| Johnny123456 | 14.12.2014 15:53 |
Ich habe nur zugriff auf diesen pc und habe auch keinen USB stick
FRST.text
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-12-2014
Ran by Dilan (administrator) on DIYAR-PC on 14-12-2014 15:37:57
Running from E:\
Loaded Profile: Dilan (Available profiles: Diyar & Plan b & Dilan & ümit & Gast)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\Suo10_SmartRAM.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => TTIME
HKLM\...\Run: [VirtualCloneDrive] => N.EXE" /S
HKLM\...\Run: [HP Software Update] => FTWARE UPDATE\HPWUSCHD.EXE"
HKLM\...\Run: [HP Component Manager] => RETECH\HPCMPMGR.EXE"
HKLM\...\Run: [SunJavaUpdateSched] => N FILES\JAVA\JAVA UPDATE\JUSCHED.EXE"
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748256 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2425632 2014-11-07] (IObit)
HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\...\Run: [SmartRAM] => C:\Program Files\IObit\Advanced SystemCare 8\Suo10_SmartRAM.exe [535840 2014-09-02] (IObit)
HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\...\RunOnce: [Adobe Speed Launcher] => 1418564410
HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
Startup: C:\Users\Plan b\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM - (No Name) - {192a6019-26d2-4611-aead-07cd7733b146} - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-2244397687-2994677012-3856678615-1007 -> DefaultScope {D3D2BF91-3DFC-4D43-9DB5-CBC0F1DFBE71} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE0D20140110&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2244397687-2994677012-3856678615-1007 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D121314-AB747CC590BEC44CD91F&form=CONBDF&conlogo=CT3330962&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2244397687-2994677012-3856678615-1007 -> {D3D2BF91-3DFC-4D43-9DB5-CBC0F1DFBE71} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE0D20140110&p={SearchTerms}
BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> No File
BHO: mySecureSurfer -> {52EA1989-D16E-4560-9021-F0AD247DE4D1} -> C:\Users\Dilan\AppData\LocalLow\mySecureSurfer\IE\mySecureSurfer.dll (Soft-Ware International Ltd.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
Handler: livecall - No CLSID Value -
Handler: msnim - No CLSID Value -
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll File Not found ()
Winsock: Catalog9 29 C:\Windows\system32\MyOSProtect.dll File Not found ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Dilan\AppData\Roaming\Mozilla\Firefox\Profiles\uj6owbww.default-1417512113460
FF NewTab: about:blank
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2244397687-2994677012-3856678615-1007: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dilan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-2244397687-2994677012-3856678615-1007: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dilan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Dilan\AppData\Roaming\Mozilla\Firefox\Profiles\uj6owbww.default-1417512113460\user.js
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: SparPilot - Gutscheine & mehr... - C:\Users\Dilan\AppData\Roaming\Mozilla\Firefox\Profiles\uj6owbww.default-1417512113460\Extensions\sparpilot@sparpilot.com [2014-12-13]
FF Extension: {10688ffe-50ac-46ae-a40c-b393e967575e} - C:\Users\Dilan\AppData\Roaming\Mozilla\Firefox\Profiles\uj6owbww.default-1417512113460\Extensions\{10688ffe-50ac-46ae-a40c-b393e967575e}.xpi [2014-12-13]
FF Extension: Adblock Plus - C:\Users\Dilan\AppData\Roaming\Mozilla\Firefox\Profiles\uj6owbww.default-1417512113460\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-13]
FF Extension: No Name - C:\Users\Dilan\AppData\Roaming\Mozilla\Firefox\Profiles\uj6owbww.default-1417512113460\extensions\iobitascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [Not Found]
Chrome:
=======
CHR Profile: C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-09-20]
CHR Extension: (Google Präsentationen) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-20]
CHR Extension: (McAfee SafeKey) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2014-09-20]
CHR Extension: (Google Docs) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-20]
CHR Extension: (Google Drive) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-20]
CHR Extension: (YouTube) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-20]
CHR Extension: (Google-Suche) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-20]
CHR Extension: (Google Tabellen) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-20]
CHR Extension: (Avira Browser Safety) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-20]
CHR Extension: (Google Wallet) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-20]
CHR Extension: (Google Mail) - C:\Users\Dilan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-20]
CHR HKLM\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Diyar\AppData\LocalLow\proxtube\CHROME\proxtube.crx [2012-04-19]
CHR HKLM\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files\SafeKey\lpchrome.crx [2013-09-23]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) <==== ATTENTION
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 Origin Client Service; D:\origin\OriginClientService.exe [1900400 2014-12-01] (Electronic Arts)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2012-01-30] ()
S3 Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [569024 2014-09-16] (Valve Corporation) [File not signed]
S2 c67abfdb; "C:\Windows\system32\rundll32.exe" "c:\progra~1\sw-boo~1\AssistantSvc.dll",service
S3 MyOSProtect; C:\Program Files\Web Protect\MyOSProtect.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 65006428; C:\Windows\System32\DRIVERS\65006428.sys [133208 2013-08-30] (Kaspersky Lab ZAO)
R0 AFS; C:\Windows\system32\Drivers\AFS.sys [77004 2014-09-07] (Oak Technology Inc.) [File not signed]
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [83872 2012-07-08] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
S3 EverestDriver; C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [7168 2005-08-18] () [File not signed]
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2008-12-13] () [File not signed]
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 hamachi_oem; C:\Windows\System32\DRIVERS\gan_adapter.sys [10664 2006-08-28] (Applied Networking Inc.) [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2012-07-08] ()
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy)
S3 nocashio; C:\Windows\System32\drivers\nocashio.sys [4096 2011-08-23] () [File not signed]
S3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [154752 2005-10-18] (PixArt Imaging Inc.)
