mbam Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Protection, 21.11.2014 11:03:39, SYSTEM, LAPTOP-PC, Protection, Malware Protection, Starting,
Protection, 21.11.2014 11:03:40, SYSTEM, LAPTOP-PC, Protection, Malware Protection, Started,
Protection, 21.11.2014 11:03:47, SYSTEM, LAPTOP-PC, Protection, Malicious Website Protection, Starting,
Update, 21.11.2014 11:03:57, SYSTEM, LAPTOP-PC, Manual, Rootkit Database, 2014.9.18.1, 2014.11.18.1,
Update, 21.11.2014 11:04:06, SYSTEM, LAPTOP-PC, Manual, Malware Database, 2014.9.19.5, 2014.11.21.5,
Protection, 21.11.2014 11:05:42, SYSTEM, LAPTOP-PC, Protection, Refresh, Starting,
Protection, 21.11.2014 11:05:45, SYSTEM, LAPTOP-PC, Protection, Malicious Website Protection, Started,
Protection, 21.11.2014 11:05:45, SYSTEM, LAPTOP-PC, Protection, Malicious Website Protection, Stopping,
Protection, 21.11.2014 11:05:46, SYSTEM, LAPTOP-PC, Protection, Malicious Website Protection, Stopped,
Protection, 21.11.2014 11:09:17, SYSTEM, LAPTOP-PC, Protection, Refresh, Success,
Protection, 21.11.2014 11:09:21, SYSTEM, LAPTOP-PC, Protection, Malicious Website Protection, Starting,
Protection, 21.11.2014 11:11:21, SYSTEM, LAPTOP-PC, Protection, Malicious Website Protection, Started,
Update, 21.11.2014 13:26:03, SYSTEM, LAPTOP-PC, Scheduler, Malware Database, 2014.11.21.5, 2014.11.21.6,
Protection, 21.11.2014 13:26:03, SYSTEM, LAPTOP-PC, Protection, Refresh, Starting,
Protection, 21.11.2014 13:26:03, SYSTEM, LAPTOP-PC, Protection, Malicious Website Protection, Stopping,
Protection, 21.11.2014 13:26:04, SYSTEM, LAPTOP-PC, Protection, Malicious Website Protection, Stopped,
Protection, 21.11.2014 13:28:19, SYSTEM, LAPTOP-PC, Protection, Refresh, Success,
Protection, 21.11.2014 13:28:19, SYSTEM, LAPTOP-PC, Protection, Malicious Website Protection, Starting,
Protection, 21.11.2014 13:29:04, SYSTEM, LAPTOP-PC, Protection, Malicious Website Protection, Started,
Scan, 21.11.2014 14:18:48, SYSTEM, LAPTOP-PC, Manual, Start: % 1 "% 2", Dauer: % 1 min 40 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 89-Malwareerkennung,
Update, 21.11.2014 14:38:45, SYSTEM, LAPTOP-PC, Scheduler, Rootkit Database, 2014.11.18.1, 2014.11.21.1,
Protection, 21.11.2014 14:38:45, SYSTEM, LAPTOP-PC, Protection, Refresh, Starting,
Protection, 21.11.2014 14:38:45, SYSTEM, LAPTOP-PC, Protection, Malicious Website Protection, Stopping,
Protection, 21.11.2014 14:38:45, SYSTEM, LAPTOP-PC, Protection, Malicious Website Protection, Stopped,
Protection, 21.11.2014 14:38:57, SYSTEM, LAPTOP-PC, Protection, Refresh, Success,
Protection, 21.11.2014 14:39:13, SYSTEM, LAPTOP-PC, Protection, Malicious Website Protection, Starting,
Protection, 21.11.2014 14:39:14, SYSTEM, LAPTOP-PC, Protection, Malicious Website Protection, Started,
Protection, 21.11.2014 15:17:33, SYSTEM, LAPTOP-PC, Protection, Malware Protection, Starting,
Protection, 21.11.2014 15:17:33, SYSTEM, LAPTOP-PC, Protection, Malware Protection, Started,
Protection, 21.11.2014 15:17:33, SYSTEM, LAPTOP-PC, Protection, Malicious Website Protection, Starting,
Protection, 21.11.2014 15:19:20, SYSTEM, LAPTOP-PC, Protection, Malicious Website Protection, Started,
(end) Code:
# AdwCleaner v4.101 - Bericht erstellt am 21/11/2014 um 16:23:01
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-07.1 [Local]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Yater & Arif - LAPTOP-PC
# Gestartet von : C:\Users\Yater & Arif\Downloads\AdwCleaner_4.101.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : KMService
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Users\Yater & Arif\AppData\Local\lollipop
