Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.04.2015, 08:48   #1
mm0811
 
Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware - Standard

Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware



Hallo Communtiy,
ich habe einen Laptop (Acer Aspire 7736G) von einer Bekannteten bekommen. Er fährt viel zu langsam hoch bzw runter und es öffet sich immer mehrere Popups im Firefox z.b.

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:20 on 11/04/2015 (EROL)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-04-11 09:32:38
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-22ZAT0 rev.01.01A01 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\EROL\AppData\Local\Temp\kgldapod.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                                                                                                        00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                                                                                          00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                                                                                                        00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                                                                                                        00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                           * 9
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                                                                                           00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                                                                                                    00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                                                                                           00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                                                                                                    00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                                                                                          00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                                                                                               00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                                                                                                        00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                                                                                          00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                                                                                             00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                                                                                          00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                                                                                                        00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                                                                                                    00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1764] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                                                                                                    00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                                                                                           00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                                                                             00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                                                                                           00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                                                                                           00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                           * 9
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                                                                              00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                                                                                       00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                                                                              00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                                                                                       00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                                                                             00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                                                                                  00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                                                                                           00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                                                                             00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                                                                                00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                                                                             00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                                                                                           00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                                                                                       00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2140] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                                                                                       00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                    00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                      00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                    00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                    00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                           * 9
.text    C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                       00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                       00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                      00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                           00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                    00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                      00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                         00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                      00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                    00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                 00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                   00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                 00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                 00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                           * 9
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                    00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                             00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                    00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                             00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                   00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                        00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                 00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                   00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                      00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                   00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                 00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                             00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2212] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                             00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                    00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                      00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                    00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                    00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                           * 9
.text    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                       00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                       00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                      00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                           00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                    00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                      00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                         00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                      00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                    00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2256] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                       00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                         00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                       00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                       00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                           * 9
.text    C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                          00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                   00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                          00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                   00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                         00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                              00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                       00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                         00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                            00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                         00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                       00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                   00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe[2280] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                   00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                            00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                              00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                            00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                            00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                           * 9
.text    C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                               00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                        00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                               00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                        00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                              00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                   00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text    C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                            00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                              00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                 00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text    C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                              00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                            00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                        00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp[2340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                        00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                                                                                                  00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                                                                                    00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                                                                                                  00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                                                                                                  00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                           * 9
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                                                                                     00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                                                                                              00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                                                                                     00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                                                                                              00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                                                                                    00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                                                                                         00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                                                                                                  00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                                                                                    00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                                                                                       00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                                                                                    00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                                                                                                  00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                                                                                              00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2396] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                                                                                              00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\eazyzoom\1.1.0.30\isekdxa.exe[3284] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes                                                                                                        000000007616b2fe 5 bytes JMP 0000000100358e50
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes                                                                                                         000000007616b2fe 5 bytes JMP 0000000106818e50
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                     00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                       00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                     00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                     00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                           * 9
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                        00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                 00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                        00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                 00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                       00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                            00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                     00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                       00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                          00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                       00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                     00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                 00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                 00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                                                                                                                             00000000632b11a8 2 bytes [2B, 63]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248                                                                                                                            00000000632b127d 2 bytes CALL 760f14b9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395                                                                                                                            00000000632b1310 2 bytes CALL 760f14b9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                                                                                                                       00000000632b13a8 2 bytes [2B, 63]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                                                                                                                           00000000632b1422 2 bytes [2B, 63]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[364] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19                                                                                                                    00000000632b1498 2 bytes [2B, 63]
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                               00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                 00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                               00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                               00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                           * 9
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                  00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                           00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                  00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                           00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                 00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                      00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                               00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                 00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                    00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                 00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                               00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                           00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2936] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                           00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                  00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                    00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                  00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                  00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                           * 9
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                     00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                              00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                     00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                              00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                    00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                         00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                  00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                    00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                       00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                    00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                  00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                              00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                              00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes                                                                                           000000007616b2fe 5 bytes JMP 0000000100458e50
.text    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                       00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                         00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                       00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                       00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                           * 9
.text    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                          00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                   00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                          00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                   00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                         00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                              00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                       00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                         00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                            00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                         00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                       00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                   00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                   00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[4696] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes                                                                               000000007616b2fe 5 bytes JMP 0000000102af8e50
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes                                                                                       000000007616b2fe 5 bytes JMP 0000000103988e50
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                                                                                                   00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                                                                                     00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                                                                                                   00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                                                                                                   00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                           * 9
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                                                                                      00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                                                                                               00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                                                                                      00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                                                                                               00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                                                                                     00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                                                                                          00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                                                                                                   00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                                                                                     00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                                                                                        00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                                                                                     00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                                                                                                   00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                                                                                               00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4860] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                                                                                               00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[4876] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes                                                                                              000000007616b2fe 5 bytes JMP 00000001032d8e50
.text    C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes                                                                                                                    000000007616b2fe 5 bytes JMP 0000000108a08e50
.text    C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                                00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                  00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                                00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                                00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                           * 9
.text    C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                   00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                            00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                   00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                            00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                  00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                       00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                                00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                  00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                     00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                  00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                                00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                            00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text    C:\PROGRA~2\AD-AWA~1\AdAware.exe[4916] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                            00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                           00000000760d1401 2 bytes JMP 7611b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                             00000000760d1419 2 bytes JMP 7611b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                           00000000760d1431 2 bytes JMP 76198ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                           00000000760d144a 2 bytes CALL 760f48ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                           * 9
.text    C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                              00000000760d14dd 2 bytes JMP 761987a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                       00000000760d14f5 2 bytes JMP 76198978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                              00000000760d150d 2 bytes JMP 76198698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                       00000000760d1525 2 bytes JMP 76198a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                             00000000760d153d 2 bytes JMP 7610fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                  00000000760d1555 2 bytes JMP 761168ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                           00000000760d156d 2 bytes JMP 76198f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                             00000000760d1585 2 bytes JMP 76198ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                00000000760d159d 2 bytes JMP 7619865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                             00000000760d15b5 2 bytes JMP 7610fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                           00000000760d15cd 2 bytes JMP 7611b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                       00000000760d16b2 2 bytes JMP 76198e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                       00000000760d16bd 2 bytes JMP 761985f1 C:\Windows\syswow64\kernel32.dll
---- Processes - GMER 2.1 ----

Process  C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp (*** suspicious ***) @ C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp [2340](2015-04-05 14:22:47)  00000000010e0000
Process  C:\ProgramData\eazyzoom\1.1.0.30\isek6xa.exe (*** suspicious ***) @ C:\ProgramData\eazyzoom\1.1.0.30\isek6xa.exe [3084](2015-04-02 09:31:04)                                                                                  000000013f620000
Library  C:\ProgramData\eazyzoom\1.1.0.30\isek6xa.dll (*** suspicious ***) @ C:\ProgramData\eazyzoom\1.1.0.30\isek6xa.exe [3084](2015-04-02 09:30:50)                                                                                  000007fef7120000
Process  C:\ProgramData\eazyzoom\1.1.0.30\isekdxa.exe (*** suspicious ***) @ C:\ProgramData\eazyzoom\1.1.0.30\isekdxa.exe [3284](2015-04-02 09:31:36)                                                                                  0000000000110000
Library  C:\ProgramData\eazyzoom\1.1.0.30\isekdxau.dll (*** suspicious ***) @ C:\ProgramData\eazyzoom\1.1.0.30\isekdxa.exe [3284](2015-04-02 09:31:16                                                                                  000000006f210000

---- EOF - GMER 2.1 ----
         
FRST startet er nicht es kommt immer einen Fehlermeldung das es keine Win-32 Anwendung ist. Werder mit der 32-Bit noch mit der 64-Bit Version

Alt 11.04.2015, 09:01   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware - Standard

Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware



Hi,

AV Programm abschalten, dann FRST starten.
__________________

__________________

Alt 11.04.2015, 17:01   #3
mm0811
 
Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware - Standard

Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware



Irgendwie ist das komisch. AV aus der msconfig genommen, startet aber immer noch mit.
Über rechtsklick - Echtszeit-Scanner aktivieren den harken rausmachen, kommt die Fehlermeldung "Auf das angegeben Geräat, bzw. den Pfad oder die Datei kann nicht zugegriffen werden. Sie verfügen eventuell nicht über ausreichende Berechtigungen, um auf das Element zugreifen zu können."

Es ist nur ein Benutzer auf dem Rechner erstellt wurden und der ohne Passwort geladen wird.

EDIT:
Habe den AV jetzt über das mscofig deaktivert bekommen. Aber immer noch bekomm ich die Meldung "****FRST64.exe ist kein zulässige Win32-Anwendung."

EDIT2:
da ich einige Threads durchgelesen habe, kommt immer dern Post das Sie
Malwarebytes Anti-Malware 2.1.4 herrunterladen sollen.
Ich habe ihn herruntergeladen, hat aber keine 21 MB sondern nur 2.xxx KB.
Egal ob ich es von Filepony oder woanders herrunterlade.
Wenn ich es dann starte, kommt die MEldung "The setup files are corrupted. Please obtain a new copy of the program."
__________________

Geändert von mm0811 (11.04.2015 um 09:28 Uhr)

Alt 12.04.2015, 07:35   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware - Standard

Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware



Dann lade FRST bitte an einem andern Rechner und schieb es dann per Stick rüber. Und Finger weg von msconfig, das AV einfach öffnen und Echtzeitschutz beenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.04.2015, 09:30   #5
mm0811
 
Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware - Standard

Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-04-2015
Ran by EROL (administrator) on EROL-PC on 12-04-2015 09:44:48
Running from C:\Users\EROL\Desktop
Loaded Profiles: EROL (Available profiles: EROL)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe
() C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\ProgramData\eazyzoom\1.1.0.30\isekdxa.exe
() C:\ProgramData\eazyzoom\1.1.0.30\isek6xa.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINFE.EXE
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-06] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated)
HKLM\...\Run: [EPSON Stylus DX3800 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE /F "C:\Windows\TEMP\E_S2D9F.tmp" /EF "HKLM"
HKLM\...\Run: [SBRegRebootCleaner] => C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe [201608 2012-09-20] (GFI Software)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-21] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1194504 2009-08-27] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-07-31] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-08-04] (Acer Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] => "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\RunOnce: [Taplika] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\EROL\AppData\Roaming\Taplika\UpdateProc\bkup.dat"
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31340640 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [6553000 2015-02-18] (Steganos Software GmbH)
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\...\RunOnce: [Taplika] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\EROL\AppData\Roaming\Taplika\UpdateProc\bkup.dat"
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll <===== ATTENTION
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1423478423&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1423478423&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1423478423&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1423478423&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&q={searchTerms}
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://tikotin.com
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM-x32 -> {63894242-d1a7-4235-a425-c124cb8f4633} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BDG^xdm184^YYA^de&si=downloadzipfree&ptb=6734A307-3933-4706-8E36-62DE7120F636&ind=2015021317&n=781ac905&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2055800
SearchScopes: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&ts=1423478524&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> 709ACC7189F24A569010D34CD44D6059 URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&ts=1423478524&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&ts=1423478524&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&ts=1423478524&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&ts=1423478524&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> {246DFE4A-88F2-4305-8806-D7955EED7C1F} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&ts=1423478524&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> {4F6368DC-D7F5-4DA6-9B31-20201232E632} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&ts=1423478524&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> {63894242-d1a7-4235-a425-c124cb8f4633} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&ts=1423478524&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&ts=1423478524&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&ts=1423478524&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&ts=1423478524&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&ts=1423478524&type=default&q={searchTerms}
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Ad-Aware Security Add-on -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll [2013-08-09] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-22] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-22] (Oracle Corporation)
BHO-x32: Max DE Toolbar -> {e0007d18-baa4-4573-ae78-8bea0958c610} -> C:\Program Files (x86)\P2P_Max_DE\prxtbP2P0.dll No File
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Max DE Toolbar - {e0007d18-baa4-4573-ae78-8bea0958c610} - C:\Program Files (x86)\P2P_Max_DE\prxtbP2P0.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll [2013-08-09] ()
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> No Name - {E0007D18-BAA4-4573-AE78-8BEA0958C610} -  No File
Toolbar: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816
FF SearchEngineOrder.3: Bing 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\user.js [2015-04-04]
FF SearchPlugin: C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\searchplugins\sweet-page.xml [2015-02-13]
FF SearchPlugin: C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\searchplugins\Taplika.xml [2015-02-22]
FF SearchPlugin: C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\searchplugins\trovi.xml [2015-04-02]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml [2013-08-08]
FF Extension: Bing Search Engine - C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\Extensions\bingsearch.full@microsoft.com [2015-03-26]
FF Extension: WEB.DE MailCheck - C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\Extensions\toolbar@web.de [2015-03-07]
FF Extension: Mozilla Firefox Hotfixer - C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\Extensions\veggy@veggyAddon.com [2015-04-03]
FF Extension: Zoom It - C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\Extensions\{843b0bb0-da9d-7180-2410-20dfd38a47c0} [2015-04-11]
FF Extension: OkayFreedom - C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2015-03-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-01-07]

Chrome: 
=======
CHR Profile: C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Search) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaahlfahldnilidgnlikdckbfehhca [2015-03-13]
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2014-11-06]
CHR Extension: (Bookmark Manager) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-11]
CHR Extension: (No Name) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh [2015-03-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Skype Click to Call) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-06]
CHR Extension: (No Name) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnmengjdnfjbochkdkcjbbpildacancp [2015-04-05]
CHR Extension: (Google Wallet) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (No Name) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo [2015-03-28]
CHR Extension: (Lavasoft NewTab) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [2013-08-29]
CHR Extension: (pnmjaflneibolacpepklokkjnakmikmg) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmjaflneibolacpepklokkjnakmikmg [2015-03-15]
CHR HKLM\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1924032147-3410277532-354269451-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1924032147-3410277532-354269451-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1924032147-3410277532-354269451-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2013-08-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 noygeoo; C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe [571888 2015-04-02] ()
R2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [326072 2015-02-18] (Steganos Software GmbH)
R2 qumesuky; C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp [205312 2015-04-05] () [File not signed]
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]
S2 Update Air Globe; "C:\Program Files (x86)\Air Globe\updateAirGlobe.exe" [X]
S2 Update Steel Cut; "C:\Program Files (x86)\Steel Cut\updateSteelCut.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-08-29] (GFI Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S1 cherimoya; system32\drivers\cherimoya.sys [X]
S3 cpuz134; \??\C:\Users\EROL\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S1 qrnfd_1_10_0_12; system32\drivers\qrnfd_1_10_0_12.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S1 {90280f97-bcf9-4f01-b773-3eeda0515e95}Gw64; system32\drivers\{90280f97-bcf9-4f01-b773-3eeda0515e95}Gw64.sys [X]
S1 {a3730592-7b31-4002-9366-8a726171fb7b}Gw64; system32\drivers\{a3730592-7b31-4002-9366-8a726171fb7b}Gw64.sys [X]
S1 {ef6e4000-cf69-4e60-8af1-5bd45599585c}w64; system32\drivers\{ef6e4000-cf69-4e60-8af1-5bd45599585c}w64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 09:44 - 2015-04-12 09:46 - 00031888 _____ () C:\Users\EROL\Desktop\FRST.txt
2015-04-12 09:44 - 2015-04-12 09:45 - 00000000 ____D () C:\FRST
2015-04-12 09:42 - 2015-04-12 09:43 - 02095616 _____ (Farbar) C:\Users\EROL\Desktop\FRST64.exe
2015-04-11 23:47 - 2015-04-11 23:47 - 00008963 _____ () C:\Users\EROL\Desktop\1104.txt
2015-04-11 23:19 - 2015-04-11 23:19 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-11 23:19 - 2015-04-11 23:19 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-11 23:19 - 2015-04-11 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-11 23:19 - 2015-04-11 23:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-11 23:19 - 2015-04-11 23:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-11 23:19 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-11 23:19 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-11 23:19 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-11 09:18 - 2015-04-11 09:18 - 00000000 _____ () C:\Users\EROL\defogger_reenable
2015-04-05 18:26 - 2015-04-05 18:26 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Avira
2015-04-05 18:22 - 2015-04-11 23:48 - 00000000 ____D () C:\Program Files (x86)\IGS
2015-04-05 18:20 - 2015-04-05 18:20 - 00000000 ____D () C:\Users\EROL\AppData\Local\004578DC-1428258019-DE11-8C4E-95D864771729
2015-04-05 18:20 - 2015-04-05 18:15 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-05 18:13 - 2015-03-17 13:01 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-05 18:13 - 2015-03-17 13:01 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-05 18:13 - 2015-03-17 13:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-05 18:02 - 2015-04-05 18:02 - 00000000 ____D () C:\Windows\pss
2015-04-05 17:34 - 2015-04-05 17:34 - 00001211 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-05 17:33 - 2015-04-11 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-05 17:33 - 2015-04-05 18:13 - 00000000 ____D () C:\ProgramData\Avira
2015-04-05 17:33 - 2015-04-05 18:13 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-05 17:33 - 2015-04-05 17:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-05 17:18 - 2015-04-10 22:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-05 17:18 - 2015-04-05 17:22 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-05 17:18 - 2015-04-05 17:18 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-04-05 17:18 - 2015-04-05 17:18 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-04-05 17:18 - 2015-04-05 17:18 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-04-05 17:18 - 2015-04-05 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-04-05 17:18 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-04-05 12:58 - 2015-04-05 12:58 - 00613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nsoCB33.tmp
2015-04-05 12:21 - 2015-04-05 12:22 - 00291696 _____ () C:\Windows\Minidump\040515-28080-01.dmp
2015-04-05 00:23 - 2015-04-05 00:23 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 00:23 - 2015-04-05 00:23 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 23:32 - 2015-04-04 23:32 - 00613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nsxFC73.tmp
2015-04-04 20:10 - 2015-04-04 23:43 - 00008856 _____ () C:\Windows\SysWOW64\29xyOff.ini
2015-04-04 20:10 - 2015-04-04 23:43 - 00008856 _____ () C:\Windows\system32\29xyOff.ini
2015-04-04 20:10 - 2015-04-01 12:35 - 00416552 _____ (scsp) C:\Windows\system32\scxy64.dll
2015-04-04 20:10 - 2015-04-01 12:35 - 00349872 _____ (scsp) C:\Windows\SysWOW64\scxy.dll
2015-04-04 20:10 - 2015-04-01 12:34 - 00046496 _____ (scsp) C:\Windows\system32\Drivers\scjrtr.sys
2015-04-03 23:02 - 2015-04-04 17:18 - 00000000 ____D () C:\Users\EROL\Desktop\Bewerbung
2015-04-02 13:38 - 2015-04-02 13:38 - 00004270 _____ () C:\Windows\System32\Tasks\ReimageUpdater
2015-04-02 13:38 - 2015-04-02 13:38 - 00000000 ____D () C:\ProgramData\Reimage Protector
2015-04-02 12:47 - 2015-04-05 11:31 - 00000000 ____D () C:\Program Files\Reimage
2015-04-02 12:45 - 2015-04-02 12:45 - 00000000 ____D () C:\Users\EROL\AppData\Local\Crossbrowse
2015-04-02 12:43 - 2015-04-02 12:43 - 00000000 ____D () C:\ProgramData\eazyzoom
2015-03-31 18:01 - 2015-03-31 18:01 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\WebExtend
2015-03-31 11:02 - 2015-04-12 09:32 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Steganos VPN
2015-03-31 11:02 - 2015-04-03 21:03 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Steganos
2015-03-31 11:02 - 2015-03-31 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom
2015-03-31 11:02 - 2015-03-31 11:02 - 00000000 ____D () C:\Program Files (x86)\predm
2015-03-31 11:02 - 2015-03-31 11:02 - 00000000 ____D () C:\Program Files (x86)\OkayFreedom
2015-03-31 11:01 - 2015-04-01 14:05 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer
2015-03-31 11:01 - 2015-04-01 14:05 - 00000000 ____D () C:\Program Files (x86)\GUPlayer
2015-03-31 10:58 - 2015-03-31 10:58 - 00613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nsy7B11.tmp
2015-03-30 21:02 - 2015-03-30 21:02 - 00003456 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Popup
2015-03-30 21:02 - 2015-03-30 21:02 - 00003192 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start
2015-03-30 21:02 - 2015-03-30 21:02 - 00000000 ____D () C:\Users\EROL\AppData\Local\Rainmaker_Software_Group_
2015-03-30 21:01 - 2015-03-30 21:01 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Rainmaker Software Group LLC.​
2015-03-30 18:08 - 2015-03-30 18:08 - 00613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nsk1E43.tmp
2015-03-30 10:45 - 2015-03-30 10:45 - 00613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nsf272D.tmp
2015-03-28 17:52 - 2015-03-28 17:52 - 00300623 _____ () C:\Users\EROL\Downloads\Futbol Canlı Sonuçlar, Canlı maç sonuçları - iddaa.com.htm
2015-03-28 17:52 - 2015-03-28 17:52 - 00000000 ____D () C:\Users\EROL\Downloads\Futbol Canlı Sonuçlar, Canlı maç sonuçları - iddaa.com-Dateien
2015-03-27 10:57 - 2015-03-27 10:56 - 00613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nsl58C2.tmp
2015-03-25 14:46 - 2015-03-25 14:45 - 00613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nsgB359.tmp
2015-03-25 11:38 - 2015-03-25 11:37 - 00613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nssCA94.tmp
2015-03-25 11:25 - 2015-03-25 11:25 - 00000000 ____D () C:\Users\EROL\AppData\Local\globalUpdate
2015-03-25 10:59 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 10:59 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 10:59 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 10:59 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 10:59 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 10:59 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 10:59 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 10:59 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 12:20 - 2015-04-05 17:44 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2015-03-24 12:20 - 2015-04-05 17:44 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2015-03-24 12:20 - 2015-04-05 13:47 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2015-03-24 12:20 - 2015-04-05 13:00 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2015-03-24 12:20 - 2015-04-05 13:00 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2015-03-24 12:20 - 2015-04-05 13:00 - 00002824 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2015-03-24 12:19 - 2015-03-24 12:19 - 00613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nsuDE9D.tmp
2015-03-24 12:19 - 2015-03-24 12:19 - 00000000 __SHD () C:\Users\EROL\AppData\Roaming\AnyProtectEx
2015-03-24 11:44 - 2015-03-24 11:44 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\rightbackup
2015-03-24 11:35 - 2015-03-24 11:34 - 00613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nsj3BBA.tmp
2015-03-23 12:22 - 2015-03-23 12:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-23 12:04 - 2015-03-23 12:03 - 00613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nsh8BA0.tmp
2015-03-23 09:46 - 2015-03-23 09:46 - 00000000 ___HD () C:\Users\Public\B95565D26D9A9DC2AD95815626DF35B1
2015-03-22 21:26 - 2015-03-22 21:25 - 00613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nsd2298.tmp
2015-03-22 21:22 - 2015-03-22 21:22 - 00613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nsb995C.tmp
2015-03-22 21:09 - 2015-03-22 21:08 - 00613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nsh33A8.tmp
2015-03-22 19:19 - 2015-04-05 12:59 - 00008632 _____ () C:\Windows\SysWOW64\VCLOff.ini
2015-03-22 19:19 - 2015-04-05 12:59 - 00008632 _____ () C:\Windows\system32\VCLOff.ini
2015-03-22 19:07 - 2015-04-11 23:15 - 00000000 ____D () C:\Users\EROL\AppData\Local\004578DC-1427047646-DE11-8C4E-95D864771729
2015-03-22 19:03 - 2015-04-11 23:29 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729
2015-03-22 09:28 - 2015-03-22 09:28 - 00291696 _____ () C:\Windows\Minidump\032215-18720-01.dmp
2015-03-21 12:00 - 2015-03-23 17:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-03-18 16:07 - 2015-03-18 16:07 - 00000000 ____D () C:\Users\EROL\Option
2015-03-13 16:58 - 2015-04-12 09:30 - 00000350 _____ () C:\Windows\Tasks\davenport-sys.job
2015-03-13 16:58 - 2015-03-13 16:58 - 00003246 _____ () C:\Windows\System32\Tasks\davenport-sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 09:43 - 2013-11-24 18:07 - 00000000 ____D () C:\Users\EROL\Downloads\MSN Deutschland  Aktuelle Nachrichten, Outlook.com Email und Skype Login-Dateien
2015-04-12 09:39 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-12 09:39 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-12 09:36 - 2009-10-17 08:14 - 01405090 _____ () C:\Windows\WindowsUpdate.log
2015-04-12 09:34 - 2015-01-07 14:34 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-225 Series Update {DA9064A8-56DA-49F8-8F27-85D2FF2069A9}.job
2015-04-12 09:32 - 2013-08-29 01:44 - 00001872 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-04-12 09:32 - 2013-08-29 01:43 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2015-04-12 09:30 - 2009-08-22 10:34 - 01212326 _____ () C:\Windows\PFRO.log
2015-04-12 09:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-12 09:30 - 2009-07-14 06:51 - 00191690 _____ () C:\Windows\setupact.log
2015-04-12 09:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PLA
2015-04-11 23:56 - 2014-02-26 03:13 - 01472526 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-11 23:56 - 2009-10-17 18:03 - 00714532 _____ () C:\Windows\system32\perfh007.dat
2015-04-11 23:56 - 2009-10-17 18:03 - 00154584 _____ () C:\Windows\system32\perfc007.dat
2015-04-11 23:56 - 2009-07-14 07:13 - 01561624 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-11 23:28 - 2015-02-22 16:28 - 00000286 _____ () C:\Windows\Tasks\Taplika.job
2015-04-11 23:22 - 2012-10-12 12:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-11 19:30 - 2015-02-10 02:08 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-04-11 19:26 - 2011-10-27 14:22 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Skype
2015-04-11 19:21 - 2010-10-15 23:34 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{48FD094E-AFAF-4EC8-9EB3-9106BB6B89F2}
2015-04-11 09:18 - 2009-12-09 21:35 - 00000000 ____D () C:\Users\EROL
2015-04-10 22:05 - 2015-02-28 19:00 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\systweak
2015-04-05 18:55 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-05 18:47 - 2015-02-25 12:51 - 00000000 ____D () C:\ProgramData\dcd3ad0177264843bc5000b01d833e70
2015-04-05 18:34 - 2015-02-22 16:51 - 00000000 ____D () C:\ProgramData\{9d4d7a04-c0f0-47e9-9d4d-d7a04c0fe813}
2015-04-05 18:34 - 2015-02-22 16:27 - 00000000 ____D () C:\ProgramData\{1f0c2576-5236-741c-1f0c-c257652395d9}
2015-04-05 12:54 - 2015-02-28 16:17 - 00004028 _____ () C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-04-05 12:27 - 2010-10-08 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Okey+
2015-04-05 12:21 - 2014-08-24 16:33 - 683871128 _____ () C:\Windows\MEMORY.DMP
2015-04-05 12:21 - 2014-08-24 16:33 - 00000000 ____D () C:\Windows\Minidump
2015-04-05 10:48 - 2015-02-22 16:45 - 00000000 ___HD () C:\Users\Public\Temp
2015-04-05 10:46 - 2015-02-22 16:47 - 00000126 _____ () C:\Users\EROL\AppData\Roaming\WB.CFG
2015-04-04 23:33 - 2009-07-14 04:34 - 00000612 _____ () C:\Windows\win.ini
2015-04-02 13:40 - 2015-03-12 00:26 - 00000156 _____ () C:\Windows\Reimage.ini
2015-04-02 10:08 - 2015-03-11 17:03 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-01 18:03 - 2009-08-22 07:40 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-26 11:58 - 2014-09-21 15:55 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-26 11:58 - 2011-10-27 14:22 - 00000000 ____D () C:\ProgramData\Skype
2015-03-26 11:23 - 2014-12-11 12:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 11:23 - 2014-05-09 22:42 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-24 11:28 - 2015-02-10 14:50 - 00000839 _____ () C:\Windows\wininit.ini
2015-03-24 11:28 - 2014-12-29 19:24 - 00000000 ____D () C:\Users\EROL\AppData\Local\Unity
2015-03-24 10:42 - 2015-03-12 22:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-23 12:12 - 2015-02-28 19:00 - 00000000 ____D () C:\Program Files\shopperz
2015-03-20 01:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-18 12:42 - 2013-11-19 19:18 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Apple Computer
2015-03-18 12:42 - 2013-11-19 19:18 - 00000000 ____D () C:\Users\EROL\AppData\Local\Apple Computer
2015-03-15 11:53 - 2010-11-02 19:07 - 00000000 ____D () C:\Users\EROL\AppData\Local\Adobe
2015-03-15 11:52 - 2012-10-12 12:11 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-15 11:52 - 2012-10-12 12:11 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-15 11:52 - 2011-10-03 11:34 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-13 16:55 - 2009-10-17 08:15 - 00000000 ____D () C:\Program Files (x86)\Acer Arcade Deluxe

