\defogger_enable.log
2015-03-09 17:55 - 2015-03-09 17:55 - 00028943 _____ () C:\Users\Mahir Sari\Downloads\Addition.txt
2015-03-09 17:53 - 2015-03-10 17:01 - 00000000 ____D () C:\FRST
2015-03-09 17:53 - 2015-03-09 19:30 - 00042113 _____ () C:\Users\Mahir Sari\Downloads\FRST.txt
2015-03-09 17:52 - 2015-03-09 18:37 - 00000482 _____ () C:\Users\Mahir Sari\Downloads\defogger_disable.log
2015-03-09 17:36 - 2015-03-09 17:36 - 00380416 _____ () C:\Users\Mahir Sari\Downloads\Gmer-19357.exe
2015-03-09 17:19 - 2015-03-09 17:19 - 02095104 _____ (Farbar) C:\Users\Mahir Sari\Downloads\FRST64.exe
2015-03-09 17:18 - 2015-03-09 17:18 - 00050477 _____ () C:\Users\Mahir Sari\Downloads\Defogger.exe
2015-03-09 17:11 - 2015-03-10 13:55 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-09 17:09 - 2015-03-09 17:09 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-09 17:09 - 2015-03-09 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-03-09 17:09 - 2015-03-09 17:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-09 17:09 - 2015-03-09 17:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-03-09 17:09 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-09 17:09 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-03-09 17:09 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-09 17:06 - 2015-03-09 17:06 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Mahir Sari\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-09 16:51 - 2015-03-09 16:51 - 00001172 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-03-09 16:51 - 2015-03-09 16:51 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-03-09 16:51 - 2015-03-09 16:51 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2015-03-09 16:50 - 2015-03-09 16:51 - 02931056 _____ () C:\Users\Mahir Sari\Downloads\SecurityTaskManager_Setup.exe
2015-03-08 15:58 - 2015-03-10 13:53 - 00002598 _____ () C:\WINDOWS\PFRO.log
2015-03-08 15:52 - 2015-03-10 13:53 - 00001236 _____ () C:\WINDOWS\setupact.log
2015-03-08 15:52 - 2015-03-08 15:52 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-03-06 21:36 - 2015-03-10 17:01 - 00530404 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-06 18:36 - 2015-03-06 18:45 - 00000000 ____D () C:\ProgramData\{12368ffe-1867-483c-1236-68ffe1863ff8}
2015-02-25 12:49 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 12:49 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-25 12:49 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-25 12:49 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-25 12:49 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-25 12:49 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-20 22:21 - 2015-02-20 22:21 - 00000000 ____D () C:\Users\Mahir Sari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-20 22:20 - 2015-02-20 22:20 - 00002269 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-20 22:20 - 2015-02-20 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-20 22:17 - 2015-02-20 22:17 - 00880208 _____ (Google Inc.) C:\Users\Mahir Sari\Downloads\ChromeSetup(1).exe
2015-02-20 21:16 - 2015-02-20 21:16 - 00000000 __SHD () C:\Users\Mahir Sari\AppData\Local\EmieBrowserModeList
2015-02-17 14:47 - 2015-02-19 18:02 - 00000020 _____ () C:\Users\Mahir Sari\AppData\Roaming\appdataFr3.bin
2015-02-16 22:46 - 2015-02-16 22:46 - 00000000 ____D () C:\ProgramData\BitDefender
2015-02-16 22:33 - 2015-02-17 06:45 - 00000000 ____D () C:\Program Files (x86)\The Amazing Spiderman Movie Game
2015-02-16 22:21 - 2015-02-16 22:21 - 00005120 _____ () C:\WINDOWS\SysWOW64\LavasoftTcpService.ini
2015-02-16 22:21 - 2015-02-16 22:21 - 00002816 _____ () C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-02-16 22:21 - 2015-02-16 22:21 - 00002816 _____ () C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-02-16 22:21 - 2015-02-16 22:21 - 00000000 ____D () C:\Users\Mahir Sari\AppData\Local\Lavasoft
2015-02-16 22:21 - 2015-01-23 06:39 - 00378832 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-02-16 22:21 - 2015-01-23 06:39 - 00332216 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-02-16 22:20 - 2015-02-17 06:33 - 00000000 ____D () C:\Users\Mahir Sari\AppData\Roaming\Lavasoft
2015-02-16 22:20 - 2015-02-16 22:20 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2015-02-16 22:19 - 2015-03-10 13:55 - 00002347 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-02-16 22:19 - 2015-02-16 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-02-16 22:19 - 2014-10-09 10:09 - 02084072 _____ (Bitdefender) C:\WINDOWS\system32\bdnc.dll
2015-02-16 22:19 - 2014-10-09 10:08 - 01061776 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdsmtpp.dll
2015-02-16 22:19 - 2014-10-09 10:08 - 00209984 _____ (BitDefender) C:\WINDOWS\system32\BdFirewallSDK.dll
2015-02-16 22:19 - 2014-10-09 10:08 - 00195016 _____ (BitDefender) C:\WINDOWS\system32\httproxy.dll
2015-02-16 22:19 - 2014-10-09 10:08 - 00156936 _____ () C:\WINDOWS\system32\bdfwcore.dll
2015-02-16 22:19 - 2014-10-09 10:08 - 00155912 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdpop3p.dll
2015-02-16 22:19 - 2014-10-09 10:08 - 00122928 _____ (BitDefender) C:\WINDOWS\system32\OEMbdpredir.dll
2015-02-16 22:19 - 2014-10-09 10:08 - 00096160 _____ (BitDefender) C:\WINDOWS\system32\bdpredir.dll
2015-02-16 22:16 - 2015-02-16 22:16 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-02-16 22:14 - 2015-02-16 22:14 - 00000000 ____D () C:\Program Files\Lavasoft
2015-02-16 21:04 - 2015-02-19 18:37 - 00000000 ____D () C:\Program Files (x86)\SystemContinue
2015-02-16 18:55 - 2015-02-16 18:55 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-02-16 18:53 - 2015-02-16 22:20 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-02-16 18:53 - 2015-02-16 18:53 - 01937320 _____ () C:\Users\Mahir Sari\Downloads\AdAware115WebInstaller.exe
2015-02-16 18:52 - 2015-02-16 18:52 - 00047496 _____ (GFI Software) C:\WINDOWS\system32\sbbd.exe
2015-02-16 18:52 - 2015-02-16 18:52 - 00014456 _____ (GFI Software) C:\WINDOWS\system32\Drivers\gfibto.sys
2015-02-16 18:52 - 2015-02-16 18:52 - 00000000 ____D () C:\Users\Mahir Sari\AppData\Roaming\LavasoftStatistics
2015-02-16 18:52 - 2015-02-16 18:52 - 00000000 ____D () C:\Users\Mahir Sari\AppData\Roaming\Ad-Aware Antivirus
2015-02-15 15:09 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-15 15:09 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-10 21:20 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-10 21:20 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-10 21:20 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-10 21:20 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-10 21:20 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-10 21:20 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-10 21:20 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-10 21:20 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-10 21:20 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-10 21:19 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-10 21:19 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-10 21:19 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-10 21:19 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-10 21:19 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-10 21:19 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-10 21:19 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-10 21:19 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-10 21:19 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-10 21:19 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-10 21:19 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-10 21:19 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-10 21:19 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-10 21:19 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-10 21:19 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-10 21:19 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-10 21:19 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-10 21:19 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-10 21:19 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-10 21:19 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-10 21:19 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-10 21:19 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-10 21:19 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-10 21:19 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-10 21:19 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-10 21:19 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-10 21:19 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-10 21:19 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-10 21:19 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-10 21:19 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-10 21:19 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-10 21:19 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-10 21:19 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-10 21:19 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-10 21:19 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-10 21:19 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-10 21:19 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-10 21:19 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-10 21:19 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-10 21:19 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-10 21:19 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-10 21:19 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-10 21:19 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-10 21:19 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-10 21:19 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-10 21:19 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-10 21:19 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-10 21:19 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-10 21:19 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-10 21:19 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-10 21:19 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-10 21:19 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-10 21:19 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-10 21:19 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-10 21:19 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-10 21:19 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-10 21:19 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-10 21:19 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-10 21:19 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-10 21:19 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-10 21:19 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-10 21:19 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-10 17:01 - 2014-10-01 07:58 - 00285696 ___SH () C:\Users\Mahir Sari\Desktop\Thumbs.db
2015-03-10 17:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-10 15:45 - 2014-02-19 02:19 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-10 15:24 - 2014-02-07 20:45 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-10 13:57 - 2012-11-21 10:49 - 00000000 ____D () C:\Users\Mahir Sari\Desktop\Mahir
2015-03-10 13:55 - 2014-09-24 14:17 - 00000000 __RDO () C:\Users\Mahir Sari\OneDrive
2015-03-10 13:54 - 2014-02-07 20:45 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-10 13:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Vss
2015-03-10 13:53 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-10 13:53 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-10 12:50 - 2014-10-17 17:32 - 00003938 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A5614B99-CEAB-4FC4-9AF1-E541BC921472}
2015-03-09 19:19 - 2014-02-07 20:45 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3833586203-542032726-2374544835-1001
2015-03-09 18:59 - 2014-09-24 13:30 - 00000000 ____D () C:\Users\Mahir Sari
2015-03-09 18:13 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-09 16:51 - 2015-01-08 23:51 - 00000090 _____ () C:\Users\Mahir Sari\AppData\Roaming\WB.CFG
2015-03-08 15:52 - 2012-09-20 21:42 - 00000000 ____D () C:\Program Files (x86)\VIA
2015-02-25 13:01 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-20 22:20 - 2014-02-07 20:45 - 00000000 ____D () C:\Users\Mahir Sari\AppData\Local\Google
2015-02-20 22:20 - 2014-02-07 20:45 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-20 22:19 - 2014-02-07 20:45 - 00004102 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-20 22:19 - 2014-02-07 20:45 - 00003866 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-20 21:51 - 2014-10-18 20:27 - 01796096 ___SH () C:\Users\Mahir Sari\Downloads\Thumbs.db
2015-02-20 21:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\tracing
2015-02-20 21:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-20 21:24 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-20 21:14 - 2012-09-20 21:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-20 02:13 - 2014-11-18 01:50 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-17 06:30 - 2015-01-30 21:56 - 00000000 ____D () C:\ProgramData\{57ee7147-e78d-5268-57ee-e7147e78c51f}
2015-02-15 16:16 - 2015-01-30 21:54 - 00000000 ____D () C:\ProgramData\{63f6be61-98e3-529c-63f6-6be6198ef986}
2015-02-15 16:16 - 2014-02-07 21:56 - 00000000 ____D () C:\Users\Mahir Sari\AppData\Local\Microsoft Help
2015-02-14 16:38 - 2013-08-22 15:44 - 00482624 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-14 16:36 - 2014-03-02 16:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-14 16:35 - 2014-12-13 11:18 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-14 16:35 - 2014-07-12 23:14 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-11 20:30 - 2014-02-09 00:07 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 20:22 - 2014-02-09 00:07 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 18:44 - 2014-02-07 21:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 18:44 - 2012-07-26 06:26 - 00000199 _____ () C:\WINDOWS\win.ini
==================== Files in the root of some directories =======
2015-02-17 14:47 - 2015-02-19 18:02 - 0000020 _____ () C:\Users\Mahir Sari\AppData\Roaming\appdataFr3.bin
2014-02-07 20:39 - 2014-03-04 17:54 - 0000380 _____ () C:\Users\Mahir Sari\AppData\Roaming\sp_data.sys
2015-01-08 23:51 - 2015-03-09 16:51 - 0000090 _____ () C:\Users\Mahir Sari\AppData\Roaming\WB.CFG
2014-11-06 23:41 - 2014-11-06 23:41 - 0002089 _____ () C:\Users\Mahir Sari\AppData\Local\recently-used.xbel
2014-04-04 13:20 - 2014-04-04 13:20 - 0007597 _____ () C:\Users\Mahir Sari\AppData\Local\Resmon.ResmonCfg
2012-08-17 01:52 - 2012-07-30 07:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-17 01:52 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
Some content of TEMP:
====================
C:\Users\Mahir Sari\AppData\Local\Temp\Quarantine.exe
C:\Users\Mahir Sari\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-09 18:49
==================== End Of Log ============================
--- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2015 03
Ran by Mahir Sari at 2015-03-10 17:03:30
Running from C:\Users\Mahir Sari\Desktop\Mahir\logs
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Ad-Aware Antivirus (HKLM\...\{A5C0392D-46A7-4CB3-800B-5794909453BD}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft)
Ad-Aware Web Companion (x32 Version: 1.1.862.1653 - Lavasoft) Hidden
AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.6.142.61624 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.6.142.61624 - Alcor Micro Corp.) Hidden
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.29 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0002 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
AvcEngine (Version: 3.10.7820.0 - Lavasoft) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
CrystalDiskInfo 6.1.8 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.1.8 - Crystal Dew World)
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
GameRanger (HKU\S-1-5-21-3833586203-542032726-2374544835-1001\...\GameRanger) (Version: - GameRanger Technologies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Haskell Platform 2013.2.0.0 (HKLM-x32\...\HaskellPlatform-2013.2.0.0) (Version: - Haskell.org)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java SE Development Kit 7 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
LavasoftTcpService (x32 Version: 2.3.1.4 - Lavasoft) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-3833586203-542032726-2374544835-1001\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.) Hidden
Security Task Manager 2.0d (HKLM-x32\...\Security Task Manager) (Version: 2.0d - Neuber Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Web Companion (HKLM-x32\...\{8BC95771-8634-499F-9EA5-1498A2701C7A}_WebCompanion) (Version: 1.1.862.1653 - Lavasoft)
Windows Driver Package - ASUS (ATP) Mouse (07/28/2012 1.0.0.108) (HKLM\...\9B634C8DF2662B6B0212BF0B7547894BF2B5359F) (Version: 07/28/2012 1.0.0.108 - ASUS)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
16-02-2015 18:53:36 AA11
20-02-2015 21:04:45 Removed Shared C Run-time for x64
20-02-2015 21:52:30 Wiederherstellungsvorgang
25-02-2015 13:01:10 Windows Update
06-03-2015 18:55:25 Geplanter Prüfpunkt
08-03-2015 15:50:02 Configured Platform
09-03-2015 18:52:21 Revo Uninstaller's restore point - Block The Ads
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0D59662F-FBB7-47E5-93BF-001DF2442F5F} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {1A04BB49-6C2C-4C31-AFB5-3E50558F876E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-20] (Google Inc.)
Task: {23A76240-7204-46E5-A94A-CCB9F24213D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {287F14A0-5042-4A9E-B0A7-EA8238065563} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {418C4ABF-32C7-447C-AF5F-83C8AA5FD74E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {5B73B3FB-4C3A-4015-8FE3-8F2B763FD99E} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {88B39870-3732-4340-9BB8-0FED8160F04C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-20] (Google Inc.)
Task: {8E8307D5-CC3B-4387-8B3C-FCCFAC4E23A6} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-15] (Adobe Systems Incorporated)
Task: {B67B031B-7ECE-4CC5-8791-DB59C59FA9BE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B92849C6-F449-43C0-8EEE-47F2B5D4461E} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-07-16] (TuneUp Software)
Task: {BD51E409-FDE8-4A12-92A6-6FF936D264AD} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {D4B8EB45-7125-4508-B699-29054A01B76B} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-04] (ASUS)
Task: {DABB7BC5-506F-43EA-824B-96A6541D52AB} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013.job =>
==================== Loaded Modules (whitelisted) ==============
2015-01-23 06:38 - 2015-01-23 06:38 - 00015208 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-01-23 06:38 - 2015-01-23 06:38 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-01-23 06:38 - 2015-01-23 06:38 - 00032616 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2014-07-16 09:24 - 2014-07-16 09:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-08-04 10:34 - 2012-08-04 10:34 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-08-28 07:21 - 2012-08-15 18:52 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 08947008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
2014-12-18 15:21 - 2014-12-18 15:21 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\RCF.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00125792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_system-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00107352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_thread-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_locale-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02130752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\HtmlFramework.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\DllStorage.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTrayDefaultSkin.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\Localization.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-20 22:20 - 2015-02-17 23:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-20 22:20 - 2015-02-17 23:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2012-09-20 21:42 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-02-20 22:20 - 2015-02-17 23:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2015-02-20 22:20 - 2015-02-17 23:44 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Mahir Sari\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Mahir Sari\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "ASUSQuickGesture(x86)"
HKLM\...\StartupApproved\Run: => "ASUSTPLoader(x64)"
HKLM\...\StartupApproved\Run: => "ASUSQuickGesture(x64)"
HKLM\...\StartupApproved\Run: => "ACMON"
HKLM\...\StartupApproved\Run32: => "AmIcoSinglun64"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
==================== Accounts: =============================
Administrator (S-1-5-21-3833586203-542032726-2374544835-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-3833586203-542032726-2374544835-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3833586203-542032726-2374544835-1003 - Limited - Enabled)
Mahir Sari (S-1-5-21-3833586203-542032726-2374544835-1001 - Administrator - Enabled) => C:\Users\Mahir Sari
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/10/2015 04:55:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (03/10/2015 04:55:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (03/10/2015 04:50:57 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: MAHIR)
Description: Microsoft.Media.PlayReadyClient_8wekyb3d8bbwe1009
Error: (03/10/2015 04:50:57 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: MAHIR)
Description: Microsoft.Media.PlayReadyClient_8wekyb3d8bbwe1009
Error: (03/10/2015 03:35:11 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: MAHIR)
Description: Microsoft.Media.PlayReadyClient_8wekyb3d8bbwe1009
Error: (03/10/2015 03:35:11 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: MAHIR)
Description: Microsoft.Media.PlayReadyClient_8wekyb3d8bbwe1009
Error: (03/10/2015 02:01:54 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (03/10/2015 02:01:52 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (03/10/2015 02:00:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (03/10/2015 02:00:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
System errors:
=============
Error: (03/10/2015 01:57:16 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422
Error: (03/10/2015 01:57:16 PM) (Source: WMPNetworkSvc) (EventID: 14338) (User: )
Description: 0x80070422
Microsoft Office Sessions:
=========================
Error: (03/10/2015 04:55:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (03/10/2015 04:55:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Mahir Sari\Downloads\esetsmartinstaller_deu.exe
Error: (03/10/2015 04:50:57 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: MAHIR)
Description: Microsoft.Media.PlayReadyClient_8wekyb3d8bbwe1009
Error: (03/10/2015 04:50:57 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: MAHIR)
Description: Microsoft.Media.PlayReadyClient_8wekyb3d8bbwe1009
Error: (03/10/2015 03:35:11 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: MAHIR)
Description: Microsoft.Media.PlayReadyClient_8wekyb3d8bbwe1009
Error: (03/10/2015 03:35:11 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: MAHIR)
Description: Microsoft.Media.PlayReadyClient_8wekyb3d8bbwe1009
Error: (03/10/2015 02:01:54 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Mahir Sari\Downloads\esetsmartinstaller_deu.exe
Error: (03/10/2015 02:01:52 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Mahir Sari\Downloads\esetsmartinstaller_deu.exe
Error: (03/10/2015 02:00:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Mahir Sari\Downloads\esetsmartinstaller_deu.exe
Error: (03/10/2015 02:00:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Mahir Sari\Downloads\esetsmartinstaller_deu.exe
CodeIntegrity Errors:
===================================
Date: 2015-02-15 15:21:58.001
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-01-30 21:55:46.195
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-01-30 21:55:46.085
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-01-16 00:35:11.945
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-01-15 00:03:39.771
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-01-04 14:52:10.566
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-12-13 11:47:40.061
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-26 18:24:40.112
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-19 00:36:12.737
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-15 15:39:35.430
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 45%
Total physical RAM: 3979.69 MB
Available physical RAM: 2164.95 MB
Total Pagefile: 8075.69 MB
Available Pagefile: 6321.82 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:185.52 GB) (Free:97.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.45 GB) (Free:258.3 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4F41109B)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
11.03.2015, 10:28
| #6 |
| /// the machine /// TB-Ausbilder | Windows 8/ ungewollte AddOns, langsam, sehr viel Werbung Java und Firefox updaten. Revo Uninstaller - Download - Filepony damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.google.com/chrome/answer/3296214?hl=de Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\$Recycle.Bin
C:\AdwCleaner\Quarantine\C\ProgramData\SecTaskMan\pricefountainw.exe.q_Quarantine_2651C07_q.vir
C:\Users\Mahir Sari\Documents\samsung\Kies3\backup\GT-I9300\GT-I9300_\GT-I9300_20141028181018\Others\Download\mediadrug-android-1.apk
C:\Users\Mahir Sari\Documents\samsung\Kies3\backup\GT-I9300\GT-I9300_\GT-I9300_20141028181018\Others\Download\mediadrug-android.apk
C:\Users\Mahir Sari\Documents\samsung\Kies3\backup\GT-I9300\GT-I9300_\GT-I9300_20150130154202\Others\Download\mediadrug-android-1.apk
C:\Users\Mahir Sari\Documents\samsung\Kies3\backup\GT-I9300\GT-I9300_\GT-I9300_20150130154202\Others\Download\mediadrug-android.apk
C:\Users\Mahir Sari\Downloads\DownloadManagerSetup.exe
C:\Users\Mahir Sari\Downloads\Dungeon-Keeper-3-lnstall.exe
C:\Users\Mahir Sari\Downloads\vlc-2.1.3-win32.exe
C:\ProgramData\SetStretch.exe
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
 Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ --> Windows 8/ ungewollte AddOns, langsam, sehr viel Werbung |
|
11.03.2015, 10:28
| #7 |
| /// the machine /// TB-Ausbilder | Windows 8/ ungewollte AddOns, langsam, sehr viel Werbung Java und Firefox updaten. Revo Uninstaller - Download - Filepony damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.google.com/chrome/answer/3296214?hl=de Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\$Recycle.Bin
C:\AdwCleaner\Quarantine\C\ProgramData\SecTaskMan\pricefountainw.exe.q_Quarantine_2651C07_q.vir
C:\Users\Mahir Sari\Documents\samsung\Kies3\backup\GT-I9300\GT-I9300_\GT-I9300_20141028181018\Others\Download\mediadrug-android-1.apk
C:\Users\Mahir Sari\Documents\samsung\Kies3\backup\GT-I9300\GT-I9300_\GT-I9300_20141028181018\Others\Download\mediadrug-android.apk
C:\Users\Mahir Sari\Documents\samsung\Kies3\backup\GT-I9300\GT-I9300_\GT-I9300_20150130154202\Others\Download\mediadrug-android-1.apk
C:\Users\Mahir Sari\Documents\samsung\Kies3\backup\GT-I9300\GT-I9300_\GT-I9300_20150130154202\Others\Download\mediadrug-android.apk
C:\Users\Mahir Sari\Downloads\DownloadManagerSetup.exe
C:\Users\Mahir Sari\Downloads\Dungeon-Keeper-3-lnstall.exe
C:\Users\Mahir Sari\Downloads\vlc-2.1.3-win32.exe
C:\ProgramData\SetStretch.exe
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde: Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst... und/oder das Forum mit einer kleinen Spende unterstützen. Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung: Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional: NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 8/ ungewollte AddOns, langsam, sehr viel Werbung |
| ad-aware, adware, antivirus, beschädigung, bonjour, browser, computer, defender, desktop, entfernen, fehler, festplatte, firefox, flash player, google, home, installmanager.exe, langsam, lavasofttcpservice64.dll, manuel, mozilla, security, services.exe, software, svchost.exe, system, web companion, werbung, windows |
dann auf 
und dann auf 
. 
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