R1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys [20480 2014-09-01] () [File not signed] <==== ATTENTION
R3 phaudlwr; C:\Windows\System32\DRIVERS\phaudlwr.sys [89648 2009-10-20] (Philips Applied Technologies)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
R3 SPC620; C:\Windows\System32\drivers\SPC620.sys [484352 2007-09-28] (Philips )
R3 SPC620m; C:\Windows\System32\drivers\SPC620m.sys [7680 2007-09-28] (Philips )
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-08-15] (Avira GmbH)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2011-06-24] (Acronis)
S3 WinRing0_1_2_0; C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [14416 2010-11-01] (OpenLibSys.org)
S3 cpuz137; \??\C:\Users\Dilan\AppData\Local\Temp\cpuz137\cpuz137_x32.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
U4 RDSessMgr; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2099-05-21 16:14 - 9514-05-21 16:27 - 00000000 ____D () C:\Users\Diyar\AppData\Local\Apps\2.0
2099-05-21 16:14 - 2014-09-06 10:55 - 00000000 ____D () C:\Users\Diyar\AppData\Local\Deployment
2099-05-21 16:09 - 9514-05-21 16:09 - 00000000 ____D () C:\Users\Diyar\Documents\Optimizer Pro
2099-05-21 16:09 - 9514-05-21 16:09 - 00000000 ____D () C:\Users\Diyar\AppData\Roaming\Optimizer Pro
2099-05-21 16:04 - 9514-05-21 16:22 - 00000000 ____D () C:\Program Files\webget
2099-05-21 16:04 - 9514-05-21 16:21 - 00000000 ____D () C:\Users\Diyar\AppData\Roaming\loadtbs
2099-05-21 16:04 - 9514-05-21 16:04 - 00000000 ____D () C:\Users\Diyar\AppData\Roaming\Speedial
2099-05-21 16:04 - 9514-05-21 16:04 - 00000000 ____D () C:\Program Files\Speedial
2014-12-14 15:37 - 2014-12-14 15:38 - 00000000 ____D () C:\FRST
2014-12-14 13:43 - 2014-12-14 13:43 - 00000000 __SHD () C:\Users\Diyar\AppData\Local\EmieBrowserModeList
2014-12-13 23:57 - 2014-12-13 23:57 - 00000000 __SHD () C:\Users\ümit\AppData\Local\EmieUserList
2014-12-13 23:57 - 2014-12-13 23:57 - 00000000 __SHD () C:\Users\ümit\AppData\Local\EmieSiteList
2014-12-13 23:57 - 2014-12-13 23:57 - 00000000 __SHD () C:\Users\ümit\AppData\Local\EmieBrowserModeList
2014-12-13 23:49 - 2014-12-13 23:49 - 00000000 ____D () C:\Users\ümit\AppData\Roaming\Avira
2014-12-13 23:44 - 2014-12-14 11:08 - 00000000 ____D () C:\Users\ümit
2014-12-13 23:44 - 2014-12-13 23:44 - 00110064 _____ () C:\Users\ümit\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-13 23:44 - 2014-12-13 23:44 - 00001425 _____ () C:\Users\ümit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-13 23:44 - 2014-12-13 23:44 - 00000482 __RSH () C:\Users\ümit\ntuser.pol
2014-12-13 23:44 - 2014-12-13 23:44 - 00000020 ___SH () C:\Users\ümit\ntuser.ini
2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 _SHDL () C:\Users\ümit\Startmenü
2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 _SHDL () C:\Users\ümit\Netzwerkumgebung
2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 _SHDL () C:\Users\ümit\Druckumgebung
2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 _SHDL () C:\Users\ümit\Documents\Eigene Musik
2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 _SHDL () C:\Users\ümit\Documents\Eigene Bilder
2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 _SHDL () C:\Users\ümit\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 _SHDL () C:\Users\ümit\AppData\Local\Verlauf
2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 ____D () C:\Users\ümit\AppData\Roaming\ATI
2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 ____D () C:\Users\ümit\AppData\Roaming\Adobe
2014-12-13 23:44 - 2014-12-13 23:44 - 00000000 ____D () C:\Users\ümit\AppData\Local\ATI
2014-12-13 23:44 - 2014-12-09 18:59 - 00000000 ____D () C:\Users\ümit\AppData\Roaming\IObit
2014-12-13 23:44 - 2012-04-11 23:59 - 00000000 ____D () C:\Users\ümit\AppData\Local\Microsoft Help
2014-12-13 23:44 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\ümit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-13 23:44 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\ümit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-13 22:33 - 2014-12-14 14:39 - 00000336 _____ () C:\Windows\setupact.log
2014-12-13 22:33 - 2014-12-13 22:33 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-13 22:20 - 2014-12-13 22:20 - 00003748 _____ () C:\Windows\PFRO.log
2014-12-13 22:00 - 2014-12-13 22:00 - 29741056 _____ () C:\Windows\system32\config\components.iobit
2014-12-13 21:53 - 2014-12-13 21:53 - 00000000 ____D () C:\Users\Plan b\AppData\Roaming\ProductData
2014-12-13 20:16 - 2014-12-13 20:16 - 00000000 ____D () C:\Users\Plan b\AppData\Roaming\TuneUp Software
2014-12-13 20:10 - 2014-12-13 20:10 - 00000000 ____D () C:\Users\Plan b\AppData\Roaming\IObit
2014-12-13 18:42 - 2014-12-13 18:42 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\TuneUp Software
2014-12-13 18:38 - 2014-12-13 18:38 - 00004616 _____ () C:\Windows\system32\LavasoftTcpService.ini
2014-12-13 18:38 - 2014-12-13 18:38 - 00002448 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2014-12-13 18:37 - 2014-11-27 10:44 - 00312424 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll
2014-12-13 18:36 - 2014-12-13 18:36 - 00001288 _____ () C:\Users\Dilan\Desktop\Cloned Files Scanner.lnk
2014-12-13 18:35 - 2014-12-13 18:35 - 00598912 _____ () C:\Users\Dilan\Downloads\TuneUpUtilities2013_de-DE.exe
2014-12-10 16:59 - 2014-12-10 17:59 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-12-09 19:52 - 2014-12-09 22:35 - 00000704 _____ () C:\Windows\Tasks\OpenCandyHelperRunAA747FB84C99428893401EAD6DC44017.job
2014-12-09 19:00 - 2014-12-09 19:00 - 00000000 ____D () C:\Users\Diyar\AppData\Roaming\ProductData
2014-12-09 18:59 - 2014-12-09 18:59 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit
2014-12-09 18:59 - 2014-12-09 18:59 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit
2014-12-08 22:53 - 2014-12-08 22:54 - 00880784 _____ (Google Inc.) C:\Users\Diyar\Downloads\ChromeSetup.exe
2014-12-08 22:51 - 2014-12-08 22:51 - 00000000 ____D () C:\Users\Diyar\AppData\Local\Macromedia
2014-12-08 22:50 - 2014-12-08 22:57 - 00000000 ____D () C:\Users\Diyar\AppData\Roaming\IObit
2014-12-08 22:17 - 2014-12-09 22:35 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1007UA.job
2014-12-08 22:17 - 2014-12-09 22:35 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1007Core.job
2014-12-08 22:17 - 2014-12-08 22:18 - 00000000 ____D () C:\Users\Dilan\AppData\Local\Facebook
2014-12-08 22:17 - 2014-12-08 22:17 - 00501248 _____ (Facebook Inc.) C:\Users\Dilan\Downloads\FacebookVideoCallSetup_v1.2.205.0(1).exe
2014-12-07 14:53 - 2014-12-07 14:53 - 00651264 _____ () C:\Users\Dilan\Downloads\Detection(3).msi
2014-12-07 14:49 - 2014-12-07 14:49 - 00651264 _____ () C:\Users\Dilan\Downloads\Detection(2).msi
2014-12-07 14:08 - 2014-12-02 10:27 - 00000216 _____ () C:\Users\Dilan\Desktop\Tomb Raider.url
2014-12-06 21:18 - 2014-12-06 21:18 - 04117346 _____ () C:\Users\Dilan\Downloads\MotioninJoy_071001_signed(2).zip
2014-12-06 21:09 - 2014-12-06 21:09 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\MotioninJoy
2014-12-06 21:08 - 2014-12-06 21:18 - 00001080 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk
2014-12-06 21:08 - 2014-12-06 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2014-12-06 21:08 - 2014-12-06 21:18 - 00000000 ____D () C:\Program Files\MotioninJoy
2014-12-06 21:08 - 2014-12-06 21:08 - 04117346 _____ () C:\Users\Dilan\Downloads\MotioninJoy_071001_signed(1).zip
2014-12-06 21:08 - 2011-12-07 19:42 - 00255496 _____ (Logitech Inc.) C:\Windows\system32\MijFrc.dll
2014-12-06 20:31 - 2012-05-12 12:31 - 00099400 _____ (MotioninJoy) C:\Windows\system32\Drivers\MijXfilt.sys
2014-12-06 20:30 - 2014-12-06 20:30 - 04117346 _____ () C:\Users\Dilan\Downloads\MotioninJoy_071001_signed.zip
2014-12-06 20:29 - 2014-12-06 20:29 - 01174352 _____ () C:\Users\Dilan\Downloads\MotioninJoy - CHIP-Installer.exe
2014-12-06 20:25 - 2014-12-06 20:26 - 00000000 ____D () C:\Users\Dilan\AppData\Local\BetterDS3
2014-12-06 20:24 - 2014-12-06 20:24 - 00759932 _____ () C:\Users\Dilan\Downloads\BetterDS3_1.5.3.zip
2014-12-06 20:23 - 2014-12-06 20:23 - 01174352 _____ () C:\Users\Dilan\Downloads\Better DS3 - CHIP-Installer.exe
2014-12-06 20:19 - 2014-12-06 20:19 - 04115757 _____ () C:\Users\Dilan\Downloads\MotioninJoy_070000_signed.zip
2014-12-06 20:04 - 2014-12-06 20:04 - 00804491 _____ () C:\Users\Dilan\Downloads\x360ce.App-2.1.2.191.zip
2014-12-06 19:53 - 2014-12-06 19:53 - 00000000 ____D () C:\Program Files\VID_0E8F&PID_3075
2014-12-06 19:52 - 2014-12-06 19:52 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\InstallShield
2014-12-05 12:29 - 2014-12-05 12:29 - 61407232 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-12-05 12:29 - 2014-12-05 12:29 - 00368640 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-12-05 12:29 - 2014-12-05 12:29 - 00098304 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-12-05 12:29 - 2014-12-05 12:29 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-12-04 21:34 - 2014-12-04 21:34 - 00001216 _____ () C:\Users\Dilan\Desktop\Smart RAM.lnk
2014-12-04 21:21 - 2014-12-04 21:21 - 00001144 _____ () C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
2014-12-04 21:21 - 2014-12-04 21:21 - 00001132 _____ () C:\Users\Public\Desktop\Game Booster 3.lnk
2014-12-04 21:21 - 2014-12-04 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3
2014-12-04 21:02 - 2014-12-13 22:00 - 61423616 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2014-12-04 21:02 - 2014-12-13 22:00 - 00372736 _____ () C:\Windows\system32\config\DEFAULT.iobit
2014-12-04 21:02 - 2014-12-13 22:00 - 00098304 _____ () C:\Windows\system32\config\SAM.iobit
2014-12-04 21:02 - 2014-12-13 22:00 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit
2014-12-04 21:02 - 2014-10-16 10:27 - 00024352 _____ (IObit) C:\Windows\system32\RegistryDefragBootTime.exe
2014-12-04 20:10 - 2014-12-04 20:10 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\ProductData
2014-12-04 20:08 - 2014-12-13 22:16 - 00002131 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2014-12-04 20:08 - 2014-12-04 22:17 - 00000000 ____D () C:\ProgramData\IObit
2014-12-04 20:08 - 2014-12-04 22:16 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-04 20:08 - 2014-12-04 21:21 - 00000000 ____D () C:\Program Files\IObit
2014-12-04 20:08 - 2014-12-04 20:10 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\IObit
2014-12-04 20:08 - 2014-12-04 20:08 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-12-04 20:08 - 2014-12-04 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2014-12-04 20:08 - 2014-12-04 20:08 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2014-12-04 20:08 - 2014-12-04 20:08 - 00000000 ____D () C:\Program Files\Common Files\IObit
2014-12-04 20:06 - 2014-12-04 20:07 - 43183800 _____ (IObit ) C:\Users\Dilan\Downloads\advanced-systemcare-setup_v8.0.3.exe
2014-12-03 19:04 - 2014-12-03 19:04 - 01174352 _____ () C:\Users\Dilan\Downloads\Wise Registry Cleaner - CHIP-Installer.exe
2014-12-03 18:26 - 2014-12-03 18:26 - 00002247 _____ () C:\Users\Plan b\Desktop\Skyrim (SKSE).lnk
2014-12-03 18:26 - 2014-12-03 18:26 - 00002247 _____ () C:\Users\Gast.Diyar-PC\Desktop\Skyrim (SKSE).lnk
2014-12-03 18:26 - 2014-12-03 18:26 - 00002247 _____ () C:\Users\Diyar\Desktop\Skyrim (SKSE).lnk
2014-12-03 18:26 - 2014-12-03 18:26 - 00002247 _____ () C:\Users\Dilan\Desktop\Skyrim (SKSE).lnk