==================== Files in the root of some directories =======

2014-11-20 12:45 - 2014-11-20 12:45 - 6000640 _____ () C:\Program Files (x86)\GUT4C3D.tmp
2009-08-22 10:43 - 2009-02-10 21:23 - 0192484 _____ () C:\Program Files (x86)\Common Files\Acer GameZone online.ico
2015-02-22 16:47 - 2015-04-05 10:46 - 0000126 _____ () C:\Users\EROL\AppData\Roaming\WB.CFG
2010-10-03 23:03 - 2013-11-13 19:00 - 0000124 _____ () C:\Users\EROL\AppData\Roaming\wklnhst.dat
2014-06-23 22:44 - 2014-07-07 23:23 - 0001097 _____ () C:\Users\EROL\AppData\Local\cookies.ini
2015-02-24 11:57 - 2015-02-24 11:57 - 0274045 _____ () C:\Users\EROL\AppData\Local\dsi1.dat
2015-02-24 11:57 - 2015-02-24 11:57 - 0161916 _____ () C:\Users\EROL\AppData\Local\dsi2.dat
2015-03-11 18:30 - 2015-03-11 18:30 - 0001643 _____ () C:\Users\EROL\AppData\Local\MyWinLockerInstaller.txt-20150311.log
2015-03-12 12:54 - 2015-03-12 12:58 - 0006477 _____ () C:\Users\EROL\AppData\Local\MyWinLockerInstaller.txt-20150312.log
2015-03-22 21:22 - 2015-03-22 21:22 - 0613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nsb995C.tmp
2015-03-22 21:26 - 2015-03-22 21:25 - 0613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nsd2298.tmp
2015-03-30 10:45 - 2015-03-30 10:45 - 0613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nsf272D.tmp
2015-03-25 14:46 - 2015-03-25 14:45 - 0613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nsgB359.tmp
2015-03-22 21:09 - 2015-03-22 21:08 - 0613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nsh33A8.tmp
2015-03-23 12:04 - 2015-03-23 12:03 - 0613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nsh8BA0.tmp
2015-03-24 11:35 - 2015-03-24 11:34 - 0613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nsj3BBA.tmp
2015-03-30 18:08 - 2015-03-30 18:08 - 0613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nsk1E43.tmp
2015-03-27 10:57 - 2015-03-27 10:56 - 0613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nsl58C2.tmp
2015-04-05 12:58 - 2015-04-05 12:58 - 0613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nsoCB33.tmp
2015-03-25 11:38 - 2015-03-25 11:37 - 0613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nssCA94.tmp
2015-03-24 12:19 - 2015-03-24 12:19 - 0613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nsuDE9D.tmp
2015-04-04 23:32 - 2015-04-04 23:32 - 0613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nsxFC73.tmp
2015-03-31 10:58 - 2015-03-31 10:58 - 0613255 _____ (CMI Limited) C:\Users\EROL\AppData\Local\nsy7B11.tmp
2009-10-17 08:15 - 2009-10-17 08:17 - 0007768 _____ () C:\ProgramData\ArcadeDeluxe3.log
2009-08-22 10:44 - 2009-07-18 03:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\EROL\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 10:24

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-04-2015
Ran by EROL at 2015-04-12 09:47:33
Running from C:\Users\EROL\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Lavasoft Ad-Aware (Enabled - Out of date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AS: Avira Desktop (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Aware (Enabled - Out of date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.6731 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.6731 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.22 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.74.216 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.74.216 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3002 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3004 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.7.0715 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Ad-Aware Antivirus (HKLM-x32\...\{944167EA-7F89-4705-8DCD-1D63B53141B0}) (Version: 10.5.3.4405 - Lavasoft)
Ad-Aware Security Add-on (HKLM-x32\...\adawaretb) (Version: 3.4.0.1 - Lavasoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Backup Manager Basic (x32 Version: 2.0.0.22 - NewTech Infosystems) Hidden
Bid Forward (HKLM-x32\...\IGS) (Version:  - )
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
BoBrowser (HKU\S-1-5-21-1924032147-3410277532-354269451-1001\...\BoBrowser) (Version: 36.0.1985.136 - BoBrowser) <==== ATTENTION
Broadcom Gigabit NetLink Controller (HKLM\...\{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}) (Version: 12.26.02 - Broadcom Corporation)
Clear Domain Name (HKLM-x32\...\igsc) (Version: 1.0.0.0 - Clear Domain Name)
Disneys Sport - Goofy Skateboarding (HKLM-x32\...\Disney's Extremely Goofy Skateboarding) (Version:  - )
eazyzoom (HKLM-x32\...\{41FB1CA8-BB82-42BD-8E95-0D345FE3DA6C}) (Version: 1.1.0.30 - eazyzoom)
eBay Worldwide (HKLM-x32\...\{AAF89271-2594-468D-B578-96B2E30C41C4}) (Version: 2.1.0703 - OEM)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{71E90740-5E5F-4D43-AB8F-CAC1D93DBB5B}) (Version: 2.5.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{682A3328-9621-4BAD-91FA-873A076610C4}) (Version: 1.21.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-225 Series Printer Uninstall (HKLM\...\EPSON XP-225 Series) (Version:  - SEIKO EPSON Corporation)
EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM\...\{DF5200AB-5AE6-4598-846B-8ABC3AE121B1}) (Version: 3.0.2.0 - SEIKO EPSON Corporation)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Acer Incorporated)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.03 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
OkayFreedom (HKLM-x32\...\{3F3FB10C-7175-4D38-9335-3488B89C12AF}) (Version: 1.4.3 - Steganos Software GmbH)
Okey+ 2.1 (HKLM-x32\...\Okey+_is1) (Version:  - Böcek Yazýlým)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
Reimage Protector (HKLM\...\Reimage Protector) (Version:  - Reimage) <==== ATTENTION
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version:  - )
Samsung Mobile Modem Device Software (HKLM\...\Samsung Mobile Modem Device) (Version:  - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
SAMSUNG USB Mobile Device Software (HKLM\...\SAMSUNG USB Mobile Device) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3005 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID-Anmelde-Assistent (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

04-04-2015 09:44:40 Windows Update
05-04-2015 00:22:18 Windows Update
05-04-2015 19:00:10 Windows-Sicherung
11-04-2015 23:50:37 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-03-13 16:58 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00249043-353C-425A-A270-D8304F2C8EAD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {0A8668B1-717F-4429-AC20-5167E5D26B16} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {0B2D1DBB-44FA-452D-A231-B92997632E04} - \ZMCRFF No Task File <==== ATTENTION
Task: {0C6332C4-2A83-4FC4-85A4-1C4C27D1F6EF} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: {138FE3C3-34E0-4253-AADC-A834BF454125} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {15946D7B-34C4-4FAF-9EBF-C9B36F57813F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {1A3E4FE1-733D-4311-A064-C05602E64BC9} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {1ED94779-D16C-4CD7-BA75-ACD32DC71EA7} - System32\Tasks\{5C5454C9-4FF7-4D9B-8168-B4ADBFB532A3} => pcalua.exe -a C:\Users\EROL\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {224AB584-BE60-4AF1-AF28-B09009163FC4} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {2620644B-202A-4B6F-988C-3161F554610E} - System32\Tasks\{585D4E66-9B7D-4B34-AE74-B6C858012A68} => C:\Program Files\Batak4\Batak.exe
Task: {2F5C3C1A-E7D8-422B-8B72-067EFCB6E426} - System32\Tasks\{48C4EDAE-2B03-4D61-9031-1C6CC3104DA6} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Task: {413ACCAC-460C-4BBB-863B-BB1A2499406E} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {4345FB31-628A-42CA-BC8A-4DDEC2C8E12C} - System32\Tasks\{08389B0D-B0E4-49AB-B8FD-A240B4A96C43} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe
Task: {462ADBF5-7072-4715-8F00-885403D152CF} - System32\Tasks\{8FD4BD32-5AFB-4265-B8DA-333ED1CBAD08} => pcalua.exe -a C:\Users\EROL\Downloads\epson375869eu(1).exe -d C:\Users\EROL\Downloads
Task: {4CDF805B-7549-4CBE-89DA-8DE73C0BAD65} - System32\Tasks\{EB51D504-1FAC-497A-A67B-A70FBE7DB3CD} => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: {50E25B8D-3A25-497D-8821-605C4CE9F525} - System32\Tasks\{1EE10A4C-0ACA-456B-B852-F923D5D0ACE6} => C:\Program Files (x86)\Microsoft Office\OFFICE11\MSACCESS.EXE [2010-01-14] (Microsoft Corporation)
Task: {5B2558E1-A057-46EC-982E-E6C2F169C161} - System32\Tasks\EPSON XP-225 Series Update {DA9064A8-56DA-49F8-8F27-85D2FF2069A9} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {67D15269-582C-425F-9C72-F1EC6DC12842} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {67DE4505-8964-4C77-80A6-6F9CFB42B4C6} - System32\Tasks\{76B6EB2E-1365-46EA-B693-530717E5371D} => pcalua.exe -a C:\Users\EROL\Downloads\5609-batak-ihaleli-tamindir.com\batak-ihaleli-tamindir.com\batak4kur.exe -d C:\Users\EROL\Downloads\5609-batak-ihaleli-tamindir.com\batak-ihaleli-tamindir.com
Task: {7CB30069-8719-4337-BC48-941EFF96E9D9} - System32\Tasks\Taplika => C:\Users\EROL\AppData\Roaming\Taplika\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {82461E53-52F3-4CC5-8F6D-2DD44AE1F00D} - System32\Tasks\{AA56D811-B658-40C5-BF73-83680E2BBC25} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\1\SS_Uninstall.exe
Task: {89E9CC8F-583F-4631-B69C-E939243DA08A} - System32\Tasks\{77355BBA-AB49-4BC3-9494-9094B7615DEC} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\7\SSECUninstall.exe
Task: {8EFC54C1-4308-4828-AE52-6F0DDACAAB4F} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {A1EB057F-80A2-425D-8970-4314C0D727F1} - System32\Tasks\{81EBBBC1-8E1F-4BCA-9A1E-99068531EEDC} => pcalua.exe -a "C:\Users\EROL\Downloads\5609-batak-ihaleli-tamindir.com (1)\batak-ihaleli-tamindir.com\batak4kur.exe" -d "C:\Users\EROL\Downloads\5609-batak-ihaleli-tamindir.com (1)\batak-ihaleli-tamindir.com"
Task: {A63CC6F6-B5B2-4F63-B7B0-235B6C8399E6} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\EROL\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
Task: {B008D2DB-D259-4520-BEAE-D808D076818A} - System32\Tasks\{1D1FFBF9-53D2-493E-A59E-D2B647F3A5BE} => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: {B0217FE0-495C-490A-BB56-79ABF62F641C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {B504D931-129C-4E2D-84BF-AF7BC50E8098} - System32\Tasks\davenport-sys => C:\Program Files (x86)\Davenport\Updater\Updater.exe
Task: {BE31CAA5-4A2A-42E2-9054-20CCD65D205B} - System32\Tasks\{11F68C3A-BA55-46BB-BA57-8FC636D2C17E} => C:\Program Files\Batak4\Batak.exe
Task: {C0020C13-A6BF-4CED-9194-39A192D3B0CB} - System32\Tasks\{885C3099-5D08-4F87-B40C-FC838B023C4D} => pcalua.exe -a C:\Users\EROL\AppData\Local\Temp\Temp1_batak-ihaleli-indirline.com.zip\batak-ihaleli-indirline.com\batak4kur.exe
Task: {C3704AC7-FD37-45AA-90FF-FA7478FE2EB6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-15] (Adobe Systems Incorporated)
Task: {C49ECB39-6FD0-4A01-AACA-ABBBDFA1D846} - System32\Tasks\{6E1DF063-C740-4606-8282-1399C48D708C} => Firefox.exe 
Task: {C9AA6652-0602-4991-B88B-4DD6B1003DB6} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: {D2358CEF-B5B4-440B-A128-95F96C22F099} - System32\Tasks\{D39E6D99-9FB1-459D-9A5E-A83528C5BC81} => C:\Program Files\Batak4\Batak.exe
Task: {DA976F43-10C3-45FB-A9B0-45874B04E6D1} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION
Task: {DF1B6AE2-0D6F-4CA6-9DA6-49E7CBD2CC13} - System32\Tasks\PostPoneInstall => C:\Users\EROL\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ATTENTION
Task: {E278FEB4-70ED-4422-84D5-F9339DC10EF5} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {F0505E72-8A87-4043-BEDF-88569FB995C0} - System32\Tasks\{CF659C13-1743-4AD8-8DCD-5B70213A4392} => Firefox.exe 
Task: {F4F8214F-8FD5-400A-930D-2FA7E805B268} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\davenport-sys.job => C:\Program Files (x86)\Davenport\Updater\Updater.exe
Task: C:\Windows\Tasks\EPSON XP-225 Series Update {DA9064A8-56DA-49F8-8F27-85D2FF2069A9}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE:/EXE:{DA9064A8-56DA-49F8-8F27-85D2FF2069A9} /F:UpdateSYSTEM
Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\Taplika.job => C:\Users\EROL\AppData\Roaming\Taplika\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2015-04-02 11:31 - 2015-04-02 11:31 - 00571888 _____ () C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe
2015-04-05 16:22 - 2015-04-05 16:22 - 00205312 _____ () C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp
2015-04-02 11:31 - 2015-04-02 11:31 - 00424960 _____ () C:\ProgramData\eazyzoom\1.1.0.30\isekdxa.exe
2015-04-02 11:31 - 2015-04-02 11:31 - 00532480 _____ () C:\ProgramData\eazyzoom\1.1.0.30\isek6xa.exe
2015-04-02 11:30 - 2015-04-02 11:30 - 01126912 _____ () C:\ProgramData\eazyzoom\1.1.0.30\isek6xa.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-02-03 02:33 - 2009-02-03 02:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-29 02:55 - 2008-09-29 02:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2015-04-05 17:18 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-05 17:18 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-05 17:18 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-05 17:18 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-05 17:18 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-04-02 11:31 - 2015-04-02 11:31 - 00482304 _____ () C:\ProgramData\eazyzoom\1.1.0.30\isekdxau.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-08-29 01:59 - 2014-12-19 06:01 - 00192376 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libBase64.dll
2013-08-29 01:59 - 2014-12-19 06:01 - 00180088 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
2015-03-15 11:52 - 2015-03-15 11:52 - 16858288 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:1D32EC29
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E3C56885
AlternateDataStreams: C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Deutschland Aktuelle Nachrichten, Outlook.com Email und Skype Login..website:TASKICON_0FA6946226F21BD7E8F75BBFA031461487075638
AlternateDataStreams: C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Deutschland Aktuelle Nachrichten, Outlook.com Email und Skype Login..website:TASKICON_1FA6946226F21BD7E8F75BBFA031461135116317
AlternateDataStreams: C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Deutschland Aktuelle Nachrichten, Outlook.com Email und Skype Login..website:TASKICON_2FA6946226F21BD7E8F75BBFA03146-12823272
AlternateDataStreams: C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Deutschland Aktuelle Nachrichten, Outlook.com Email und Skype Login..website:TASKICON_3FA6946226F21BD7E8F75BBFA03146-1180859722
AlternateDataStreams: C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Deutschland Aktuelle Nachrichten, Outlook.com Email und Skype Login..website:TASKICON_4FA6946226F21BD7E8F75BBFA031461739172809

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1924032147-3410277532-354269451-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Avira.OE.ServiceHost => 2
MSCONFIG\startupfolder: C:^Users^EROL^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^setup.lnk => C:\Windows\pss\setup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^EROL^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SuperOptimizer.lnk => C:\Windows\pss\SuperOptimizer.lnk.Startup
MSCONFIG\startupreg: Elite Unzip AppIntegrator 32-bit => C:\PROGRA~2\ELITEU~2\bar\1.bin\AppIntegrator.exe
MSCONFIG\startupreg: Elite Unzip AppIntegrator 64-bit => C:\PROGRA~2\ELITEU~2\bar\1.bin\AppIntegrator64.exe
MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
MSCONFIG\startupreg: Registry Helper => "C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe" /boot

==================== Accounts: =============================

Administrator (S-1-5-21-1924032147-3410277532-354269451-500 - Administrator - Disabled)
EROL (S-1-5-21-1924032147-3410277532-354269451-1001 - Administrator - Enabled) => C:\Users\EROL
Gast (S-1-5-21-1924032147-3410277532-354269451-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1924032147-3410277532-354269451-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: cherimoya
Description: cherimoya
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: cherimoya
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: {90280f97-bcf9-4f01-b773-3eeda0515e95}Gw64
Description: {90280f97-bcf9-4f01-b773-3eeda0515e95}Gw64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: {90280f97-bcf9-4f01-b773-3eeda0515e95}Gw64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: {a3730592-7b31-4002-9366-8a726171fb7b}Gw64
Description: {a3730592-7b31-4002-9366-8a726171fb7b}Gw64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: {a3730592-7b31-4002-9366-8a726171fb7b}Gw64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: {ef6e4000-cf69-4e60-8af1-5bd45599585c}w64
Description: {ef6e4000-cf69-4e60-8af1-5bd45599585c}w64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: {ef6e4000-cf69-4e60-8af1-5bd45599585c}w64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: qrnfd_1_10_0_12
Description: qrnfd_1_10_0_12
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: qrnfd_1_10_0_12
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/11/2015 05:46:49 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/11/2015 05:46:46 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/11/2015 05:46:46 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/11/2015 00:14:52 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/11/2015 00:14:51 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/11/2015 00:09:51 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/11/2015 00:09:48 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/11/2015 11:14:14 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (04/11/2015 11:14:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/11/2015 11:14:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (04/12/2015 09:31:33 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cherimoya
iSafeKrnlMon
qrnfd_1_10_0_12
{90280f97-bcf9-4f01-b773-3eeda0515e95}Gw64
{a3730592-7b31-4002-9366-8a726171fb7b}Gw64
{ef6e4000-cf69-4e60-8af1-5bd45599585c}w64

Error: (04/12/2015 09:30:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Steel Cut" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/12/2015 09:30:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Air Globe" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/12/2015 09:30:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Reimage Real Time Protector" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/11/2015 11:49:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (04/11/2015 08:00:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {682159D9-C321-47CA-B3F1-30E36B2EC8B9}

Error: (04/11/2015 07:30:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cherimoya
iSafeKrnlMon
qrnfd_1_10_0_12
{90280f97-bcf9-4f01-b773-3eeda0515e95}Gw64
{a3730592-7b31-4002-9366-8a726171fb7b}Gw64
{ef6e4000-cf69-4e60-8af1-5bd45599585c}w64

Error: (04/11/2015 07:29:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Steel Cut" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/11/2015 07:29:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Air Globe" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/11/2015 07:29:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Reimage Real Time Protector" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (04/11/2015 05:46:49 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: E:\FRST.exeE:\FRST.exe0

Error: (04/11/2015 05:46:46 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: E:\FRST64.exeE:\FRST64.exe0

Error: (04/11/2015 05:46:46 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: E:\FRST64.exeE:\FRST64.exe0

Error: (04/11/2015 00:14:52 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: E:\FRST.exeE:\FRST.exe0

Error: (04/11/2015 00:14:51 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: E:\FRST64.exeE:\FRST64.exe0

Error: (04/11/2015 00:09:51 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: E:\FRST.exeE:\FRST.exe0

Error: (04/11/2015 00:09:48 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: E:\FRST64.exeE:\FRST64.exe0

Error: (04/11/2015 11:14:14 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (04/11/2015 11:14:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe

Error: (04/11/2015 11:14:12 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 74%
Total physical RAM: 4090.93 MB
Available physical RAM: 1035.81 MB
Total Pagefile: 8180.04 MB
Available Pagefile: 4548.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:453.94 GB) (Free:392.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 5CAE5CAE)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:57 on 12/04/2015 (EROL)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Neue GMER Datei als Anhang drin da zu viele Zeichen.


Alt 12.04.2015, 10:26   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware - Standard

Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    BoBrowser

    Reimage Protector


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware

Alt 12.04.2015, 14:25   #7
mm0811
 
Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware - Standard

Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware



Revo Uninstaller heruntergeladen

BoBrowser auf Uninstall gedrückt per Moderat ausgeführt.
Fehlermeldung: "Uninstall ist fehlgeschlagen! Vermutlich ungültiger deinstall Befehl!"
Auf weiter geklickt ....
Alle Übriggebliebene Registryeinträge (135) gelöscht von BoBrowser und Ordner/Datein (1).
Programm nicht mehr in der Übersicht.