Ordner Gelöscht : C:\Users\Yater & Arif\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Yater & Arif\AppData\Roaming\RHEng
[!] Ordner Gelöscht : C:\Users\Yater & Arif\AppData\Roaming\Mozilla\Firefox\Profiles\0gina3s8.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
Datei Gelöscht : C:\Users\Yater & Arif\AppData\Roaming\Mozilla\Firefox\Profiles\0gina3s8.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.xpi
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\system32\srvany.exe
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp
Schlüssel Gelöscht : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16592
-\\ Mozilla Firefox v27.0.1 (de)
[ime3vu20.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
[ime3vu20.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
[ime3vu20.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
[0gina3s8.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "webssearches");
[0gina3s8.default\prefs.js] - Zeile gelöscht : user_pref("extensions.ae20dc619d8c448f1ae07641cefb431653c4d943fad974f6eaa94d9671175a3d0com54255.54255.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
[0gina3s8.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[0gina3s8.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[0gina3s8.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start@gmail.com.install-event-fired", true);
[0gina3s8.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
[0gina3s8.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
-\\ Google Chrome v38.0.2125.111
[C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [6897 octets] - [21/11/2014 16:10:56]
AdwCleaner[S0].txt - [6887 octets] - [21/11/2014 16:23:01]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6947 octets] ########## Junkware Removal Tool verschwindet einfach nach dem Scan? Habe es zwei mal laufen lasse und es ist beides mal einfach verschwunden ohne irgend ein Bericht.
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-11-2014
Ran by Yater & Arif (administrator) on LAPTOP-PC on 22-11-2014 10:31:25
Running from C:\Users\Yater & Arif\Downloads
Loaded Profile: Yater & Arif (Available profiles: Yater & Arif & Gast)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\LG Software\System Control Manager\edd.exe
(O2Micro International) C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(MSI) C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Akamai Technologies, Inc.) C:\Users\Yater & Arif\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(Akamai Technologies, Inc.) C:\Users\Yater & Arif\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4718592 2007-12-17] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-22] (Synaptics, Inc.)
HKLM\...\Run: [MGSysCtrl] => C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe [565248 2007-11-21] (MSI)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [UnlockerAssistant] => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-72662123-1577648568-398501129-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Yater & Arif\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-72662123-1577648568-398501129-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-72662123-1577648568-398501129-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1104288 2014-09-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-72662123-1577648568-398501129-1000\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [2425888 2013-09-11] (Hewlett-Packard Co.)
HKU\S-1-5-21-72662123-1577648568-398501129-1000\...\RunOnce: [Shockwave Updater] => C:\Windows\System32\Adobe\Shockwave 12\SwHelper_1213153.exe [1307848 2014-06-24] (Adobe Systems, Inc.)
HKU\S-1-5-21-72662123-1577648568-398501129-1000\...\MountPoints2: E - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-72662123-1577648568-398501129-1000\...\MountPoints2: {28371e2e-0a64-11df-988f-86c9e6355503} - E:\LaunchU3.exe -a
HKU\S-1-5-21-72662123-1577648568-398501129-1000\...\MountPoints2: {5d564440-ed55-11e3-ad8b-fe7c91fae133} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-72662123-1577648568-398501129-1000\...\MountPoints2: {62aff6a2-d862-11e3-8ce0-d085bf29ccd5} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-72662123-1577648568-398501129-1000\...\MountPoints2: {e9b48524-8dc2-11e3-af5e-9391c9072cd6} - E:\HTC_Sync_Manager_PC.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-72662123-1577648568-398501129-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\S-1-5-21-72662123-1577648568-398501129-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-72662123-1577648568-398501129-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-72662123-1577648568-398501129-1000 -> {55CA39F1-2B07-4510-8340-B1159CEDC3F1} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Yater & Arif\AppData\Roaming\Mozilla\Firefox\Profiles\0gina3s8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @kaspersky.com/content_blocker -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin: @kaspersky.com/virtual_keyboard -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-72662123-1577648568-398501129-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Yater & Arif\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Yater & Arif\AppData\Roaming\Mozilla\Firefox\Profiles\0gina3s8.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-07-16]
FF Extension: DownloadHelper - C:\Users\Yater & Arif\AppData\Roaming\Mozilla\Firefox\Profiles\0gina3s8.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Yater & Arif\AppData\Roaming\Mozilla\Firefox\Profiles\0gina3s8.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-10-05]
FF Extension: JavaScript Deobfuscator - C:\Users\Yater & Arif\AppData\Roaming\Mozilla\Firefox\Profiles\0gina3s8.default\Extensions\jsdeobfuscator@adblockplus.org.xpi [2012-08-15]
FF Extension: Adblock Plus - C:\Users\Yater & Arif\AppData\Roaming\Mozilla\Firefox\Profiles\0gina3s8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-30]
FF Extension: QuickJava - C:\Users\Yater & Arif\AppData\Roaming\Mozilla\Firefox\Profiles\0gina3s8.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2012-08-15]
FF Extension: JavaScript Debugger - C:\Users\Yater & Arif\AppData\Roaming\Mozilla\Firefox\Profiles\0gina3s8.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2012-08-15]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2014-05-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-11]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-24]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2014-11-20]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-11-20]
FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2014-11-20]
FF Extension: No Name - C:\Program Files\Alwil Software\Avast5\WebRep\FF [Not Found]
Chrome:
=======
CHR HomePage: Default -> https://www.google.de/
CHR StartupUrls: Default -> "https://www.google.de/"
CHR DefaultSearchURL: Default -> hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=DE&q={searchTerms}&gu=bda03ae188e84c50bf1caa9c93902e8e&tu=11Jiy00Fk1D13P0&sku=&tstsId=&ver=&
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Yater & Arif\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Yater & Arif\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-28]
CHR Extension: (YouTube) - C:\Users\Yater & Arif\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-01]
CHR Extension: (Google-Suche) - C:\Users\Yater & Arif\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-01]
CHR Extension: (Kaspersky Protection) - C:\Users\Yater & Arif\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-11-21]
CHR Extension: (Avast Online Security) - C:\Users\Yater & Arif\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-09-29]
CHR Extension: (Google Wallet) - C:\Users\Yater & Arif\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 video>) - C:\Users\Yater & Arif\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-05-26]
CHR Extension: (Google Mail) - C:\Users\Yater & Arif\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-01]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho []
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP15.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 NishService; C:\Program Files\LG Software\System Control Manager\edd.exe [61440 2007-08-23] () [File not signed]
R2 o2flash; C:\Program Files\O2Micro Oz128 Driver\o2flash.exe [65536 2007-02-12] (O2Micro International) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135264 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112136 2014-11-20] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [34400 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [644808 2014-11-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [24672 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145888 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R3 MGHwCtrl; C:\Windows\system32\drivers\MGHwCtrl.sys [19456 2006-12-22] (Windows (R) Codename Longhorn DDK provider) [File not signed]
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [132608 2012-07-30] (Prolific Technology Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [722416 2012-02-22] () [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-22 10:31 - 2014-11-22 10:33 - 00022257 _____ () C:\Users\Yater & Arif\Downloads\FRST.txt
2014-11-22 10:30 - 2014-11-22 10:31 - 01108992 _____ (Farbar) C:\Users\Yater & Arif\Downloads\FRST.exe
2014-11-21 16:45 - 2014-11-21 16:45 - 01707532 _____ (Thisisu) C:\Users\Yater & Arif\Downloads\JRT (1).exe
2014-11-21 16:37 - 2014-11-21 16:37 - 00000000 ____D () C:\Windows\ERUNT
2014-11-21 16:33 - 2014-11-21 16:36 - 01707532 _____ (Thisisu) C:\Users\Yater & Arif\Downloads\JRT.exe
2014-11-21 16:09 - 2014-11-21 16:23 - 00000000 ____D () C:\AdwCleaner
2014-11-21 16:06 - 2014-11-21 16:07 - 02140160 _____ () C:\Users\Yater & Arif\Downloads\AdwCleaner_4.101.exe
2014-11-21 16:04 - 2014-11-21 16:04 - 00003236 _____ () C:\Users\Yater & Arif\Desktop\mbam.txt
2014-11-21 14:38 - 2014-11-21 16:28 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\58A55122.sys
2014-11-21 14:18 - 2014-11-21 14:18 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\035D41F1.sys
2014-11-21 11:03 - 2014-11-22 10:22 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-21 11:02 - 2014-11-21 11:02 - 00000865 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-21 11:02 - 2014-11-21 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-21 11:02 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 11:02 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 11:02 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-21 11:01 - 2014-11-21 11:02 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-21 10:59 - 2014-11-21 11:00 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Yater & Arif\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-20 15:17 - 2014-11-20 15:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2014-11-20 15:17 - 2014-11-20 15:16 - 00000990 _____ () C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2014-11-20 15:11 - 2014-11-22 10:22 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-20 15:11 - 2014-11-20 15:11 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2014-11-20 15:07 - 2014-11-20 15:31 - 00644808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-11-20 15:07 - 2014-11-20 15:31 - 00112136 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-11-20 15:07 - 2014-04-10 17:25 - 00034400 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2014-11-20 14:51 - 2014-11-20 14:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-20 14:51 - 2014-11-20 14:51 - 00000000 _____ () C:\Windows\setupact.log
2014-11-20 14:27 - 2014-11-20 14:31 - 175400560 _____ () C:\Users\Yater & Arif\Downloads\kav15.0.0.463de-de.exe
2014-11-20 13:56 - 2014-11-20 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BabelSoft
2014-11-20 13:56 - 2014-11-20 13:56 - 00000000 ____D () C:\Program Files\Media Preview
2014-11-20 11:01 - 2014-11-20 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2014-11-20 11:01 - 2014-11-20 11:01 - 00000000 ____D () C:\Program Files\FileASSASSIN
2014-11-19 17:55 - 2014-10-24 02:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 17:03 - 2014-11-20 09:59 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-19 17:03 - 2014-11-19 17:03 - 00000000 ____D () C:\ProgramData\Licenses
2014-11-19 16:29 - 2014-11-19 16:29 - 00000000 ____D () C:\1d6dba4d0c79533689ae9b59fe6e
2014-11-19 16:25 - 2014-11-19 16:25 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-11-19 15:56 - 2014-11-19 15:56 - 00000000 ____D () C:\Users\Yater & Arif\AppData\Roaming\LavasoftStatistics
2014-11-19 11:46 - 2014-11-22 10:31 - 00000000 ____D () C:\FRST
2014-11-18 16:00 - 2014-11-18 16:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-18 13:59 - 2014-11-21 16:25 - 00699536 _____ () C:\Windows\PFRO.log
2014-11-18 13:55 - 2014-11-18 13:55 - 00000000 ____D () C:\!KillBox
2014-11-16 21:00 - 2014-11-19 17:26 - 00000000 ____D () C:\Program Files\Unlocker
2014-11-15 14:11 - 2014-11-15 14:35 - 00000000 ____D () C:\Users\Yater & Arif\Desktop\Neuer Ordner
2014-11-12 17:40 - 2014-10-10 02:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 17:40 - 2014-10-10 02:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 17:40 - 2014-10-10 02:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 17:40 - 2014-10-10 00:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 17:39 - 2014-08-27 01:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 17:39 - 2014-08-27 01:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 17:38 - 2014-10-24 02:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 17:38 - 2014-09-19 01:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 17:34 - 2014-08-12 03:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 17:31 - 2014-10-03 02:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 17:31 - 2014-10-03 02:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 17:31 - 2014-10-03 02:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 17:31 - 2014-10-03 02:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 17:30 - 2014-10-18 02:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 17:22 - 2014-10-13 00:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 14:17 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 14:17 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 14:17 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 14:17 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 14:17 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 14:17 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 14:17 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 14:17 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 14:17 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 14:17 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 14:17 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 14:17 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 14:17 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 14:17 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 14:17 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 14:17 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 14:17 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 14:17 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 14:16 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 14:16 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 14:16 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-10 14:48 - 2014-11-10 14:48 - 00000000 ____D () C:\Users\Yater & Arif\Desktop\gez Y
2014-11-10 14:47 - 2014-11-10 15:14 - 00000000 ____D () C:\Users\Yater & Arif\Desktop\gez A
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-22 10:22 - 2012-05-04 14:34 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-22 09:40 - 2012-06-20 11:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-22 09:39 - 2012-07-01 12:15 - 00001929 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-22 09:39 - 2012-05-04 14:34 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-22 09:24 - 2008-10-29 14:12 - 01678600 _____ () C:\Windows\WindowsUpdate.log
2014-11-22 09:16 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-22 09:16 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-22 09:16 - 2006-11-02 13:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-21 16:24 - 2007-01-09 19:49 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-11-21 16:24 - 2006-11-02 14:01 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-21 15:17 - 2012-01-24 11:23 - 00001166 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-72662123-1577648568-398501129-1000UA.job
2014-11-20 15:15 - 2008-10-29 14:21 - 00000000 ____D () C:\Users\Yater & Arif
2014-11-20 15:03 - 2012-07-06 18:53 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-20 15:03 - 2009-10-10 11:00 - 00000000 ____D () C:\Program Files\Alwil Software
2014-11-20 08:34 - 2013-03-03 09:08 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-11-19 17:53 - 2011-08-13 20:02 - 00000000 ____D () C:\Users\Yater & Arif\AppData\Roaming\DVDVideoSoft
2014-11-19 17:26 - 2008-11-06 14:57 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-15 14:09 - 2010-12-08 19:53 - 00000000 ____D () C:\Users\Yater & Arif\AppData\Roaming\vlc
2014-11-15 13:58 - 2014-09-10 08:58 - 00000018 _____ () C:\Users\Yater & Arif\Desktop\tr 2014.txt
2014-11-14 11:02 - 2011-11-17 20:17 - 00000000 ____D () C:\Users\Yater & Arif\AppData\Local\Akamai
2014-11-13 10:24 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-13 09:40 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-11-13 09:25 - 2008-10-29 14:22 - 00100752 _____ () C:\Users\Yater & Arif\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-13 09:22 - 2006-11-02 13:47 - 00381680 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 09:18 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-11-12 17:42 - 2012-06-30 16:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 17:29 - 2013-08-15 21:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 16:40 - 2012-04-02 19:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-12 16:40 - 2011-05-14 19:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-10 16:51 - 2012-08-09 09:43 - 00002577 _____ () C:\Users\Yater & Arif\Desktop\Microsoft Word 2010.lnk
2014-11-07 16:08 - 2006-11-02 11:33 - 01567294 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-05 12:37 - 2008-10-29 14:21 - 00000680 _____ () C:\Users\Yater & Arif\AppData\Local\d3d9caps.dat
2014-11-04 14:30 - 2009-10-03 09:37 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-04 09:56 - 2012-01-21 15:18 - 00000000 ___RD () C:\Users\Yater & Arif\Desktop\Fahrzeuge@Susan
2014-11-03 16:25 - 2012-12-05 19:06 - 00000770 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-03 16:25 - 2012-12-05 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-03 16:25 - 2012-12-05 19:06 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-31 23:25 - 2006-11-02 11:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-30 15:03 - 2009-11-02 15:00 - 00000000 ____D () C:\Users\Yater & Arif\Documents\Yeter
2014-10-25 13:36 - 2014-10-22 12:42 - 00000000 _____ () C:\Users\Yater & Arif\Desktop\filme.txt
Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\DivXSetup.exe
C:\Users\Yater & Arif\AppData\Local\Temp\MediaPreviewSetup.exe
C:\Users\Yater & Arif\AppData\Local\Temp\Quarantine.exe
C:\Users\Yater & Arif\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-22 09:34
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- ---
--- --- ---
die sogenannte "mp4" Datei ist immer noch da und immer noch nicht löschbar. Meinem Rechner aber geht es besser. Wenn ich die mp4 Datei nicht aufrufe sind die restlichen Funktionen wieder anwendbar nur halt alles sehr langsamer wie sonst. Wenn ich aber die mp4 Datei anklicke oder gar löschen möchte hängt sich mein Rechner wieder auf.
Bitte ich brauche Hilfe oder einen Rat? was soll ich tun? |