2014-12-03 18:25 - 2014-12-03 18:25 - 00313875 _____ () C:\Users\Dilan\Downloads\skse_1_07_01_installer.exe
2014-12-03 08:42 - 2014-12-03 08:42 - 00394347 _____ (Ray Siegl ) C:\Users\Dilan\Downloads\ram_clean_tool_setup.exe
2014-12-02 19:45 - 2014-12-02 19:45 - 00000000 ____D () C:\Windows\pss
2014-12-02 15:43 - 2014-12-12 16:20 - 00008598 _____ () C:\Users\Dilan\Documents\TombRaider.log
2014-12-02 10:10 - 2014-12-02 10:10 - 00250760 _____ () C:\Users\Dilan\Documents\ts3_clientui-win32-1407159763-2014-12-02 10_10_29.027026.dmp
2014-11-30 15:28 - 2014-12-04 22:34 - 00007609 _____ () C:\Users\Dilan\AppData\Local\Resmon.ResmonCfg
2014-11-30 15:12 - 2011-11-11 07:48 - 00002940 _____ () C:\Users\Dilan\Desktop\SkyrimPrefs.ini
2014-11-30 15:11 - 2014-11-30 15:12 - 00000000 ____D () C:\Users\Dilan\Desktop\Saves
2014-11-30 12:13 - 2014-11-30 12:13 - 00000000 ____D () C:\ProgramData\ATI
2014-11-30 12:12 - 2014-11-30 12:12 - 00000000 ____D () C:\ProgramData\AMD
2014-11-30 12:12 - 2014-11-30 12:12 - 00000000 ____D () C:\Program Files\AMD AVT
2014-11-30 12:11 - 2014-11-30 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-11-30 12:05 - 2014-11-30 12:05 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\ATI
2014-11-30 12:05 - 2014-11-30 12:05 - 00000000 ____D () C:\Users\Dilan\AppData\Local\ATI
2014-11-30 12:04 - 2014-11-30 12:04 - 00000000 ____D () C:\Program Files\AMD
2014-11-30 11:59 - 2014-11-30 11:59 - 00000000 ____D () C:\AMD
2014-11-30 11:52 - 2014-11-30 11:52 - 00891224 _____ (AMD) C:\Users\Dilan\Downloads\amddriverdownloader.exe
2014-11-30 10:50 - 2014-12-02 10:08 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\TS3Client
2014-11-30 10:50 - 2014-11-30 10:50 - 00001211 _____ () C:\Users\Dilan\Desktop\TeamSpeak 3 Client.lnk
2014-11-30 10:50 - 2014-11-30 10:50 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-11-30 10:49 - 2014-11-30 10:50 - 00000000 ____D () C:\Users\Dilan\AppData\Local\TeamSpeak 3 Client
2014-11-30 10:48 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-11-30 10:48 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-11-30 10:46 - 2014-11-30 10:47 - 01174352 _____ () C:\Users\Dilan\Downloads\TeamSpeak 3 32 Bit - CHIP-Installer.exe
2014-11-30 10:30 - 2014-11-30 10:30 - 00651264 _____ () C:\Users\Dilan\Downloads\Detection(1).msi
2014-11-30 10:29 - 2014-12-14 14:04 - 00000000 ____D () C:\Program Files\Steam
2014-11-30 10:29 - 2014-11-30 10:29 - 01142392 _____ () C:\Users\Dilan\Downloads\SteamSetup.exe
2014-11-30 10:29 - 2014-11-30 10:29 - 00000925 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-11-30 10:29 - 2014-11-30 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-11-26 13:36 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-26 13:36 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-26 13:36 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-26 13:36 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-26 13:35 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-26 13:35 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-26 13:35 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-26 13:34 - 2014-11-30 15:15 - 00000000 ____D () C:\Users\Dilan\Documents\My Games
2014-11-26 13:34 - 2014-11-30 15:01 - 00000000 ____D () C:\Users\Dilan\AppData\Local\Skyrim
2014-11-26 13:34 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-26 13:34 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-26 13:34 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-26 13:34 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-26 13:34 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-26 13:34 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-26 13:32 - 2014-11-26 13:32 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\Unity
2014-11-26 13:31 - 2014-11-26 13:31 - 00000000 ____D () C:\Users\Dilan\AppData\Local\Unity
2014-11-26 13:30 - 2014-11-26 13:30 - 01081992 _____ (Unity Technologies ApS) C:\Users\Dilan\Downloads\UnityWebPlayer.exe
2014-11-21 14:24 - 2014-11-21 14:24 - 00000000 __SHD () C:\Users\Dilan\AppData\Local\EmieBrowserModeList
2014-11-17 22:04 - 2014-11-05 18:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-17 22:04 - 2014-11-05 18:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-17 22:04 - 2014-11-05 18:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-17 22:04 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-17 22:04 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-17 22:04 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-17 22:04 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-17 22:04 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-17 22:04 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-17 22:04 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-17 22:04 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-17 22:04 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-17 22:04 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-17 22:04 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-17 22:04 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-17 22:03 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-17 22:03 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-17 22:03 - 2014-11-06 04:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-17 22:03 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-17 22:03 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-17 22:03 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-17 22:03 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-17 22:03 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-17 22:03 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-17 22:03 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-17 22:03 