Reimage Protector gibt es nicht.
Dafür komische Programme wie: Bid Forward , Clear Domain Name , eazyzoom


Combofix.txt
Code:
ATTFilter
ComboFix 15-04-09.01 - EROL 12.04.2015  14:35:09.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4091.2507 [GMT 2:00]
ausgeführt von:: c:\users\EROL\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Lavasoft Ad-Aware *Enabled/Outdated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Lavasoft Ad-Aware *Enabled/Outdated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\users\EROL\AppData\Local\nsb995C.tmp
c:\users\EROL\AppData\Local\nsd2298.tmp
c:\users\EROL\AppData\Local\nsf272D.tmp
c:\users\EROL\AppData\Local\nsgB359.tmp
c:\users\EROL\AppData\Local\nsh33A8.tmp
c:\users\EROL\AppData\Local\nsh8BA0.tmp
c:\users\EROL\AppData\Local\nsj3BBA.tmp
c:\users\EROL\AppData\Local\nsk1E43.tmp
c:\users\EROL\AppData\Local\nsl58C2.tmp
c:\users\EROL\AppData\Local\nsoCB33.tmp
c:\users\EROL\AppData\Local\nssCA94.tmp
c:\users\EROL\AppData\Local\nsuDE9D.tmp
c:\users\EROL\AppData\Local\nsxFC73.tmp
c:\users\EROL\AppData\Local\nsy7B11.tmp
c:\users\EROL\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\EROL\AppData\Roaming\.#
c:\users\EROL\AppData\Roaming\AnyProtectEx
c:\users\EROL\AppData\Roaming\AnyProtectEx\installer\ab.test.json
c:\users\EROL\AppData\Roaming\AnyProtectEx\installer\tempfile.t
c:\users\EROL\AppData\Roaming\AnyProtectEx\language\de.xml
c:\users\EROL\AppData\Roaming\AnyProtectEx\language\en.xml
c:\users\EROL\AppData\Roaming\AnyProtectEx\language\fr.xml
c:\users\EROL\AppData\Roaming\AnyProtectEx\scan_results\aps.scan.quick.results
c:\users\EROL\AppData\Roaming\AnyProtectEx\scan_results\aps.scan.results
c:\users\EROL\AppData\Roaming\AnyProtectEx\swf\mov01.swf
c:\users\EROL\AppData\Roaming\AnyProtectEx\swf\swf5hEJ.swf
c:\users\EROL\AppData\Roaming\AnyProtectEx\swf\swf6wX.swf
c:\users\EROL\AppData\Roaming\AnyProtectEx\swf\swf7Yc.swf
c:\users\EROL\AppData\Roaming\AnyProtectEx\swf\swfSdQ.swf
c:\users\EROL\AppData\Roaming\AnyProtectEx\swf\swfYdrj.swf
c:\users\EROL\AppData\Roaming\AnyProtectEx\swf\swfzD1o.swf
c:\users\EROL\AppData\Roaming\Microsoft\Windows\Recent\Google.url
c:\windows\ginstall.dll
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-03-12 bis 2015-04-12  ))))))))))))))))))))))))))))))
.
.
2015-04-12 13:01 . 2015-04-12 13:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-04-12 09:33 . 2015-04-12 09:33	--------	d-----w-	c:\program files (x86)\VS Revo Group
2015-04-12 07:44 . 2015-04-12 07:49	--------	d-----w-	C:\FRST
2015-04-11 21:54 . 2015-04-11 21:54	--------	d-----w-	c:\windows\Migration
2015-04-11 21:19 . 2015-04-11 21:19	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-11 21:19 . 2015-04-11 21:19	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-04-11 21:19 . 2015-04-11 21:19	--------	d-----w-	c:\programdata\Malwarebytes
2015-04-11 21:19 . 2015-03-17 04:15	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-04-11 21:19 . 2015-03-17 04:15	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-04-11 21:19 . 2015-03-17 04:15	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-04-05 16:26 . 2015-04-05 16:26	--------	d-----w-	c:\users\EROL\AppData\Roaming\Avira
2015-04-05 16:22 . 2015-04-11 21:48	--------	d-----w-	c:\program files (x86)\IGS
2015-04-05 16:20 . 2015-04-05 16:20	--------	d-----w-	c:\users\EROL\AppData\Local\004578DC-1428258019-DE11-8C4E-95D864771729
2015-04-05 16:20 . 2015-04-05 16:15	44088	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2015-04-05 16:13 . 2015-03-17 11:01	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2015-04-05 16:13 . 2015-03-17 11:01	132120	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-04-05 16:13 . 2015-03-17 11:01	128536	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-04-05 15:33 . 2015-04-05 16:13	--------	d-----w-	c:\programdata\Avira
2015-04-05 15:33 . 2015-04-05 16:13	--------	d-----w-	c:\program files (x86)\Avira
2015-04-05 15:33 . 2015-04-05 15:33	--------	d-----w-	c:\programdata\Package Cache
2015-04-05 15:18 . 2013-09-20 08:49	21040	----a-w-	c:\windows\system32\sdnclean64.exe
2015-04-05 15:18 . 2015-04-10 20:09	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2015-04-05 15:18 . 2015-04-05 15:22	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2015-04-04 22:23 . 2015-04-04 22:23	--------	d-s---w-	c:\windows\SysWow64\GWX
2015-04-04 22:23 . 2015-04-04 22:23	--------	d-s---w-	c:\windows\system32\GWX
2015-04-04 18:10 . 2015-04-01 10:34	46496	----a-w-	c:\windows\system32\drivers\scjrtr.sys
2015-04-04 18:10 . 2015-04-01 10:35	416552	----a-w-	c:\windows\system32\scxy64.dll
2015-04-04 18:10 . 2015-04-01 10:35	349872	----a-w-	c:\windows\SysWow64\scxy.dll
2015-04-02 11:38 . 2015-04-02 11:38	--------	d-----w-	c:\programdata\Reimage Protector
2015-04-02 10:47 . 2015-04-05 09:31	--------	d-----w-	c:\program files\Reimage
2015-04-02 10:45 . 2015-04-02 10:45	--------	d-----w-	c:\users\EROL\AppData\Local\Crossbrowse
2015-04-02 10:43 . 2015-04-02 10:43	--------	d-----w-	c:\programdata\eazyzoom
2015-03-31 16:01 . 2015-03-31 16:01	--------	d-----w-	c:\users\EROL\AppData\Roaming\WebExtend
2015-03-31 09:02 . 2015-04-12 12:14	--------	d-----w-	c:\users\EROL\AppData\Roaming\Steganos VPN
2015-03-31 09:02 . 2015-03-31 09:02	--------	d-----w-	c:\program files (x86)\predm
2015-03-31 09:02 . 2015-04-03 19:03	--------	d-----w-	c:\users\EROL\AppData\Roaming\Steganos
2015-03-31 09:02 . 2015-03-31 09:02	--------	d-----w-	c:\program files (x86)\Common Files\Steganos
2015-03-31 09:02 . 2015-03-31 09:02	--------	d-----w-	c:\program files (x86)\OkayFreedom
2015-03-31 09:01 . 2015-04-01 12:05	--------	d-----w-	c:\program files (x86)\GUPlayer
2015-03-30 19:02 . 2015-03-30 19:02	--------	d-----w-	c:\users\EROL\AppData\Local\Rainmaker_Software_Group_
2015-03-30 19:01 . 2015-03-30 19:01	--------	d-----w-	c:\users\EROL\AppData\Roaming\Rainmaker Software Group LLC.?
2015-03-25 09:25 . 2015-03-25 09:25	--------	d-----w-	c:\users\EROL\AppData\Local\globalUpdate
2015-03-25 08:59 . 2015-03-11 04:06	677888	----a-w-	c:\windows\system32\generaltel.dll
2015-03-25 08:59 . 2015-03-11 04:06	943616	----a-w-	c:\windows\system32\appraiser.dll
2015-03-25 08:59 . 2015-03-11 04:05	30720	----a-w-	c:\windows\system32\acmigration.dll
2015-03-25 08:59 . 2015-03-11 04:02	1107456	----a-w-	c:\windows\system32\aeinv.dll
2015-03-25 08:59 . 2015-03-11 04:06	760832	----a-w-	c:\windows\system32\invagent.dll
2015-03-25 08:59 . 2015-03-11 04:06	414720	----a-w-	c:\windows\system32\devinv.dll
2015-03-25 08:59 . 2015-03-11 04:05	227328	----a-w-	c:\windows\system32\aepdu.dll
2015-03-25 08:59 . 2015-03-11 04:05	192000	----a-w-	c:\windows\system32\aepic.dll
2015-03-24 09:44 . 2015-03-24 09:44	--------	d-----w-	c:\users\EROL\AppData\Roaming\rightbackup
2015-03-23 07:46 . 2015-03-23 07:46	--------	d--h--w-	c:\users\Public\B95565D26D9A9DC2AD95815626DF35B1
2015-03-22 17:07 . 2015-04-11 21:15	--------	d-----w-	c:\users\EROL\AppData\Local\004578DC-1427047646-DE11-8C4E-95D864771729
2015-03-22 17:03 . 2015-04-11 21:29	--------	d-----w-	c:\users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729
2015-03-18 14:07 . 2015-03-18 14:07	--------	d-----w-	c:\users\EROL\Option
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-12 07:35 . 2014-06-24 16:52	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-04-12 07:35 . 2014-06-24 16:52	42168	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-04-12 07:35 . 2010-01-03 14:22	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2015-03-19 13:56 . 2010-01-03 14:23	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2015-03-19 13:56 . 2014-10-03 09:01	42168	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-03-18 11:38 . 2010-01-13 11:03	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2015-03-15 09:52 . 2012-10-12 10:11	778928	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-15 09:52 . 2011-10-03 09:34	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-12 00:43 . 2009-12-11 20:20	122905848	----a-w-	c:\windows\system32\MRT.exe
2015-03-06 05:56 . 2015-03-11 09:26	155576	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2015-03-06 05:56 . 2015-03-11 09:26	95680	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2015-03-06 05:42 . 2015-03-11 09:26	210944	----a-w-	c:\windows\system32\wdigest.dll
2015-03-06 05:42 . 2015-03-11 09:26	86528	----a-w-	c:\windows\system32\TSpkg.dll
2015-03-06 05:42 . 2015-03-11 09:26	136192	----a-w-	c:\windows\system32\sspicli.dll
2015-03-06 05:42 . 2015-03-11 09:26	29184	----a-w-	c:\windows\system32\sspisrv.dll
2015-03-06 05:42 . 2015-03-11 09:26	341504	----a-w-	c:\windows\system32\schannel.dll
2015-03-06 05:42 . 2015-03-11 09:26	28160	----a-w-	c:\windows\system32\secur32.dll
2015-03-06 05:42 . 2015-03-11 09:26	314880	----a-w-	c:\windows\system32\msv1_0.dll
2015-03-06 05:42 . 2015-03-11 09:26	309760	----a-w-	c:\windows\system32\ncrypt.dll
2015-03-06 05:42 . 2015-03-11 09:26	1461760	----a-w-	c:\windows\system32\lsasrv.dll
2015-03-06 05:42 . 2015-03-11 09:26	728064	----a-w-	c:\windows\system32\kerberos.dll
2015-03-06 05:42 . 2015-03-11 09:26	22016	----a-w-	c:\windows\system32\credssp.dll
2015-03-06 05:41 . 2015-03-11 09:26	31232	----a-w-	c:\windows\system32\lsass.exe
2015-03-06 05:41 . 2015-03-11 09:26	64000	----a-w-	c:\windows\system32\auditpol.exe
2015-03-06 05:39 . 2015-03-11 09:26	60416	----a-w-	c:\windows\system32\msobjs.dll
2015-03-06 05:38 . 2015-03-11 09:26	146432	----a-w-	c:\windows\system32\msaudite.dll
2015-03-06 05:36 . 2015-03-11 09:26	686080	----a-w-	c:\windows\system32\adtschema.dll
2015-03-06 05:10 . 2015-03-11 09:26	172032	----a-w-	c:\windows\SysWow64\wdigest.dll
2015-03-06 05:10 . 2015-03-11 09:26	65536	----a-w-	c:\windows\SysWow64\TSpkg.dll
2015-03-06 05:10 . 2015-03-11 09:26	248832	----a-w-	c:\windows\SysWow64\schannel.dll
2015-03-06 05:10 . 2015-03-11 09:26	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2015-03-06 05:10 . 2015-03-11 09:26	259584	----a-w-	c:\windows\SysWow64\msv1_0.dll
2015-03-06 05:10 . 2015-03-11 09:26	221184	----a-w-	c:\windows\SysWow64\ncrypt.dll
2015-03-06 05:10 . 2015-03-11 09:26	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2015-03-06 05:10 . 2015-03-11 09:26	17408	----a-w-	c:\windows\SysWow64\credssp.dll
2015-03-06 05:09 . 2015-03-11 09:26	50176	----a-w-	c:\windows\SysWow64\auditpol.exe
2015-03-06 05:09 . 2015-03-11 09:26	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2015-03-06 05:07 . 2015-03-11 09:26	60416	----a-w-	c:\windows\SysWow64\msobjs.dll
2015-03-06 05:07 . 2015-03-11 09:26	146432	----a-w-	c:\windows\SysWow64\msaudite.dll
2015-03-06 05:06 . 2015-03-11 09:26	686080	----a-w-	c:\windows\SysWow64\adtschema.dll
2015-02-26 03:25 . 2015-03-11 09:26	3204096	----a-w-	c:\windows\system32\win32k.sys
2015-02-24 03:15 . 2015-03-11 09:25	389800	----a-w-	c:\windows\system32\iedkcs32.dll
2015-02-22 17:03 . 2014-11-26 18:52	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-21 01:16 . 2015-03-11 09:24	25021440	----a-w-	c:\windows\system32\mshtml.dll
2015-02-20 23:58 . 2015-03-11 09:25	92160	----a-w-	c:\windows\system32\mshtmled.dll
2015-02-20 04:41 . 2015-03-11 09:30	41984	----a-w-	c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 09:30	100864	----a-w-	c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 09:30	14336	----a-w-	c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 09:30	46080	----a-w-	c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 09:30	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 09:30	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 09:30	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 09:30	25600	----a-w-	c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 09:30	372224	----a-w-	c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 09:30	299008	----a-w-	c:\windows\SysWow64\atmfd.dll
2015-02-20 03:06 . 2015-03-11 09:25	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2015-02-20 03:05 . 2015-03-11 09:25	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2015-02-20 02:50 . 2015-03-11 09:25	66560	----a-w-	c:\windows\system32\iesetup.dll
2015-02-20 02:49 . 2015-03-11 09:25	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2015-02-20 02:49 . 2015-03-11 09:25	584192	----a-w-	c:\windows\system32\vbscript.dll
2015-02-20 02:48 . 2015-03-11 09:25	2886144	----a-w-	c:\windows\system32\iertutil.dll
2015-02-20 02:47 . 2015-03-11 09:25	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2015-02-20 02:41 . 2015-03-11 09:25	54784	----a-w-	c:\windows\system32\jsproxy.dll
2015-02-20 02:40 . 2015-03-11 09:25	34304	----a-w-	c:\windows\system32\iernonce.dll
2015-02-20 02:36 . 2015-03-11 09:25	633856	----a-w-	c:\windows\system32\ieui.dll
2015-02-20 02:35 . 2015-03-11 09:25	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2015-02-20 02:35 . 2015-03-11 09:25	114688	----a-w-	c:\windows\system32\ieetwcollector.exe
2015-02-20 02:34 . 2015-03-11 09:25	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2015-02-20 02:32 . 2015-03-11 09:25	6035456	----a-w-	c:\windows\system32\jscript9.dll
2015-02-20 02:26 . 2015-03-11 09:25	968704	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2015-02-20 02:22 . 2015-03-11 09:25	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2015-02-20 02:22 . 2015-03-11 09:25	490496	----a-w-	c:\windows\system32\dxtmsft.dll
2015-02-20 02:13 . 2015-03-11 09:25	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-20 02:09 . 2015-03-11 09:25	503296	----a-w-	c:\windows\SysWow64\vbscript.dll
2015-02-20 02:08 . 2015-03-11 09:25	62464	----a-w-	c:\windows\SysWow64\iesetup.dll
2015-02-20 02:08 . 2015-03-11 09:25	199680	----a-w-	c:\windows\system32\msrating.dll
2015-02-20 02:08 . 2015-03-11 09:25	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2015-02-20 02:06 . 2015-03-11 09:25	64000	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2015-02-20 02:05 . 2015-03-11 09:25	316928	----a-w-	c:\windows\system32\dxtrans.dll
2015-02-20 01:56 . 2015-03-11 09:25	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2015-02-20 01:56 . 2015-03-11 09:25	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2015-02-20 01:49 . 2015-03-11 09:25	718848	----a-w-	c:\windows\system32\ie4uinit.exe
2015-02-20 01:49 . 2015-03-11 09:25	801280	----a-w-	c:\windows\system32\msfeeds.dll
2015-02-20 01:47 . 2015-03-11 09:25	1359360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2015-02-20 01:46 . 2015-03-11 09:25	2125824	----a-w-	c:\windows\system32\inetcpl.cpl
2015-02-20 01:43 . 2015-03-11 09:25	14398976	----a-w-	c:\windows\system32\ieframe.dll
2015-02-20 01:41 . 2015-03-11 09:25	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-02-20 01:30 . 2015-03-11 09:25	4300288	----a-w-	c:\windows\SysWow64\jscript9.dll
2015-02-20 01:28 . 2015-03-11 09:25	2358784	----a-w-	c:\windows\system32\wininet.dll
2015-02-20 01:24 . 2015-03-11 09:25	2052608	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2015-02-20 01:23 . 2015-03-11 09:25	1155072	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2015-02-20 01:16 . 2015-03-11 09:25	1548288	----a-w-	c:\windows\system32\urlmon.dll
2015-02-20 01:03 . 2015-03-11 09:25	800768	----a-w-	c:\windows\system32\ieapfltr.dll
2015-02-20 01:01 . 2015-03-11 09:25	1888256	----a-w-	c:\windows\SysWow64\wininet.dll
2015-02-13 05:22 . 2015-03-11 09:26	14177280	----a-w-	c:\windows\system32\shell32.dll
2015-02-11 15:16 . 2015-02-28 17:00	20216	----a-w-	c:\windows\system32\roboot64.exe
2015-02-04 03:16 . 2015-03-11 09:24	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2015-02-04 02:54 . 2015-03-11 09:24	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:34 . 2015-03-11 09:28	693176	----a-w-	c:\windows\system32\winload.efi
2015-02-03 03:34 . 2015-03-11 09:29	5554104	----a-w-	c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2013-08-09 14:50	91536	----a-w-	c:\program files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll" [2013-08-09 91536]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-02-26 31340640]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE" [2013-12-16 298560]
"OKAYFREEDOM_Agent"="c:\program files (x86)\OkayFreedom\OkayFreedomClient.exe" [2015-02-18 6553000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1194504]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-07-31 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-04 181480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-07-15 554384]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2014-05-02 1065024]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-03-17 704512]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-03-16 129272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Taplika"="c:\windows\SysWOW64\wscript.exe" [2013-10-12 141824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"RequireSignedAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 {90280f97-bcf9-4f01-b773-3eeda0515e95}Gw64;{90280f97-bcf9-4f01-b773-3eeda0515e95}Gw64;c:\windows\system32\drivers\{90280f97-bcf9-4f01-b773-3eeda0515e95}Gw64.sys;c:\windows\SYSNATIVE\drivers\{90280f97-bcf9-4f01-b773-3eeda0515e95}Gw64.sys [x]
R1 {a3730592-7b31-4002-9366-8a726171fb7b}Gw64;{a3730592-7b31-4002-9366-8a726171fb7b}Gw64;c:\windows\system32\drivers\{a3730592-7b31-4002-9366-8a726171fb7b}Gw64.sys;c:\windows\SYSNATIVE\drivers\{a3730592-7b31-4002-9366-8a726171fb7b}Gw64.sys [x]
R1 {ef6e4000-cf69-4e60-8af1-5bd45599585c}w64;{ef6e4000-cf69-4e60-8af1-5bd45599585c}w64;c:\windows\system32\drivers\{ef6e4000-cf69-4e60-8af1-5bd45599585c}w64.sys;c:\windows\SYSNATIVE\drivers\{ef6e4000-cf69-4e60-8af1-5bd45599585c}w64.sys [x]
R1 cherimoya;cherimoya;c:\windows\system32\drivers\cherimoya.sys;c:\windows\SYSNATIVE\drivers\cherimoya.sys [x]
R1 iSafeKrnlMon;YAC Monitor Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [x]
R1 qrnfd_1_10_0_12;qrnfd_1_10_0_12;c:\windows\system32\drivers\qrnfd_1_10_0_12.sys;c:\windows\SYSNATIVE\drivers\qrnfd_1_10_0_12.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 ReimageRealTimeProtector;Reimage Real Time Protector;c:\program files\Reimage\Reimage Protector\ReiGuard.exe;c:\program files\Reimage\Reimage Protector\ReiGuard.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Update Air Globe;Update Air Globe;c:\program files (x86)\Air Globe\updateAirGlobe.exe;c:\program files (x86)\Air Globe\updateAirGlobe.exe [x]
R2 Update Steel Cut;Update Steel Cut;c:\program files (x86)\Steel Cut\updateSteelCut.exe;c:\program files (x86)\Steel Cut\updateSteelCut.exe [x]
R3 cpuz134;cpuz134;c:\users\EROL\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\EROL\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 noygeoo;noygeoo;c:\programdata\eazyzoom\1.1.0.30\isekaxa.exe;c:\programdata\eazyzoom\1.1.0.30\isekaxa.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 OkayFreedom VPN Starter Service;OkayFreedom VPN Starter Service;c:\program files (x86)\OkayFreedom\OkayFreedomService.exe;c:\program files (x86)\OkayFreedom\OkayFreedomService.exe [x]
S2 qumesuky;Hotel Use;c:\users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp;c:\users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp [x]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-12 09:52]
.
2015-04-12 c:\windows\Tasks\EPSON XP-225 Series Update {DA9064A8-56DA-49F8-8F27-85D2FF2069A9}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE [2015-01-07 16:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 16334880]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-05 828960]
"SBRegRebootCleaner"="c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe" [2012-09-20 201608]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1423478423&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&q={searchTerms}
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1423478423&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&q={searchTerms}
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\
FF - ExtSQL: !HIDDEN! 2015-02-09 11:40; fftoolbar2014@etech.com; c:\users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\extensions\fftoolbar2014@etech.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{e0007d18-baa4-4573-ae78-8bea0958c610} - c:\program files (x86)\P2P_Max_DE\prxtbP2P0.dll
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
Toolbar-Locked - (no file)
Toolbar-{e0007d18-baa4-4573-ae78-8bea0958c610} - c:\program files (x86)\P2P_Max_DE\prxtbP2P0.dll
Toolbar-10 - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{E0007D18-BAA4-4573-AE78-8BEA0958C610} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
HKLM-Run-mwlDaemon - c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
HKLM-Run-EPSON Stylus DX3800 Series - c:\windows\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE
AddRemove-Disney's Extremely Goofy Skateboarding - c:\windows\IsUn0407.exe
AddRemove-IGS - c:\program files (x86)\IGS\uninstall.exe
AddRemove-Toolbar Cleaner - c:\program files (x86)\Toolbar Cleaner\uninstall.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\qumesuky]
"ImagePath"="c:\users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programdata\eazyzoom\1.1.0.30\isekdxa.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-04-12  15:11:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-04-12 13:11
.
Vor Suchlauf: 13 Verzeichnis(se), 418.916.593.664 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 419.053.518.848 Bytes frei
.
- - End Of File - - 9754E4600BC9CFD0A1A5FD3DB65F956C
5C616939100B85E558DA92B899A0FC36
         

Alt 12.04.2015, 19:50   #8
mm0811
 
Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware - Standard

Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware



fals nötig hier eine neue FRST.txt und Addition.txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by EROL (administrator) on EROL-PC on 12-04-2015 20:45:04
Running from C:\Users\EROL\Desktop
Loaded Profiles: EROL (Available profiles: EROL)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe
() C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\ProgramData\eazyzoom\1.1.0.30\isek6xa.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\ProgramData\eazyzoom\1.1.0.30\isekdxa.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINFE.EXE
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-06] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated)
HKLM\...\Run: [EPSON Stylus DX3800 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE /F "C:\Windows\TEMP\E_S2D9F.tmp" /EF "HKLM"
HKLM\...\Run: [SBRegRebootCleaner] => C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe [201608 2012-09-20] (GFI Software)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-21] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1194504 2009-08-27] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-07-31] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-08-04] (Acer Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] => "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\RunOnce: [Taplika] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\EROL\AppData\Roaming\Taplika\UpdateProc\bkup.dat"
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31340640 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [6553000 2015-02-18] (Steganos Software GmbH)
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\...\RunOnce: [Taplika] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\EROL\AppData\Roaming\Taplika\UpdateProc\bkup.dat"
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1423478423&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1423478423&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM-x32 -> {63894242-d1a7-4235-a425-c124cb8f4633} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^BDG^xdm184^YYA^de&si=downloadzipfree&ptb=6734A307-3933-4706-8E36-62DE7120F636&ind=2015021317&n=781ac905&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2055800
SearchScopes: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&ts=1423478524&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> 709ACC7189F24A569010D34CD44D6059 URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&ts=1423478524&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&ts=1423478524&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&ts=1423478524&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&ts=1423478524&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> {246DFE4A-88F2-4305-8806-D7955EED7C1F} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&ts=1423478524&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> {4F6368DC-D7F5-4DA6-9B31-20201232E632} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&ts=1423478524&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> {63894242-d1a7-4235-a425-c124cb8f4633} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&ts=1423478524&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&ts=1423478524&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&ts=1423478524&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&ts=1423478524&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.sweet-page.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&ts=1423478524&type=default&q={searchTerms}
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Ad-Aware Security Add-on -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll [2013-08-09] ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-22] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-22] (Oracle Corporation)
BHO-x32: Max DE Toolbar -> {e0007d18-baa4-4573-ae78-8bea0958c610} -> C:\Program Files (x86)\P2P_Max_DE\prxtbP2P0.dll No File
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Max DE Toolbar - {e0007d18-baa4-4573-ae78-8bea0958c610} - C:\Program Files (x86)\P2P_Max_DE\prxtbP2P0.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll [2013-08-09] ()
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816
FF SearchEngineOrder.3: Bing 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\user.js [2015-04-12]
FF SearchPlugin: C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\searchplugins\sweet-page.xml [2015-02-13]
FF SearchPlugin: C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\searchplugins\Taplika.xml [2015-02-22]
FF SearchPlugin: C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\searchplugins\trovi.xml [2015-04-02]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml [2013-08-08]
FF Extension: Bing Search Engine - C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\Extensions\bingsearch.full@microsoft.com [2015-03-26]
FF Extension: WEB.DE MailCheck - C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\Extensions\toolbar@web.de [2015-03-07]
FF Extension: Mozilla Firefox Hotfixer - C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\Extensions\veggy@veggyAddon.com [2015-04-03]
FF Extension: Zoom It - C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\Extensions\{843b0bb0-da9d-7180-2410-20dfd38a47c0} [2015-04-11]
FF Extension: OkayFreedom - C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2015-03-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-01-07]

