| Sweezy61 | 16.02.2015 19:28 |
hi,
beim booten meines Rechners, spuckt er kurz nach dem drücken des Startknopfes "invalid partition table" aus, auf nem schwarzen hintergrund.
mbam.tx Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Protection, 16.02.2015 18:39:35, SYSTEM, FUAT-PC, Protection, Malware Protection, Starting,
Protection, 16.02.2015 18:39:35, SYSTEM, FUAT-PC, Protection, Malware Protection, Started,
Protection, 16.02.2015 18:39:35, SYSTEM, FUAT-PC, Protection, Malicious Website Protection, Starting,
Update, 16.02.2015 18:39:36, SYSTEM, FUAT-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 16.02.2015 18:39:36, SYSTEM, FUAT-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.2.3.1,
Protection, 16.02.2015 18:39:37, SYSTEM, FUAT-PC, Protection, Malicious Website Protection, Started,
Update, 16.02.2015 18:39:46, SYSTEM, FUAT-PC, Manual, Malware Database, 2014.11.20.6, 2015.2.16.6,
Protection, 16.02.2015 18:39:46, SYSTEM, FUAT-PC, Protection, Refresh, Starting,
Protection, 16.02.2015 18:39:46, SYSTEM, FUAT-PC, Protection, Malicious Website Protection, Stopping,
Protection, 16.02.2015 18:39:46, SYSTEM, FUAT-PC, Protection, Malicious Website Protection, Stopped,
Protection, 16.02.2015 18:39:53, SYSTEM, FUAT-PC, Protection, Refresh, Success,
Protection, 16.02.2015 18:39:53, SYSTEM, FUAT-PC, Protection, Malicious Website Protection, Starting,
Protection, 16.02.2015 18:39:53, SYSTEM, FUAT-PC, Protection, Malicious Website Protection, Started,
Scan, 16.02.2015 18:43:37, SYSTEM, FUAT-PC, Manual, Start: % 1 "% 2", Dauer: % 1 min 3 Sekunden, Bedrohungs-Suchlauf, Abgebrochen, 0 Malwareerkennung, 15-Malwareerkennung,
Scan, 16.02.2015 18:58:33, SYSTEM, FUAT-PC, Manual, Start: % 1 "% 2", Dauer: % 1 min 13 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 213-Malwareerkennung,
(end)
AdwCleaner.txt Code:
# AdwCleaner v4.110 - Bericht erstellt 16/02/2015 um 19:10:48
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-14.2 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x86)
# Benutzername : Fuat - FUAT-PC
# Gestarted von : C:\Users\Fuat\Desktop\AdwCleaner_4.110.exe
# Option : Suchlauf
***** [ Dienste ] *****
Dienst Gefunden : ReimageRealTimeProtection
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Fuat\AppData\Roaming\Mozilla\Firefox\Profiles\eeqk8rnu.default\user.js
Datei Gefunden : C:\Windows\Reimage.ini
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\file scout
Ordner Gefunden : C:\Program Files\Reimage
Ordner Gefunden : C:\Program Files\Uninstaller
Ordner Gefunden : C:\Program Files\XTRM Group
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\ProgramData\Uniblue
Ordner Gefunden : C:\ProgramData\Uniblue\DriverScanner
Ordner Gefunden : C:\ProgramData\WPM
Ordner Gefunden : C:\Users\Fuat\AppData\Local\apn
Ordner Gefunden : C:\Users\Fuat\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Fuat\AppData\Local\Tuguu_SL
Ordner Gefunden : C:\Users\Fuat\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Fuat\AppData\Roaming\cloudbkp
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\BabylonChromeExtension
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\e53d68ab53be814
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2412877D-92B7-49D5-84C4-6D6C89923930}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gefunden : HKCU\Software\performersoft llc
Schlüssel Gefunden : HKCU\Software\PIP
Schlüssel Gefunden : HKCU\Software\Reimage
Schlüssel Gefunden : HKLM\SOFTWARE\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\*\shell\filescout
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{44FC7A33-2E5C-48DC-B6F5-B81E8005D122}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{93D3100A-BBB6-456C-96FC-82CAC5F383AC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CDDAB3A4-E64D-4AE0-9E1D-F3132F5F913F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E66A759D-367F-433E-85C6-ED7F040BCC32}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27CE191D-733B-4450-AFCD-096D105288C3}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gefunden : HKLM\SOFTWARE\PIP
Schlüssel Gefunden : HKLM\SOFTWARE\Reimage
Schlüssel Gefunden : HKLM\SOFTWARE\Taronja
Schlüssel Gefunden : HKLM\SOFTWARE\Uniblue
Schlüssel Gefunden : HKLM\SOFTWARE\Uniblue\DriverScanner
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17041
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=fc7c7fa5-c5b8-4902-a953-a4369ba568d2&searchtype=ds&q={searchTerms}
-\\ Mozilla Firefox v4.0.1 (de)