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-17 22:03 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-17 22:03 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-17 22:03 - 2014-11-06 03:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-17 22:03 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-17 22:03 - 2014-11-06 03:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-17 22:03 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-17 22:03 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-17 22:03 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-17 22:03 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-17 22:03 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-17 22:03 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-17 22:03 - 2014-11-06 03:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-17 22:03 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-17 22:03 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-17 22:03 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-17 22:03 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-17 22:03 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-17 22:03 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-17 22:03 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-17 21:55 - 2014-11-17 21:55 - 01557060 _____ (TeamExtreme) C:\Users\Dilan\Downloads\Minecraft Cracked Launcher.exe
2014-11-17 21:47 - 2014-11-17 21:47 - 00651264 _____ () C:\Users\Dilan\Downloads\Detection.msi
2014-11-17 21:43 - 2014-11-26 13:43 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\.minecraft
2014-11-17 21:40 - 2014-11-17 21:40 - 00675988 _____ () C:\Users\Dilan\Downloads\Minecraft.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2099-05-21 16:21 - 2011-11-11 14:02 - 00000000 ____D () C:\ProgramData\PMB Files
2014-12-14 15:37 - 2011-06-24 16:03 - 01629284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-14 15:22 - 2011-06-24 15:55 - 01791427 _____ () C:\Windows\WindowsUpdate.log
2014-12-14 15:17 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-14 14:46 - 2009-07-14 05:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-14 14:46 - 2009-07-14 05:34 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-14 14:39 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-14 14:39 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-14 14:04 - 2012-05-27 19:11 - 00000000 ____D () C:\Users\Plan b\Tracing
2014-12-14 13:48 - 2011-10-22 10:57 - 00000000 ____D () C:\Users\Plan b
2014-12-14 13:41 - 2011-06-24 15:58 - 00000000 ____D () C:\Users\Diyar
2014-12-14 11:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2014-12-14 11:09 - 2014-09-13 11:54 - 00000000 ____D () C:\Users\Dilan
2014-12-14 11:08 - 2014-09-12 19:57 - 00000000 ____D () C:\Users\Gast.Diyar-PC
2014-12-14 11:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-12-13 23:43 - 2013-02-02 12:02 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-12-13 22:20 - 2011-06-24 16:48 - 00000000 ____D () C:\Windows\Panther
2014-12-13 21:59 - 2014-10-02 16:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-13 20:42 - 2014-09-20 18:48 - 00000000 ____D () C:\Users\Dilan\AppData\Local\Microsoft Games
2014-12-13 18:50 - 2014-09-05 14:34 - 00000000 ____D () C:\Program Files\GUM3AEE.tmp
2014-12-13 18:50 - 2012-01-19 16:51 - 00000000 ____D () C:\Users\Diyar\AppData\Local\Oblivion
2014-12-13 18:50 - 2011-12-29 20:43 - 00000000 ____D () C:\Users\Plan b\AppData\Local\Skyrim
2014-12-13 18:49 - 2014-09-20 17:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-13 18:49 - 2014-09-09 16:41 - 00000000 ____D () C:\Users\Diyar\AppData\Local\Gameo
2014-12-10 17:59 - 2013-01-09 20:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-10 17:59 - 2013-01-09 20:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-09 19:50 - 2014-09-06 11:08 - 00000000 ____D () C:\Users\Diyar\Desktop\Unused Shortcut(CU)
2014-12-09 19:50 - 2012-01-15 23:12 - 00000000 ____D () C:\Program Files\Prince of Persia
2014-12-09 19:50 - 2011-12-09 17:27 - 00000000 ____D () C:\Users\Diyar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-09 19:50 - 2011-11-11 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire Europe
2014-12-09 19:50 - 2011-08-01 10:21 - 00000000 ____D () C:\Users\Diyar\Desktop\Ümit
2014-12-09 19:09 - 2013-04-11 19:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 19:02 - 2014-05-21 16:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-09 19:00 - 2012-05-23 18:29 - 00000000 ____D () C:\Users\Diyar\AppData\Roaming\Skype
2014-12-09 13:58 - 2014-09-20 13:53 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-09 13:58 - 2014-09-20 13:53 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-09 13:58 - 2014-09-20 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-09 13:58 - 2014-09-20 13:53 - 00000000 ____D () C:\Program Files\Avira
2014-12-09 12:18 - 2012-01-09 22:37 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-12-09 12:16 - 2011-06-24 18:50 - 00000000 ____D () C:\Program Files\Windows Live
2014-12-09 12:14 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-08 23:01 - 2011-11-11 14:02 - 00000000 ____D () C:\Users\Diyar\AppData\Local\PMB Files
2014-12-08 22:59 - 2011-06-24 16:05 - 00000000 ____D () C:\Users\Diyar\AppData\Local\Google
2014-12-08 22:51 - 2012-04-21 16:13 - 00000000 ____D () C:\Users\Diyar\AppData\Local\Akamai
2014-12-07 17:13 - 2013-09-23 16:24 - 00000000 ____D () C:\Program Files\SafeKey
2014-12-07 14:53 - 2011-10-21 17:40 - 00000000 ____D () C:\Program Files\SystemRequirementsLab
2014-12-06 19:53 - 2011-08-21 22:54 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-06 11:04 - 2013-07-14 14:36 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1003UA.job