Chrome: 
=======
CHR Profile: C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Search) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaahlfahldnilidgnlikdckbfehhca [2015-03-13]
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2014-11-06]
CHR Extension: (Bookmark Manager) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-11]
CHR Extension: (No Name) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh [2015-03-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Skype Click to Call) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-06]
CHR Extension: (No Name) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnmengjdnfjbochkdkcjbbpildacancp [2015-04-05]
CHR Extension: (Google Wallet) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (No Name) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo [2015-03-28]
CHR Extension: (Lavasoft NewTab) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [2013-08-29]
CHR Extension: (pnmjaflneibolacpepklokkjnakmikmg) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmjaflneibolacpepklokkjnakmikmg [2015-03-15]
CHR HKLM\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1924032147-3410277532-354269451-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1924032147-3410277532-354269451-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1924032147-3410277532-354269451-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2013-08-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 noygeoo; C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe [571888 2015-04-02] ()
R2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [326072 2015-02-18] (Steganos Software GmbH)
R2 qumesuky; C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp [205312 2015-04-05] () [File not signed]
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]
S2 Update Air Globe; "C:\Program Files (x86)\Air Globe\updateAirGlobe.exe" [X]
S2 Update Steel Cut; "C:\Program Files (x86)\Steel Cut\updateSteelCut.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-08-29] (GFI Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 cherimoya; system32\drivers\cherimoya.sys [X]
S3 cpuz134; \??\C:\Users\EROL\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S1 qrnfd_1_10_0_12; system32\drivers\qrnfd_1_10_0_12.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S1 {90280f97-bcf9-4f01-b773-3eeda0515e95}Gw64; system32\drivers\{90280f97-bcf9-4f01-b773-3eeda0515e95}Gw64.sys [X]
S1 {a3730592-7b31-4002-9366-8a726171fb7b}Gw64; system32\drivers\{a3730592-7b31-4002-9366-8a726171fb7b}Gw64.sys [X]
S1 {ef6e4000-cf69-4e60-8af1-5bd45599585c}w64; system32\drivers\{ef6e4000-cf69-4e60-8af1-5bd45599585c}w64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 20:38 - 2015-04-12 20:38 - 00000000 ____D () C:\Users\EROL\Desktop\FRST-OlderVersion
2015-04-12 15:11 - 2015-04-12 15:11 - 00037908 _____ () C:\ComboFix.txt
2015-04-12 14:32 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-12 14:32 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-12 14:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-12 14:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-12 14:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-12 14:32 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-12 14:32 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-12 14:32 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-12 14:28 - 2015-04-12 15:11 - 00000000 ____D () C:\Qoobox
2015-04-12 14:27 - 2015-04-12 15:07 - 00000000 ____D () C:\Windows\erdnt
2015-04-12 12:04 - 2015-04-12 12:04 - 05617275 ____R (Swearware) C:\Users\EROL\Desktop\ComboFix.exe
2015-04-12 11:33 - 2015-04-12 11:33 - 00001268 _____ () C:\Users\EROL\Desktop\Revo Uninstaller.lnk
2015-04-12 11:33 - 2015-04-12 11:33 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-12 11:11 - 2015-04-12 11:11 - 00472176 _____ () C:\Windows\Minidump\041215-18142-01.dmp
2015-04-12 10:07 - 2015-04-12 10:07 - 00048195 _____ () C:\Users\EROL\Desktop\gmer.txt
2015-04-12 09:57 - 2015-04-12 09:57 - 00000470 _____ () C:\Users\EROL\Desktop\defogger_disable.log
2015-04-12 09:57 - 2015-04-11 09:15 - 00380416 _____ () C:\Users\EROL\Desktop\Gmer-19357.exe
2015-04-12 09:57 - 2015-04-11 09:12 - 00050477 _____ () C:\Users\EROL\Desktop\Defogger.exe
2015-04-12 09:47 - 2015-04-12 09:49 - 00039937 _____ () C:\Users\EROL\Desktop\Addition.txt
2015-04-12 09:44 - 2015-04-12 20:45 - 00031109 _____ () C:\Users\EROL\Desktop\FRST.txt
2015-04-12 09:44 - 2015-04-12 20:45 - 00000000 ____D () C:\FRST
2015-04-12 09:42 - 2015-04-12 20:38 - 02096640 _____ (Farbar) C:\Users\EROL\Desktop\FRST64.exe
2015-04-11 23:47 - 2015-04-11 23:47 - 00008963 _____ () C:\Users\EROL\Desktop\1104.txt
2015-04-11 23:19 - 2015-04-11 23:19 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-11 23:19 - 2015-04-11 23:19 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-11 23:19 - 2015-04-11 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-11 23:19 - 2015-04-11 23:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-11 23:19 - 2015-04-11 23:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-11 23:19 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-11 23:19 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-11 23:19 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-11 09:18 - 2015-04-11 09:18 - 00000000 _____ () C:\Users\EROL\defogger_reenable
2015-04-05 18:26 - 2015-04-05 18:26 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Avira
2015-04-05 18:22 - 2015-04-11 23:48 - 00000000 ____D () C:\Program Files (x86)\IGS
2015-04-05 18:20 - 2015-04-05 18:20 - 00000000 ____D () C:\Users\EROL\AppData\Local\004578DC-1428258019-DE11-8C4E-95D864771729
2015-04-05 18:20 - 2015-04-05 18:15 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-05 18:13 - 2015-03-17 13:01 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-05 18:13 - 2015-03-17 13:01 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-05 18:13 - 2015-03-17 13:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-05 18:02 - 2015-04-05 18:02 - 00000000 ____D () C:\Windows\pss
2015-04-05 17:34 - 2015-04-05 17:34 - 00001211 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-05 17:33 - 2015-04-11 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-05 17:33 - 2015-04-05 18:13 - 00000000 ____D () C:\ProgramData\Avira
2015-04-05 17:33 - 2015-04-05 18:13 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-05 17:33 - 2015-04-05 17:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-05 17:18 - 2015-04-10 22:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-05 17:18 - 2015-04-05 17:22 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-05 17:18 - 2015-04-05 17:18 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-04-05 17:18 - 2015-04-05 17:18 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-04-05 17:18 - 2015-04-05 17:18 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-04-05 17:18 - 2015-04-05 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-04-05 17:18 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-04-05 12:21 - 2015-04-05 12:22 - 00291696 _____ () C:\Windows\Minidump\040515-28080-01.dmp
2015-04-05 00:23 - 2015-04-05 00:23 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 00:23 - 2015-04-05 00:23 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 20:10 - 2015-04-04 23:43 - 00008856 _____ () C:\Windows\SysWOW64\29xyOff.ini
2015-04-04 20:10 - 2015-04-04 23:43 - 00008856 _____ () C:\Windows\system32\29xyOff.ini
2015-04-04 20:10 - 2015-04-01 12:35 - 00416552 _____ (scsp) C:\Windows\system32\scxy64.dll
2015-04-04 20:10 - 2015-04-01 12:35 - 00349872 _____ (scsp) C:\Windows\SysWOW64\scxy.dll
2015-04-04 20:10 - 2015-04-01 12:34 - 00046496 _____ (scsp) C:\Windows\system32\Drivers\scjrtr.sys
2015-04-03 23:02 - 2015-04-04 17:18 - 00000000 ____D () C:\Users\EROL\Desktop\Bewerbung
2015-04-02 13:38 - 2015-04-02 13:38 - 00004270 _____ () C:\Windows\System32\Tasks\ReimageUpdater
2015-04-02 13:38 - 2015-04-02 13:38 - 00000000 ____D () C:\ProgramData\Reimage Protector
2015-04-02 12:47 - 2015-04-05 11:31 - 00000000 ____D () C:\Program Files\Reimage
2015-04-02 12:45 - 2015-04-02 12:45 - 00000000 ____D () C:\Users\EROL\AppData\Local\Crossbrowse
2015-04-02 12:43 - 2015-04-02 12:43 - 00000000 ____D () C:\ProgramData\eazyzoom
2015-03-31 18:01 - 2015-03-31 18:01 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\WebExtend
2015-03-31 11:02 - 2015-04-12 19:11 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Steganos VPN
2015-03-31 11:02 - 2015-04-03 21:03 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Steganos
2015-03-31 11:02 - 2015-03-31 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom
2015-03-31 11:02 - 2015-03-31 11:02 - 00000000 ____D () C:\Program Files (x86)\predm
2015-03-31 11:02 - 2015-03-31 11:02 - 00000000 ____D () C:\Program Files (x86)\OkayFreedom
2015-03-31 11:01 - 2015-04-01 14:05 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer
2015-03-31 11:01 - 2015-04-01 14:05 - 00000000 ____D () C:\Program Files (x86)\GUPlayer
2015-03-30 21:02 - 2015-03-30 21:02 - 00003456 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Popup
2015-03-30 21:02 - 2015-03-30 21:02 - 00003192 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start
2015-03-30 21:02 - 2015-03-30 21:02 - 00000000 ____D () C:\Users\EROL\AppData\Local\Rainmaker_Software_Group_
2015-03-30 21:01 - 2015-03-30 21:01 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Rainmaker Software Group LLC.​
2015-03-28 17:52 - 2015-03-28 17:52 - 00300623 _____ () C:\Users\EROL\Downloads\Futbol Canlı Sonuçlar, Canlı maç sonuçları - iddaa.com.htm
2015-03-28 17:52 - 2015-03-28 17:52 - 00000000 ____D () C:\Users\EROL\Downloads\Futbol Canlı Sonuçlar, Canlı maç sonuçları - iddaa.com-Dateien
2015-03-25 11:25 - 2015-03-25 11:25 - 00000000 ____D () C:\Users\EROL\AppData\Local\globalUpdate
2015-03-25 10:59 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 10:59 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 10:59 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 10:59 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 10:59 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 10:59 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 10:59 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 10:59 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 11:44 - 2015-03-24 11:44 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\rightbackup
2015-03-23 12:22 - 2015-03-23 12:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-23 09:46 - 2015-03-23 09:46 - 00000000 ___HD () C:\Users\Public\B95565D26D9A9DC2AD95815626DF35B1
2015-03-22 19:19 - 2015-04-05 12:59 - 00008632 _____ () C:\Windows\SysWOW64\VCLOff.ini
2015-03-22 19:19 - 2015-04-05 12:59 - 00008632 _____ () C:\Windows\system32\VCLOff.ini
2015-03-22 19:07 - 2015-04-11 23:15 - 00000000 ____D () C:\Users\EROL\AppData\Local\004578DC-1427047646-DE11-8C4E-95D864771729
2015-03-22 19:03 - 2015-04-11 23:29 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729
2015-03-22 09:28 - 2015-03-22 09:28 - 00291696 _____ () C:\Windows\Minidump\032215-18720-01.dmp
2015-03-21 12:00 - 2015-03-23 17:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-03-18 16:07 - 2015-03-18 16:07 - 00000000 ____D () C:\Users\EROL\Option

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 20:34 - 2015-01-07 14:34 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-225 Series Update {DA9064A8-56DA-49F8-8F27-85D2FF2069A9}.job
2015-04-12 20:22 - 2012-10-12 12:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-12 20:02 - 2010-10-15 23:34 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{48FD094E-AFAF-4EC8-9EB3-9106BB6B89F2}
2015-04-12 19:39 - 2009-10-17 08:14 - 01489852 _____ () C:\Windows\WindowsUpdate.log
2015-04-12 19:17 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-12 19:17 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-12 19:10 - 2013-08-29 01:44 - 00001872 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-04-12 19:10 - 2013-08-29 01:43 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2015-04-12 19:09 - 2015-02-10 02:08 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-04-12 19:08 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-12 19:08 - 2009-07-14 06:51 - 00191970 _____ () C:\Windows\setupact.log
2015-04-12 15:11 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-12 15:04 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-12 15:02 - 2009-08-22 10:34 - 01213226 _____ () C:\Windows\PFRO.log
2015-04-12 14:08 - 2011-10-27 14:22 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Skype
2015-04-12 12:55 - 2013-11-24 18:07 - 00000000 ____D () C:\Users\EROL\Downloads\MSN Deutschland  Aktuelle Nachrichten, Outlook.com Email und Skype Login-Dateien
2015-04-12 11:11 - 2014-08-24 16:33 - 523873432 _____ () C:\Windows\MEMORY.DMP
2015-04-12 11:11 - 2014-08-24 16:33 - 00000000 ____D () C:\Windows\Minidump
2015-04-12 10:00 - 2009-10-17 18:03 - 00714532 _____ () C:\Windows\system32\perfh007.dat
2015-04-12 10:00 - 2009-10-17 18:03 - 00154584 _____ () C:\Windows\system32\perfc007.dat
2015-04-12 10:00 - 2009-07-14 07:13 - 01538900 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-12 09:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PLA
2015-04-11 23:56 - 2014-02-26 03:13 - 01472526 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-11 09:18 - 2009-12-09 21:35 - 00000000 ____D () C:\Users\EROL
2015-04-10 22:05 - 2015-02-28 19:00 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\systweak
2015-04-05 18:55 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-05 18:47 - 2015-02-25 12:51 - 00000000 ____D () C:\ProgramData\dcd3ad0177264843bc5000b01d833e70
2015-04-05 18:34 - 2015-02-22 16:51 - 00000000 ____D () C:\ProgramData\{9d4d7a04-c0f0-47e9-9d4d-d7a04c0fe813}
2015-04-05 18:34 - 2015-02-22 16:27 - 00000000 ____D () C:\ProgramData\{1f0c2576-5236-741c-1f0c-c257652395d9}
2015-04-05 12:54 - 2015-02-28 16:17 - 00004028 _____ () C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-04-05 12:27 - 2010-10-08 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Okey+
2015-04-05 10:48 - 2015-02-22 16:45 - 00000000 ___HD () C:\Users\Public\Temp
2015-04-05 10:46 - 2015-02-22 16:47 - 00000126 _____ () C:\Users\EROL\AppData\Roaming\WB.CFG
2015-04-04 23:33 - 2009-07-14 04:34 - 00000612 _____ () C:\Windows\win.ini
2015-04-02 13:40 - 2015-03-12 00:26 - 00000156 _____ () C:\Windows\Reimage.ini
2015-04-02 10:08 - 2015-03-11 17:03 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-01 18:03 - 2009-08-22 07:40 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-26 11:58 - 2014-09-21 15:55 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-26 11:58 - 2011-10-27 14:22 - 00000000 ____D () C:\ProgramData\Skype
2015-03-26 11:23 - 2014-12-11 12:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 11:23 - 2014-05-09 22:42 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-24 11:28 - 2015-02-10 14:50 - 00000839 _____ () C:\Windows\wininit.ini
2015-03-24 11:28 - 2014-12-29 19:24 - 00000000 ____D () C:\Users\EROL\AppData\Local\Unity
2015-03-24 10:42 - 2015-03-12 22:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-23 12:12 - 2015-02-28 19:00 - 00000000 ____D () C:\Program Files\shopperz
2015-03-20 01:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-18 12:42 - 2013-11-19 19:18 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Apple Computer
2015-03-18 12:42 - 2013-11-19 19:18 - 00000000 ____D () C:\Users\EROL\AppData\Local\Apple Computer
2015-03-15 11:53 - 2010-11-02 19:07 - 00000000 ____D () C:\Users\EROL\AppData\Local\Adobe
2015-03-15 11:52 - 2012-10-12 12:11 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-15 11:52 - 2012-10-12 12:11 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-15 11:52 - 2011-10-03 11:34 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-13 16:55 - 2009-10-17 08:15 - 00000000 ____D () C:\Program Files (x86)\Acer Arcade Deluxe

==================== Files in the root of some directories =======

2014-11-20 12:45 - 2014-11-20 12:45 - 6000640 _____ () C:\Program Files (x86)\GUT4C3D.tmp
2015-02-22 16:47 - 2015-04-05 10:46 - 0000126 _____ () C:\Users\EROL\AppData\Roaming\WB.CFG
2010-10-03 23:03 - 2013-11-13 19:00 - 0000124 _____ () C:\Users\EROL\AppData\Roaming\wklnhst.dat
2014-06-23 22:44 - 2014-07-07 23:23 - 0001097 _____ () C:\Users\EROL\AppData\Local\cookies.ini
2015-02-24 11:57 - 2015-02-24 11:57 - 0274045 _____ () C:\Users\EROL\AppData\Local\dsi1.dat
2015-02-24 11:57 - 2015-02-24 11:57 - 0161916 _____ () C:\Users\EROL\AppData\Local\dsi2.dat
2015-03-11 18:30 - 2015-03-11 18:30 - 0001643 _____ () C:\Users\EROL\AppData\Local\MyWinLockerInstaller.txt-20150311.log
2015-03-12 12:54 - 2015-03-12 12:58 - 0006477 _____ () C:\Users\EROL\AppData\Local\MyWinLockerInstaller.txt-20150312.log
2009-10-17 08:15 - 2009-10-17 08:17 - 0007768 _____ () C:\ProgramData\ArcadeDeluxe3.log
2009-08-22 10:44 - 2009-07-18 03:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\EROL\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 10:24

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2015
Ran by EROL at 2015-04-12 20:45:41
Running from C:\Users\EROL\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Lavasoft Ad-Aware (Enabled - Out of date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AS: Avira Desktop (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Aware (Enabled - Out of date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.6731 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.6731 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.22 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.74.216 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.74.216 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3002 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3004 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.7.0715 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Ad-Aware Antivirus (HKLM-x32\...\{944167EA-7F89-4705-8DCD-1D63B53141B0}) (Version: 10.5.3.4405 - Lavasoft)
Ad-Aware Security Add-on (HKLM-x32\...\adawaretb) (Version: 3.4.0.1 - Lavasoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Backup Manager Basic (x32 Version: 2.0.0.22 - NewTech Infosystems) Hidden
Bid Forward (HKLM-x32\...\IGS) (Version:  - )
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}) (Version: 12.26.02 - Broadcom Corporation)
Clear Domain Name (HKLM-x32\...\igsc) (Version: 1.0.0.0 - Clear Domain Name)
Disneys Sport - Goofy Skateboarding (HKLM-x32\...\Disney's Extremely Goofy Skateboarding) (Version:  - )
eazyzoom (HKLM-x32\...\{41FB1CA8-BB82-42BD-8E95-0D345FE3DA6C}) (Version: 1.1.0.30 - eazyzoom)
eBay Worldwide (HKLM-x32\...\{AAF89271-2594-468D-B578-96B2E30C41C4}) (Version: 2.1.0703 - OEM)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{71E90740-5E5F-4D43-AB8F-CAC1D93DBB5B}) (Version: 2.5.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{682A3328-9621-4BAD-91FA-873A076610C4}) (Version: 1.21.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-225 Series Printer Uninstall (HKLM\...\EPSON XP-225 Series) (Version:  - SEIKO EPSON Corporation)
EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM\...\{DF5200AB-5AE6-4598-846B-8ABC3AE121B1}) (Version: 3.0.2.0 - SEIKO EPSON Corporation)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Acer Incorporated)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.03 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
OkayFreedom (HKLM-x32\...\{3F3FB10C-7175-4D38-9335-3488B89C12AF}) (Version: 1.4.3 - Steganos Software GmbH)
Okey+ 2.1 (HKLM-x32\...\Okey+_is1) (Version:  - Böcek Yazýlým)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
Reimage Protector (HKLM\...\Reimage Protector) (Version:  - Reimage) <==== ATTENTION
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version:  - )
Samsung Mobile Modem Device Software (HKLM\...\Samsung Mobile Modem Device) (Version:  - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
SAMSUNG USB Mobile Device Software (HKLM\...\SAMSUNG USB Mobile Device) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3005 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID-Anmelde-Assistent (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

04-04-2015 09:44:40 Windows Update
05-04-2015 00:22:18 Windows Update
05-04-2015 19:00:10 Windows-Sicherung
11-04-2015 23:50:37 Windows Update
12-04-2015 11:34:47 Revo Uninstaller's restore point - BoBrowser
12-04-2015 11:39:16 Revo Uninstaller's restore point - BoBrowser
12-04-2015 15:22:37 Windows Update
12-04-2015 19:19:11 Windows-Sicherung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-04-12 15:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00249043-353C-425A-A270-D8304F2C8EAD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {0A8668B1-717F-4429-AC20-5167E5D26B16} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {0B2D1DBB-44FA-452D-A231-B92997632E04} - \ZMCRFF No Task File <==== ATTENTION
Task: {0C6332C4-2A83-4FC4-85A4-1C4C27D1F6EF} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: {138FE3C3-34E0-4253-AADC-A834BF454125} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {15946D7B-34C4-4FAF-9EBF-C9B36F57813F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {1A3E4FE1-733D-4311-A064-C05602E64BC9} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {1ED94779-D16C-4CD7-BA75-ACD32DC71EA7} - System32\Tasks\{5C5454C9-4FF7-4D9B-8168-B4ADBFB532A3} => pcalua.exe -a C:\Users\EROL\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {2620644B-202A-4B6F-988C-3161F554610E} - System32\Tasks\{585D4E66-9B7D-4B34-AE74-B6C858012A68} => C:\Program Files\Batak4\Batak.exe
Task: {2F5C3C1A-E7D8-422B-8B72-067EFCB6E426} - System32\Tasks\{48C4EDAE-2B03-4D61-9031-1C6CC3104DA6} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Task: {413ACCAC-460C-4BBB-863B-BB1A2499406E} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {4345FB31-628A-42CA-BC8A-4DDEC2C8E12C} - System32\Tasks\{08389B0D-B0E4-49AB-B8FD-A240B4A96C43} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe
Task: {462ADBF5-7072-4715-8F00-885403D152CF} - System32\Tasks\{8FD4BD32-5AFB-4265-B8DA-333ED1CBAD08} => pcalua.exe -a C:\Users\EROL\Downloads\epson375869eu(1).exe -d C:\Users\EROL\Downloads
Task: {4CDF805B-7549-4CBE-89DA-8DE73C0BAD65} - System32\Tasks\{EB51D504-1FAC-497A-A67B-A70FBE7DB3CD} => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: {50E25B8D-3A25-497D-8821-605C4CE9F525} - System32\Tasks\{1EE10A4C-0ACA-456B-B852-F923D5D0ACE6} => C:\Program Files (x86)\Microsoft Office\OFFICE11\MSACCESS.EXE [2010-01-14] (Microsoft Corporation)
Task: {5B2558E1-A057-46EC-982E-E6C2F169C161} - System32\Tasks\EPSON XP-225 Series Update {DA9064A8-56DA-49F8-8F27-85D2FF2069A9} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {67D15269-582C-425F-9C72-F1EC6DC12842} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {67DE4505-8964-4C77-80A6-6F9CFB42B4C6} - System32\Tasks\{76B6EB2E-1365-46EA-B693-530717E5371D} => pcalua.exe -a C:\Users\EROL\Downloads\5609-batak-ihaleli-tamindir.com\batak-ihaleli-tamindir.com\batak4kur.exe -d C:\Users\EROL\Downloads\5609-batak-ihaleli-tamindir.com\batak-ihaleli-tamindir.com
Task: {82461E53-52F3-4CC5-8F6D-2DD44AE1F00D} - System32\Tasks\{AA56D811-B658-40C5-BF73-83680E2BBC25} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\1\SS_Uninstall.exe
Task: {89E9CC8F-583F-4631-B69C-E939243DA08A} - System32\Tasks\{77355BBA-AB49-4BC3-9494-9094B7615DEC} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\7\SSECUninstall.exe
Task: {A1EB057F-80A2-425D-8970-4314C0D727F1} - System32\Tasks\{81EBBBC1-8E1F-4BCA-9A1E-99068531EEDC} => pcalua.exe -a "C:\Users\EROL\Downloads\5609-batak-ihaleli-tamindir.com (1)\batak-ihaleli-tamindir.com\batak4kur.exe" -d "C:\Users\EROL\Downloads\5609-batak-ihaleli-tamindir.com (1)\batak-ihaleli-tamindir.com"
Task: {A63CC6F6-B5B2-4F63-B7B0-235B6C8399E6} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\EROL\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
Task: {B008D2DB-D259-4520-BEAE-D808D076818A} - System32\Tasks\{1D1FFBF9-53D2-493E-A59E-D2B647F3A5BE} => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: {B0217FE0-495C-490A-BB56-79ABF62F641C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {BE31CAA5-4A2A-42E2-9054-20CCD65D205B} - System32\Tasks\{11F68C3A-BA55-46BB-BA57-8FC636D2C17E} => C:\Program Files\Batak4\Batak.exe
Task: {C0020C13-A6BF-4CED-9194-39A192D3B0CB} - System32\Tasks\{885C3099-5D08-4F87-B40C-FC838B023C4D} => pcalua.exe -a C:\Users\EROL\AppData\Local\Temp\Temp1_batak-ihaleli-indirline.com.zip\batak-ihaleli-indirline.com\batak4kur.exe
Task: {C3704AC7-FD37-45AA-90FF-FA7478FE2EB6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-15] (Adobe Systems Incorporated)
Task: {C49ECB39-6FD0-4A01-AACA-ABBBDFA1D846} - System32\Tasks\{6E1DF063-C740-4606-8282-1399C48D708C} => Firefox.exe 
Task: {C9AA6652-0602-4991-B88B-4DD6B1003DB6} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: {D2358CEF-B5B4-440B-A128-95F96C22F099} - System32\Tasks\{D39E6D99-9FB1-459D-9A5E-A83528C5BC81} => C:\Program Files\Batak4\Batak.exe
Task: {DA976F43-10C3-45FB-A9B0-45874B04E6D1} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION
Task: {DF1B6AE2-0D6F-4CA6-9DA6-49E7CBD2CC13} - System32\Tasks\PostPoneInstall => C:\Users\EROL\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ATTENTION
Task: {F0505E72-8A87-4043-BEDF-88569FB995C0} - System32\Tasks\{CF659C13-1743-4AD8-8DCD-5B70213A4392} => Firefox.exe 
Task: {F4F8214F-8FD5-400A-930D-2FA7E805B268} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-225 Series Update {DA9064A8-56DA-49F8-8F27-85D2FF2069A9}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE:/EXE:{DA9064A8-56DA-49F8-8F27-85D2FF2069A9} /F:UpdateSYSTEM
Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Loaded Modules (whitelisted) ==============

2015-04-02 11:31 - 2015-04-02 11:31 - 00571888 _____ () C:\ProgramData\eazyzoom\1.1.0.30\isekaxa.exe
2015-04-05 16:22 - 2015-04-05 16:22 - 00205312 _____ () C:\Users\EROL\AppData\Roaming\004578DC-1427043795-DE11-8C4E-95D864771729\nsoF4B7.tmp
2015-04-02 11:31 - 2015-04-02 11:31 - 00532480 _____ () C:\ProgramData\eazyzoom\1.1.0.30\isek6xa.exe
2015-04-02 11:30 - 2015-04-02 11:30 - 01126912 _____ () C:\ProgramData\eazyzoom\1.1.0.30\isek6xa.dll
2015-04-02 11:31 - 2015-04-02 11:31 - 00424960 _____ () C:\ProgramData\eazyzoom\1.1.0.30\isekdxa.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-02-03 02:33 - 2009-02-03 02:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-29 02:55 - 2008-09-29 02:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2015-04-05 17:18 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-05 17:18 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-05 17:18 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-05 17:18 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-05 17:18 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-04-02 11:31 - 2015-04-02 11:31 - 00482304 _____ () C:\ProgramData\eazyzoom\1.1.0.30\isekdxau.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-08-29 01:59 - 2014-12-19 06:01 - 00192376 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libBase64.dll
2013-08-29 01:59 - 2014-12-19 06:01 - 00180088 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libMachoUniv.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:1D32EC29
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E3C56885
AlternateDataStreams: C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Deutschland Aktuelle Nachrichten, Outlook.com Email und Skype Login..website:TASKICON_0FA6946226F21BD7E8F75BBFA031461487075638
AlternateDataStreams: C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Deutschland Aktuelle Nachrichten, Outlook.com Email und Skype Login..website:TASKICON_1FA6946226F21BD7E8F75BBFA031461135116317
AlternateDataStreams: C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Deutschland Aktuelle Nachrichten, Outlook.com Email und Skype Login..website:TASKICON_2FA6946226F21BD7E8F75BBFA03146-12823272
AlternateDataStreams: C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Deutschland Aktuelle Nachrichten, Outlook.com Email und Skype Login..website:TASKICON_3FA6946226F21BD7E8F75BBFA03146-1180859722
AlternateDataStreams: C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Deutschland Aktuelle Nachrichten, Outlook.com Email und Skype Login..website:TASKICON_4FA6946226F21BD7E8F75BBFA031461739172809

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1924032147-3410277532-354269451-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Avira.OE.ServiceHost => 2
MSCONFIG\startupfolder: C:^Users^EROL^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^setup.lnk => C:\Windows\pss\setup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^EROL^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SuperOptimizer.lnk => C:\Windows\pss\SuperOptimizer.lnk.Startup
MSCONFIG\startupreg: Elite Unzip AppIntegrator 32-bit => C:\PROGRA~2\ELITEU~2\bar\1.bin\AppIntegrator.exe
MSCONFIG\startupreg: Elite Unzip AppIntegrator 64-bit => C:\PROGRA~2\ELITEU~2\bar\1.bin\AppIntegrator64.exe
MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
MSCONFIG\startupreg: Registry Helper => "C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe" /boot

==================== Accounts: =============================

Administrator (S-1-5-21-1924032147-3410277532-354269451-500 - Administrator - Disabled)
EROL (S-1-5-21-1924032147-3410277532-354269451-1001 - Administrator - Enabled) => C:\Users\EROL
Gast (S-1-5-21-1924032147-3410277532-354269451-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1924032147-3410277532-354269451-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: qrnfd_1_10_0_12
Description: qrnfd_1_10_0_12
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: qrnfd_1_10_0_12
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: cherimoya
Description: cherimoya
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: cherimoya
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: {90280f97-bcf9-4f01-b773-3eeda0515e95}Gw64
Description: {90280f97-bcf9-4f01-b773-3eeda0515e95}Gw64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: {90280f97-bcf9-4f01-b773-3eeda0515e95}Gw64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: {a3730592-7b31-4002-9366-8a726171fb7b}Gw64
Description: {a3730592-7b31-4002-9366-8a726171fb7b}Gw64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: {a3730592-7b31-4002-9366-8a726171fb7b}Gw64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: {ef6e4000-cf69-4e60-8af1-5bd45599585c}w64
Description: {ef6e4000-cf69-4e60-8af1-5bd45599585c}w64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: {ef6e4000-cf69-4e60-8af1-5bd45599585c}w64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/12/2015 03:01:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OkayFreedomService.exe, Version: 1.4.3.11221, Zeitstempel: 0x54e3011d
Name des fehlerhaften Moduls: OkayFreedomService.exe, Version: 1.4.3.11221, Zeitstempel: 0x54e3011d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000b818
ID des fehlerhaften Prozesses: 0x960
Startzeit der fehlerhaften Anwendung: 0xOkayFreedomService.exe0
Pfad der fehlerhaften Anwendung: OkayFreedomService.exe1
Pfad des fehlerhaften Moduls: OkayFreedomService.exe2
Berichtskennung: OkayFreedomService.exe3

Error: (04/12/2015 00:41:36 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (04/12/2015 00:41:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/12/2015 00:41:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/12/2015 00:41:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/12/2015 00:41:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/12/2015 09:57:20 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/12/2015 09:57:16 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/12/2015 09:57:05 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/12/2015 09:57:03 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.