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CT2269050.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CT2269050.SavedHomepage", "hxxp://de.ask.com/?l=dis&o=1586&gct=hp");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CT2269050.SearchCaption", "DVDVideoSoftTB Customized Web Search");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CT2269050.SearchEngineBeforeUnload", "DVDVideoSoftTB Customized Web Search");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CT2269050.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CT2269050.backendstorage.hxxp://storage_conduit_com/marketplace/83/6d/8399d181-be98-42f2-b035-1616f617316d/.pricesparrowuuid", "35343763653034362D336363632D343561372D616533392D6266636565343[...]
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ConduitSearchList", "DVDVideoSoftTB Customized Web Search");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"b15ff1c2f9836cbedb2162807bfecee43\"");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", "\"1365594729\"");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "uG7mdamLoNmpmgC2c0JctQ==");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en&ctid=CT2269050", "b5I8zzzMgsg0XG/fawLlFw==");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "jf4tQQjNr2TQ31uHimzTMg==");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en&ctid=CT2269050", "9uXRY86McHhmOreOHsv6MA==");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "0BEXfBAJ1PdxmWK9VOejOg==");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en&ctid=CT2269050", "I1tfz7EBg4DmNytL9x55lQ==");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "ZU6zjERHpZr7lBpInn+HyA==");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en&ctid=CT2269050", "ZI41WLbm1fFgx4gn0bs99Q==");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en&ctid=CT2269050&UM=UM_UNINSTALL_ID", "ZI41WLbm1fFgx4gn0bs99Q==");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"c70353cabc2ce1:0\"");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.100", "\"0343677cfb1cd1:0\"");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"9f8d2729abc2ce1:0\"");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"0343677cfb1cd1:0\"");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050", "\"52c3f1538cb4af4ada257fcbc6b15d49\"");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer_dead.gif", "\"0a8c48d3330c81:0\"");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.gif", "\"0e2106f3030c81:0\"");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif", "\"0f475394430c81:0\"");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif", "\"08d9ef44430c81:0\"");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif", "\"066e8863030c81:0\"");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1f5851f12d58a6c6d5b555ddd5415b6a\"");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Fuat\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\eeqk8rnu.default\\conduitCommon\\modules\\3.18.0.7");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.18.0.7");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_ext_msg_key_cff790a1", "356x332");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.ToolbarsList4", "CT2269050");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.globalUserId", "f6956229-f7b6-4708-88c7-7d06b8929208");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Nov 10 2013 19:53:12 GMT+0100");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Nov 10 2013 19:53:19 GMT+0100");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.notifications.locale", "en");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Nov 10 2013 19:53:11 GMT+0100");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.notifications.userId", "f3d20191-acc2-4e1b-bce1-6c8a02fc5680");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.originalHomepage", "hxxp://de.ask.com/?l=dis&o=1586&gct=hp");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("browser.search.defaultthis.engineName", "DVDVideoSoftTB Customized Web Search");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("browser.search.selectedEngine", "Hola Search");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("browser.startup.homepage", "hxxp://www.holasearch.com/?affID=121962&babsrc=HP_ss&mntrId=EE8C001D927C1345");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("extensions.facemoods.firstRun", false);
[eeqk8rnu.default] - Zeile Gefunden : user_pref("extensions.facemoods.lastActv", "7");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("extensions.holasearch.admin", false);
[eeqk8rnu.default] - Zeile Gefunden : user_pref("extensions.holasearch.aflt", "babsst");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("extensions.holasearch.appId", "{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("extensions.holasearch.autoRvrt", "false");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("extensions.holasearch.dfltLng", "en");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("extensions.holasearch.excTlbr", false);
[eeqk8rnu.default] - Zeile Gefunden : user_pref("extensions.holasearch.ffxUnstlRst", false);
[eeqk8rnu.default] - Zeile Gefunden : user_pref("extensions.holasearch.id", "ee8c174e000000000000001d927c1345");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("extensions.holasearch.instlDay", "15799");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("extensions.holasearch.instlRef", "sst");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("extensions.holasearch.newTab", false);
[eeqk8rnu.default] - Zeile Gefunden : user_pref("extensions.holasearch.prdct", "holasearch");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("extensions.holasearch.prtnrId", "holasearch");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("extensions.holasearch.rvrt", "false");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("extensions.holasearch.smplGrp", "none");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("extensions.holasearch.tlbrId", "base");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("extensions.holasearch.tlbrSrchUrl", "");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("extensions.holasearch.vrsn", "1.8.16.16");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("extensions.holasearch.vrsnTs", "1.8.16.1614:03:07");
[eeqk8rnu.default] - Zeile Gefunden : user_pref("extensions.holasearch.vrsni", "1.8.16.16");
-\\ Google Chrome v
[C:\Users\Fuat\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=bf2ab487-c8bf-4f35-b412-23f3c274f4fc&apn_ptnrs=%5EAGS&apn_sauid=AE8F08A1-D613-44FC-BAA0-9DA1EA447294&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms}
[C:\Users\Fuat\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=bf2ab487-c8bf-4f35-b412-23f3c274f4fc&apn_ptnrs=%5EAGS&apn_sauid=AE8F08A1-D613-44FC-BAA0-9DA1EA447294&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms}
[C:\Users\Fuat\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=a2593852-06fd-4919-99e4-a4d2eaddbe30&apn_ptnrs=%5EAGS&apn_sauid=C4C4CB05-6176-4740-9DEB-E14868662366&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms}
[C:\Users\Fuat\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=a2593852-06fd-4919-99e4-a4d2eaddbe30&apn_ptnrs=%5EAGS&apn_sauid=C4C4CB05-6176-4740-9DEB-E14868662366&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms}
[C:\Users\Fuat\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : www.mystartsearch.com/web/?type=ds&ts=1411885036&from=tugs&uid=ST3500630AS_6QG3LBVFXXXX6QG3LBVF&q={searchTerms}
[C:\Users\Fuat\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : www.mystartsearch.com/web/?type=ds&ts=1411885036&from=tugs&uid=ST3500630AS_6QG3LBVFXXXX6QG3LBVF&q={searchTerms}
[C:\Users\Fuat\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3320326&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI=&UM=2&UP=SP9E77006A-7F14-48E8-B1AA-CA8ECD716472&q={searchTerms}&SSPV=
[C:\Users\Fuat\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.qone8.com/web/?type=ds&ts=1396183939&from=adks&uid=ST3500630AS_6QG3LBVFXXXX6QG3LBVF&q={searchTerms}
[C:\Users\Fuat\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://start.facemoods.com/?a=iron&s={searchTerms}&f=4
[C:\Users\Fuat\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.qone8.com/web/?type=ds&ts=1396178090&from=adks&uid=ST3500630AS_6QG3LBVFXXXX6QG3LBVF&q={searchTerms}
[C:\Users\Fuat\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : www.mystartsearch.com/web/?type=ds&ts=1411885036&from=tugs&uid=ST3500630AS_6QG3LBVFXXXX6QG3LBVF&q={searchTerms}
[C:\Users\Fuat\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : www.mystartsearch.com/web/?type=ds&ts=1411885036&from=tugs&uid=ST3500630AS_6QG3LBVFXXXX6QG3LBVF&q={searchTerms}
[C:\Users\Fuat\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_13_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0DzytByB0CtCtAyEyDtCyByE0EtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBtA0FyBzytAyEzytGzz0CtB0FtGtAyE0C0EtGzzzy0ByCtGyDzzyDtB0EtA0FyB0A0D0DtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0DyEyDtA0DtCzytGyB0DyDyCtGtBzytB0AtGtB0AyB0EtGtBtB0ByByBzz0CyBzy0CtAzz2Q&cr=1259401988&ir=
[C:\Users\Fuat\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.holasearch.com/?q={searchTerms}&affID=121962&babsrc=SP_ss&mntrId=EE8C001D927C1345
*************************
AdwCleaner[R0].txt - [23146 Bytes] - [16/02/2015 18:59:12]
AdwCleaner[R1].txt - [23066 Bytes] - [16/02/2015 19:10:48]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [23126 Bytes] ##########
JRT.txt Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x86
Ran by Fuat on 16.02.2015 at 19:17:32,25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Fuat\appdata\local\{54447F9A-10A1-4062-87BC-787BF63C9E87}
Successfully deleted: [Empty Folder] C:\Users\Fuat\appdata\local\{9564E14E-B454-4864-BE1B-F08F14E54399}
~~~ FireFox
Successfully deleted: [File] C:\Users\Fuat\AppData\Roaming\mozilla\firefox\profiles\eeqk8rnu.default\invalidprefs.js
Successfully deleted: [Folder] C:\Users\Fuat\AppData\Roaming\mozilla\firefox\profiles\eeqk8rnu.default\conduitcommon
Successfully deleted the following from C:\Users\Fuat\AppData\Roaming\mozilla\firefox\profiles\eeqk8rnu.default\prefs.js
user_pref("extensions.holasearch.aflt", "babsst");
user_pref("extensions.holasearch.appId", "{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}");
user_pref("extensions.holasearch.autoRvrt", "false");
user_pref("extensions.holasearch.dfltLng", "en");
user_pref("extensions.holasearch.excTlbr", false);
user_pref("extensions.holasearch.ffxUnstlRst", false);
user_pref("extensions.holasearch.id", "ee8c174e000000000000001d927c1345");
user_pref("extensions.holasearch.instlDay", "15799");
user_pref("extensions.holasearch.instlRef", "sst");
user_pref("extensions.holasearch.newTab", false);
user_pref("extensions.holasearch.prdct", "holasearch");
user_pref("extensions.holasearch.prtnrId", "holasearch");
user_pref("extensions.holasearch.rvrt", "false");
user_pref("extensions.holasearch.smplGrp", "none");
user_pref("extensions.holasearch.tlbrId", "base");
user_pref("extensions.holasearch.tlbrSrchUrl", "");
user_pref("extensions.holasearch.vrsn", "1.8.16.16");
user_pref("extensions.holasearch.vrsnTs", "1.8.16.1614:03:07");
user_pref("extensions.holasearch.vrsni", "1.8.16.16");
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.02.2015 at 19:20:25,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST.txt
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by Fuat (administrator) on FUAT-PC on 16-02-2015 19:25:16
Running from C:\Users\Fuat\Desktop
Loaded Profiles: Fuat (Available profiles: Fuat & UpdatusUser)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\Ir.exe
(Hauppauge Computer Works, Inc.) C:\Program Files\WinTV\WinTV7\WinTVTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Farbar) C:\Users\Fuat\Desktop\FRST (1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [190808 2011-03-01] (Logitech Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk
ShortcutTarget: WinTV Recording Status.lnk -> C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1889698854-669123561-2659498524-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1889698854-669123561-2659498524-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {0124123D-61B4-456f-AF86-78C53A0790C5} - No File
Toolbar: HKLM - No Name - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Fuat\AppData\Roaming\Mozilla\Firefox\Profiles\eeqk8rnu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1889698854-669123561-2659498524-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Fuat\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1889698854-669123561-2659498524-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Fuat\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1889698854-669123561-2659498524-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Fuat\AppData\Roaming\Mozilla\Firefox\Profiles\eeqk8rnu.default\Extensions\abs@avira.com [2014-12-26]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011-11-09]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011-06-05]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-09-18]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011-11-03]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-03-25]
Chrome:
=======
CHR HomePage: Default -> https://www.google.de/
CHR StartupUrls: Default -> "https://www.google.de/"
CHR Profile: C:\Users\Fuat\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Fuat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-30]
CHR Extension: (Google Drive) - C:\Users\Fuat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Fuat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-31]
CHR Extension: (YouTube) - C:\Users\Fuat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Google-Suche) - C:\Users\Fuat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (Google Wallet) - C:\Users\Fuat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Google Mail) - C:\Users\Fuat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
StartMenuInternet: Google Chrome - C:\Users\Fuat\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [581632 2013-05-15] (Hauppauge Computer Works) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-04-01] (Logitech Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2011-06-01] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [63984 2012-10-23] (Hauppauge Computer Works, Inc.)
S3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation) [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2011-06-01] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\3A9633E6.sys [114904 2015-02-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [42728 2011-06-13] (Realtek)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 VSTHWICH; C:\Windows\System32\DRIVERS\VSTICH3.SYS [242176 2009-07-13] (Conexant Systems, Inc.)
S3 catchme; \??\C:\Windows\TEMP\catchme.sys [X]
S3 RTL2832UBDA; system32\drivers\RTL2832UBDA.sys [X]
S3 RTL2832UUSB; System32\Drivers\RTL2832UUSB.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-16 19:25 - 2015-02-16 19:17 - 01125888 _____ (Farbar) C:\Users\Fuat\Desktop\FRST (1).exe
2015-02-16 19:20 - 2015-02-16 19:20 - 00002591 _____ () C:\Users\Fuat\Desktop\JRT.txt
2015-02-16 19:17 - 2015-02-16 19:17 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\3A9633E6.sys
2015-02-16 18:59 - 2015-02-16 18:59 - 00001691 _____ () C:\Users\Fuat\Desktop\mbam.txt.txt
2015-02-16 18:39 - 2015-02-16 19:17 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-16 18:39 - 2015-02-16 18:39 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-16 18:39 - 2015-02-16 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-16 18:39 - 2015-02-16 18:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-16 18:39 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-16 18:39 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-16 18:39 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-16 18:35 - 2015-02-16 19:14 - 00000000 ____D () C:\AdwCleaner
2015-02-16 18:35 - 2015-02-16 18:32 - 02112512 _____ () C:\Users\Fuat\Desktop\AdwCleaner_4.110.exe
2015-02-16 18:34 - 2015-02-16 18:32 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Fuat\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-16 18:34 - 2015-02-16 18:32 - 01388274 _____ (Thisisu) C:\Users\Fuat\Desktop\JRT.exe
2015-02-16 11:29 - 2015-02-16 11:29 - 00018413 _____ () C:\ComboFix.txt
2015-02-16 11:10 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-16 11:10 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-16 11:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-16 11:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-16 11:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-16 11:10 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-16 11:10 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-16 11:10 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-16 11:08 - 2015-02-16 11:05 - 05611903 ____R (Swearware) C:\Users\Fuat\Desktop\ComboFix.exe
2015-02-15 17:14 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-15 17:14 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-15 17:14 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-15 17:14 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-15 17:14 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-02-15 17:14 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-15 17:14 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-15 17:14 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-15 17:14 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-15 17:14 - 2014-07-07 02:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-15 17:14 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-02-15 17:14 - 2014-05-30 08:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-15 17:14 - 2014-05-30 08:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-15 17:14 - 2014-05-30 08:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-15 17:14 - 2014-05-30 08:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-15 17:14 - 2014-05-08 10:06 - 00919040 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-02-15 17:14 - 2014-04-25 03:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-02-15 17:14 - 2014-04-12 03:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-15 17:14 - 2014-04-12 03:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-15 17:14 - 2014-04-12 03:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-15 17:14 - 2014-04-12 03:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-15 17:14 - 2014-04-12 03:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-15 16:10 - 2015-02-16 19:15 - 00060200 _____ () C:\Windows\PFRO.log
2015-02-15 16:10 - 2015-02-16 19:15 - 00000280 _____ () C:\Windows\setupact.log
2015-02-15 16:10 - 2015-02-15 16:10 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-15 16:04 - 2015-02-15 16:03 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-02-15 16:03 - 2015-02-15 16:03 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-02-15 16:03 - 2015-02-15 16:03 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-02-15 16:03 - 2015-02-15 16:03 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-15 16:03 - 2015-02-15 16:03 - 00000000 ____D () C:\46db93f15e5c45eca92fc0d5856333
2015-02-15 15:57 - 2015-02-15 15:57 - 00000000 ____D () C:\Users\Fuat\Desktop\arte sacre
2015-02-15 15:43 - 2014-05-14 17:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-02-15 15:43 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-02-15 15:43 - 2014-05-14 17:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-02-15 15:43 - 2014-05-14 17:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-02-15 15:43 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-02-15 15:43 - 2014-05-14 17:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-02-15 15:43 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-02-15 15:43 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-02-15 15:43 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-02-15 15:37 - 2015-02-15 15:50 - 00000000 ____D () C:\Users\Fuat\Tracing
2015-02-15 15:37 - 2015-02-15 15:37 - 00007312 _____ () C:\Windows\system32\SettingsFile
2015-02-15 14:04 - 2015-02-15 14:05 - 00045965 _____ () C:\Users\Fuat\Desktop\Addition.txt
2015-02-15 14:03 - 2015-02-16 19:25 - 00015428 _____ () C:\Users\Fuat\Desktop\FRST.txt
2015-02-15 14:02 - 2015-02-16 19:25 - 00000000 ____D () C:\FRST
2015-02-15 13:46 - 2015-02-15 14:35 - 426500160 _____ () C:\Users\Fuat\Desktop\arte sacre.rar
2015-02-14 15:14 - 2015-02-14 15:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-14 14:34 - 2015-02-16 11:28 - 00000000 ____D () C:\Windows\erdnt
2015-02-14 13:55 - 2015-02-16 11:29 - 00000000 ____D () C:\Qoobox
2015-02-12 08:19 - 2015-02-12 08:19 - 00012907 _____ () C:\Users\Fuat\Documents\mietkaution.odt
2015-02-04 15:52 - 2015-02-04 15:52 - 00003244 _____ () C:\Users\Fuat\Downloads\Helmut Moritz.vcf
2015-02-02 07:44 - 2015-02-02 07:44 - 00022528 _____ () C:\Users\Fuat\Downloads\Ausgaben Jolanda Buck 2011_22.4.2012 neu.2012 neu.2012 neu
2015-01-31 07:04 - 2015-01-31 07:04 - 00000000 ____D () C:\Users\Fuat\AppData\Roaming\EurekaLab s.a.s
2015-01-27 20:13 - 2015-01-27 21:36 - 00016083 _____ () C:\Users\Fuat\Documents\Versuch.odt
2015-01-26 15:15 - 2015-01-26 15:15 - 00019686 _____ () C:\Users\Fuat\Documents\Mili Brief.odt
2015-01-18 15:32 - 2015-01-18 15:32 - 00014799 _____ () C:\Users\Fuat\Documents\Gradnetz 5b.odt
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-16 19:24 - 2011-06-01 17:47 - 00648600 _____ () C:\Windows\system32\perfh01F.dat
2015-02-16 19:24 - 2011-06-01 17:47 - 00139982 _____ () C:\Windows\system32\perfc01F.dat
2015-02-16 19:24 - 2010-08-11 08:54 - 02409112 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-16 19:23 - 2009-07-14 05:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-16 19:23 - 2009-07-14 05:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-16 19:22 - 2011-05-28 18:47 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1889698854-669123561-2659498524-1000UA.job
2015-02-16 19:16 - 2014-03-06 07:39 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 19:16 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-16 19:15 - 2011-06-01 17:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-16 19:15 - 2011-02-25 23:49 - 01755031 _____ () C:\Windows\WindowsUpdate.log
2015-02-16 19:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-02-16 19:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-02-16 19:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Cursors
2015-02-16 18:54 - 2014-03-06 07:39 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 18:38 - 2012-10-29 20:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-16 15:22 - 2011-05-28 18:47 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1889698854-669123561-2659498524-1000Core.job
2015-02-16 13:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-02-16 11:54 - 2014-03-06 07:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-02-16 11:38 - 2012-10-29 20:52 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-16 11:38 - 2011-06-03 19:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-16 11:29 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-02-16 11:29 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-16 11:25 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-02-16 11:23 - 2009-07-14 03:03 - 55312384 _____ () C:\Windows\system32\config\software.bak
2015-02-16 11:23 - 2009-07-14 03:03 - 42205184 _____ () C:\Windows\system32\config\COMPON~2.bak
2015-02-16 11:23 - 2009-07-14 03:03 - 17301504 _____ () C:\Windows\system32\config\system.bak
2015-02-16 11:23 - 2009-07-14 03:03 - 01835008 _____ () C:\Windows\system32\config\default.bak
2015-02-16 11:23 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-02-16 11:23 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-02-16 11:22 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-15 16:33 - 2015-01-09 09:40 - 00000000 ____D () C:\ProgramData\mquadr.at
2015-02-15 16:33 - 2015-01-09 09:34 - 00000000 ___DC () C:\ProgramData\{CD3330DC-8B86-4AE3-B2E4-09E56CB3E702}
2015-02-15 16:33 - 2015-01-09 09:34 - 00000000 ____D () C:\Program Files\DSL Soforthilfe
2015-02-15 16:33 - 2014-12-26 08:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-02-15 16:33 - 2014-12-01 18:22 - 00000000 ____D () C:\Program Files\Rossmann Fotowelt Software
2015-02-15 16:33 - 2014-09-19 07:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-15 16:33 - 2014-09-04 16:15 - 00000000 ____D () C:\719627b97d922be8aede
2015-02-15 16:33 - 2014-07-24 07:53 - 00000000 ____D () C:\0915cbab4848ea85f326
2015-02-15 16:33 - 2014-05-31 14:09 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-15 16:33 - 2014-05-31 14:09 - 00000000 ____D () C:\ProgramData\IObit
2015-02-15 16:33 - 2014-03-30 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-15 16:33 - 2014-03-30 18:23 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-15 16:33 - 2014-03-06 07:39 - 00000000 ____D () C:\Program Files\Google
2015-02-15 16:33 - 2014-01-18 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-15 16:33 - 2014-01-18 17:10 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2015-02-15 16:33 - 2014-01-18 17:10 - 00000000 ____D () C:\Program Files\iTunes
2015-02-15 16:33 - 2014-01-18 17:10 - 00000000 ____D () C:\Program Files\iPod
2015-02-15 16:33 - 2013-12-02 18:53 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-15 16:33 - 2013-12-02 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV
2015-02-15 16:33 - 2013-12-02 18:52 - 00000000 ____D () C:\Program Files\WinTV
2015-02-15 16:33 - 2013-07-19 15:11 - 00000000 ____D () C:\Program Files\Pando Networks
2015-02-15 16:33 - 2013-04-04 12:58 - 00000000 ____D () C:\Program Files\4Free Video Converter
2015-02-15 16:33 - 2013-03-07 14:39 - 00000000 ____D () C:\Users\Fuat\Desktop\Heike
2015-02-15 16:33 - 2012-11-29 16:37 - 00000000 ____D () C:\Users\Fuat\Desktop\JavaEditor
2015-02-15 16:33 - 2012-11-10 14:51 - 00000000 ____D () C:\Users\Fuat\Desktop\TV-LogiLink
2015-02-15 16:33 - 2012-10-29 20:51 - 00000000 ____D () C:\Program Files\Sony Media Go Install
2015-02-15 16:33 - 2012-03-03 13:16 - 00000000 ____D () C:\Users\Fuat\Desktop\Motrip-Embryo-DE-2012-NOiR
2015-02-15 16:33 - 2012-02-12 16:17 - 00000000 ____D () C:\Users\Fuat\Desktop\suats ordner
2015-02-15 16:33 - 2011-08-11 16:30 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-15 16:33 - 2011-06-03 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
2015-02-15 16:33 - 2011-06-03 20:16 - 00000000 ____D () C:\Windows\symbols
2015-02-15 16:33 - 2011-06-03 19:53 - 00000000 ____D () C:\Program Files\Adobe
2015-02-15 16:33 - 2011-05-28 23:18 - 00000000 ____D () C:\Program Files\Windows Live
2015-02-15 16:33 - 2011-05-28 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-15 16:33 - 2011-05-28 23:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-02-15 16:33 - 2011-05-28 23:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-15 16:33 - 2011-02-26 01:39 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-15 16:33 - 2009-07-14 09:47 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-02-15 16:33 - 2009-07-14 05:52 - 00000000 ____D () C:\Program Files\Microsoft Games
2015-02-15 16:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-15 16:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\MUI
2015-02-15 16:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\schemas
2015-02-15 16:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-02-15 16:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-15 16:32 - 2014-12-06 16:51 - 00000000 ____D () C:\Users\Fuat\Desktop\Schwelm
2015-02-15 16:32 - 2014-05-01 19:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-15 16:32 - 2013-03-07 14:39 - 00000000 ____D () C:\Users\Fuat\Desktop\Heike privat
2015-02-15 16:32 - 2011-12-18 16:32 - 00000000 ____D () C:\Users\Fuat\Desktop\Adobe Photoshop CS4
2015-02-15 16:31 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-02-15 16:29 - 2013-12-02 18:52 - 00000000 ____D () C:\Users\Public\WinTV
2015-02-15 16:29 - 2011-05-28 18:53 - 00000000 ____D () C:\Users\Fuat\AppData\Roaming\Macromedia
2015-02-15 16:29 - 2011-05-28 18:53 - 00000000 ____D () C:\Users\Fuat\AppData\Roaming\Adobe
2015-02-15 16:28 - 2013-01-29 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-15 16:28 - 2013-01-29 13:17 - 00000000 ____D () C:\ProgramData\Avira
2015-02-15 16:28 - 2013-01-29 13:17 - 00000000 ____D () C:\Program Files\Avira
2015-02-15 16:28 - 2011-11-03 17:34 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-15 16:28 - 2011-09-18 13:43 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-02-15 16:28 - 2011-08-11 16:37 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-02-15 16:28 - 2011-08-11 16:30 - 00000000 ____D () C:\ProgramData\Apple
2015-02-15 16:28 - 2011-06-05 17:37 - 00000000 ____D () C:\Program Files\Java
2015-02-15 16:28 - 2011-06-03 19:52 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-15 16:04 - 2014-05-31 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-15 15:54 - 2014-05-31 14:39 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-15 15:37 - 2011-02-25 23:53 - 00000000 ____D () C:\Users\Fuat
2015-02-15 15:35 - 2013-04-04 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4Free Video Converter
2015-02-15 15:35 - 2011-05-28 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-02-15 15:35 - 2009-07-14 09:56 - 00000000 ____D () C:\Program Files\Windows Journal
2015-02-15 15:35 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-15 15:35 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-02-15 13:16 - 2013-03-08 14:15 - 00000000 ____D () C:\Users\Fuat\Desktop\Hs Filme u Fotos
2015-02-15 12:41 - 2014-03-30 12:02 - 00000000 ____D () C:\temp
2015-02-14 15:34 - 2014-09-28 07:18 - 00000000 ____D () C:\Windows\Sun
2015-02-13 21:18 - 2013-12-02 18:50 - 00278148 _____ () C:\hcwDriverInstall.txt
2015-02-12 03:11 - 2013-08-15 20:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-06 09:10 - 2014-06-21 14:20 - 00000000 ____D () C:\Users\Fuat\Desktop\Ascona
2015-01-22 06:53 - 2014-12-17 16:59 - 00000000 ____D () C:\Users\Fuat\Desktop\Fleyerstraße
2015-01-22 06:53 - 2014-02-05 15:32 - 00000000 ____D () C:\Users\Fuat\AppData\Roaming\TeamViewer
==================== Files in the root of some directories =======
2014-04-01 19:08 - 2014-04-02 23:08 - 0000079 _____ () C:\Users\Fuat\AppData\Roaming\WB.CFG
2013-12-03 15:27 - 2013-12-03 15:27 - 0004608 _____ () C:\Users\Fuat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-16 13:05
==================== End Of Log ============================
--- --- ---
--- --- --- |
FRST 32-Bit | FRST 64-Bit
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
WARNUNG an die MITLESER: 