2014-12-06 11:04 - 2013-07-14 14:36 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1003Core.job
2014-12-06 11:04 - 2011-10-19 19:00 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1001UA.job
2014-12-06 11:04 - 2011-10-19 19:00 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1001Core.job
2014-12-04 22:29 - 2013-05-13 14:26 - 00000000 ____D () C:\ProgramData\Sony Ericsson
2014-12-04 22:29 - 2013-05-13 14:26 - 00000000 ____D () C:\Program Files\Sony Ericsson
2014-12-04 22:17 - 2013-02-09 09:44 - 00000000 ____D () C:\Fraps
2014-12-04 22:15 - 2014-10-09 20:22 - 00000000 ____D () C:\ProgramData\Origin
2014-12-04 21:38 - 2012-01-02 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC2 server emulator
2014-12-04 21:38 - 2011-06-24 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SBMAV Disk Cleaner
2014-12-04 20:09 - 2014-09-13 12:05 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\Apple Computer
2014-12-03 19:14 - 2009-07-14 03:03 - 64487424 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-12-03 19:14 - 2009-07-14 03:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-12-03 19:14 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-12-03 19:14 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-12-03 13:24 - 2011-12-19 15:11 - 00000000 ____D () C:\ProgramData\Ubisoft
2014-12-03 08:50 - 2011-12-29 23:30 - 00000000 ____D () C:\Program Files\SpeedFan
2014-12-01 18:05 - 2014-10-09 20:25 - 00000000 ____D () C:\Users\Dilan\AppData\Roaming\Origin
2014-12-01 18:05 - 2014-10-09 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-11-30 15:23 - 2012-04-21 16:39 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin
2014-11-30 15:21 - 2011-07-30 18:36 - 00000000 ____D () C:\Program Files\Google
2014-11-30 12:35 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-30 12:10 - 2013-01-31 16:38 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-11-28 23:02 - 2011-06-24 16:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-28 18:55 - 2014-09-10 17:18 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-11-27 13:24 - 2009-07-14 05:33 - 00409800 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-26 13:57 - 2011-06-24 16:14 - 00110064 _____ () C:\Users\Diyar\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-21 21:03 - 2012-10-08 13:10 - 00000000 ____D () C:\Users\Plan b\AppData\Local\Google
2014-11-21 13:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-11-21 12:25 - 2012-04-01 17:20 - 00110064 _____ () C:\Users\Plan b\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-21 12:21 - 2014-05-22 12:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-21 12:16 - 2014-09-13 11:57 - 00110064 _____ () C:\Users\Dilan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-17 22:13 - 2014-01-02 03:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-17 22:13 - 2014-01-01 11:43 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-11-17 22:06 - 2011-06-24 18:35 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2244397687-2994677012-3856678615-1001\$9f114d5ed76ce9597dec2519af199e16
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$9f114d5ed76ce9597dec2519af199e16
Files to move or delete:
====================
C:\Users\Diyar\GeoGebra-Windows-Installer-3-2-46-0.exe
C:\Users\Diyar\PhotoScapeSetup_V3.5.exe
Some content of TEMP:
====================
C:\Users\Dilan\AppData\Local\Temp\avgnt.exe
C:\Users\Diyar\AppData\Local\Temp\avgnt.exe
C:\Users\Plan b\AppData\Local\Temp\avgnt.exe
C:\Users\ümit\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
LastRegBack: 2013-04-18 18:20
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
AdditionFRST Additions Logfile: Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-12-2014
Ran by Dilan at 2014-12-14 15:39:36
Running from E:\
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
AC2 server emulator 0.44 by Dormine (HKLM\...\{675DD1E6-637A-4F0E-B6DE-26F45CC26092}_is1) (Version: - bjamikel)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit)
Airfoil (HKLM\...\Airfoil) (Version: 3.5.3 - Rogue Amoeba)
AMD Catalyst Install Manager (HKLM\...\{319271B3-E2AA-F623-928E-245C9EBF16F7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed Brotherhood (HKLM\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.00 - Ubisoft)
Avira (HKLM\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BrowserSafeguard with RocketTab (HKLM\...\RocketTab) (Version: - BrowserSafeguard with RocketTab) <==== ATTENTION
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
BurnAware Free 3.0.3 (HKLM\...\BurnAware Free_is1) (Version: - Burnaware Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
CPUID CPU-Z 1.67 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DeleteAd (HKLM\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - DeleteAd) <==== ATTENTION
EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Formelrechner (HKLM\...\{69F0CEA4-43E2-4CBB-92DF-41860A40A631}) (Version: 1.00.0000 - Cornelsen Verlag)
Game Booster 3 (HKLM\...\Game Booster_is1) (Version: 3.4 - IObit)
GeoGebra (HKLM\...\GeoGebra) (Version: 3.2.46.0 - International GeoGebra Institute)
hp deskjet 5100 (HKLM\...\{15C165F1-1DAE-4476-AFB6-8723729B41E7}) (Version: 1.03.0000 - Hewlett-Packard)
hp print screen utility (HKLM\...\hp print screen utility) (Version: - )
HP Scanjet G2410 and 2400 (HKLM\...\{E5B04674-1885-4B08-BAE7-ECDEC1F84677}) (Version: 13.0 - HP)
HP Speicher-Disc (HKLM\...\{B376402D-58EA-45EA-BD50-DD924EB67A70}) (Version: 1.0.4.805 - Hewlett-Packard Company)
hpg2410 (Version: 13.0.0.0 - Ihr Firmenname) Hidden
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
McAfee SafeKey(uninstall only) (HKLM\...\safekey) (Version: - McAfee, Inc.)