System errors:
=============
Error: (04/12/2015 07:39:46 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {682159D9-C321-47CA-B3F1-30E36B2EC8B9}

Error: (04/12/2015 07:10:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cherimoya
iSafeKrnlMon
qrnfd_1_10_0_12
{90280f97-bcf9-4f01-b773-3eeda0515e95}Gw64
{a3730592-7b31-4002-9366-8a726171fb7b}Gw64
{ef6e4000-cf69-4e60-8af1-5bd45599585c}w64

Error: (04/12/2015 07:09:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Steel Cut" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/12/2015 07:09:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Air Globe" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/12/2015 07:09:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Reimage Real Time Protector" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/12/2015 03:22:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (04/12/2015 03:03:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cherimoya
iSafeKrnlMon
qrnfd_1_10_0_12
{90280f97-bcf9-4f01-b773-3eeda0515e95}Gw64
{a3730592-7b31-4002-9366-8a726171fb7b}Gw64
{ef6e4000-cf69-4e60-8af1-5bd45599585c}w64

Error: (04/12/2015 03:03:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Steel Cut" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/12/2015 03:03:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Air Globe" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/12/2015 03:02:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Reimage Real Time Protector" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (04/12/2015 03:01:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OkayFreedomService.exe1.4.3.1122154e3011dOkayFreedomService.exe1.4.3.1122154e3011dc00000050000b81896001d07519dca26f11C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exeC:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe0abb5862-e114-11e4-b9ea-00262d58f323

Error: (04/12/2015 00:41:36 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (04/12/2015 00:41:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe

Error: (04/12/2015 00:41:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe

Error: (04/12/2015 00:41:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe

Error: (04/12/2015 00:41:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe

Error: (04/12/2015 09:57:20 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: E:\FRST.exeE:\FRST.exe0

Error: (04/12/2015 09:57:16 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: E:\FRST64.exeE:\FRST64.exe0

Error: (04/12/2015 09:57:05 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: E:\FRST.exeE:\FRST.exe0

Error: (04/12/2015 09:57:03 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: E:\FRST64.exeE:\FRST64.exe0


CodeIntegrity Errors:
===================================
  Date: 2015-04-12 15:00:13.291
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-04-12 15:00:13.181
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 37%
Total physical RAM: 4090.93 MB
Available physical RAM: 2547.8 MB
Total Pagefile: 8180.04 MB
Available Pagefile: 6025.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:453.94 GB) (Free:389.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:7.26 GB) (Free:4.2 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 5CAE5CAE)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.3 GB) (Disk ID: E49E4E8B)
Partition 1: (Not Active) - (Size=7.3 GB) - (Type=0B)

==================== End Of Log ============================
         

Alt 13.04.2015, 09:54   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware - Standard

Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.04.2015, 19:45   #10
mm0811
 
Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware - Standard

Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware



Da lass ich Malwarebytes Anti-Malware durchlaufen und mache ein neustart. Danach sagt er mir das die Datei ComboFix.exe das Virus TR/Agent.5617275 (Cloud) hat.
Das ist genau das Programm was ich gestern hier herruntergeladen habe ...

Malwarebytes Anti-Malware ht 1380 Befunde gefunden. Siehe Datei anhang...
Muss in drei Teilen unterteilt werden
mbam.txt:
Die Datei, die Sie anhängen möchten, ist zu groß. Die maximale Dateigröße für diesen Dateityp beträgt 97,7 KB. Ihre Datei ist 255,2 KB groß.
Angehängte Dateien
Dateityp: txt mbam1.txt (93,2 KB, 106x aufgerufen)
Dateityp: txt mbam3.txt (83,6 KB, 109x aufgerufen)

Alt 13.04.2015, 20:09   #11
mm0811
 
Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware - Standard

Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware



Junkware Removal Tool konnte ich nicht herrunterladen da sie anscheint nicht vorhanden ist.

AdwCleaner:
Code:
ATTFilter
# AdwCleaner v4.201 - Bericht erstellt 13/04/2015 um 20:49:41
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : EROL - EROL-PC
# Gestarted von : C:\Users\EROL\Downloads\MSN Deutschland  Aktuelle Nachrichten, Outlook.com Email und Skype Login-Dateien\AdwCleaner_4.201.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : iSafeKrnlMon
[#] Dienst Gelöscht : ReimageRealTimeProtector

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Search Protection
Ordner Gelöscht : C:\ProgramData\Reimage Protector
Ordner Gelöscht : C:\ProgramData\Fighters
Ordner Gelöscht : C:\ProgramData\25093c2200006a12
Ordner Gelöscht : C:\ProgramData\2f1ca7da00002f73
Ordner Gelöscht : C:\ProgramData\53e4b8d4000031e6
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Program Files\Reimage
Ordner Gelöscht : C:\Program Files\Fighters
Ordner Gelöscht : C:\Users\EROL\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\EROL\AppData\Local\DownloadManager
Ordner Gelöscht : C:\Users\EROL\AppData\Local\Mindspark_Interactive_Net
Ordner Gelöscht : C:\Users\EROL\AppData\Local\Rainmaker_Software_Group_
Ordner Gelöscht : C:\Users\EROL\AppData\LocalLow\adawaretb
Ordner Gelöscht : C:\Users\EROL\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\EROL\AppData\LocalLow\iac
Ordner Gelöscht : C:\Users\EROL\AppData\LocalLow\P2P_Max_DE
Ordner Gelöscht : C:\Users\EROL\AppData\Roaming\rightbackup
Ordner Gelöscht : C:\Users\EROL\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\EROL\AppData\Roaming\WebExtend
Ordner Gelöscht : C:\Users\EROL\AppData\Roaming\Rainmaker Software Group LLC.?
Ordner Gelöscht : C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole
Ordner Gelöscht : C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Datei Gelöscht : C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaaahlfahldnilidgnlikdckbfehhca_0.localstorage
Datei Gelöscht : C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaaahlfahldnilidgnlikdckbfehhca_0.localstorage-journal
Datei Gelöscht : C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fcfenmboojpjinhpgggodefccipikbpd_0.localstorage
Datei Gelöscht : C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fcfenmboojpjinhpgggodefccipikbpd_0.localstorage-journal
Datei Gelöscht : C:\Windows\efix.ini
Datei Gelöscht : C:\Windows\Reimage.ini
Datei Gelöscht : C:\Windows\SysWOW64\conduitEngine.tmp
Datei Gelöscht : C:\Windows\SysWOW64\scxy.dll
Datei Gelöscht : C:\Windows\System32\log\iSafeKrnlCall.log
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Windows\System32\scxy64.dll
Datei Gelöscht : C:\Windows\System32\drivers\scjrtr.sys
Datei Gelöscht : C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\invalidprefs.js
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml
Datei Gelöscht : C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\user.js
Datei Gelöscht : C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.ask.com_0.localstorage
Datei Gelöscht : C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_de.ask.com_0.localstorage-journal
Datei Gelöscht : C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_immobilien.trovit.de_0.localstorage
Datei Gelöscht : C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_immobilien.trovit.de_0.localstorage-journal
Datei Gelöscht : C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage
Datei Gelöscht : C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage-journal

***** [ Geplante Tasks ] *****

Task Gelöscht : PostPoneInstall
Task Gelöscht : ProPCCleaner_Popup
Task Gelöscht : ProPCCleaner_Start
Task Gelöscht : ReimageUpdater
Task Gelöscht : Run_Bobby_Browser
Task Gelöscht : SmartWeb Upgrade Trigger Task

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\c47ffc45-060e-293d-8f0f-ac39050883e3
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2055800
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9C81D00A-3DAA-48AB-90C7-8252119ABB93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1DA17428-323D-48FF-857C-98CFEE48BFD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0007D18-BAA4-4573-AE78-8BEA0958C610}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E229C17E-F7B7-459E-A75A-12D95FACBFD4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0007D18-BAA4-4573-AE78-8BEA0958C610}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E229C17E-F7B7-459E-A75A-12D95FACBFD4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D9CDE3AF-10CD-474B-B4B7-148865FD6692}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{755AF1E8-3FD9-40B5-B6A9-3A98837C5B49}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{E0007D18-BAA4-4573-AE78-8BEA0958C610}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks []
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Reimage
Schlüssel Gelöscht : HKCU\Software\CoinisRS
Schlüssel Gelöscht : HKCU\Software\gameo
Schlüssel Gelöscht : HKCU\Software\ProPCCleanerLanguage
Schlüssel Gelöscht : HKCU\Software\ProPCCleanerConfig
Schlüssel Gelöscht : HKCU\Software\eFix
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawaretb
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\CheckMeUp
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\P2P_Max_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\adawaretb
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Toolbar Cleaner
Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
Schlüssel Gelöscht : HKLM\SOFTWARE\IGS
Schlüssel Gelöscht : HKLM\SOFTWARE\P2P_Max_DE
Schlüssel Gelöscht : HKU\.DEFAULT\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Reimage
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\eFix
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Protector
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\reimageplus.com

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v36.0.4 (x86 de)

[tm9r20kd.default-1418645245816\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[tm9r20kd.default-1418645245816\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v

[C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=6A67D44A-B403-48E7-BCB0-64A91B6EBC69&apn_ptnrs=U3&apn_sauid=61DC31CD-D944-4794-86EE-E7733881A30C&apn_dtid=OSJ000YYTR&q={searchTerms}
[C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11412&l=dis&pf=V7&p2=%5EBBK%5EOSJ000%5EYY%5EDE&gct=&itbv=12.7.0.15&doi=2014-01-14&apn_uid=88ABDD74-8DC9-4795-BD21-75ECDBC55479&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=cr_31.0.1650.63&psv=&pt=tb&trgb=CR&q={searchTerms}

-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [14867 Bytes] - [13/04/2015 20:46:48]
AdwCleaner[S0].txt - [13649 Bytes] - [13/04/2015 20:49:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13709  Bytes] ##########
         
FSRT:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by EROL (administrator) on EROL-PC on 13-04-2015 21:04:02
Running from C:\Users\EROL\Desktop
Loaded Profiles: EROL (Available profiles: EROL)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATINFE.EXE
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-06] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated)
HKLM\...\Run: [EPSON Stylus DX3800 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE /F "C:\Windows\TEMP\E_S2D9F.tmp" /EF "HKLM"
HKLM\...\Run: [SBRegRebootCleaner] => C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe [201608 2012-09-20] (GFI Software)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-21] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1194504 2009-08-27] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-07-31] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-08-04] (Acer Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] => "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31340640 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATINFE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [6553000 2015-02-18] (Steganos Software GmbH)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816
FF SearchEngineOrder.3: Bing 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Extension: Bing Search Engine - C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\Extensions\bingsearch.full@microsoft.com [2015-03-26]
FF Extension: WEB.DE MailCheck - C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\Extensions\toolbar@web.de [2015-03-07]
FF Extension: OkayFreedom - C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2015-03-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-01-07]

Chrome: 
=======
CHR Profile: C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-11]
CHR Extension: (No Name) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh [2015-03-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Skype Click to Call) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-06]
CHR Extension: (No Name) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnmengjdnfjbochkdkcjbbpildacancp [2015-04-05]
CHR Extension: (Google Wallet) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (No Name) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo [2015-03-28]
CHR Extension: (pnmjaflneibolacpepklokkjnakmikmg) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmjaflneibolacpepklokkjnakmikmg [2015-03-15]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1924032147-3410277532-354269451-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [326072 2015-02-18] (Steganos Software GmbH)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-08-29] (GFI Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\EROL\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 20:46 - 2015-04-13 20:50 - 00000000 ____D () C:\AdwCleaner
2015-04-13 20:44 - 2015-04-13 20:45 - 00085608 _____ () C:\Users\EROL\Desktop\mbam3.txt
2015-04-13 20:43 - 2015-04-13 20:44 - 00080241 _____ () C:\Users\EROL\Desktop\mbam2.txt
2015-04-13 20:14 - 2015-04-13 20:43 - 00095465 _____ () C:\Users\EROL\Desktop\mbam1.txt
2015-04-12 20:38 - 2015-04-12 20:38 - 00000000 ____D () C:\Users\EROL\Desktop\FRST-OlderVersion
2015-04-12 15:11 - 2015-04-12 15:11 - 00037908 _____ () C:\ComboFix.txt
2015-04-12 14:32 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-12 14:32 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-12 14:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-12 14:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-12 14:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-12 14:32 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-12 14:32 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-12 14:32 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-12 14:28 - 2015-04-12 15:11 - 00000000 ____D () C:\Qoobox
2015-04-12 14:27 - 2015-04-12 15:07 - 00000000 ____D () C:\Windows\erdnt
2015-04-12 12:04 - 2015-04-12 12:04 - 05617275 ____R (Swearware) C:\Users\EROL\Desktop\ComboFix.exe
2015-04-12 11:33 - 2015-04-12 11:33 - 00001268 _____ () C:\Users\EROL\Desktop\Revo Uninstaller.lnk
2015-04-12 11:33 - 2015-04-12 11:33 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-12 11:11 - 2015-04-12 11:11 - 00472176 _____ () C:\Windows\Minidump\041215-18142-01.dmp
2015-04-12 10:07 - 2015-04-12 10:07 - 00048195 _____ () C:\Users\EROL\Desktop\gmer.txt
2015-04-12 09:57 - 2015-04-12 09:57 - 00000470 _____ () C:\Users\EROL\Desktop\defogger_disable.log
2015-04-12 09:57 - 2015-04-11 09:15 - 00380416 _____ () C:\Users\EROL\Desktop\Gmer-19357.exe
2015-04-12 09:57 - 2015-04-11 09:12 - 00050477 _____ () C:\Users\EROL\Desktop\Defogger.exe
2015-04-12 09:47 - 2015-04-12 20:46 - 00040873 _____ () C:\Users\EROL\Desktop\Addition.txt
2015-04-12 09:44 - 2015-04-13 21:04 - 00020578 _____ () C:\Users\EROL\Desktop\FRST.txt
2015-04-12 09:44 - 2015-04-13 21:04 - 00000000 ____D () C:\FRST
2015-04-12 09:42 - 2015-04-12 20:38 - 02096640 _____ (Farbar) C:\Users\EROL\Desktop\FRST64.exe
2015-04-11 23:47 - 2015-04-11 23:47 - 00008963 _____ () C:\Users\EROL\Desktop\1104.txt
2015-04-11 23:19 - 2015-04-13 19:08 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-11 23:19 - 2015-04-11 23:19 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-11 23:19 - 2015-04-11 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-11 23:19 - 2015-04-11 23:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-11 23:19 - 2015-04-11 23:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-11 23:19 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-11 23:19 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-11 23:19 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-11 09:18 - 2015-04-11 09:18 - 00000000 _____ () C:\Users\EROL\defogger_reenable
2015-04-05 18:26 - 2015-04-05 18:26 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Avira
2015-04-05 18:20 - 2015-04-05 18:15 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-05 18:13 - 2015-03-17 13:01 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-05 18:13 - 2015-03-17 13:01 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-05 18:13 - 2015-03-17 13:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-05 18:02 - 2015-04-05 18:02 - 00000000 ____D () C:\Windows\pss
2015-04-05 17:34 - 2015-04-05 17:34 - 00001211 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-05 17:33 - 2015-04-11 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-05 17:33 - 2015-04-05 18:13 - 00000000 ____D () C:\ProgramData\Avira
2015-04-05 17:33 - 2015-04-05 18:13 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-05 17:33 - 2015-04-05 17:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-05 17:18 - 2015-04-10 22:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-05 17:18 - 2015-04-05 17:22 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-05 17:18 - 2015-04-05 17:18 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-04-05 17:18 - 2015-04-05 17:18 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-04-05 17:18 - 2015-04-05 17:18 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-04-05 17:18 - 2015-04-05 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-04-05 17:18 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-04-05 12:21 - 2015-04-05 12:22 - 00291696 _____ () C:\Windows\Minidump\040515-28080-01.dmp
2015-04-05 00:23 - 2015-04-05 00:23 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 00:23 - 2015-04-05 00:23 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 20:10 - 2015-04-04 23:43 - 00008856 _____ () C:\Windows\SysWOW64\29xyOff.ini
2015-04-04 20:10 - 2015-04-04 23:43 - 00008856 _____ () C:\Windows\system32\29xyOff.ini
2015-04-03 23:02 - 2015-04-04 17:18 - 00000000 ____D () C:\Users\EROL\Desktop\Bewerbung
2015-03-31 11:02 - 2015-04-13 20:52 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Steganos VPN
2015-03-31 11:02 - 2015-04-03 21:03 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Steganos
2015-03-31 11:02 - 2015-03-31 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom
2015-03-31 11:02 - 2015-03-31 11:02 - 00000000 ____D () C:\Program Files (x86)\OkayFreedom
2015-03-28 17:52 - 2015-03-28 17:52 - 00300623 _____ () C:\Users\EROL\Downloads\Futbol Canlı Sonuçlar, Canlı maç sonuçları - iddaa.com.htm
2015-03-28 17:52 - 2015-03-28 17:52 - 00000000 ____D () C:\Users\EROL\Downloads\Futbol Canlı Sonuçlar, Canlı maç sonuçları - iddaa.com-Dateien
2015-03-25 10:59 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 10:59 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 10:59 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 10:59 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 10:59 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 10:59 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 10:59 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 10:59 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 12:22 - 2015-03-23 12:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-23 09:46 - 2015-03-23 09:46 - 00000000 ___HD () C:\Users\Public\B95565D26D9A9DC2AD95815626DF35B1
2015-03-22 19:07 - 2015-04-11 23:15 - 00000000 ____D () C:\Users\EROL\AppData\Local\004578DC-1427047646-DE11-8C4E-95D864771729
2015-03-22 09:28 - 2015-03-22 09:28 - 00291696 _____ () C:\Windows\Minidump\032215-18720-01.dmp
2015-03-21 12:00 - 2015-03-23 17:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-03-18 16:07 - 2015-03-18 16:07 - 00000000 ____D () C:\Users\EROL\Option

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 21:01 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-13 21:01 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-13 20:59 - 2009-10-17 08:14 - 01527259 _____ () C:\Windows\WindowsUpdate.log
2015-04-13 20:58 - 2013-11-24 18:07 - 00000000 ____D () C:\Users\EROL\Downloads\MSN Deutschland  Aktuelle Nachrichten, Outlook.com Email und Skype Login-Dateien
2015-04-13 20:53 - 2013-08-29 01:44 - 00001872 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-04-13 20:53 - 2013-08-29 01:43 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2015-04-13 20:51 - 2009-08-22 10:34 - 01716380 _____ () C:\Windows\PFRO.log
2015-04-13 20:51 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-13 20:51 - 2009-07-14 06:51 - 00192138 _____ () C:\Windows\setupact.log
2015-04-13 20:50 - 2015-02-25 12:34 - 00000000 ____D () C:\Windows\system32\log
2015-04-13 20:44 - 2010-10-15 23:34 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{48FD094E-AFAF-4EC8-9EB3-9106BB6B89F2}
2015-04-13 20:34 - 2015-01-07 14:34 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-225 Series Update {DA9064A8-56DA-49F8-8F27-85D2FF2069A9}.job
2015-04-13 20:23 - 2009-07-27 22:41 - 00000000 ____D () C:\Windows\Panther
2015-04-13 20:22 - 2012-10-12 12:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-13 18:39 - 2015-02-10 02:08 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-04-12 15:11 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-12 15:04 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-12 14:08 - 2011-10-27 14:22 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Skype
2015-04-12 11:11 - 2014-08-24 16:33 - 523873432 _____ () C:\Windows\MEMORY.DMP
2015-04-12 11:11 - 2014-08-24 16:33 - 00000000 ____D () C:\Windows\Minidump
2015-04-12 10:00 - 2009-10-17 18:03 - 00714532 _____ () C:\Windows\system32\perfh007.dat
2015-04-12 10:00 - 2009-10-17 18:03 - 00154584 _____ () C:\Windows\system32\perfc007.dat
2015-04-12 10:00 - 2009-07-14 07:13 - 01538900 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-12 09:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PLA
2015-04-11 23:56 - 2014-02-26 03:13 - 01472526 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-11 09:18 - 2009-12-09 21:35 - 00000000 ____D () C:\Users\EROL
2015-04-05 18:55 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-05 18:47 - 2015-02-25 12:51 - 00000000 ____D () C:\ProgramData\dcd3ad0177264843bc5000b01d833e70
2015-04-05 18:34 - 2015-02-22 16:51 - 00000000 ____D () C:\ProgramData\{9d4d7a04-c0f0-47e9-9d4d-d7a04c0fe813}
2015-04-05 18:34 - 2015-02-22 16:27 - 00000000 ____D () C:\ProgramData\{1f0c2576-5236-741c-1f0c-c257652395d9}
2015-04-05 12:27 - 2010-10-08 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Okey+
2015-04-05 10:48 - 2015-02-22 16:45 - 00000000 ___HD () C:\Users\Public\Temp
2015-04-05 10:46 - 2015-02-22 16:47 - 00000126 _____ () C:\Users\EROL\AppData\Roaming\WB.CFG
2015-04-04 23:33 - 2009-07-14 04:34 - 00000612 _____ () C:\Windows\win.ini
2015-04-02 10:08 - 2015-03-11 17:03 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-01 18:03 - 2009-08-22 07:40 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-26 11:58 - 2014-09-21 15:55 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-26 11:58 - 2011-10-27 14:22 - 00000000 ____D () C:\ProgramData\Skype
2015-03-26 11:23 - 2014-12-11 12:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 11:23 - 2014-05-09 22:42 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-24 11:28 - 2015-02-10 14:50 - 00000839 _____ () C:\Windows\wininit.ini
2015-03-24 11:28 - 2014-12-29 19:24 - 00000000 ____D () C:\Users\EROL\AppData\Local\Unity
2015-03-24 10:42 - 2015-03-12 22:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-20 01:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-18 12:42 - 2013-11-19 19:18 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Apple Computer
2015-03-18 12:42 - 2013-11-19 19:18 - 00000000 ____D () C:\Users\EROL\AppData\Local\Apple Computer
2015-03-15 11:53 - 2010-11-02 19:07 - 00000000 ____D () C:\Users\EROL\AppData\Local\Adobe
2015-03-15 11:52 - 2012-10-12 12:11 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-15 11:52 - 2012-10-12 12:11 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-15 11:52 - 2011-10-03 11:34 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-11-20 12:45 - 2014-11-20 12:45 - 6000640 _____ () C:\Program Files (x86)\GUT4C3D.tmp
2015-02-22 16:47 - 2015-04-05 10:46 - 0000126 _____ () C:\Users\EROL\AppData\Roaming\WB.CFG
2010-10-03 23:03 - 2013-11-13 19:00 - 0000124 _____ () C:\Users\EROL\AppData\Roaming\wklnhst.dat
2014-06-23 22:44 - 2014-07-07 23:23 - 0001097 _____ () C:\Users\EROL\AppData\Local\cookies.ini
2015-02-24 11:57 - 2015-02-24 11:57 - 0274045 _____ () C:\Users\EROL\AppData\Local\dsi1.dat
2015-02-24 11:57 - 2015-02-24 11:57 - 0161916 _____ () C:\Users\EROL\AppData\Local\dsi2.dat
2015-03-11 18:30 - 2015-03-11 18:30 - 0001643 _____ () C:\Users\EROL\AppData\Local\MyWinLockerInstaller.txt-20150311.log
2015-03-12 12:54 - 2015-03-12 12:58 - 0006477 _____ () C:\Users\EROL\AppData\Local\MyWinLockerInstaller.txt-20150312.log
2009-10-17 08:15 - 2009-10-17 08:17 - 0007768 _____ () C:\ProgramData\ArcadeDeluxe3.log
2009-08-22 10:44 - 2009-07-18 03:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\EROL\AppData\Local\temp\avgnt.exe
C:\Users\EROL\AppData\Local\temp\Quarantine.exe
C:\Users\EROL\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 10:24

==================== End Of Log ============================
         
--- --- ---


Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2015
Ran by EROL at 2015-04-13 21:06:03
Running from C:\Users\EROL\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Lavasoft Ad-Aware (Enabled - Out of date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AS: Avira Desktop (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Aware (Enabled - Out of date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.6731 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.6731 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.22 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.74.216 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.74.216 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3002 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3004 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.7.0715 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Ad-Aware Antivirus (HKLM-x32\...\{944167EA-7F89-4705-8DCD-1D63B53141B0}) (Version: 10.5.3.4405 - Lavasoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Backup Manager Basic (x32 Version: 2.0.0.22 - NewTech Infosystems) Hidden
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}) (Version: 12.26.02 - Broadcom Corporation)
Disneys Sport - Goofy Skateboarding (HKLM-x32\...\Disney's Extremely Goofy Skateboarding) (Version:  - )
eBay Worldwide (HKLM-x32\...\{AAF89271-2594-468D-B578-96B2E30C41C4}) (Version: 2.1.0703 - OEM)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{71E90740-5E5F-4D43-AB8F-CAC1D93DBB5B}) (Version: 2.5.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{682A3328-9621-4BAD-91FA-873A076610C4}) (Version: 1.21.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-225 Series Printer Uninstall (HKLM\...\EPSON XP-225 Series) (Version:  - SEIKO EPSON Corporation)
EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM\...\{DF5200AB-5AE6-4598-846B-8ABC3AE121B1}) (Version: 3.0.2.0 - SEIKO EPSON Corporation)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Acer Incorporated)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.03 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
OkayFreedom (HKLM-x32\...\{3F3FB10C-7175-4D38-9335-3488B89C12AF}) (Version: 1.4.3 - Steganos Software GmbH)
Okey+ 2.1 (HKLM-x32\...\Okey+_is1) (Version:  - Böcek Yazýlým)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version:  - )
Samsung Mobile Modem Device Software (HKLM\...\Samsung Mobile Modem Device) (Version:  - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
SAMSUNG USB Mobile Device Software (HKLM\...\SAMSUNG USB Mobile Device) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3005 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID-Anmelde-Assistent (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

04-04-2015 09:44:40 Windows Update
05-04-2015 00:22:18 Windows Update
05-04-2015 19:00:10 Windows-Sicherung
11-04-2015 23:50:37 Windows Update
12-04-2015 11:34:47 Revo Uninstaller's restore point - BoBrowser
12-04-2015 11:39:16 Revo Uninstaller's restore point - BoBrowser
12-04-2015 15:22:37 Windows Update
12-04-2015 19:19:11 Windows-Sicherung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-04-12 15:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00249043-353C-425A-A270-D8304F2C8EAD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {0B2D1DBB-44FA-452D-A231-B92997632E04} - \ZMCRFF No Task File <==== ATTENTION
Task: {0C6332C4-2A83-4FC4-85A4-1C4C27D1F6EF} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: {138FE3C3-34E0-4253-AADC-A834BF454125} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {15946D7B-34C4-4FAF-9EBF-C9B36F57813F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {1A3E4FE1-733D-4311-A064-C05602E64BC9} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {1ED94779-D16C-4CD7-BA75-ACD32DC71EA7} - System32\Tasks\{5C5454C9-4FF7-4D9B-8168-B4ADBFB532A3} => pcalua.exe -a C:\Users\EROL\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {2620644B-202A-4B6F-988C-3161F554610E} - System32\Tasks\{585D4E66-9B7D-4B34-AE74-B6C858012A68} => C:\Program Files\Batak4\Batak.exe
Task: {2F5C3C1A-E7D8-422B-8B72-067EFCB6E426} - System32\Tasks\{48C4EDAE-2B03-4D61-9031-1C6CC3104DA6} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Task: {4345FB31-628A-42CA-BC8A-4DDEC2C8E12C} - System32\Tasks\{08389B0D-B0E4-49AB-B8FD-A240B4A96C43} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe
Task: {462ADBF5-7072-4715-8F00-885403D152CF} - System32\Tasks\{8FD4BD32-5AFB-4265-B8DA-333ED1CBAD08} => pcalua.exe -a C:\Users\EROL\Downloads\epson375869eu(1).exe -d C:\Users\EROL\Downloads
Task: {4CDF805B-7549-4CBE-89DA-8DE73C0BAD65} - System32\Tasks\{EB51D504-1FAC-497A-A67B-A70FBE7DB3CD} => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: {50E25B8D-3A25-497D-8821-605C4CE9F525} - System32\Tasks\{1EE10A4C-0ACA-456B-B852-F923D5D0ACE6} => C:\Program Files (x86)\Microsoft Office\OFFICE11\MSACCESS.EXE [2010-01-14] (Microsoft Corporation)
Task: {5B2558E1-A057-46EC-982E-E6C2F169C161} - System32\Tasks\EPSON XP-225 Series Update {DA9064A8-56DA-49F8-8F27-85D2FF2069A9} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {67D15269-582C-425F-9C72-F1EC6DC12842} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {67DE4505-8964-4C77-80A6-6F9CFB42B4C6} - System32\Tasks\{76B6EB2E-1365-46EA-B693-530717E5371D} => pcalua.exe -a C:\Users\EROL\Downloads\5609-batak-ihaleli-tamindir.com\batak-ihaleli-tamindir.com\batak4kur.exe -d C:\Users\EROL\Downloads\5609-batak-ihaleli-tamindir.com\batak-ihaleli-tamindir.com
Task: {82461E53-52F3-4CC5-8F6D-2DD44AE1F00D} - System32\Tasks\{AA56D811-B658-40C5-BF73-83680E2BBC25} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\1\SS_Uninstall.exe
Task: {89E9CC8F-583F-4631-B69C-E939243DA08A} - System32\Tasks\{77355BBA-AB49-4BC3-9494-9094B7615DEC} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\7\SSECUninstall.exe
Task: {A1EB057F-80A2-425D-8970-4314C0D727F1} - System32\Tasks\{81EBBBC1-8E1F-4BCA-9A1E-99068531EEDC} => pcalua.exe -a "C:\Users\EROL\Downloads\5609-batak-ihaleli-tamindir.com (1)\batak-ihaleli-tamindir.com\batak4kur.exe" -d "C:\Users\EROL\Downloads\5609-batak-ihaleli-tamindir.com (1)\batak-ihaleli-tamindir.com"
Task: {B008D2DB-D259-4520-BEAE-D808D076818A} - System32\Tasks\{1D1FFBF9-53D2-493E-A59E-D2B647F3A5BE} => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: {B0217FE0-495C-490A-BB56-79ABF62F641C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {BE31CAA5-4A2A-42E2-9054-20CCD65D205B} - System32\Tasks\{11F68C3A-BA55-46BB-BA57-8FC636D2C17E} => C:\Program Files\Batak4\Batak.exe
Task: {C0020C13-A6BF-4CED-9194-39A192D3B0CB} - System32\Tasks\{885C3099-5D08-4F87-B40C-FC838B023C4D} => pcalua.exe -a C:\Users\EROL\AppData\Local\Temp\Temp1_batak-ihaleli-indirline.com.zip\batak-ihaleli-indirline.com\batak4kur.exe
Task: {C3704AC7-FD37-45AA-90FF-FA7478FE2EB6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-15] (Adobe Systems Incorporated)
Task: {C49ECB39-6FD0-4A01-AACA-ABBBDFA1D846} - System32\Tasks\{6E1DF063-C740-4606-8282-1399C48D708C} => Firefox.exe 
Task: {D2358CEF-B5B4-440B-A128-95F96C22F099} - System32\Tasks\{D39E6D99-9FB1-459D-9A5E-A83528C5BC81} => C:\Program Files\Batak4\Batak.exe
Task: {F0505E72-8A87-4043-BEDF-88569FB995C0} - System32\Tasks\{CF659C13-1743-4AD8-8DCD-5B70213A4392} => Firefox.exe 
Task: {F4F8214F-8FD5-400A-930D-2FA7E805B268} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-225 Series Update {DA9064A8-56DA-49F8-8F27-85D2FF2069A9}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE:/EXE:{DA9064A8-56DA-49F8-8F27-85D2FF2069A9} /F:UpdateSYSTEM
Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Loaded Modules (whitelisted) ==============

2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2009-02-03 02:33 - 2009-02-03 02:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-29 02:55 - 2008-09-29 02:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2015-04-05 17:18 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-05 17:18 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-05 17:18 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-05 17:18 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-05 17:18 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-08-29 01:59 - 2014-12-19 06:01 - 00192376 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libBase64.dll
2013-08-29 01:59 - 2014-12-19 06:01 - 00180088 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
2015-03-15 11:52 - 2015-03-15 11:52 - 16858288 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:1D32EC29
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E3C56885
AlternateDataStreams: C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Deutschland Aktuelle Nachrichten, Outlook.com Email und Skype Login..website:TASKICON_0FA6946226F21BD7E8F75BBFA031461487075638
AlternateDataStreams: C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Deutschland Aktuelle Nachrichten, Outlook.com Email und Skype Login..website:TASKICON_1FA6946226F21BD7E8F75BBFA031461135116317
AlternateDataStreams: C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Deutschland Aktuelle Nachrichten, Outlook.com Email und Skype Login..website:TASKICON_2FA6946226F21BD7E8F75BBFA03146-12823272
AlternateDataStreams: C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Deutschland Aktuelle Nachrichten, Outlook.com Email und Skype Login..website:TASKICON_3FA6946226F21BD7E8F75BBFA03146-1180859722
AlternateDataStreams: C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Deutschland Aktuelle Nachrichten, Outlook.com Email und Skype Login..website:TASKICON_4FA6946226F21BD7E8F75BBFA031461739172809

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1924032147-3410277532-354269451-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Avira.OE.ServiceHost => 2
MSCONFIG\startupfolder: C:^Users^EROL^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^setup.lnk => C:\Windows\pss\setup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^EROL^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SuperOptimizer.lnk => C:\Windows\pss\SuperOptimizer.lnk.Startup
MSCONFIG\startupreg: Elite Unzip AppIntegrator 32-bit => C:\PROGRA~2\ELITEU~2\bar\1.bin\AppIntegrator.exe
MSCONFIG\startupreg: Elite Unzip AppIntegrator 64-bit => C:\PROGRA~2\ELITEU~2\bar\1.bin\AppIntegrator64.exe
MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
MSCONFIG\startupreg: Registry Helper => "C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe" /boot

==================== Accounts: =============================

Administrator (S-1-5-21-1924032147-3410277532-354269451-500 - Administrator - Disabled)
EROL (S-1-5-21-1924032147-3410277532-354269451-1001 - Administrator - Enabled) => C:\Users\EROL
Gast (S-1-5-21-1924032147-3410277532-354269451-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1924032147-3410277532-354269451-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/12/2015 03:01:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OkayFreedomService.exe, Version: 1.4.3.11221, Zeitstempel: 0x54e3011d
Name des fehlerhaften Moduls: OkayFreedomService.exe, Version: 1.4.3.11221, Zeitstempel: 0x54e3011d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000b818
ID des fehlerhaften Prozesses: 0x960
Startzeit der fehlerhaften Anwendung: 0xOkayFreedomService.exe0
Pfad der fehlerhaften Anwendung: OkayFreedomService.exe1
Pfad des fehlerhaften Moduls: OkayFreedomService.exe2
Berichtskennung: OkayFreedomService.exe3

Error: (04/12/2015 00:41:36 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (04/12/2015 00:41:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/12/2015 00:41:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/12/2015 00:41:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/12/2015 00:41:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/12/2015 09:57:20 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/12/2015 09:57:16 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/12/2015 09:57:05 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (04/12/2015 09:57:03 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.


System errors:
=============
Error: (04/13/2015 08:51:06 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (04/13/2015 08:50:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/13/2015 08:50:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/13/2015 08:50:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/13/2015 08:50:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/13/2015 08:50:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "OkayFreedom VPN Starter Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/13/2015 08:50:11 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (04/13/2015 08:49:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/13/2015 08:49:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Ad-Aware" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/13/2015 08:49:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (04/12/2015 03:01:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OkayFreedomService.exe1.4.3.1122154e3011dOkayFreedomService.exe1.4.3.1122154e3011dc00000050000b81896001d07519dca26f11C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exeC:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe0abb5862-e114-11e4-b9ea-00262d58f323

Error: (04/12/2015 00:41:36 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (04/12/2015 00:41:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe

Error: (04/12/2015 00:41:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe

Error: (04/12/2015 00:41:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe

Error: (04/12/2015 00:41:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe

Error: (04/12/2015 09:57:20 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: E:\FRST.exeE:\FRST.exe0

Error: (04/12/2015 09:57:16 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: E:\FRST64.exeE:\FRST64.exe0

Error: (04/12/2015 09:57:05 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: E:\FRST.exeE:\FRST.exe0

Error: (04/12/2015 09:57:03 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: E:\FRST64.exeE:\FRST64.exe0


CodeIntegrity Errors:
===================================
  Date: 2015-04-12 15:00:13.291
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-04-12 15:00:13.181
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 47%
Total physical RAM: 4090.93 MB
Available physical RAM: 2141.26 MB
Total Pagefile: 8180.04 MB
Available Pagefile: 5477.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:453.94 GB) (Free:388.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 5CAE5CAE)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 14.04.2015, 10:41   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware - Standard

Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware



Die Meldung mit Combofix ist ein Fehlalarm.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.04.2015, 20:59   #13
mm0811
 
Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware - Standard

Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware



Habe den Junkware Removal Tool herruntergeladen bekommen. Keine ahnung woran es lag.
Hier der Log:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.4 (04.13.2015:1)
OS: Windows 7 Home Premium x64
Ran by EROL on 14.04.2015 at 18:50:50,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ad-aware browsing protection



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\EliteUnzip_aa.ToolbarProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\EliteUnzip_aa.ToolbarProtector.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}



~~~ Files

Successfully deleted: [File] C:\Users\EROL\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage
Successfully deleted: [File] C:\Users\EROL\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal
Successfully deleted: [File] C:\Windows\wininit.ini



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\ad-aware browsing protection
Successfully deleted: [Folder] C:\Users\EROL\appdata\local\adawarebp
Successfully deleted: [Empty Folder] C:\Users\EROL\appdata\local\{2B87BC22-96B5-4C7F-BF47-CCF225D29AD4}
Successfully deleted: [Empty Folder] C:\Users\EROL\appdata\local\{6E9D09A1-6934-401D-8203-F46C4EFE3DC1}
Successfully deleted: [Empty Folder] C:\Users\EROL\appdata\local\{9DB93F1F-F090-431E-B026-C0834C96FBF1}
Successfully deleted: [Empty Folder] C:\Users\EROL\appdata\local\{CDE32523-B78B-460B-8614-B9CDB7E7F360}
Successfully deleted: [Empty Folder] C:\Users\EROL\appdata\local\{E78D1590-1B86-4B5E-B566-32AE6295B1A5}



~~~ FireFox

Successfully deleted: [Folder] C:\Users\EROL\AppData\Roaming\mozilla\firefox\profiles\tm9r20kd.default-1418645245816\extensions\toolbar@web.de
Successfully deleted the following from C:\Users\EROL\AppData\Roaming\mozilla\firefox\profiles\tm9r20kd.default-1418645245816\prefs.js

user_pref(browser.search.searchengine.alias, sweet-page);
user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.iconURL, hxxp://www.sweet-page.com/favicon.ico);
user_pref(browser.search.searchengine.name, sweet-page);
user_pref(browser.search.searchengine.ptid, cor);
user_pref(browser.search.searchengine.uid, WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082);
user_pref(browser.search.searchengine.url, hxxp://www.sweet-page.com/web/?type=ds&ts=1423478423&from=cor&uid=WDCXWD5000BEVT-22ZAT0_WD-WXD0C798108281082&q={searchTerms});
Emptied folder: C:\Users\EROL\AppData\Roaming\mozilla\firefox\profiles\tm9r20kd.default-1418645245816\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.04.2015 at 18:55:47,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Das log vom ESET Online Scanner hab ich leider beim deinstallieren gelöscht worden Aber er hatte 39 Datein gefunden ...

Hier die log datei von SecurityCheck:
Code:
ATTFilter
 Results of screen317's Security Check version 1.00  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop       
Lavasoft Ad-Aware   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Ad-Aware 
 Spybot - Search & Destroy 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
 Adobe Flash Player 17.0.0.134  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox 36.0.4 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Ad-Aware AAWService.exe is disabled! 
 Ad-Aware AAWTray.exe is disabled! 
 Spybot Teatimer.exe is disabled! 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Ad-Aware Antivirus AdAwareService.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
und von den FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by EROL (administrator) on EROL-PC on 14-04-2015 21:49:45
Running from C:\Users\EROL\Desktop
Loaded Profiles: EROL (Available profiles: EROL)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
() C:\Users\EROL\Downloads\MSN Deutschland  Aktuelle Nachrichten, Outlook.com Email und Skype Login-Dateien\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-06] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated)
HKLM\...\Run: [EPSON Stylus DX3800 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE /F "C:\Windows\TEMP\E_S2D9F.tmp" /EF "HKLM"
HKLM\...\Run: [SBRegRebootCleaner] => C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe [201608 2012-09-20] (GFI Software)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-21] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1194504 2009-08-27] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-07-31] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-08-04] (Acer Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ad-Aware Antivirus] => "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31340640 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [6553000 2015-02-18] (Steganos Software GmbH)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1924032147-3410277532-354269451-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816
FF SearchEngineOrder.3: Bing 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Extension: Bing Search Engine - C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\Extensions\bingsearch.full@microsoft.com [2015-03-26]
FF Extension: OkayFreedom - C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2015-03-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-01-07]

Chrome: 
=======
CHR Profile: C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-11]
CHR Extension: (No Name) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh [2015-03-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Skype Click to Call) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-06]
CHR Extension: (No Name) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnmengjdnfjbochkdkcjbbpildacancp [2015-04-05]
CHR Extension: (Google Wallet) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (No Name) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo [2015-03-28]
CHR Extension: (pnmjaflneibolacpepklokkjnakmikmg) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmjaflneibolacpepklokkjnakmikmg [2015-03-15]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1924032147-3410277532-354269451-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [326072 2015-02-18] (Steganos Software GmbH)
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-08-29] (GFI Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\EROL\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 18:55 - 2015-04-14 18:55 - 00003132 _____ () C:\Users\EROL\Desktop\JRT.txt
2015-04-14 18:51 - 2015-04-14 18:51 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-EROL-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-14 18:50 - 2015-04-14 18:50 - 00000000 ____D () C:\RegBackup
2015-04-13 20:46 - 2015-04-13 20:50 - 00000000 ____D () C:\AdwCleaner
2015-04-13 20:44 - 2015-04-13 20:45 - 00085608 _____ () C:\Users\EROL\Desktop\mbam3.txt
2015-04-13 20:43 - 2015-04-13 20:44 - 00080241 _____ () C:\Users\EROL\Desktop\mbam2.txt
2015-04-13 20:14 - 2015-04-13 20:43 - 00095465 _____ () C:\Users\EROL\Desktop\mbam1.txt
2015-04-12 20:38 - 2015-04-12 20:38 - 00000000 ____D () C:\Users\EROL\Desktop\FRST-OlderVersion
2015-04-12 15:11 - 2015-04-12 15:11 - 00037908 _____ () C:\ComboFix.txt
2015-04-12 14:32 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-12 14:32 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-12 14:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-12 14:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-12 14:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-12 14:32 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-12 14:32 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-12 14:32 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-12 14:28 - 2015-04-12 15:11 - 00000000 ____D () C:\Qoobox
2015-04-12 14:27 - 2015-04-12 15:07 - 00000000 ____D () C:\Windows\erdnt
2015-04-12 12:04 - 2015-04-12 12:04 - 05617275 ____R (Swearware) C:\Users\EROL\Desktop\ComboFix.exe
2015-04-12 11:33 - 2015-04-12 11:33 - 00001268 _____ () C:\Users\EROL\Desktop\Revo Uninstaller.lnk
2015-04-12 11:33 - 2015-04-12 11:33 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-12 11:11 - 2015-04-12 11:11 - 00472176 _____ () C:\Windows\Minidump\041215-18142-01.dmp
2015-04-12 10:07 - 2015-04-12 10:07 - 00048195 _____ () C:\Users\EROL\Desktop\gmer.txt
2015-04-12 09:57 - 2015-04-12 09:57 - 00000470 _____ () C:\Users\EROL\Desktop\defogger_disable.log
2015-04-12 09:57 - 2015-04-11 09:15 - 00380416 _____ () C:\Users\EROL\Desktop\Gmer-19357.exe
2015-04-12 09:57 - 2015-04-11 09:12 - 00050477 _____ () C:\Users\EROL\Desktop\Defogger.exe
2015-04-12 09:47 - 2015-04-13 21:07 - 00036495 _____ () C:\Users\EROL\Desktop\Addition.txt
2015-04-12 09:44 - 2015-04-14 21:50 - 00018472 _____ () C:\Users\EROL\Desktop\FRST.txt
2015-04-12 09:44 - 2015-04-14 21:49 - 00000000 ____D () C:\FRST
2015-04-12 09:42 - 2015-04-12 20:38 - 02096640 _____ (Farbar) C:\Users\EROL\Desktop\FRST64.exe
2015-04-11 23:47 - 2015-04-11 23:47 - 00008963 _____ () C:\Users\EROL\Desktop\1104.txt
2015-04-11 23:19 - 2015-04-13 19:08 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-11 23:19 - 2015-04-11 23:19 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-11 23:19 - 2015-04-11 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-11 23:19 - 2015-04-11 23:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-11 23:19 - 2015-04-11 23:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-11 23:19 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-11 23:19 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-11 23:19 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-11 09:18 - 2015-04-11 09:18 - 00000000 _____ () C:\Users\EROL\defogger_reenable
2015-04-05 18:26 - 2015-04-05 18:26 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Avira
2015-04-05 18:20 - 2015-04-05 18:15 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-05 18:13 - 2015-03-17 13:01 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-05 18:13 - 2015-03-17 13:01 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-05 18:13 - 2015-03-17 13:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-05 18:02 - 2015-04-05 18:02 - 00000000 ____D () C:\Windows\pss
2015-04-05 17:34 - 2015-04-05 17:34 - 00001211 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-05 17:33 - 2015-04-11 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-05 17:33 - 2015-04-05 18:13 - 00000000 ____D () C:\ProgramData\Avira
2015-04-05 17:33 - 2015-04-05 18:13 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-05 17:33 - 2015-04-05 17:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-05 17:18 - 2015-04-10 22:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-05 17:18 - 2015-04-05 17:22 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-05 17:18 - 2015-04-05 17:18 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-04-05 17:18 - 2015-04-05 17:18 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-04-05 17:18 - 2015-04-05 17:18 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-04-05 17:18 - 2015-04-05 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-04-05 17:18 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-04-05 12:21 - 2015-04-05 12:22 - 00291696 _____ () C:\Windows\Minidump\040515-28080-01.dmp
2015-04-05 00:23 - 2015-04-05 00:23 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 00:23 - 2015-04-05 00:23 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 20:10 - 2015-04-04 23:43 - 00008856 _____ () C:\Windows\SysWOW64\29xyOff.ini
2015-04-04 20:10 - 2015-04-04 23:43 - 00008856 _____ () C:\Windows\system32\29xyOff.ini
2015-04-03 23:02 - 2015-04-04 17:18 - 00000000 ____D () C:\Users\EROL\Desktop\Bewerbung
2015-03-31 11:02 - 2015-04-14 18:56 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Steganos VPN
2015-03-31 11:02 - 2015-04-03 21:03 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Steganos
2015-03-31 11:02 - 2015-03-31 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom
2015-03-31 11:02 - 2015-03-31 11:02 - 00000000 ____D () C:\Program Files (x86)\OkayFreedom
2015-03-28 17:52 - 2015-03-28 17:52 - 00300623 _____ () C:\Users\EROL\Downloads\Futbol Canlı Sonuçlar, Canlı maç sonuçları - iddaa.com.htm
2015-03-28 17:52 - 2015-03-28 17:52 - 00000000 ____D () C:\Users\EROL\Downloads\Futbol Canlı Sonuçlar, Canlı maç sonuçları - iddaa.com-Dateien
2015-03-25 10:59 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 10:59 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 10:59 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 10:59 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 10:59 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 10:59 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 10:59 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 10:59 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 12:22 - 2015-04-14 19:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-23 09:46 - 2015-03-23 09:46 - 00000000 ___HD () C:\Users\Public\B95565D26D9A9DC2AD95815626DF35B1
2015-03-22 19:07 - 2015-04-11 23:15 - 00000000 ____D () C:\Users\EROL\AppData\Local\004578DC-1427047646-DE11-8C4E-95D864771729
2015-03-22 09:28 - 2015-03-22 09:28 - 00291696 _____ () C:\Windows\Minidump\032215-18720-01.dmp
2015-03-21 12:00 - 2015-03-23 17:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-03-18 16:07 - 2015-03-18 16:07 - 00000000 ____D () C:\Users\EROL\Option

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 21:44 - 2013-11-24 18:07 - 00000000 ____D () C:\Users\EROL\Downloads\MSN Deutschland  Aktuelle Nachrichten, Outlook.com Email und Skype Login-Dateien
2015-04-14 21:34 - 2015-01-07 14:34 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-225 Series Update {DA9064A8-56DA-49F8-8F27-85D2FF2069A9}.job
2015-04-14 21:27 - 2010-10-15 23:34 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{48FD094E-AFAF-4EC8-9EB3-9106BB6B89F2}
2015-04-14 21:22 - 2012-10-12 12:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 21:22 - 2012-10-12 12:11 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 21:22 - 2012-10-12 12:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-14 21:22 - 2011-10-03 11:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 20:07 - 2009-10-17 08:14 - 01548771 _____ () C:\Windows\WindowsUpdate.log
2015-04-14 18:59 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-14 18:59 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-14 18:49 - 2013-08-29 01:44 - 00001872 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-04-14 18:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-14 18:46 - 2009-07-14 06:51 - 00192194 _____ () C:\Windows\setupact.log
2015-04-13 20:51 - 2009-08-22 10:34 - 01716380 _____ () C:\Windows\PFRO.log
2015-04-13 20:50 - 2015-02-25 12:34 - 00000000 ____D () C:\Windows\system32\log
2015-04-13 20:23 - 2009-07-27 22:41 - 00000000 ____D () C:\Windows\Panther
2015-04-13 18:39 - 2015-02-10 02:08 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-04-12 15:11 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-12 15:04 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-12 14:08 - 2011-10-27 14:22 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Skype
2015-04-12 11:11 - 2014-08-24 16:33 - 523873432 _____ () C:\Windows\MEMORY.DMP
2015-04-12 11:11 - 2014-08-24 16:33 - 00000000 ____D () C:\Windows\Minidump
2015-04-12 10:00 - 2009-10-17 18:03 - 00714532 _____ () C:\Windows\system32\perfh007.dat
2015-04-12 10:00 - 2009-10-17 18:03 - 00154584 _____ () C:\Windows\system32\perfc007.dat
2015-04-12 10:00 - 2009-07-14 07:13 - 01538900 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-12 09:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PLA
2015-04-11 23:56 - 2014-02-26 03:13 - 01472526 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-11 09:18 - 2009-12-09 21:35 - 00000000 ____D () C:\Users\EROL
2015-04-05 18:55 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-05 18:47 - 2015-02-25 12:51 - 00000000 ____D () C:\ProgramData\dcd3ad0177264843bc5000b01d833e70
2015-04-05 18:34 - 2015-02-22 16:51 - 00000000 ____D () C:\ProgramData\{9d4d7a04-c0f0-47e9-9d4d-d7a04c0fe813}
2015-04-05 18:34 - 2015-02-22 16:27 - 00000000 ____D () C:\ProgramData\{1f0c2576-5236-741c-1f0c-c257652395d9}
2015-04-05 12:27 - 2010-10-08 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Okey+
2015-04-05 10:48 - 2015-02-22 16:45 - 00000000 ___HD () C:\Users\Public\Temp
2015-04-05 10:46 - 2015-02-22 16:47 - 00000126 _____ () C:\Users\EROL\AppData\Roaming\WB.CFG
2015-04-04 23:33 - 2009-07-14 04:34 - 00000612 _____ () C:\Windows\win.ini
2015-04-02 10:08 - 2015-03-11 17:03 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-01 18:03 - 2009-08-22 07:40 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-26 11:58 - 2014-09-21 15:55 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-26 11:58 - 2011-10-27 14:22 - 00000000 ____D () C:\ProgramData\Skype
2015-03-26 11:23 - 2014-12-11 12:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 11:23 - 2014-05-09 22:42 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-24 11:28 - 2014-12-29 19:24 - 00000000 ____D () C:\Users\EROL\AppData\Local\Unity
2015-03-24 10:42 - 2015-03-12 22:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-20 01:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-18 12:42 - 2013-11-19 19:18 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Apple Computer
2015-03-18 12:42 - 2013-11-19 19:18 - 00000000 ____D () C:\Users\EROL\AppData\Local\Apple Computer
2015-03-15 11:53 - 2010-11-02 19:07 - 00000000 ____D () C:\Users\EROL\AppData\Local\Adobe

==================== Files in the root of some directories =======

2014-11-20 12:45 - 2014-11-20 12:45 - 6000640 _____ () C:\Program Files (x86)\GUT4C3D.tmp
2015-02-22 16:47 - 2015-04-05 10:46 - 0000126 _____ () C:\Users\EROL\AppData\Roaming\WB.CFG
2010-10-03 23:03 - 2013-11-13 19:00 - 0000124 _____ () C:\Users\EROL\AppData\Roaming\wklnhst.dat
2014-06-23 22:44 - 2014-07-07 23:23 - 0001097 _____ () C:\Users\EROL\AppData\Local\cookies.ini
2015-02-24 11:57 - 2015-02-24 11:57 - 0274045 _____ () C:\Users\EROL\AppData\Local\dsi1.dat
2015-02-24 11:57 - 2015-02-24 11:57 - 0161916 _____ () C:\Users\EROL\AppData\Local\dsi2.dat
2015-03-11 18:30 - 2015-03-11 18:30 - 0001643 _____ () C:\Users\EROL\AppData\Local\MyWinLockerInstaller.txt-20150311.log
2015-03-12 12:54 - 2015-03-12 12:58 - 0006477 _____ () C:\Users\EROL\AppData\Local\MyWinLockerInstaller.txt-20150312.log
2009-10-17 08:15 - 2009-10-17 08:17 - 0007768 _____ () C:\ProgramData\ArcadeDeluxe3.log
2009-08-22 10:44 - 2009-07-18 03:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\EROL\AppData\Local\temp\avgnt.exe
C:\Users\EROL\AppData\Local\temp\Quarantine.exe
C:\Users\EROL\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 10:24

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2015
Ran by EROL at 2015-04-14 21:50:26
Running from C:\Users\EROL\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Lavasoft Ad-Aware (Enabled - Out of date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Aware (Enabled - Out of date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.6731 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.6731 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.22 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.74.216 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.74.216 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3002 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3004 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.7.0715 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Ad-Aware Antivirus (HKLM-x32\...\{944167EA-7F89-4705-8DCD-1D63B53141B0}) (Version: 10.5.3.4405 - Lavasoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Backup Manager Basic (x32 Version: 2.0.0.22 - NewTech Infosystems) Hidden
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}) (Version: 12.26.02 - Broadcom Corporation)
Disneys Sport - Goofy Skateboarding (HKLM-x32\...\Disney's Extremely Goofy Skateboarding) (Version:  - )
eBay Worldwide (HKLM-x32\...\{AAF89271-2594-468D-B578-96B2E30C41C4}) (Version: 2.1.0703 - OEM)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{71E90740-5E5F-4D43-AB8F-CAC1D93DBB5B}) (Version: 2.5.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{682A3328-9621-4BAD-91FA-873A076610C4}) (Version: 1.21.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-225 Series Printer Uninstall (HKLM\...\EPSON XP-225 Series) (Version:  - SEIKO EPSON Corporation)
EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM\...\{DF5200AB-5AE6-4598-846B-8ABC3AE121B1}) (Version: 3.0.2.0 - SEIKO EPSON Corporation)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Acer Incorporated)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.03 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
OkayFreedom (HKLM-x32\...\{3F3FB10C-7175-4D38-9335-3488B89C12AF}) (Version: 1.4.3 - Steganos Software GmbH)
Okey+ 2.1 (HKLM-x32\...\Okey+_is1) (Version:  - Böcek Yazýlým)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version:  - )
Samsung Mobile Modem Device Software (HKLM\...\Samsung Mobile Modem Device) (Version:  - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
SAMSUNG USB Mobile Device Software (HKLM\...\SAMSUNG USB Mobile Device) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3005 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID-Anmelde-Assistent (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

04-04-2015 09:44:40 Windows Update
05-04-2015 00:22:18 Windows Update
05-04-2015 19:00:10 Windows-Sicherung
11-04-2015 23:50:37 Windows Update
12-04-2015 11:34:47 Revo Uninstaller's restore point - BoBrowser
12-04-2015 11:39:16 Revo Uninstaller's restore point - BoBrowser
12-04-2015 15:22:37 Windows Update
12-04-2015 19:19:11 Windows-Sicherung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-04-12 15:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00249043-353C-425A-A270-D8304F2C8EAD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {0B2D1DBB-44FA-452D-A231-B92997632E04} - \ZMCRFF No Task File <==== ATTENTION
Task: {0C6332C4-2A83-4FC4-85A4-1C4C27D1F6EF} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: {138FE3C3-34E0-4253-AADC-A834BF454125} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {15946D7B-34C4-4FAF-9EBF-C9B36F57813F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {1A3E4FE1-733D-4311-A064-C05602E64BC9} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {1ED94779-D16C-4CD7-BA75-ACD32DC71EA7} - System32\Tasks\{5C5454C9-4FF7-4D9B-8168-B4ADBFB532A3} => pcalua.exe -a C:\Users\EROL\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {2620644B-202A-4B6F-988C-3161F554610E} - System32\Tasks\{585D4E66-9B7D-4B34-AE74-B6C858012A68} => C:\Program Files\Batak4\Batak.exe
Task: {2F5C3C1A-E7D8-422B-8B72-067EFCB6E426} - System32\Tasks\{48C4EDAE-2B03-4D61-9031-1C6CC3104DA6} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Task: {4345FB31-628A-42CA-BC8A-4DDEC2C8E12C} - System32\Tasks\{08389B0D-B0E4-49AB-B8FD-A240B4A96C43} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe
Task: {462ADBF5-7072-4715-8F00-885403D152CF} - System32\Tasks\{8FD4BD32-5AFB-4265-B8DA-333ED1CBAD08} => pcalua.exe -a C:\Users\EROL\Downloads\epson375869eu(1).exe -d C:\Users\EROL\Downloads
Task: {4CDF805B-7549-4CBE-89DA-8DE73C0BAD65} - System32\Tasks\{EB51D504-1FAC-497A-A67B-A70FBE7DB3CD} => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: {50E25B8D-3A25-497D-8821-605C4CE9F525} - System32\Tasks\{1EE10A4C-0ACA-456B-B852-F923D5D0ACE6} => C:\Program Files (x86)\Microsoft Office\OFFICE11\MSACCESS.EXE [2010-01-14] (Microsoft Corporation)
Task: {5B2558E1-A057-46EC-982E-E6C2F169C161} - System32\Tasks\EPSON XP-225 Series Update {DA9064A8-56DA-49F8-8F27-85D2FF2069A9} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {67D15269-582C-425F-9C72-F1EC6DC12842} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {67DE4505-8964-4C77-80A6-6F9CFB42B4C6} - System32\Tasks\{76B6EB2E-1365-46EA-B693-530717E5371D} => pcalua.exe -a C:\Users\EROL\Downloads\5609-batak-ihaleli-tamindir.com\batak-ihaleli-tamindir.com\batak4kur.exe -d C:\Users\EROL\Downloads\5609-batak-ihaleli-tamindir.com\batak-ihaleli-tamindir.com
Task: {82461E53-52F3-4CC5-8F6D-2DD44AE1F00D} - System32\Tasks\{AA56D811-B658-40C5-BF73-83680E2BBC25} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\1\SS_Uninstall.exe
Task: {89E9CC8F-583F-4631-B69C-E939243DA08A} - System32\Tasks\{77355BBA-AB49-4BC3-9494-9094B7615DEC} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\7\SSECUninstall.exe
Task: {A1EB057F-80A2-425D-8970-4314C0D727F1} - System32\Tasks\{81EBBBC1-8E1F-4BCA-9A1E-99068531EEDC} => pcalua.exe -a "C:\Users\EROL\Downloads\5609-batak-ihaleli-tamindir.com (1)\batak-ihaleli-tamindir.com\batak4kur.exe" -d "C:\Users\EROL\Downloads\5609-batak-ihaleli-tamindir.com (1)\batak-ihaleli-tamindir.com"
Task: {B008D2DB-D259-4520-BEAE-D808D076818A} - System32\Tasks\{1D1FFBF9-53D2-493E-A59E-D2B647F3A5BE} => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: {B0217FE0-495C-490A-BB56-79ABF62F641C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {BE31CAA5-4A2A-42E2-9054-20CCD65D205B} - System32\Tasks\{11F68C3A-BA55-46BB-BA57-8FC636D2C17E} => C:\Program Files\Batak4\Batak.exe
Task: {C0020C13-A6BF-4CED-9194-39A192D3B0CB} - System32\Tasks\{885C3099-5D08-4F87-B40C-FC838B023C4D} => pcalua.exe -a C:\Users\EROL\AppData\Local\Temp\Temp1_batak-ihaleli-indirline.com.zip\batak-ihaleli-indirline.com\batak4kur.exe
Task: {C3704AC7-FD37-45AA-90FF-FA7478FE2EB6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {C49ECB39-6FD0-4A01-AACA-ABBBDFA1D846} - System32\Tasks\{6E1DF063-C740-4606-8282-1399C48D708C} => Firefox.exe 
Task: {D2358CEF-B5B4-440B-A128-95F96C22F099} - System32\Tasks\{D39E6D99-9FB1-459D-9A5E-A83528C5BC81} => C:\Program Files\Batak4\Batak.exe
Task: {F0505E72-8A87-4043-BEDF-88569FB995C0} - System32\Tasks\{CF659C13-1743-4AD8-8DCD-5B70213A4392} => Firefox.exe 
Task: {F4F8214F-8FD5-400A-930D-2FA7E805B268} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-225 Series Update {DA9064A8-56DA-49F8-8F27-85D2FF2069A9}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE:/EXE:{DA9064A8-56DA-49F8-8F27-85D2FF2069A9} /F:UpdateSYSTEM
Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Loaded Modules (whitelisted) ==============

2015-04-14 21:43 - 2015-04-14 21:44 - 00852616 _____ () C:\Users\EROL\Downloads\MSN Deutschland  Aktuelle Nachrichten, Outlook.com Email und Skype Login-Dateien\SecurityCheck.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2015-04-05 17:18 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-05 17:18 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-05 17:18 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-05 17:18 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-05 17:18 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-03-15 11:52 - 2015-03-15 11:52 - 16858288 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:1D32EC29
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E3C56885
AlternateDataStreams: C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Deutschland Aktuelle Nachrichten, Outlook.com Email und Skype Login..website:TASKICON_0FA6946226F21BD7E8F75BBFA031461487075638
AlternateDataStreams: C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Deutschland Aktuelle Nachrichten, Outlook.com Email und Skype Login..website:TASKICON_1FA6946226F21BD7E8F75BBFA031461135116317
AlternateDataStreams: C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Deutschland Aktuelle Nachrichten, Outlook.com Email und Skype Login..website:TASKICON_2FA6946226F21BD7E8F75BBFA03146-12823272
AlternateDataStreams: C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Deutschland Aktuelle Nachrichten, Outlook.com Email und Skype Login..website:TASKICON_3FA6946226F21BD7E8F75BBFA03146-1180859722
AlternateDataStreams: C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Deutschland Aktuelle Nachrichten, Outlook.com Email und Skype Login..website:TASKICON_4FA6946226F21BD7E8F75BBFA031461739172809

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1924032147-3410277532-354269451-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Avira.OE.ServiceHost => 2
MSCONFIG\startupfolder: C:^Users^EROL^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^setup.lnk => C:\Windows\pss\setup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^EROL^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SuperOptimizer.lnk => C:\Windows\pss\SuperOptimizer.lnk.Startup
MSCONFIG\startupreg: Elite Unzip AppIntegrator 32-bit => C:\PROGRA~2\ELITEU~2\bar\1.bin\AppIntegrator.exe
MSCONFIG\startupreg: Elite Unzip AppIntegrator 64-bit => C:\PROGRA~2\ELITEU~2\bar\1.bin\AppIntegrator64.exe
MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
MSCONFIG\startupreg: Registry Helper => "C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe" /boot

==================== Accounts: =============================

Administrator (S-1-5-21-1924032147-3410277532-354269451-500 - Administrator - Disabled)
EROL (S-1-5-21-1924032147-3410277532-354269451-1001 - Administrator - Enabled) => C:\Users\EROL
Gast (S-1-5-21-1924032147-3410277532-354269451-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1924032147-3410277532-354269451-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/14/2015 09:49:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 12.4.2015.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 16e0

Startzeit: 01d076ec08ea82dd

Endzeit: 0

Anwendungspfad: C:\Users\EROL\Desktop\FRST64.exe

Berichts-ID:

Error: (04/14/2015 09:39:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/14/2015 06:58:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/14/2015 06:58:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (04/14/2015 09:49:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe12.4.2015.016e001d076ec08ea82dd0C:\Users\EROL\Desktop\FRST64.exe

Error: (04/14/2015 09:39:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (04/14/2015 06:58:20 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\EROL\Downloads\MSN Deutschland  Aktuelle Nachrichten, Outlook.com Email und Skype Login-Dateien\esetsmartinstaller_deu.exe

Error: (04/14/2015 06:58:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\EROL\Downloads\MSN Deutschland  Aktuelle Nachrichten, Outlook.com Email und Skype Login-Dateien\esetsmartinstaller_deu.exe


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 50%
Total physical RAM: 4090.93 MB
Available physical RAM: 2016.09 MB
Total Pagefile: 8180.04 MB
Available Pagefile: 5909.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:453.94 GB) (Free:387.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 5CAE5CAE)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 15.04.2015, 14:08   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware - Standard

Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware



Java, Adobe und Firefox updaten.

Lade Dir bitte von hier Emsisoft Emergency Kit Download Emsisoft Emergency Kit herunter.
  • Bitte installiere das Programm in den vorgegebenen Pfad.
  • Starte das Programm durch Doppelklick der Desktopverknüpfung.
  • Das EEK ist nach dem Laden der Malwaresignaturen für den Scan bereit.
  • Folge nun bitte der bebilderten Bildanleitung zu Emergency Kit, entferne alle Funde und poste am Ende des Scans bzw. der Bereinigung das Log.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.04.2015, 21:13   #15
mm0811
 
Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware - Standard

Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware



Code:
ATTFilter
Emsisoft Emergency Kit - Version 9.0
Letztes Update: 15.04.2015 19:08:39
Benutzerkonto: EROL-PC\EROL

Scan-Einstellungen:

Scan Methode: Detail-Scan
Objekte: Rootkits, Speicher, Traces, C:\

PUPs-Erkennung: An
Archiv-Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan-Beginn:	15.04.2015 19:09:22
Value: HKEY_USERS\S-1-5-21-1924032147-3410277532-354269451-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR 	gefunden: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS 	gefunden: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-1924032147-3410277532-354269451-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS 	gefunden: Setting.DisableRegistryTools (A)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\0a0fc379.qua -> (Quarantine-8) -> (NSIS o) -> zlib_nsis0003 	gefunden: Trojan.GenericKD.2238938 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\0a0fc379.qua -> (Quarantine-8) -> (NSIS o) -> zlib_nsis0015 	gefunden: Trojan.GenericKD.2238289 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\0a0fc379.qua -> (Quarantine-8) -> (NSIS o) -> zlib_nsis0020 	gefunden: Trojan.GenericKD.2238376 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\0a80b711.qua -> (Quarantine-8) 	gefunden: Gen:Variant.Adware.SoftPulse.9 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\1a11bfa6.qua -> (Quarantine-8) 	gefunden: Trojan.GenericKD.2241563 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\1a50ca65.qua -> (Quarantine-8) -> (Quarantine-PE) 	gefunden: Adware.Eorezo.BZ (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\2ef3d0b2.qua -> (Quarantine-8) 	gefunden: Gen:Variant.Adware.SoftPulse.9 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\3922a9a2.qua -> (Quarantine-8) 	gefunden: Adware.Generic.1217714 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\39a7dd54.qua -> (Quarantine-8) 	gefunden: Application.Agent.ID (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\3b868f34.qua -> (Quarantine-8) 	gefunden: Adware.SearchProtect.W (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\46389bfc.qua -> (Quarantine-8) 	gefunden: Gen:Variant.Strictor.79122 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\480b9308.qua -> (Quarantine-8) -> (Quarantine-PE) 	gefunden: Adware.Eorezo.BZ (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\484ae366.qua -> (Quarantine-8) 	gefunden: Gen:Variant.Zusy.124370 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\50ddca42.qua -> (Quarantine-8) 	gefunden: Gen:Variant.Zusy.124370 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\535fbaac.qua -> (Quarantine-8) 	gefunden: Trojan.GenericKD.2238376 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5397a177.qua -> (Quarantine-8) 	gefunden: Trojan.GenericKD.2180595 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\539bca22.qua -> (Quarantine-8) 	gefunden: Gen:Variant.Zusy.124370 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\53ab4448.qua -> (Quarantine-8) 	gefunden: Adware.Generic.1217714 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\53b4e593.qua -> (Quarantine-8) 	gefunden: Trojan.GenericKD.2241294 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\58019145.qua -> (Quarantine-8) 	gefunden: Adware.SearchProtect.W (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5bc2c797.qua -> (Quarantine-8) 	gefunden: Gen:Variant.Strictor.79122 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5c8cbf7f.qua -> (Quarantine-8) 	gefunden: Adware.SearchProtect.W (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\7698e88f.qua -> (Quarantine-8) 	gefunden: Gen:Variant.Adware.SoftPulse.9 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\7c191a0d.qua -> (Quarantine-8) 	gefunden: Gen:Variant.Graftor.182037 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\7c27f07d.qua -> (Quarantine-8) 	gefunden: Application.OptimizerPro.V (B)

Gescannt	295895
Gefunden	28

Scan-Ende:	15.04.2015 21:47:21
Scan-Zeit:	2:37:59

C:\ProgramData\Avira\AntiVir Desktop\INFECTED\7c27f07d.qua	Quarantäne Application.OptimizerPro.V (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\7c191a0d.qua	Quarantäne Gen:Variant.Graftor.182037 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\7698e88f.qua	Quarantäne Gen:Variant.Adware.SoftPulse.9 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5c8cbf7f.qua	Quarantäne Adware.SearchProtect.W (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5bc2c797.qua	Quarantäne Gen:Variant.Strictor.79122 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\58019145.qua	Quarantäne Adware.SearchProtect.W (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\53b4e593.qua	Quarantäne Trojan.GenericKD.2241294 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\53ab4448.qua	Quarantäne Adware.Generic.1217714 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\539bca22.qua	Quarantäne Gen:Variant.Zusy.124370 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5397a177.qua	Quarantäne Trojan.GenericKD.2180595 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\535fbaac.qua	Quarantäne Trojan.GenericKD.2238376 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\50ddca42.qua	Quarantäne Gen:Variant.Zusy.124370 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\484ae366.qua	Quarantäne Gen:Variant.Zusy.124370 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\480b9308.qua	Quarantäne Adware.Eorezo.BZ (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\46389bfc.qua	Quarantäne Gen:Variant.Strictor.79122 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\3b868f34.qua	Quarantäne Adware.SearchProtect.W (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\39a7dd54.qua	Quarantäne Application.Agent.ID (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\3922a9a2.qua	Quarantäne Adware.Generic.1217714 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\2ef3d0b2.qua	Quarantäne Gen:Variant.Adware.SoftPulse.9 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\1a50ca65.qua	Quarantäne Adware.Eorezo.BZ (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\1a11bfa6.qua	Quarantäne Trojan.GenericKD.2241563 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\0a80b711.qua	Quarantäne Gen:Variant.Adware.SoftPulse.9 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\0a0fc379.qua	Quarantäne Trojan.GenericKD.2238376 (B)
Value: HKEY_USERS\S-1-5-21-1924032147-3410277532-354269451-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS	Quarantäne Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS	Quarantäne Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-1924032147-3410277532-354269451-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR	Quarantäne Setting.DisableTaskMgr (A)

Quarantäne	26
         
Avira Antivirus sagt mir das er 40 Viren oder unerwünschte Programme gefundet hat ... Aber die ganzen Popup's im Firefox sind jetzt wieder weg


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04
Ran by EROL (administrator) on EROL-PC on 15-04-2015 22:09:29
Running from C:\Users\EROL\Desktop
Loaded Profiles: EROL (Available profiles: EROL)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-06] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated)
HKLM\...\Run: [EPSON Stylus DX3800 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE /F "C:\Windows\TEMP\E_S2D9F.tmp" /EF "HKLM"
HKLM\...\Run: [SBRegRebootCleaner] => C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe [201608 2012-09-20] (GFI Software)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-21] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1194504 2009-08-27] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-07-31] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-08-04] (Acer Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ad-Aware Antivirus] => "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31340640 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\...\Run: [OKAYFREEDOM_Agent] => C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe [6553000 2015-02-18] (Steganos Software GmbH)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1924032147-3410277532-354269451-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1924032147-3410277532-354269451-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1924032147-3410277532-354269451-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816
FF SearchEngineOrder.3: Bing 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\Extensions\bingsearch.full@microsoft.com [2015-03-26]
FF Extension: OkayFreedom - C:\Users\EROL\AppData\Roaming\Mozilla\Firefox\Profiles\tm9r20kd.default-1418645245816\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2015-03-31]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-04-14]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-14]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-01-07]

