| Trojaner3000 | 12.05.2015 20:04 |
oke, hier ist meine FRST.txt Datei:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by ÖZTAS (administrator) on VAIO on 12-05-2015 20:58:27
Running from C:\Users\ÖZTAS\Desktop
Loaded Profiles: ÖZTAS & (Available profiles: ÖZTAS)
Platform: Windows 8 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Windows\KMSServerService\KMS Server Service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.CSSQL08\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.CSSQL08\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.CSSQL08\MSSQL\Binn\fdhost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Dropbox, Inc.) C:\Users\ÖZTAS\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Cyberlink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-09-16] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-10-15] (Synaptics Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [83240 2008-03-20] (Cyberlink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2007-12-14] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-12-18] (Oracle Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2014-11-19] (Cisco Systems, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] (Atheros Communications)
HKU\S-1-5-21-1782836142-3241445299-2376554706-1001\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1782836142-3241445299-2376554706-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe [162744 2013-11-07] (Google Inc.)
HKU\S-1-5-21-1782836142-3241445299-2376554706-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe [1000288 2012-05-22] (AppEx Networks Corporation)
HKU\S-1-5-21-1782836142-3241445299-2376554706-1001\...\Run: [Microsoft Excel] => wscript.exe //B "C:\Users\ÖZTAS\AppData\Roaming\Microsoft Office\\Microsoft Excel.WsF"
HKU\S-1-5-21-1782836142-3241445299-2376554706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1782836142-3241445299-2376554706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe [162744 2013-11-07] (Google Inc.)
HKU\S-1-5-21-1782836142-3241445299-2376554706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe [1000288 2012-05-22] (AppEx Networks Corporation)
HKU\S-1-5-21-1782836142-3241445299-2376554706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Microsoft Excel] => wscript.exe //B "C:\Users\ÖZTAS\AppData\Roaming\Microsoft Office\\Microsoft Excel.WsF"
HKU\S-1-5-21-1782836142-3241445299-2376554706-1003.bak-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe [162744 2013-11-07] (Google Inc.)
Startup: C:\Users\ÖZTAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-04-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\ÖZTAS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ÖZTAS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ÖZTAS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ÖZTAS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ÖZTAS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ÖZTAS\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ÖZTAS\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ÖZTAS\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50411;https=127.0.0.1:50411
ProxyServer: [S-1-5-21-1782836142-3241445299-2376554706-1001] => http=127.0.0.1:50411;https=127.0.0.1:50411
ProxyServer: [S-1-5-21-1782836142-3241445299-2376554706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=127.0.0.1:50411;https=127.0.0.1:50411
ProxyEnable: [S-1-5-21-1782836142-3241445299-2376554706-1003.bak-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1782836142-3241445299-2376554706-1003.bak-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0] => http=127.0.0.1:50411;https=127.0.0.1:50411
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1782836142-3241445299-2376554706-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?tpid=ORJ-V7-SAT&o=APN11461&pf=V7&trgb=IE&p2=%5EBE7%5EOSJ000%5EYY%5EDE&gct=hp&apn_ptnrs=BE7&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=ie_10.0.9200.16921&apn_uid=2C72E0D4-A8F7-488F-9667-A0736B781539&itbv=12.12.2.84&doi=2014-06-29&psv=&pt=tb
HKU\S-1-5-21-1782836142-3241445299-2376554706-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKU\S-1-5-21-1782836142-3241445299-2376554706-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1782836142-3241445299-2376554706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?tpid=ORJ-V7-SAT&o=APN11461&pf=V7&trgb=IE&p2=%5EBE7%5EOSJ000%5EYY%5EDE&gct=hp&apn_ptnrs=BE7&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=ie_10.0.9200.16921&apn_uid=2C72E0D4-A8F7-488F-9667-A0736B781539&itbv=12.12.2.84&doi=2014-06-29&psv=&pt=tb
HKU\S-1-5-21-1782836142-3241445299-2376554706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKU\S-1-5-21-1782836142-3241445299-2376554706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1782836142-3241445299-2376554706-1003.bak-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?tpid=ORJ-V7-SAT&o=APN11461&pf=V7&trgb=IE&p2=%5EBE7%5EOSJ000%5EYY%5EDE&gct=hp&apn_ptnrs=BE7&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=ie_10.0.9200.16921&apn_uid=2C72E0D4-A8F7-488F-9667-A0736B781539&itbv=12.12.2.84&doi=2014-06-29&psv=&pt=tb
SearchScopes: HKU\.DEFAULT -> DefaultScope {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-1782836142-3241445299-2376554706-1001 -> DefaultScope {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-1782836142-3241445299-2376554706-1001 -> {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-1782836142-3241445299-2376554706-1001 -> {AD5597E1-1DF0-46BB-9041-442DEDD86A65} URL = hxxp://www.search.ask.com/web?tpid=ORJ-V7-SAT&o=APN11461&pf=V7&p2=%5EBE7%5EOSJ000%5EYY%5EDE&gct=&itbv=12.12.2.84&apn_uid=2C72E0D4-A8F7-488F-9667-A0736B781539&apn_ptnrs=BE7&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=ie_10.0.9200.16921&doi=2014-06-29&trgb=IE&q={searchTerms}&psv=
SearchScopes: HKU\S-1-5-21-1782836142-3241445299-2376554706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-1782836142-3241445299-2376554706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-1782836142-3241445299-2376554706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {AD5597E1-1DF0-46BB-9041-442DEDD86A65} URL = hxxp://www.search.ask.com/web?tpid=ORJ-V7-SAT&o=APN11461&pf=V7&p2=%5EBE7%5EOSJ000%5EYY%5EDE&gct=&itbv=12.12.2.84&apn_uid=2C72E0D4-A8F7-488F-9667-A0736B781539&apn_ptnrs=BE7&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=ie_10.0.9200.16921&doi=2014-06-29&trgb=IE&q={searchTerms}&psv=
SearchScopes: HKU\S-1-5-21-1782836142-3241445299-2376554706-1003.bak-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-1782836142-3241445299-2376554706-1003.bak-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
BHO: Ask Toolbar -> {4F524A2D-5637-4300-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll [2014-06-24] (APN LLC.)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-12-28] (Qualcomm Atheros Commnucations)
BHO-x32: Ask Toolbar -> {4F524A2D-5637-4300-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll [2014-06-24] (APN LLC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-03-26] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files (x86)\google\googletoolbar1.dll [2013-11-07] (Google Germany GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-03-26] (Oracle Corporation)
Toolbar: HKLM - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll [2014-06-24] (APN LLC.)
Toolbar: HKLM-x32 - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll [2013-11-07] (Google Germany GmbH)
Toolbar: HKLM-x32 - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll [2014-06-24] (APN LLC.)
Toolbar: HKU\S-1-5-21-1782836142-3241445299-2376554706-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1782836142-3241445299-2376554706-1001 -> Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll [2014-06-24] (APN LLC.)
Toolbar: HKU\S-1-5-21-1782836142-3241445299-2376554706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1782836142-3241445299-2376554706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll [2014-06-24] (APN LLC.)
Toolbar: HKU\S-1-5-21-1782836142-3241445299-2376554706-1003.bak-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {4F524A2D-5637-2D53-4154-7A786E7484D7} - No File
Toolbar: HKU\S-1-5-21-1782836142-3241445299-2376554706-1003.bak-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport_x64.dll [2014-06-24] (APN LLC.)
Toolbar: HKU\S-1-5-21-1782836142-3241445299-2376554706-1003.bak-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1383840069592
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\ÖZTAS\AppData\Roaming\Mozilla\Firefox\Profiles\nkxc0u9g.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\Chem3D\npChem3DPlugin.dll [2012-08-06] (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\ChemDraw\npcdp32.dll [2012-08-06] (CambridgeSoft Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=10.76.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-03-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.76.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-03-26] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\ÖZTAS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ÖZTAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-16]
CHR Extension: (Google Drive) - C:\Users\ÖZTAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-16]
CHR Extension: (YouTube) - C:\Users\ÖZTAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-16]
CHR Extension: (Google Search) - C:\Users\ÖZTAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-16]
CHR Extension: (Avira Browser Safety) - C:\Users\ÖZTAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ÖZTAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-11]
CHR Extension: (Google Wallet) - C:\Users\ÖZTAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-16]
CHR Extension: (Gmail) - C:\Users\ÖZTAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-16]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG)
S4 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-24] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations) [File not signed]
R2 KMSServerService; C:\Windows\KMSServerService\KMS Server Service.exe [294912 2013-03-31] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MSSQL$CSSQL08; c:\Program Files\Microsoft SQL Server\MSSQL10_50.CSSQL08\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R3 MSSQLFDLauncher$CSSQL08; c:\Program Files\Microsoft SQL Server\MSSQL10_50.CSSQL08\MSSQL\Binn\fdlauncher.exe [32096 2010-04-03] (Microsoft Corporation)
S4 SQLAgent$CSSQL08; c:\Program Files\Microsoft SQL Server\MSSQL10_50.CSSQL08\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-28] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-09-17] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [41272 2012-10-15] (Synaptics Incorporated)
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-10] (Sony Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-11-19] (Cisco Systems, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-12 20:56 - 2015-05-12 20:57 - 00029957 _____ () C:\Users\ÖZTAS\Desktop\Addition.txt
2015-05-12 20:52 - 2015-05-12 20:59 - 00025194 _____ () C:\Users\ÖZTAS\Desktop\FRST.txt
2015-05-12 20:51 - 2015-05-12 20:58 - 00000000 ____D () C:\FRST
2015-05-12 20:50 - 2015-05-12 20:50 - 02102784 _____ (Farbar) C:\Users\ÖZTAS\Desktop\FRST64.exe
2015-05-12 20:49 - 2015-05-12 20:49 - 01141248 _____ (Farbar) C:\Users\ÖZTAS\Desktop\FRST.exe
2015-05-12 19:24 - 2015-05-12 19:24 - 00000000 ___RD () C:\Users\ÖZTAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2015-05-11 10:55 - 2015-05-11 10:55 - 00000000 _____ () C:\Windows\system32\attrib
2015-05-11 10:24 - 2015-05-11 10:25 - 00000000 _____ () C:\Users\ÖZTAS\ATTRIB
2015-05-11 10:03 - 2015-05-11 10:03 - 00086082 _____ () C:\Users\ÖZTAS\Downloads\Extras.Txt
2015-05-11 09:59 - 2015-05-11 10:02 - 00000000 ___RD () C:\Users\ÖZTAS\Desktop\Self-healing
2015-05-11 09:59 - 2015-05-11 09:59 - 00115046 _____ () C:\Users\ÖZTAS\Downloads\OTL.Txt
2015-05-10 22:11 - 2015-05-10 22:11 - 00602112 _____ (OldTimer Tools) C:\Users\ÖZTAS\Downloads\OTL.exe
2015-05-10 21:52 - 2015-05-12 19:53 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-10 21:51 - 2015-05-10 21:51 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-10 21:51 - 2015-05-10 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-10 21:51 - 2015-05-10 21:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-10 21:51 - 2015-05-10 21:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-10 21:51 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-10 21:51 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-10 21:51 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-10 21:47 - 2015-05-10 21:49 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\ÖZTAS\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-10 21:28 - 2015-05-10 21:28 - 00000000 ____D () C:\Users\ÖZTAS\AppData\Roaming\Microsoft Office
2015-05-07 05:21 - 2015-05-07 05:21 - 04103168 _____ () C:\Users\ÖZTAS\Desktop\anosmie unbekannt.ppt
2015-05-06 21:50 - 2015-05-06 22:17 - 00000000 ____D () C:\Users\ÖZTAS\Desktop\Seminar Vortragsunterlagen
2015-05-04 20:59 - 2015-05-04 20:59 - 00000000 ____D () C:\Users\ÖZTAS\Desktop\PC Protokolle
2015-05-04 00:31 - 2015-05-04 00:31 - 00000000 ____D () C:\Users\ÖZTAS\Desktop\CP64standard
2015-05-02 12:09 - 2015-05-02 12:11 - 00000000 ____D () C:\Users\ÖZTAS\Desktop\Makro
2015-04-22 06:55 - 2015-04-22 06:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-20 17:48 - 2015-04-20 17:50 - 00000000 ____D () C:\Users\ÖZTAS\Desktop\Uni 20.4
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-12 20:57 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-12 20:43 - 2014-08-16 11:17 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-12 20:34 - 2013-11-07 16:17 - 01265649 _____ () C:\Windows\WindowsUpdate.log
2015-05-12 20:23 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2015-05-12 20:04 - 2013-11-12 22:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-12 20:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2015-05-12 19:25 - 2014-04-26 22:47 - 00000000 ___RD () C:\Users\ÖZTAS\Dropbox
2015-05-12 19:25 - 2014-04-26 22:43 - 00000000 ____D () C:\Users\ÖZTAS\AppData\Roaming\Dropbox
2015-05-12 19:24 - 2014-08-16 11:17 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-12 09:10 - 2014-04-26 22:45 - 00000000 ____D () C:\Users\ÖZTAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-11 10:24 - 2013-11-07 16:24 - 00000000 ____D () C:\Users\ÖZTAS
2015-05-11 08:24 - 2015-02-26 16:27 - 00029861 _____ () C:\Users\ÖZTAS\AppData\Local\CDXLExtendedShim.log
2015-05-10 23:24 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-10 23:23 - 2015-03-25 23:10 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-05-10 23:23 - 2013-11-07 16:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-10 23:23 - 2013-11-07 15:50 - 00567818 _____ () C:\Windows\PFRO.log
2015-05-10 23:22 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-05-10 23:19 - 2013-12-10 03:38 - 00000000 ____D () C:\Users\ÖZTAS\AppData\Roaming\Systweak
2015-05-09 07:16 - 2013-11-15 21:17 - 00000000 ____D () C:\Users\ÖZTAS\AppData\Local\CrashDumps
2015-05-04 06:24 - 2013-11-07 17:45 - 00000000 ____D () C:\Users\ÖZTAS\AppData\Roaming\Atheros
2015-05-04 00:41 - 2014-11-25 11:22 - 00000667 _____ () C:\Users\ÖZTAS\Documents\grstyles.stl
2015-05-04 00:38 - 2013-11-07 16:48 - 00000000 ____D () C:\Users\ÖZTAS\AppData\Roaming\vlc
2015-05-04 00:21 - 2015-01-20 04:19 - 00001927 _____ () C:\Users\ÖZTAS\Documents\template.cfg
2015-05-03 16:09 - 2013-11-07 17:36 - 00000000 ____D () C:\Users\ÖZTAS\Documents\Bluetooth Folder
2015-05-03 16:08 - 2013-05-20 21:18 - 00834000 _____ () C:\Windows\system32\perfh019.dat
2015-05-03 16:08 - 2013-05-20 21:18 - 00181988 _____ () C:\Windows\system32\perfc019.dat
2015-05-03 16:08 - 2013-05-20 20:57 - 00842006 _____ () C:\Windows\system32\prfh0816.dat
2015-05-03 16:08 - 2013-05-20 20:57 - 00184136 _____ () C:\Windows\system32\prfc0816.dat
2015-05-03 16:08 - 2013-05-20 20:14 - 00853258 _____ () C:\Windows\system32\perfh00A.dat
2015-05-03 16:08 - 2013-05-20 20:14 - 00186516 _____ () C:\Windows\system32\perfc00A.dat
2015-05-03 16:08 - 2013-05-20 19:46 - 00818446 _____ () C:\Windows\system32\perfh007.dat
2015-05-03 16:08 - 2013-05-20 19:46 - 00179988 _____ () C:\Windows\system32\perfc007.dat
2015-05-03 16:08 - 2013-05-20 19:28 - 00855334 _____ () C:\Windows\system32\perfh00C.dat
2015-05-03 16:08 - 2013-05-20 19:28 - 00486732 _____ () C:\Windows\system32\perfh001.dat
2015-05-03 16:08 - 2013-05-20 19:28 - 00179246 _____ () C:\Windows\system32\perfc00C.dat
2015-05-03 16:08 - 2013-05-20 19:28 - 00088788 _____ () C:\Windows\system32\perfc001.dat
2015-05-03 16:08 - 2012-07-26 09:28 - 06625218 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-01 11:46 - 2014-08-16 11:18 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-16 22:05 - 2013-11-12 22:27 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
==================== Files in the root of some directories =======
2012-08-06 19:47 - 2012-08-06 19:47 - 0009129 _____ () C:\Program Files (x86)\Common Files\Samples.sln
2013-12-19 01:38 - 2015-02-19 01:38 - 0000193 _____ () C:\Users\ÖZTAS\AppData\Roaming\WB.CFG
2015-02-03 23:25 - 2015-02-03 23:25 - 0000000 _____ () C:\Users\ÖZTAS\AppData\Roaming\wklnhst.dat
2015-02-26 16:27 - 2015-05-11 08:24 - 0029861 _____ () C:\Users\ÖZTAS\AppData\Local\CDXLExtendedShim.log
2015-02-26 09:49 - 2015-02-26 09:49 - 0007597 _____ () C:\Users\ÖZTAS\AppData\Local\Resmon.ResmonCfg
Some content of TEMP:
====================
C:\Users\Besucher\AppData\Local\Temp\avgnt.exe
C:\Users\ÖZTAS\AppData\Local\Temp\APNSetup.exe
C:\Users\ÖZTAS\AppData\Local\Temp\avgnt.exe
C:\Users\ÖZTAS\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7qulfp.dll
C:\Users\ÖZTAS\AppData\Local\Temp\GLF1604.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLF1691.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLF1B81.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLF1D07.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLF1F0A.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLF2227.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLF2234.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLF24F2.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLF28CA.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLF2B69.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLF2DD8.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLF3769.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLF3CF6.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLF3DDF.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLF406F.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLF4282.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLF62C.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLF62EC.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLF680B.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLF68D5.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLF6EFE.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLF7B0D.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLF7FDE.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLF84FD.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLF8DF2.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLF987.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLFA336.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLFA4EB.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLFA78B.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLFA95F.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLFA9CA.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLFAD54.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLFB2A1.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLFB734.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLFBA00.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLFC161.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLFC2A7.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLFC759.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLFD406.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLFD7DE.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLFD925.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLFE007.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLFE150.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLFE3AF.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLFE5F1.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\GLFEA54.EXE
C:\Users\ÖZTAS\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\ÖZTAS\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\ÖZTAS\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\ÖZTAS\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\ÖZTAS\AppData\Local\Temp\Sqlite3.dll
C:\Users\ÖZTAS\AppData\Local\Temp\vcredist_x64.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-11 21:50
==================== End Of Log ============================
--- --- ---
Und das ist die Addition: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2015
Ran by ÖZTAS at 2015-05-12 21:00:40
Running from C:\Users\ÖZTAS\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1782836142-3241445299-2376554706-500 - Administrator - Disabled)
Besucher (S-1-5-21-1782836142-3241445299-2376554706-1003 - Limited - Enabled)
Gast (S-1-5-21-1782836142-3241445299-2376554706-501 - Limited - Disabled)
ÖZTAS (S-1-5-21-1782836142-3241445299-2376554706-1001 - Administrator - Enabled) => C:\Users\ÖZTAS
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ACD/Labs Software in C:\ACDFREE12\ (HKLM-x32\...\ACDLabs in C__ACDFREE12_) (Version: v12.00, FREE - ACD/Labs)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B81EACDF-16E0-A32C-F096-16EF2BD8405C}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C0F01}) (Version: 12.15.1.16 - APN, LLC) <==== ATTENTION
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
CambridgeSoft ChemBioOffice 2012 (HKLM-x32\...\{535CDE5A-39D6-46EE-B6E5-9F38D0664D97}) (Version: 13.0 - CambridgeSoft Corporation)
CambridgeSoft ChemDraw ActiveX Enterprise Constant 13.0 (HKLM-x32\...\{D25E0C13-7792-4E5C-8C54-A287C65834C9}) (Version: 13.0 - CambridgeSoft Corporation)
CambridgeSoft ChemScript 13.0 (HKLM-x32\...\{B5E0CD7D-992D-4345-BD66-EC580CFA15D1}) (Version: 13.0 - CambridgeSoft Corporation)
CambridgeSoft Desktop Inventory 13.0 (HKLM-x32\...\{C13DDA66-6AF3-4BFE-91C2-1D54B5A6C169}) (Version: 13.0 - CambridgeSoft Corporation)
CambridgeSoft E-Notebook 13.0 Client (HKLM-x32\...\{1E6FC31C-315E-4129-8140-67E7E618BF6E}) (Version: 13.0 - CambridgeSoft Corporation)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06073 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.06073 - Cisco Systems, Inc.) Hidden
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1531 - CyberLink Corp.)
Dropbox (HKU\S-1-5-21-1782836142-3241445299-2376554706-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-1782836142-3241445299-2376554706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.4.4 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - )
Google Toolbar for Internet Explorer (x32 Version: 4.0.0.002 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Java 7 Update 76 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217076FF}) (Version: 7.0.760 - Oracle)
KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MestReNova LITE 5.2.5-5780 (HKLM-x32\...\MestReNova LITE) (Version: 5.2.5-5780 - Mestrelab Research S.L.)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{01078B88-2981-4F75-96B0-8B22E2D2DE03}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Python 3.2.2 (HKLM-x32\...\{4CDE3168-D060-4b7c-BC74-4D8F9BB01AFD}) (Version: 3.2.2150 - Python Software Foundation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6685 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.28121 - Realtek Semiconductor Corp.)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (HKLM\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Full text search (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
StartIsBack (HKU\S-1-5-21-1782836142-3241445299-2376554706-1001\...\StartIsBack) (Version: - startisback.com)
StartIsBack (HKU\S-1-5-21-1782836142-3241445299-2376554706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartIsBack) (Version: - startisback.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.2 - Synaptics Incorporated)
TeX Live 2014 (HKU\S-1-5-21-1782836142-3241445299-2376554706-1001\...\TeXLive2014) (Version: 2014 - )
TeX Live 2014 (HKU\S-1-5-21-1782836142-3241445299-2376554706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\TeXLive2014) (Version: 2014 - )
Texmaker (HKLM-x32\...\Texmaker) (Version: - )
Universal Extractor 1.6.1 (HKLM-x32\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
Wajam (HKLM-x32\...\WaIntEnhance) (Version: 2.23.2.8 (i2.6) - WaIntEnhance) <==== ATTENTION
Windows-Treiberpaket - Sony Corporation (SFEP) HIDClass (06/18/2012 8.0.2.4) (HKLM\...\54DCDF5F20965812FBF3C1C44CE2E9E620585DE9) (Version: 06/18/2012 8.0.2.4 - Sony Corporation)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1782836142-3241445299-2376554706-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ÖZTAS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1782836142-3241445299-2376554706-1001_Classes\CLSID\{ab0b37ec-56f6-4a0e-a8fd-7a8bf7c2da97}\InprocServer32 -> C:\Users\ÖZTAS\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-1782836142-3241445299-2376554706-1001_Classes\CLSID\{AD1405D2-30CF-4877-8468-1EE1C52C759F}\InprocServer32 -> C:\Users\ÖZTAS\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-1782836142-3241445299-2376554706-1001_Classes\CLSID\{c71c41f1-ddad-42dc-a8fc-f5bfc61df958}\InprocServer32 -> C:\Users\ÖZTAS\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-1782836142-3241445299-2376554706-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\ÖZTAS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1782836142-3241445299-2376554706-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ÖZTAS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1782836142-3241445299-2376554706-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ÖZTAS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1782836142-3241445299-2376554706-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ÖZTAS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1782836142-3241445299-2376554706-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ÖZTAS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1782836142-3241445299-2376554706-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ÖZTAS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1782836142-3241445299-2376554706-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ÖZTAS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1782836142-3241445299-2376554706-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ÖZTAS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1782836142-3241445299-2376554706-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ÖZTAS\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
03-05-2015 22:09:39 Geplanter Prüfpunkt
10-05-2015 23:35:36 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0444DA1A-1F26-43A6-A4F4-213899188999} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {238282AC-7F43-4761-A439-3899C76BD4FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-16] (Google Inc.)
Task: {9F9377D0-73E6-4ECA-B457-9A8FBB380DDF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {AB44BA97-4E24-4B81-8745-256E1E7189F3} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {B5E39F0E-ACBC-4E17-B067-D0122ACACF6A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-16] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2012-08-06 13:09 - 2012-08-06 13:09 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-05-15 09:56 - 2013-03-31 04:20 - 00294912 _____ () C:\Windows\KMSServerService\KMS Server Service.exe
2012-12-28 13:07 - 2012-12-28 13:07 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-12-28 13:04 - 2012-12-28 13:04 - 00084480 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2012-12-28 13:09 - 2012-12-28 13:09 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2012-08-06 13:08 - 2012-08-06 13:08 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-08-06 12:54 - 2012-08-06 12:54 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-11-19 17:36 - 2014-11-19 17:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-05-12 19:24 - 2015-05-12 19:24 - 00043008 _____ () c:\users\ztas~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7qulfp.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\ÖZTAS\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\ÖZTAS\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\ÖZTAS\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\ÖZTAS\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\ÖZTAS\Desktop\DSCN2072.JPG:com.dropbox.attributes
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1782836142-3241445299-2376554706-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1782836142-3241445299-2376554706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1782836142-3241445299-2376554706-1003.bak-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Besucher\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.0.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "ISBMgr.exe"
HKU\S-1-5-21-1782836142-3241445299-2376554706-1001\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"
HKU\S-1-5-21-1782836142-3241445299-2376554706-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{5B62C1D8-13E9-4C72-8DFE-BC5E90AB2061}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE
FirewallRules: [TCP Query User{869D330A-9E8C-4849-B9F2-598051F23828}C:\program files (x86)\microsoft office\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office\office12\groove.exe
FirewallRules: [UDP Query User{86391528-23C1-4366-BF05-2AE2716A060D}C:\program files (x86)\microsoft office\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office\office12\groove.exe
FirewallRules: [{47E7A36F-B94F-4108-86F5-F6718071DCD8}] => (Allow) C:\Users\ÖZTAS\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4EF757A1-1495-4CA8-A2E8-231C84A75A05}] => (Allow) C:\Users\ÖZTAS\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{970E2904-44F4-4FAD-BD6A-8ECEC02BD7A7}C:\users\öztas\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\öztas\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{EBF53D13-199E-47C0-B166-D41D345A1DD7}C:\users\öztas\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\öztas\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{0DBD2052-5DA0-4583-BBE3-C8F4FD95D4F6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{562AE0EF-F4F4-414F-918F-547D23478586}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{61BE55DA-F242-4D97-94D9-B25485219807}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{8EC93709-54A1-4B71-A962-82452E9E8BDC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{D230E6E5-F111-4CFF-BC95-3D98C7A92BE1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: USB-Massenspeichergerät
Description: USB-Massenspeichergerät
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Kompatibles USB-Speichergerät
Service: USBSTOR
Problem: : Windows cannot load the device driver for this hardware because a previous instance of the device driver is still in memory. (Code 38)
Resolution: The driver could not be loaded because a previous instance is still loaded.
Restart the computer.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/12/2015 08:23:05 PM) (Source: ESENT) (EventID: 474) (User: )
Description: msiexec (5228) Instance: Bei Überprüfung der aus Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" bei Offset 1638400 (0x0000000000190000) (Datenbankseite msiexec0) für 32768 (0x00008000) Bytes gelesenen Datenbankseite ist durch eine Inkonsistenz der Seitenprüfsumme ein Fehler aufgetreten. Die gespeicherte Prüfsumme war [114d114df08e5460:0000000000000031:0000000000000031:005effa14a4f4f76], die berechnete Prüfsumme [11841184c79e6e18:1c71e38e9db34d21:a5985a67134aceb0:005effa14a4f4f76]. Der Lesevorgang wird mit dem Fehler -1018 (0xfffffc06) beendet. Wenn dieser Zustand andauert, stellen Sie die Datenbank aus einer vorherigen Sicherung wieder her. Dieses Problem ist vermutlich durch fehlerhafte Hardware bedingt. Wenden Sie sich für weitere Unterstützung bei der Diagnose des Problems an Ihren Hardwarehersteller.
Error: (05/11/2015 10:54:26 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (05/11/2015 10:34:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.2.9200.16628 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: d18
Startzeit: 01d08bafc994e42b
Endzeit: 1076
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: 933d9711-f7b8-11e4-be9f-083e8ebcb508
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (05/10/2015 11:35:36 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-1782836142-3241445299-2376554706-1003.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {12d2545a-8407-46d2-b355-cf3d5f961ca5}
Error: (05/10/2015 11:27:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: utilman.exe, Version: 6.2.9200.16384, Zeitstempel: 0x501096de
Name des fehlerhaften Moduls: DUI70.dll, Version: 6.2.9200.16384, Zeitstempel: 0x50108e6a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000056e7
ID des fehlerhaften Prozesses: 0x88c
Startzeit der fehlerhaften Anwendung: 0xutilman.exe0
Pfad der fehlerhaften Anwendung: utilman.exe1
Pfad des fehlerhaften Moduls: utilman.exe2
Berichtskennung: utilman.exe3
Vollständiger Name des fehlerhaften Pakets: utilman.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: utilman.exe5
Error: (05/10/2015 11:21:17 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
Error: (05/10/2015 09:49:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (05/10/2015 09:12:51 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
Error: (05/10/2015 08:37:35 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
Error: (05/10/2015 08:37:35 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
System errors:
=============
Error: (05/11/2015 10:18:34 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error: (05/11/2015 10:18:34 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error: (05/11/2015 10:18:33 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error: (05/11/2015 09:59:58 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (05/11/2015 09:59:56 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (05/11/2015 08:05:08 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (05/11/2015 08:05:07 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (05/11/2015 08:04:53 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (05/11/2015 08:04:52 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (05/11/2015 08:04:51 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Microsoft Office Sessions:
=========================
Error: (05/03/2015 06:54:16 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2782 seconds with 2640 seconds of active time. This session ended with a crash.
Error: (05/03/2015 06:07:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7606 seconds with 3720 seconds of active time. This session ended with a crash.
Error: (06/14/2014 00:35:10 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 18970 seconds with 180 seconds of active time. This session ended with a crash.
Error: (04/27/2014 01:59:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 88 seconds with 60 seconds of active time. This session ended with a crash.
Error: (04/06/2014 08:41:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 8389 seconds with 360 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: AMD E2-1800 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 56%
Total physical RAM: 3658.86 MB
Available physical RAM: 1588.23 MB
Total Pagefile: 4849.98 MB
Available Pagefile: 2115.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.42 GB) (Free:374.87 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D1C6D9CA)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
FRST 32-Bit | FRST 64-Bit
Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
Emsisoft Emergency Kit herunter.
dann auf 
und dann auf 
. 