MegaTrainer eXperience V1.2.1.3 (HKLM\...\MegaTrainer eXperience_is1) (Version: - )
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Morrowind (HKLM\...\{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}) (Version: - )
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - MotioninJoy | Playstation 3|Xbox 360|Dualshock 3|Sixaxis|Game|Driver|)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
NVIDIA PhysX (HKLM\...\{54194F60-988C-4D03-B922-C2B00EFDA39A}) (Version: 9.10.0222 - NVIDIA Corporation)
Oblivion (HKLM\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
OpenAL (HKLM\...\OpenAL) (Version: - )
Origin (HKLM\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
osu! (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.6.0 - Pando Networks Inc.)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Philips SPC620NC Webcam (HKLM\...\{5CA6F170-E18D-4B4C-8670-3ED096478C41}) (Version: 1.00.000 - Philips)
Philips VLounge (HKLM\...\{EA57A1B9-0DD2-44DD-9B70-64E8DA553F6F}) (Version: - ArcSoft)
PhotoScape (HKLM\...\PhotoScape) (Version: - )
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
Remote Mouse version 2.56 (HKLM\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 2.56 - Remote Mouse)
S.T.A.L.K.E.R. - Clear Sky [v1.0003] (HKLM\...\S.T.A.L.K.E.R. - Clear Sky_is1) (Version: 1.0003 - Deep Silver)
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SBMAV Disk Cleaner 3 (HKLM\...\SBMAV Disk Cleaner_is1) (Version: - SBMAV Software)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype Web Plugin (HKLM\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Startup Booster v2.4 (HKLM\...\Startup Booster_is1) (Version: 2.4 - Smart PC Solutions)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SW-Booster (HKLM\...\S-792098896) (Version: 2.2.0.1111 - PremiumSoft) <==== ATTENTION
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SW-Sustainer 1.80 (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c67abfdb}) (Version: - Certified Publisher) <==== ATTENTION
System Requirements Lab CYRI (HKLM\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM\...\{1AAE7ACD-816D-4982-A16B-4B724EBC1139}) (Version: 2.2.3.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TES Construction Set (HKLM\...\{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}) (Version: - )
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)
Tomb Raider (HKLM\...\Steam App 203160) (Version: - Crystal Dynamics)
Unity Web Player (HKU\S-1-5-21-2244397687-2994677012-3856678615-1007\...\UnityWebPlayer) (Version: 4.6.0f3 - Unity Technologies ApS)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Web Protect for Windows (HKLM\...\wp-adinject-adk) (Version: 10.0.0 - Web Protect) <==== ATTENTION
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Win7codecs (HKLM\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.5.5 - Shark007)
Windows 7 Manager (HKLM\...\{EA027ED9-3A1E-426C-A8F1-D29B69C8E207}) (Version: 1.2.4 - Yamicsoft)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2244397687-2994677012-3856678615-1007_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Dilan\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2244397687-2994677012-3856678615-1007_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Dilan\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2244397687-2994677012-3856678615-1007_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Dilan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2011-12-27 23:20 - 00001052 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 static3.cdn.ubi.com
127.0.0.1 ubisoft-orbit.s3.amazonaws.com
127.0.0.1 onlineconfigservice.ubi.com
127.0.0.1 orbitservice.ubi.com
127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0287347F-A494-40A6-80A7-79332DD6FCDF} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe [2014-12-04] ()
Task: {0393DB74-93FA-4C14-9A1A-912851F854E1} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files\RocketTab\Client.exe" /Preferred=true <==== ATTENTION
Task: {09CB0658-D38A-429B-8689-FF55D3D736F1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {209B2B82-0027-40A1-9A39-D184D960369D} - System32\Tasks\{36BFCFFA-0D1F-4AC9-BFA0-DB8E2A24399D} => D:\ds spiele 2011\assassino\AssassinsCreed_Launcher.exe [2008-02-22] (Ubisoft)
Task: {240AAF96-D29C-4A96-A93B-37C0975C1337} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1003Core => C:\Users\Plan b\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {26DE445F-319D-4E5B-9C91-8875EF2AE392} - System32\Tasks\RocketTab Update Task => C:\Program Files\RocketTab\uninstall.exe <==== ATTENTION
Task: {33B714B5-A3A0-4EDC-BE19-38C19AE6B87A} - System32\Tasks\{2C903AF0-4B97-4152-92F4-AD248E3C39DD} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}\setup.exe" -c -runfromtemp -l0x0007 -removeonly
Task: {40AE8109-5676-4B67-A920-8149CBF4554A} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe [2014-11-10] (IObit)
Task: {42777146-01BD-4275-AF2E-8EE21B9B9589} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {47A214F6-D248-4BD8-8300-BEFE5DAC03E7} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe [2014-11-13] (MyPC Backup) <==== ATTENTION
Task: {49A8D5A1-100A-4ACF-AA67-6397372ADC19} - System32\Tasks\{43494C23-39CF-4CB7-AE22-A9011C268D9C} => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {550A0356-ACC0-4AFB-8DDD-3FBC4345694B} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2244397687-2994677012-3856678615-1007
Task: {60D5985A-52AC-40D2-8AA3-D805A78C9A27} - System32\Tasks\{4DBA4EFA-5763-471B-AEBE-4312DE7BB6F8} => D:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe [2009-07-07] ()
Task: {61424186-3346-4140-80A8-C93CF4CD2489} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1001UA => C:\Users\Diyar\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {78A06E16-66E1-4670-B681-6D1FACF285C1} - System32\Tasks\OpenCandyHelperRunAA747FB84C99428893401EAD6DC44017 => Rundll32.exe "C:\Users\Diyar\AppData\Roaming\OpenCandy\6D7FCDBD763F4E7B8DC17972DF6EC147\OCBrowserHelper_1.0.4.106.dll",_OCRestartDll@16
Task: {8EF48CA0-8074-4B72-A1F0-19606C512BD8} - System32\Tasks\ASC8_SkipUac_Dilan => C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe [2014-11-07] (IObit)