Chrome: 
=======
CHR Profile: C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-11]
CHR Extension: (No Name) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh [2015-03-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Skype Click to Call) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-06]
CHR Extension: (No Name) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnmengjdnfjbochkdkcjbbpildacancp [2015-04-05]
CHR Extension: (Google Wallet) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (No Name) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo [2015-03-28]
CHR Extension: (pnmjaflneibolacpepklokkjnakmikmg) - C:\Users\EROL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmjaflneibolacpepklokkjnakmikmg [2015-03-15]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1924032147-3410277532-354269451-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [326072 2015-02-18] (Steganos Software GmbH)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
R3 cleanhlp; C:\eek\bin\cleanhlp64.sys [57024 2015-04-15] (Emsisoft GmbH)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-08-29] (GFI Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\EROL\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 19:04 - 2015-04-15 19:04 - 00000747 _____ () C:\Users\EROL\Desktop\Start Emsisoft Emergency Kit.lnk
2015-04-15 18:56 - 2015-04-15 19:05 - 00000000 ____D () C:\eek
2015-04-14 19:49 - 2015-04-14 19:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-14 18:55 - 2015-04-14 18:55 - 00003132 _____ () C:\Users\EROL\Desktop\JRT.txt
2015-04-14 18:51 - 2015-04-14 18:51 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-EROL-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-14 18:50 - 2015-04-14 18:50 - 00000000 ____D () C:\RegBackup
2015-04-13 20:46 - 2015-04-13 20:50 - 00000000 ____D () C:\AdwCleaner
2015-04-13 20:44 - 2015-04-13 20:45 - 00085608 _____ () C:\Users\EROL\Desktop\mbam3.txt
2015-04-13 20:43 - 2015-04-13 20:44 - 00080241 _____ () C:\Users\EROL\Desktop\mbam2.txt
2015-04-13 20:14 - 2015-04-13 20:43 - 00095465 _____ () C:\Users\EROL\Desktop\mbam1.txt
2015-04-12 20:38 - 2015-04-15 22:07 - 00000000 ____D () C:\Users\EROL\Desktop\FRST-OlderVersion
2015-04-12 15:11 - 2015-04-12 15:11 - 00037908 _____ () C:\ComboFix.txt
2015-04-12 14:32 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-12 14:32 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-12 14:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-12 14:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-12 14:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-12 14:32 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-12 14:32 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-12 14:32 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-12 14:28 - 2015-04-12 15:11 - 00000000 ____D () C:\Qoobox
2015-04-12 14:27 - 2015-04-12 15:07 - 00000000 ____D () C:\Windows\erdnt
2015-04-12 12:04 - 2015-04-12 12:04 - 05617275 ____R (Swearware) C:\Users\EROL\Desktop\ComboFix.exe
2015-04-12 11:33 - 2015-04-12 11:33 - 00001268 _____ () C:\Users\EROL\Desktop\Revo Uninstaller.lnk
2015-04-12 11:33 - 2015-04-12 11:33 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-12 11:11 - 2015-04-12 11:11 - 00472176 _____ () C:\Windows\Minidump\041215-18142-01.dmp
2015-04-12 10:07 - 2015-04-12 10:07 - 00048195 _____ () C:\Users\EROL\Desktop\gmer.txt
2015-04-12 09:57 - 2015-04-12 09:57 - 00000470 _____ () C:\Users\EROL\Desktop\defogger_disable.log
2015-04-12 09:57 - 2015-04-11 09:15 - 00380416 _____ () C:\Users\EROL\Desktop\Gmer-19357.exe
2015-04-12 09:57 - 2015-04-11 09:12 - 00050477 _____ () C:\Users\EROL\Desktop\Defogger.exe
2015-04-12 09:47 - 2015-04-14 21:51 - 00031265 _____ () C:\Users\EROL\Desktop\Addition.txt
2015-04-12 09:44 - 2015-04-15 22:10 - 00020190 _____ () C:\Users\EROL\Desktop\FRST.txt
2015-04-12 09:44 - 2015-04-15 22:09 - 00000000 ____D () C:\FRST
2015-04-12 09:42 - 2015-04-15 22:07 - 02097664 _____ (Farbar) C:\Users\EROL\Desktop\FRST64.exe
2015-04-11 23:47 - 2015-04-11 23:47 - 00008963 _____ () C:\Users\EROL\Desktop\1104.txt
2015-04-11 23:19 - 2015-04-13 19:08 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-11 23:19 - 2015-04-11 23:19 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-11 23:19 - 2015-04-11 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-04-11 23:19 - 2015-04-11 23:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-11 23:19 - 2015-04-11 23:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-04-11 23:19 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-11 23:19 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-11 23:19 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-11 09:18 - 2015-04-11 09:18 - 00000000 _____ () C:\Users\EROL\defogger_reenable
2015-04-05 18:26 - 2015-04-05 18:26 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Avira
2015-04-05 18:20 - 2015-04-05 18:15 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-05 18:13 - 2015-03-17 13:01 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-05 18:13 - 2015-03-17 13:01 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-05 18:13 - 2015-03-17 13:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-05 18:02 - 2015-04-05 18:02 - 00000000 ____D () C:\Windows\pss
2015-04-05 17:34 - 2015-04-05 17:34 - 00001211 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-05 17:33 - 2015-04-11 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-05 17:33 - 2015-04-05 18:13 - 00000000 ____D () C:\ProgramData\Avira
2015-04-05 17:33 - 2015-04-05 18:13 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-05 17:33 - 2015-04-05 17:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-05 17:18 - 2015-04-10 22:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-05 17:18 - 2015-04-05 17:22 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-05 17:18 - 2015-04-05 17:18 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-04-05 17:18 - 2015-04-05 17:18 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-04-05 17:18 - 2015-04-05 17:18 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-04-05 17:18 - 2015-04-05 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-04-05 17:18 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-04-05 12:21 - 2015-04-05 12:22 - 00291696 _____ () C:\Windows\Minidump\040515-28080-01.dmp
2015-04-05 00:23 - 2015-04-05 00:23 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 00:23 - 2015-04-05 00:23 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 20:10 - 2015-04-04 23:43 - 00008856 _____ () C:\Windows\SysWOW64\29xyOff.ini
2015-04-04 20:10 - 2015-04-04 23:43 - 00008856 _____ () C:\Windows\system32\29xyOff.ini
2015-04-03 23:02 - 2015-04-04 17:18 - 00000000 ____D () C:\Users\EROL\Desktop\Bewerbung
2015-03-31 11:02 - 2015-04-15 16:50 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Steganos VPN
2015-03-31 11:02 - 2015-04-03 21:03 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Steganos
2015-03-31 11:02 - 2015-03-31 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OkayFreedom
2015-03-31 11:02 - 2015-03-31 11:02 - 00000000 ____D () C:\Program Files (x86)\OkayFreedom
2015-03-28 17:52 - 2015-03-28 17:52 - 00300623 _____ () C:\Users\EROL\Downloads\Futbol Canlı Sonuçlar, Canlı maç sonuçları - iddaa.com.htm
2015-03-28 17:52 - 2015-03-28 17:52 - 00000000 ____D () C:\Users\EROL\Downloads\Futbol Canlı Sonuçlar, Canlı maç sonuçları - iddaa.com-Dateien
2015-03-25 10:59 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 10:59 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 10:59 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 10:59 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 10:59 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 10:59 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 10:59 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 10:59 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 09:46 - 2015-03-23 09:46 - 00000000 ___HD () C:\Users\Public\B95565D26D9A9DC2AD95815626DF35B1
2015-03-22 19:07 - 2015-04-11 23:15 - 00000000 ____D () C:\Users\EROL\AppData\Local\004578DC-1427047646-DE11-8C4E-95D864771729
2015-03-22 09:28 - 2015-03-22 09:28 - 00291696 _____ () C:\Windows\Minidump\032215-18720-01.dmp
2015-03-18 16:07 - 2015-03-18 16:07 - 00000000 ____D () C:\Users\EROL\Option

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 22:08 - 2010-10-15 23:34 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{48FD094E-AFAF-4EC8-9EB3-9106BB6B89F2}
2015-04-15 21:34 - 2015-01-07 14:34 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-225 Series Update {DA9064A8-56DA-49F8-8F27-85D2FF2069A9}.job
2015-04-15 18:59 - 2013-11-24 18:07 - 00000000 ____D () C:\Users\EROL\Downloads\MSN Deutschland  Aktuelle Nachrichten, Outlook.com Email und Skype Login-Dateien
2015-04-15 18:28 - 2009-10-17 08:14 - 01698247 _____ () C:\Windows\WindowsUpdate.log
2015-04-15 18:20 - 2012-10-12 12:11 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 18:20 - 2011-10-03 11:34 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 18:20 - 2010-11-02 19:07 - 00000000 ____D () C:\Users\EROL\AppData\Local\Adobe
2015-04-15 16:59 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-15 16:59 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-15 16:54 - 2014-11-26 20:52 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-15 16:54 - 2013-07-15 12:34 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-15 16:52 - 2013-08-29 01:44 - 00001872 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-04-15 16:50 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-15 16:50 - 2009-07-14 06:51 - 00192306 _____ () C:\Windows\setupact.log
2015-04-15 16:49 - 2015-03-12 22:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-15 16:38 - 2012-10-12 12:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-15 16:38 - 2009-08-22 10:34 - 01717214 _____ () C:\Windows\PFRO.log
2015-04-15 16:37 - 2012-10-12 12:11 - 00003796 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-13 20:50 - 2015-02-25 12:34 - 00000000 ____D () C:\Windows\system32\log
2015-04-13 20:23 - 2009-07-27 22:41 - 00000000 ____D () C:\Windows\Panther
2015-04-13 18:39 - 2015-02-10 02:08 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-04-12 15:11 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-12 15:04 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-12 14:08 - 2011-10-27 14:22 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Skype
2015-04-12 11:11 - 2014-08-24 16:33 - 523873432 _____ () C:\Windows\MEMORY.DMP
2015-04-12 11:11 - 2014-08-24 16:33 - 00000000 ____D () C:\Windows\Minidump
2015-04-12 10:00 - 2009-10-17 18:03 - 00714532 _____ () C:\Windows\system32\perfh007.dat
2015-04-12 10:00 - 2009-10-17 18:03 - 00154584 _____ () C:\Windows\system32\perfc007.dat
2015-04-12 10:00 - 2009-07-14 07:13 - 01538900 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-12 09:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PLA
2015-04-11 23:56 - 2014-02-26 03:13 - 01472526 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-11 09:18 - 2009-12-09 21:35 - 00000000 ____D () C:\Users\EROL
2015-04-05 18:55 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-05 18:47 - 2015-02-25 12:51 - 00000000 ____D () C:\ProgramData\dcd3ad0177264843bc5000b01d833e70
2015-04-05 18:34 - 2015-02-22 16:51 - 00000000 ____D () C:\ProgramData\{9d4d7a04-c0f0-47e9-9d4d-d7a04c0fe813}
2015-04-05 18:34 - 2015-02-22 16:27 - 00000000 ____D () C:\ProgramData\{1f0c2576-5236-741c-1f0c-c257652395d9}
2015-04-05 12:27 - 2010-10-08 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Okey+
2015-04-05 10:48 - 2015-02-22 16:45 - 00000000 ___HD () C:\Users\Public\Temp
2015-04-05 10:46 - 2015-02-22 16:47 - 00000126 _____ () C:\Users\EROL\AppData\Roaming\WB.CFG
2015-04-04 23:33 - 2009-07-14 04:34 - 00000612 _____ () C:\Windows\win.ini
2015-04-02 10:08 - 2015-03-11 17:03 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-01 18:03 - 2009-08-22 07:40 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-26 11:58 - 2014-09-21 15:55 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-26 11:58 - 2011-10-27 14:22 - 00000000 ____D () C:\ProgramData\Skype
2015-03-26 11:23 - 2014-12-11 12:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 11:23 - 2014-05-09 22:42 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-24 11:28 - 2014-12-29 19:24 - 00000000 ____D () C:\Users\EROL\AppData\Local\Unity
2015-03-20 01:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-18 12:42 - 2013-11-19 19:18 - 00000000 ____D () C:\Users\EROL\AppData\Roaming\Apple Computer
2015-03-18 12:42 - 2013-11-19 19:18 - 00000000 ____D () C:\Users\EROL\AppData\Local\Apple Computer

==================== Files in the root of some directories =======

2014-11-20 12:45 - 2014-11-20 12:45 - 6000640 _____ () C:\Program Files (x86)\GUT4C3D.tmp
2015-02-22 16:47 - 2015-04-05 10:46 - 0000126 _____ () C:\Users\EROL\AppData\Roaming\WB.CFG
2010-10-03 23:03 - 2013-11-13 19:00 - 0000124 _____ () C:\Users\EROL\AppData\Roaming\wklnhst.dat
2014-06-23 22:44 - 2014-07-07 23:23 - 0001097 _____ () C:\Users\EROL\AppData\Local\cookies.ini
2015-02-24 11:57 - 2015-02-24 11:57 - 0274045 _____ () C:\Users\EROL\AppData\Local\dsi1.dat
2015-02-24 11:57 - 2015-02-24 11:57 - 0161916 _____ () C:\Users\EROL\AppData\Local\dsi2.dat
2015-03-11 18:30 - 2015-03-11 18:30 - 0001643 _____ () C:\Users\EROL\AppData\Local\MyWinLockerInstaller.txt-20150311.log
2015-03-12 12:54 - 2015-03-12 12:58 - 0006477 _____ () C:\Users\EROL\AppData\Local\MyWinLockerInstaller.txt-20150312.log
2009-10-17 08:15 - 2009-10-17 08:17 - 0007768 _____ () C:\ProgramData\ArcadeDeluxe3.log
2009-08-22 10:44 - 2009-07-18 03:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\EROL\AppData\Local\temp\avgnt.exe
C:\Users\EROL\AppData\Local\temp\jre-8u45-windows-au.exe
C:\Users\EROL\AppData\Local\temp\Quarantine.exe
C:\Users\EROL\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 22:24

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2015 04
Ran by EROL at 2015-04-15 22:11:15
Running from C:\Users\EROL\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Lavasoft Ad-Aware (Enabled - Out of date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Aware (Enabled - Out of date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.6731 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.6731 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.22 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.74.216 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.74.216 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3002 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3004 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.7.0715 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Ad-Aware Antivirus (HKLM-x32\...\{944167EA-7F89-4705-8DCD-1D63B53141B0}) (Version: 10.5.3.4405 - Lavasoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Backup Manager Basic (x32 Version: 2.0.0.22 - NewTech Infosystems) Hidden
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}) (Version: 12.26.02 - Broadcom Corporation)
Disneys Sport - Goofy Skateboarding (HKLM-x32\...\Disney's Extremely Goofy Skateboarding) (Version:  - )
eBay Worldwide (HKLM-x32\...\{AAF89271-2594-468D-B578-96B2E30C41C4}) (Version: 2.1.0703 - OEM)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{71E90740-5E5F-4D43-AB8F-CAC1D93DBB5B}) (Version: 2.5.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{682A3328-9621-4BAD-91FA-873A076610C4}) (Version: 1.21.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-225 Series Printer Uninstall (HKLM\...\EPSON XP-225 Series) (Version:  - SEIKO EPSON Corporation)
EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM\...\{DF5200AB-5AE6-4598-846B-8ABC3AE121B1}) (Version: 3.0.2.0 - SEIKO EPSON Corporation)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Acer Incorporated)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.03 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
OkayFreedom (HKLM-x32\...\{3F3FB10C-7175-4D38-9335-3488B89C12AF}) (Version: 1.4.3 - Steganos Software GmbH)
Okey+ 2.1 (HKLM-x32\...\Okey+_is1) (Version:  - Böcek Yazýlým)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version:  - )
Samsung Mobile Modem Device Software (HKLM\...\Samsung Mobile Modem Device) (Version:  - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
SAMSUNG USB Mobile Device Software (HKLM\...\SAMSUNG USB Mobile Device) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3005 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID-Anmelde-Assistent (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

04-04-2015 09:44:40 Windows Update
05-04-2015 00:22:18 Windows Update
05-04-2015 19:00:10 Windows-Sicherung
11-04-2015 23:50:37 Windows Update
12-04-2015 11:34:47 Revo Uninstaller's restore point - BoBrowser
12-04-2015 11:39:16 Revo Uninstaller's restore point - BoBrowser
12-04-2015 15:22:37 Windows Update
12-04-2015 19:19:11 Windows-Sicherung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-04-12 15:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00249043-353C-425A-A270-D8304F2C8EAD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {0B2D1DBB-44FA-452D-A231-B92997632E04} - \ZMCRFF No Task File <==== ATTENTION
Task: {0C6332C4-2A83-4FC4-85A4-1C4C27D1F6EF} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: {138FE3C3-34E0-4253-AADC-A834BF454125} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {15946D7B-34C4-4FAF-9EBF-C9B36F57813F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {1A3E4FE1-733D-4311-A064-C05602E64BC9} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {1ED94779-D16C-4CD7-BA75-ACD32DC71EA7} - System32\Tasks\{5C5454C9-4FF7-4D9B-8168-B4ADBFB532A3} => pcalua.exe -a C:\Users\EROL\AppData\Roaming\sweet-page\UninstallManager.exe -c  -ptid=cor
Task: {2620644B-202A-4B6F-988C-3161F554610E} - System32\Tasks\{585D4E66-9B7D-4B34-AE74-B6C858012A68} => C:\Program Files\Batak4\Batak.exe
Task: {2F5C3C1A-E7D8-422B-8B72-067EFCB6E426} - System32\Tasks\{48C4EDAE-2B03-4D61-9031-1C6CC3104DA6} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Task: {4345FB31-628A-42CA-BC8A-4DDEC2C8E12C} - System32\Tasks\{08389B0D-B0E4-49AB-B8FD-A240B4A96C43} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe
Task: {462ADBF5-7072-4715-8F00-885403D152CF} - System32\Tasks\{8FD4BD32-5AFB-4265-B8DA-333ED1CBAD08} => pcalua.exe -a C:\Users\EROL\Downloads\epson375869eu(1).exe -d C:\Users\EROL\Downloads
Task: {4CDF805B-7549-4CBE-89DA-8DE73C0BAD65} - System32\Tasks\{EB51D504-1FAC-497A-A67B-A70FBE7DB3CD} => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: {50E25B8D-3A25-497D-8821-605C4CE9F525} - System32\Tasks\{1EE10A4C-0ACA-456B-B852-F923D5D0ACE6} => C:\Program Files (x86)\Microsoft Office\OFFICE11\MSACCESS.EXE [2010-01-14] (Microsoft Corporation)
Task: {5B2558E1-A057-46EC-982E-E6C2F169C161} - System32\Tasks\EPSON XP-225 Series Update {DA9064A8-56DA-49F8-8F27-85D2FF2069A9} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {67D15269-582C-425F-9C72-F1EC6DC12842} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {67DE4505-8964-4C77-80A6-6F9CFB42B4C6} - System32\Tasks\{76B6EB2E-1365-46EA-B693-530717E5371D} => pcalua.exe -a C:\Users\EROL\Downloads\5609-batak-ihaleli-tamindir.com\batak-ihaleli-tamindir.com\batak4kur.exe -d C:\Users\EROL\Downloads\5609-batak-ihaleli-tamindir.com\batak-ihaleli-tamindir.com
Task: {82461E53-52F3-4CC5-8F6D-2DD44AE1F00D} - System32\Tasks\{AA56D811-B658-40C5-BF73-83680E2BBC25} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\1\SS_Uninstall.exe
Task: {89E9CC8F-583F-4631-B69C-E939243DA08A} - System32\Tasks\{77355BBA-AB49-4BC3-9494-9094B7615DEC} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\7\SSECUninstall.exe
Task: {A1EB057F-80A2-425D-8970-4314C0D727F1} - System32\Tasks\{81EBBBC1-8E1F-4BCA-9A1E-99068531EEDC} => pcalua.exe -a "C:\Users\EROL\Downloads\5609-batak-ihaleli-tamindir.com (1)\batak-ihaleli-tamindir.com\batak4kur.exe" -d "C:\Users\EROL\Downloads\5609-batak-ihaleli-tamindir.com (1)\batak-ihaleli-tamindir.com"
Task: {B008D2DB-D259-4520-BEAE-D808D076818A} - System32\Tasks\{1D1FFBF9-53D2-493E-A59E-D2B647F3A5BE} => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-06-13] (Lavasoft Limited)
Task: {B0217FE0-495C-490A-BB56-79ABF62F641C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {BE31CAA5-4A2A-42E2-9054-20CCD65D205B} - System32\Tasks\{11F68C3A-BA55-46BB-BA57-8FC636D2C17E} => C:\Program Files\Batak4\Batak.exe
Task: {C0020C13-A6BF-4CED-9194-39A192D3B0CB} - System32\Tasks\{885C3099-5D08-4F87-B40C-FC838B023C4D} => pcalua.exe -a C:\Users\EROL\AppData\Local\Temp\Temp1_batak-ihaleli-indirline.com.zip\batak-ihaleli-indirline.com\batak4kur.exe
Task: {C3704AC7-FD37-45AA-90FF-FA7478FE2EB6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {C49ECB39-6FD0-4A01-AACA-ABBBDFA1D846} - System32\Tasks\{6E1DF063-C740-4606-8282-1399C48D708C} => Firefox.exe 
Task: {D2358CEF-B5B4-440B-A128-95F96C22F099} - System32\Tasks\{D39E6D99-9FB1-459D-9A5E-A83528C5BC81} => C:\Program Files\Batak4\Batak.exe
Task: {F0505E72-8A87-4043-BEDF-88569FB995C0} - System32\Tasks\{CF659C13-1743-4AD8-8DCD-5B70213A4392} => Firefox.exe 
Task: {F4F8214F-8FD5-400A-930D-2FA7E805B268} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-225 Series Update {DA9064A8-56DA-49F8-8F27-85D2FF2069A9}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE:/EXE:{DA9064A8-56DA-49F8-8F27-85D2FF2069A9} /F:UpdateSYSTEM
Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Loaded Modules (whitelisted) ==============

2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-02-03 02:33 - 2009-02-03 02:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-29 02:55 - 2008-09-29 02:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2015-04-05 17:18 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-05 17:18 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-05 17:18 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-05 17:18 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-05 17:18 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-08-29 01:59 - 2014-12-19 06:01 - 00192376 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libBase64.dll
2013-08-29 01:59 - 2014-12-19 06:01 - 00180088 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
2015-04-15 16:37 - 2015-04-15 18:20 - 16863920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:1D32EC29
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E3C56885
AlternateDataStreams: C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Deutschland Aktuelle Nachrichten, Outlook.com Email und Skype Login..website:TASKICON_0FA6946226F21BD7E8F75BBFA031461487075638
AlternateDataStreams: C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Deutschland Aktuelle Nachrichten, Outlook.com Email und Skype Login..website:TASKICON_1FA6946226F21BD7E8F75BBFA031461135116317
AlternateDataStreams: C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Deutschland Aktuelle Nachrichten, Outlook.com Email und Skype Login..website:TASKICON_2FA6946226F21BD7E8F75BBFA03146-12823272
AlternateDataStreams: C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Deutschland Aktuelle Nachrichten, Outlook.com Email und Skype Login..website:TASKICON_3FA6946226F21BD7E8F75BBFA03146-1180859722
AlternateDataStreams: C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Start Menu\MSN Deutschland Aktuelle Nachrichten, Outlook.com Email und Skype Login..website:TASKICON_4FA6946226F21BD7E8F75BBFA031461739172809

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1924032147-3410277532-354269451-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\EROL\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Avira.OE.ServiceHost => 2
MSCONFIG\startupfolder: C:^Users^EROL^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^setup.lnk => C:\Windows\pss\setup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^EROL^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SuperOptimizer.lnk => C:\Windows\pss\SuperOptimizer.lnk.Startup
MSCONFIG\startupreg: Elite Unzip AppIntegrator 32-bit => C:\PROGRA~2\ELITEU~2\bar\1.bin\AppIntegrator.exe
MSCONFIG\startupreg: Elite Unzip AppIntegrator 64-bit => C:\PROGRA~2\ELITEU~2\bar\1.bin\AppIntegrator64.exe
MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
MSCONFIG\startupreg: Registry Helper => "C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe" /boot

==================== Accounts: =============================

Administrator (S-1-5-21-1924032147-3410277532-354269451-500 - Administrator - Disabled)
EROL (S-1-5-21-1924032147-3410277532-354269451-1001 - Administrator - Enabled) => C:\Users\EROL
Gast (S-1-5-21-1924032147-3410277532-354269451-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1924032147-3410277532-354269451-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/15/2015 06:40:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (04/15/2015 06:40:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/15/2015 06:40:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/15/2015 06:40:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/15/2015 06:40:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/15/2015 06:17:29 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (04/15/2015 06:17:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/15/2015 06:17:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/15/2015 06:17:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (04/15/2015 06:17:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (04/15/2015 04:50:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎15.‎04.‎2015 um 16:48:34 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (04/15/2015 06:40:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (04/15/2015 06:40:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe

Error: (04/15/2015 06:40:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe

Error: (04/15/2015 06:40:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe

Error: (04/15/2015 06:40:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe

Error: (04/15/2015 06:17:29 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (04/15/2015 06:17:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe

Error: (04/15/2015 06:17:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe

Error: (04/15/2015 06:17:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe

Error: (04/15/2015 06:17:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 56%
Total physical RAM: 4090.93 MB
Available physical RAM: 1775.91 MB
Total Pagefile: 8180.04 MB
Available Pagefile: 5400.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:453.94 GB) (Free:384.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 5CAE5CAE)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Antwort

Themen zu Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware
acer, ad-aware, adobe, antivir, antivirus, autostart, avira, desktop, fehlermeldung, firefox, gmer, harddisk, internet, langsam, laptop, mdm.exe, microsoft, popups, rechner langsam, scan, software, spybot, temp, voll, windows



Ähnliche Themen: Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware


  1. Windows Vista incredibar-search ASK-Toolbar vermutlich Malware, Rechner sehr langsam
    Log-Analyse und Auswertung - 28.04.2015 (11)
  2. Arbeitsspeicher zu voll - Rechner sehr langsam
    Log-Analyse und Auswertung - 28.04.2015 (13)
  3. Windows 8.1 Malware B findet viele Enträge, Rechner langsam, Maus wechselt ständig in Sanduhr
    Log-Analyse und Auswertung - 03.03.2015 (9)
  4. Rechner Langsam? Viren?
    Plagegeister aller Art und deren Bekämpfung - 16.12.2014 (9)
  5. Acer Windows 7-Rechner * Befall von Viren und Trojanern? * Antivir Rescue CD beseitigt Viren/Trojanernicht
    Plagegeister aller Art und deren Bekämpfung - 14.12.2014 (15)
  6. Laptop mit Windows 7: Problem mit Malware und Viren (möglicherweise) PC langsam
    Log-Analyse und Auswertung - 03.11.2014 (19)
  7. Rechner Langsam - Viren - externe Festplatte
    Plagegeister aller Art und deren Bekämpfung - 01.01.2014 (5)
  8. Alles voll mit TROJANER/ViREN: TR/Crypt.XPACK.GEN, JAVA/Agent.10515, Qg5, Qg7, Windows Prefetch USW.
    Plagegeister aller Art und deren Bekämpfung - 05.04.2011 (21)
  9. Rechner langsam nach Viren-Löschung
    Plagegeister aller Art und deren Bekämpfung - 16.11.2010 (34)
  10. Rechner und Internet extrem langsam und Systempartition wird voll geschrieben
    Log-Analyse und Auswertung - 01.11.2009 (15)
  11. Rechner sehr langsam, Spy- & Malware?
    Log-Analyse und Auswertung - 06.07.2009 (17)
  12. Mein Rechner ist mit Viren, Malware und Downloadern befallen.Was nun???
    Mülltonne - 24.11.2008 (0)
  13. Rechner Voll mit Viren in der Systemwiederherstellung?
    Mülltonne - 11.10.2008 (0)
  14. Rechner extrem langsam, Viren vermutet
    Log-Analyse und Auswertung - 11.03.2008 (4)
  15. Rechner langsam und voller Viren/Würmer
    Log-Analyse und Auswertung - 15.09.2006 (7)
  16. Rechner langsam und mit Viren/Würmern
    Log-Analyse und Auswertung - 14.09.2006 (2)
  17. Rechner voll mit Trojanern und Viren???
    Log-Analyse und Auswertung - 10.10.2005 (4)

Zum Thema Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware - Hallo Communtiy, ich habe einen Laptop (Acer Aspire 7736G) von einer Bekannteten bekommen. Er fährt viel zu langsam hoch bzw runter und es öffet sich immer mehrere Popups im Firefox - Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware...
Archiv
Du betrachtest: Windows 7: Rechner langsam und voll mit Viren/Trojana/Malware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.