Task: {9EEAEB29-1CAF-4506-83A3-C43A1D4EC9EB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1001Core => C:\Users\Diyar\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {AB158445-097D-4E6D-A487-F37DE12E7F2B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1007Core => C:\Users\Dilan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {B81CE756-FD0E-49D9-A7CD-7AA53D4D5E6A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1003UA => C:\Users\Plan b\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {D65BE0E9-D7A6-4A5A-A924-649EE8323671} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1007UA => C:\Users\Dilan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {FC8F0631-F614-4F0C-A14A-15745614A35D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1001Core.job => C:\Users\Diyar\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1001UA.job => C:\Users\Diyar\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1003Core.job => C:\Users\Plan b\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1003UA.job => C:\Users\Plan b\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1007Core.job => C:\Users\Dilan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2244397687-2994677012-3856678615-1007UA.job => C:\Users\Dilan\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\OpenCandyHelperRunAA747FB84C99428893401EAD6DC44017.job => C:\Users\Diyar\AppData\Roaming\OpenCandy\6D7FCDBD763F4E7B8DC17972DF6EC147\OCBrowserHelper_1.0.4.106.dll
==================== Loaded Modules (whitelisted) =============
2014-12-04 20:08 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 8\sqlite3.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-12-04 20:08 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files\IObit\Advanced SystemCare 8\webres.dll
2014-12-04 20:08 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madExcept_.bpl
2014-12-04 20:08 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madBasic_.bpl
2014-12-04 20:08 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2014-11-13 10:59 - 2014-11-13 10:57 - 00270336 _____ () C:\Program Files\MyPC Backup\AlphaFS.dll
2014-11-13 10:59 - 2014-11-13 10:57 - 00060928 _____ () C:\Program Files\MyPC Backup\LinqBridge.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:CC2DDA0D
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install SafeKey IE RunOnce.lnk => C:\Windows\pss\Install SafeKey IE RunOnce.lnk.CommonStartup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-2244397687-2994677012-3856678615-500 - Administrator - Disabled)
Dilan (S-1-5-21-2244397687-2994677012-3856678615-1007 - Administrator - Enabled) => C:\Users\Dilan
Diyar (S-1-5-21-2244397687-2994677012-3856678615-1001 - Limited - Enabled) => C:\Users\Diyar
Gast (S-1-5-21-2244397687-2994677012-3856678615-501 - Limited - Disabled) => C:\Users\Gast.Diyar-PC
HomeGroupUser$ (S-1-5-21-2244397687-2994677012-3856678615-1002 - Limited - Enabled)
Plan b (S-1-5-21-2244397687-2994677012-3856678615-1003 - Limited - Enabled) => C:\Users\Plan b
ümit (S-1-5-21-2244397687-2994677012-3856678615-1008 - Limited - Enabled) => C:\Users\ümit
==================== Faulty Device Manager Devices =============
Name: hp scanjet scanner
Description: hp scanjet scanner
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: TSSTcorp DVD-ROM SH-D163B
Description: TSSTcorp DVD-ROM SH-D163B
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/14/2014 02:41:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (12/14/2014 02:41:05 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (12/14/2014 02:40:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (12/14/2014 02:39:42 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
Error: (12/14/2014 02:24:52 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Die Schnittstelle ist unbekannt
Error: (12/14/2014 02:24:52 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig
Error: (12/14/2014 02:24:18 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
Error: (12/14/2014 02:18:12 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig
Error: (12/14/2014 02:18:12 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig
Error: (12/14/2014 01:41:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Skype.exe, Version: 6.18.0.106, Zeitstempel: 0x53d13f6d
Name des fehlerhaften Moduls: Skype.exe, Version: 6.18.0.106, Zeitstempel: 0x53d13f6d
Ausnahmecode: 0x40000015
Fehleroffset: 0x00bd336e
ID des fehlerhaften Prozesses: 0xec8
Startzeit der fehlerhaften Anwendung: 0xSkype.exe0
Pfad der fehlerhaften Anwendung: Skype.exe1
Pfad des fehlerhaften Moduls: Skype.exe2
Berichtskennung: Skype.exe3
System errors:
=============
Error: (12/14/2014 03:28:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2147024891
Error: (12/14/2014 03:28:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891
Error: (12/14/2014 03:24:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891
Error: (12/14/2014 03:24:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2147024891
Error: (12/14/2014 03:22:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:
%%-2147014790
Error: (12/14/2014 03:21:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:
%%-2147014790
Error: (12/14/2014 03:21:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:
%%-2147014790
Error: (12/14/2014 03:20:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:
%%-2147014790
Error: (12/14/2014 03:20:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:
%%-2147014790
Error: (12/14/2014 03:19:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:
%%-2147014790
Microsoft Office Sessions:
=========================
Error: (12/14/2014 02:41:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (12/14/2014 02:41:05 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (12/14/2014 02:40:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (12/14/2014 02:39:42 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
Error: (12/14/2014 02:24:52 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Die Schnittstelle ist unbekannt
Error: (12/14/2014 02:24:52 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig
Error: (12/14/2014 02:24:18 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
Error: (12/14/2014 02:18:12 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig
Error: (12/14/2014 02:18:12 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig
Error: (12/14/2014 01:41:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe6.18.0.10653d13f6dSkype.exe6.18.0.10653d13f6d4000001500bd336eec801d0179b46751714C:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Skype\Phone\Skype.exe896da725-838e-11e4-92f7-001e8cb6cc4d
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 48%
Total physical RAM: 2047.29 MB
Available physical RAM: 1051.4 MB
Total Pagefile: 2047.29 MB
Available Pagefile: 1017.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.2 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:139.55 GB) (Free:19.57 GB) NTFS
Drive d: () (Fixed) (Total:195.7 GB) (Free:24.51 GB) NTFS
Drive e: () (Removable) (Total:14.98 GB) (Free:5.63 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 335.4 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=139.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195.7 GB) - (Type=07 NTFS)
========================================================
Disk: 5 (Size: 15 GB) (Disk ID: 99BE69B9)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)
==================== End Of Log ============================
--- --- --- |
FRST 32-Bit | FRST 64-Bit
Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: