|
Plagegeister aller Art und deren Bekämpfung: Optimizer Pro und Spyhunter unter Windows 8Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.06.2014, 10:12 | #1 |
| Optimizer Pro und Spyhunter unter Windows 8 Guten morgen, anscheinend habe ich einen richtig blöden Fehler gemacht und mir den Optimizer Pro heruntergeladen. Ich habe mir ein neuen Laptop gekauft indem der IE als Browser vorinstalliert war. Nachdem ich seit Jahren mit Google Chrome arbeite, war das erste was ich gemacht habe, Chrome herunterzuladen und meines Wissens auch direkt von einer Google URL. Beim installieren von Chrome kam es mir eigentlich schon komisch vor, dass ich permanent nach Zusatzsoftware gefragt wurde ob ich es mit installieren will. Ich verneinte zwar jede weitere Software, nichts desto trotz poppte auch gleich das Optimizer Pro auf und das bei mir mehrere Hundert schädliche Software gefunden worden wäre. Ich bin natürlich gleich hellhörig geworden, da ich ja mein Notebook zum ersten eingeschaltet hatte und mir nur Chrome heruntergeladen hatte. Dannach habe ich nach Optimizer Pro gegoogelt und festgestellt, dass es sich wohl um ein Torjaner handelt und mir gleich das erste was bei google aufgelistet war Spyhunter heruntergeladen um Optimizer Pro zu entfernen. Kurz vor der Installation von Syphunter war ich doch noch etwas schlau und habe auch nach der Software gegoogelt und festgestellt, dass auch diese Software nur Mist sein soll. Jedenfalls habe ich nach bestem Wissen irgendwie alles deinstalliert und bin mir nicht sicher ob nun alles clean ist bei mir und würde es sehr begrüßen, wenn mir jemand hier weiterhelfen kann und mir meine Scan Dateien durchschaut ob ich noch irgendwelche to do´s habe oder nicht. Vielen Dank im voraus und beste Grüße Kurti Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 02 Ran by Erkut (administrator) on KURTIS-LAPTOP on 29-06-2014 10:51:02 Running from C:\Users\Erkut\Downloads Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Condusiv Technologies) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe (Fuyu LIMITED) C:\ProgramData\WindowsProtectManger\wprotectmanager.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Dropbox, Inc.) C:\Users\Erkut\AppData\Roaming\Dropbox\bin\Dropbox.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe () C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe () C:\Program Files (x86)\NetCrawl\bin\NetCrawl.PurBrowse64.exe () C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16384_none_622908ad510eb05b\TiWorker.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_SRSSA] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor) HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2889072 2013-03-25] (ELAN Microelectronics Corp.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated) HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-11-26] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-07] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-06-28] (AVAST Software) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3894098194-677086307-2034191709-1001\...\Run: [GoogleChromeAutoLaunch_20F6763770B7EAAD43619F195218A3DA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.) AppInit_DLLs: C:\Program Files (x86)\SupTab\SearchProtect64.dll => C:\Program Files (x86)\SupTab\SearchProtect64.dll [105072 2014-06-19] (Skytech Co., Ltd.) AppInit_DLLs-x32: C:\Program Files (x86)\SupTab\SearchProtect32.dll => C:\Program Files (x86)\SupTab\SearchProtect32.dll [92272 2014-06-19] (Skytech Co., Ltd.) Startup: C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Erkut\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: 1EldosIconOverlay -> {450D6ECA-9163-44AC-A5E5-3FE207A086D6} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: BitcasaIconOverlay -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc) ShellIconOverlayIdentifiers: BitcasaProgressOverlay -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: 1EldosIconOverlay -> {450D6ECA-9163-44AC-A5E5-3FE207A086D6} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656&q={searchTerms} SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656&q={searchTerms} SearchScopes: HKLM - {CC9E055E-96DD-4295-8FBF-17538BB97C6F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656&q={searchTerms} SearchScopes: HKLM-x32 - {CC9E055E-96DD-4295-8FBF-17538BB97C6F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKCU - DefaultScope {CC9E055E-96DD-4295-8FBF-17538BB97C6F} URL = SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656&q={searchTerms} SearchScopes: HKCU - {CC9E055E-96DD-4295-8FBF-17538BB97C6F} URL = BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: NetCrawl - {769a91da-209f-47fe-88b9-b0321b0982c8} - C:\Program Files (x86)\NetCrawl\NetCrawlbho.dll (NetCrawl) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-28] Chrome: ======= CHR HomePage: hxxp://tdintrade.emea.tdworldwide.com/Pages/Default.aspx CHR StartupUrls: "hxxp://www.muenchenbiker.de/?open=for_suche&action=new", "hxxp://www.v-stromforum.de/search.php?search_id=unreadposts", "hxxp://de-de.facebook.com/", "hxxp://search.conduit.com/?ctid=CT2481020&SearchSource=48" CHR DefaultSearchKeyword: google.de_ CHR DefaultSearchURL: hxxp://www.google.de/search?q={searchTerms} CHR DefaultNewTabURL: CHR Extension: (Google Docs) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-25] CHR Extension: (Google Drive) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-25] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-25] CHR Extension: (YouTube) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-25] CHR Extension: (Google Search) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-25] CHR Extension: (Gutscheincode Melder (von shopclever.de)) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\donengfgiigdigljcljplglplekpiomg [2014-06-25] CHR Extension: (AdBlock) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-25] CHR Extension: (avast! Online Security) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-28] CHR Extension: (Chrome to Mobile) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd [2014-06-25] CHR Extension: (Dropbox) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-06-25] CHR Extension: (Google Maps) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-06-25] CHR Extension: (Google Wallet) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-25] CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2014-06-25] CHR Extension: (Picasa) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-06-25] CHR Extension: (Gutscheinsammler Finder) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilobbegphefikcgjpajnneiiahhejam [2014-06-25] CHR Extension: (Gmail) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-25] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-28] ==================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-28] (AVAST Software) R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99184 2013-03-25] (ELAN Microelectronics Corp.) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [757872 2014-06-19] (Cherished Technololgy LIMITED) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation) R2 IntelliMemory; C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [55720 2012-12-21] (Condusiv Technologies) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] () R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.) R2 Update NetCrawl; C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe [318752 2014-06-29] () R2 Util NetCrawl; C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe [318752 2014-06-29] () S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation) R2 WindowsProtectManger; C:\ProgramData\WindowsProtectManger\wprotectmanager.exe [591776 2014-06-12] (Fuyu LIMITED) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-28] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-28] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-28] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-28] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-06-28] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [426848 2014-06-28] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-06-28] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-06-28] () R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.) R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation) R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [21840 2013-03-25] (ELAN Microelectronic Corp.) R1 intmfs; C:\Windows\System32\DRIVERS\intmfs.sys [29096 2012-12-21] (Condusiv Technologies) R0 intmsd; C:\Windows\System32\DRIVERS\intmsd.sys [104872 2012-12-21] (Condusiv Technologies) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider) R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider) R1 {57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64; C:\Windows\System32\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64.sys [61112 2014-06-13] (StdLib) S3 SBIOSIO; \??\C:\Users\Erkut\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X] S3 TVICPORT; \??\C:\windows\system32\DRIVERS\TVICPORT.SYS [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-29 10:51 - 2014-06-29 10:51 - 00023370 _____ () C:\Users\Erkut\Downloads\FRST.txt 2014-06-29 10:50 - 2014-06-29 10:51 - 00000000 ____D () C:\FRST 2014-06-29 10:49 - 2014-06-29 10:49 - 02083328 _____ (Farbar) C:\Users\Erkut\Downloads\FRST64.exe 2014-06-29 10:32 - 2014-06-29 10:32 - 00000000 ___SH () C:\DkHyperbootSync 2014-06-29 09:26 - 2014-06-29 09:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 15 2014-06-29 09:24 - 2014-06-29 09:24 - 02947139 _____ () C:\Users\Erkut\Downloads\O15CTRRemove (1).diagcab 2014-06-28 22:20 - 2014-06-28 22:28 - 02936043 _____ () C:\Users\Erkut\Downloads\O15CTRRemove.diagcab 2014-06-28 22:13 - 2014-06-28 22:13 - 01351872 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x64.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_ (1).exe 2014-06-28 22:07 - 2014-06-28 22:07 - 00000000 ____D () C:\Users\Erkut\Documents\OneNote-Notizbücher 2014-06-28 21:45 - 2014-06-28 21:45 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe 2014-06-28 18:22 - 2014-06-28 21:12 - 00000000 ___RD () C:\Users\Erkut\Dropbox 2014-06-28 18:22 - 2014-06-28 18:22 - 00001044 _____ () C:\Users\Erkut\Desktop\Dropbox.lnk 2014-06-28 18:10 - 2014-06-28 18:22 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\DropboxMaster 2014-06-28 18:10 - 2014-06-28 18:10 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-06-28 18:07 - 2014-06-28 21:13 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Dropbox 2014-06-28 18:06 - 2014-06-28 18:06 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\AVAST Software 2014-06-28 18:05 - 2014-06-28 18:05 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update 2014-06-28 18:05 - 2014-06-28 18:05 - 00001976 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-06-28 18:05 - 2014-06-28 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-06-28 18:04 - 2014-06-28 18:04 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2014-06-28 18:04 - 2014-06-28 18:04 - 00426848 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys 2014-06-28 18:04 - 2014-06-28 18:04 - 00307344 _____ (AVAST Software) C:\windows\system32\aswBoot.exe 2014-06-28 18:04 - 2014-06-28 18:04 - 00224896 _____ () C:\windows\system32\Drivers\aswVmm.sys 2014-06-28 18:04 - 2014-06-28 18:04 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys 2014-06-28 18:04 - 2014-06-28 18:04 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys 2014-06-28 18:04 - 2014-06-28 18:04 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys 2014-06-28 18:04 - 2014-06-28 18:04 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys 2014-06-28 18:04 - 2014-06-28 18:04 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr 2014-06-28 18:04 - 2014-06-28 18:04 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys 2014-06-28 18:03 - 2014-06-28 18:03 - 91906368 _____ (AVAST Software) C:\Users\Erkut\Downloads\avast_free_antivirus_setup_9.0.2021.exe 2014-06-28 18:03 - 2014-06-28 18:03 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-06-28 18:03 - 2014-06-28 18:03 - 00000000 ____D () C:\Program Files\AVAST Software 2014-06-28 17:35 - 2014-06-28 17:35 - 00870672 _____ () C:\Users\Erkut\Downloads\Norton_Removal_Tool.exe 2014-06-28 13:10 - 2014-06-28 13:10 - 00000000 ____D () C:\NPE 2014-06-28 13:08 - 2014-06-28 13:14 - 00000000 ____D () C:\Users\Erkut\AppData\Local\NPE 2014-06-28 13:07 - 2014-06-28 13:07 - 03081712 ____N (Symantec Corporation) C:\Users\Erkut\Downloads\NPE.exe 2014-06-28 13:04 - 2014-06-28 13:04 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf 2014-06-28 12:39 - 2014-06-28 12:44 - 00000000 ___RD () C:\windows\BrowserChoice 2014-06-28 12:37 - 2014-06-01 17:17 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-06-28 12:35 - 2013-11-01 07:38 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll 2014-06-28 12:35 - 2013-11-01 05:49 - 00273408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll 2014-06-28 12:29 - 2014-06-29 09:25 - 00000000 ____D () C:\Users\Erkut\Documents\Outlook-Dateien 2014-06-28 11:51 - 2014-06-28 11:51 - 01351872 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x64.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_.exe 2014-06-28 11:47 - 2014-06-28 11:48 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\setupproplusretail.x86.de-de_act_1_ (1).exe 2014-06-28 11:35 - 2014-06-28 11:35 - 00002033 _____ () C:\Users\Public\Desktop\SideSync.lnk 2014-06-28 11:27 - 2014-06-28 11:27 - 00002050 _____ () C:\Users\Public\Desktop\Support Center.lnk 2014-06-28 11:23 - 2014-06-28 11:23 - 00001992 _____ () C:\Users\Public\Desktop\Help Desk.lnk 2014-06-28 11:19 - 2014-06-28 11:19 - 00003434 _____ () C:\windows\System32\Tasks\Settings 2014-06-28 11:18 - 2014-06-28 11:18 - 00002038 _____ () C:\Users\Public\Desktop\Settings.lnk 2014-06-28 11:05 - 2014-06-28 11:05 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\setupproplusretail.x86.de-de_act_1_.exe 2014-06-28 11:03 - 2014-06-28 11:03 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x86.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_.exe 2014-06-28 11:03 - 2014-06-28 11:03 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x86.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_ (1).exe 2014-06-27 21:52 - 2014-06-28 12:39 - 00000000 ____D () C:\windows\system32\MRT 2014-06-26 20:48 - 2014-06-28 12:37 - 00265050 _____ () C:\windows\msxml4-KB2758694-enu.LOG 2014-06-25 21:21 - 2014-06-25 21:21 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\ATI 2014-06-25 21:21 - 2014-06-25 21:21 - 00000000 ____D () C:\Users\Erkut\AppData\Local\ATI 2014-06-25 21:21 - 2014-06-25 21:21 - 00000000 ____D () C:\ProgramData\ATI 2014-06-25 20:46 - 2014-06-28 11:53 - 01382640 _____ () C:\windowsNIRMALA.tt2 2014-06-25 20:46 - 2014-06-28 11:53 - 01334012 _____ () C:\windowsNIRMALAB.tt2 2014-06-25 18:43 - 2014-06-13 13:36 - 00061112 _____ (StdLib) C:\windows\system32\Drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64.sys 2014-06-25 18:39 - 2014-06-25 18:39 - 00000000 ____D () C:\ProgramData\374311380 2014-06-25 18:28 - 2014-06-25 18:28 - 00288496 _____ () C:\windows\Minidump\062514-27171-01.dmp 2014-06-25 18:17 - 2014-06-25 18:28 - 00000000 ____D () C:\windows\Minidump 2014-06-25 18:16 - 2014-06-25 18:27 - 4051723278 _____ () C:\windows\MEMORY.DMP 2014-06-25 17:53 - 2014-06-25 17:53 - 00001182 _____ () C:\Users\Public\Desktop\MAGIX Video deluxe 2014 Plus.lnk 2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Public\Documents\MAGIX 2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Erkut\Documents\MAGIX_MusicEditor 2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Xara 2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Magix 2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX 2014-06-25 17:52 - 2014-06-28 10:47 - 00000000 ___RD () C:\Users\Erkut\Documents\MAGIX 2014-06-25 17:52 - 2014-06-25 17:52 - 00000000 ____D () C:\Program Files (x86)\MAGIX 2014-06-25 17:51 - 2014-06-25 17:58 - 00000000 ____D () C:\ProgramData\MAGIX 2014-06-25 17:51 - 2014-06-25 17:51 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0 2014-06-25 17:44 - 2014-06-25 17:58 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\MAGIX 2014-06-25 17:44 - 2014-06-25 17:44 - 02849256 _____ (MAGIX AG) C:\Users\Erkut\Downloads\videodeluxe2014plus_dlm.exe 2014-06-25 17:41 - 2014-06-25 17:41 - 00000000 _____ () C:\Users\Erkut\agent.log 2014-06-25 17:40 - 2014-06-25 17:40 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-06-25 17:40 - 2014-06-25 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-06-25 17:39 - 2014-06-29 10:49 - 00001136 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-25 17:39 - 2014-06-28 17:49 - 00001132 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-25 17:39 - 2014-06-25 17:44 - 00004108 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-25 17:39 - 2014-06-25 17:44 - 00003872 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-25 17:39 - 2014-06-25 17:40 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Google 2014-06-25 17:39 - 2014-06-25 17:40 - 00000000 ____D () C:\Program Files (x86)\Google 2014-06-25 17:38 - 2014-06-28 10:48 - 00000000 ____D () C:\Program Files (x86)\NetCrawl 2014-06-25 17:37 - 2014-06-25 17:37 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\SupTab 2014-06-25 17:37 - 2014-06-25 17:37 - 00000000 ____D () C:\ProgramData\WindowsProtectManger 2014-06-25 17:37 - 2014-06-25 17:37 - 00000000 ____D () C:\ProgramData\IePluginServices 2014-06-25 17:37 - 2014-06-25 17:37 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-06-25 17:36 - 2014-06-25 17:36 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\sweet-page 2014-06-25 17:36 - 2014-06-25 17:35 - 00784840 _____ (Google Inc.) C:\Users\Erkut\Downloads\google-chrome.exe 2014-06-25 17:34 - 2014-06-25 17:34 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Macromedia 2014-06-25 17:33 - 2014-06-25 17:33 - 00000000 ____D () C:\Users\Erkut\AppData\Local\bitcasa 2014-06-25 17:28 - 2014-06-29 10:32 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3894098194-677086307-2034191709-1001 2014-06-25 17:22 - 2014-06-28 11:35 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Samsung 2014-06-25 17:21 - 2014-06-25 21:18 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Adobe 2014-06-25 17:21 - 2014-06-25 17:21 - 00000000 ____D () C:\windows\System32\Tasks\WPD 2014-06-25 17:19 - 2014-06-28 21:45 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Adobe 2014-06-25 17:19 - 2014-06-25 17:19 - 00001450 _____ () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-06-25 17:19 - 2014-06-25 17:19 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Samsung 2014-06-25 17:19 - 2014-06-25 17:19 - 00000000 ____D () C:\Users\Erkut\.android 2014-06-25 17:18 - 2014-06-25 17:18 - 00001202 _____ () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk 2014-06-25 17:18 - 2014-06-25 17:18 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Absolute_Software 2014-06-25 17:18 - 2014-06-25 17:18 - 00000000 _____ () C:\windows\system32\Drivers\144D_SAMSUNG_na_670Z5E_P03A.mrk 2014-06-25 17:18 - 2013-02-25 18:04 - 121849162 _____ () C:\windows\[0407]SamsungStory01_ger.scr 2014-06-25 17:17 - 2014-06-28 11:04 - 00003059 _____ () C:\Users\Erkut\AppData\Roaming\AbsoluteReminder.xml 2014-06-25 17:17 - 2014-06-28 10:47 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security 2014-06-25 17:17 - 2014-06-25 17:17 - 00000000 ____D () C:\Users\Erkut\AppData\Local\VirtualStore 2014-06-25 17:16 - 2014-06-28 12:44 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Packages 2014-06-25 17:16 - 2014-06-25 17:16 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Intel 2014-06-25 17:15 - 2014-06-28 18:22 - 00000000 ____D () C:\Users\Erkut 2014-06-25 17:15 - 2014-06-25 17:15 - 00000020 ___SH () C:\Users\Erkut\ntuser.ini 2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Vorlagen 2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Startmenü 2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Netzwerkumgebung 2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Lokale Einstellungen 2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Eigene Dateien 2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Druckumgebung 2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Documents\Eigene Musik 2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Documents\Eigene Bilder 2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\AppData\Local\Verlauf 2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\AppData\Local\Anwendungsdaten 2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Anwendungsdaten 2014-06-25 17:15 - 2013-05-24 18:49 - 00000000 ___RD () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-06-25 17:15 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-06-25 17:15 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-06-25 17:15 - 2012-07-26 10:13 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-06-11 18:55 - 2014-06-11 18:55 - 04446152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc110u.dll 2014-06-11 18:55 - 2014-06-11 18:55 - 04411848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc110.dll 2014-06-11 18:55 - 2014-06-11 18:55 - 00082888 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcm110u.dll 2014-06-11 18:55 - 2014-06-11 18:55 - 00082888 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcm110.dll ==================== One Month Modified Files and Folders ======= 2014-06-29 10:51 - 2014-06-29 10:51 - 00023370 _____ () C:\Users\Erkut\Downloads\FRST.txt 2014-06-29 10:51 - 2014-06-29 10:50 - 00000000 ____D () C:\FRST 2014-06-29 10:51 - 2013-05-24 17:49 - 01727776 _____ () C:\windows\WindowsUpdate.log 2014-06-29 10:51 - 2012-07-26 09:59 - 00000000 ____D () C:\windows\CbsTemp 2014-06-29 10:49 - 2014-06-29 10:49 - 02083328 _____ (Farbar) C:\Users\Erkut\Downloads\FRST64.exe 2014-06-29 10:49 - 2014-06-25 17:39 - 00001136 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-29 10:49 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent 2014-06-29 10:32 - 2014-06-29 10:32 - 00000000 ___SH () C:\DkHyperbootSync 2014-06-29 10:32 - 2014-06-25 17:28 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3894098194-677086307-2034191709-1001 2014-06-29 10:32 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\en-GB 2014-06-29 10:32 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\en-GB 2014-06-29 10:00 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru 2014-06-29 09:32 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-06-29 09:26 - 2014-06-29 09:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 15 2014-06-29 09:25 - 2014-06-28 12:29 - 00000000 ____D () C:\Users\Erkut\Documents\Outlook-Dateien 2014-06-29 09:24 - 2014-06-29 09:24 - 02947139 _____ () C:\Users\Erkut\Downloads\O15CTRRemove (1).diagcab 2014-06-29 09:24 - 2012-07-26 07:26 - 00000194 _____ () C:\windows\win.ini 2014-06-28 22:28 - 2014-06-28 22:20 - 02936043 _____ () C:\Users\Erkut\Downloads\O15CTRRemove.diagcab 2014-06-28 22:13 - 2014-06-28 22:13 - 01351872 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x64.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_ (1).exe 2014-06-28 22:07 - 2014-06-28 22:07 - 00000000 ____D () C:\Users\Erkut\Documents\OneNote-Notizbücher 2014-06-28 21:45 - 2014-06-28 21:45 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe 2014-06-28 21:45 - 2014-06-25 17:19 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Adobe 2014-06-28 21:35 - 2013-05-24 19:39 - 00000000 ____D () C:\ProgramData\Temp 2014-06-28 21:13 - 2014-06-28 18:07 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Dropbox 2014-06-28 21:12 - 2014-06-28 18:22 - 00000000 ___RD () C:\Users\Erkut\Dropbox 2014-06-28 18:22 - 2014-06-28 18:22 - 00001044 _____ () C:\Users\Erkut\Desktop\Dropbox.lnk 2014-06-28 18:22 - 2014-06-28 18:10 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\DropboxMaster 2014-06-28 18:22 - 2014-06-25 17:15 - 00000000 ____D () C:\Users\Erkut 2014-06-28 18:10 - 2014-06-28 18:10 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-06-28 18:06 - 2014-06-28 18:06 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\AVAST Software 2014-06-28 18:05 - 2014-06-28 18:05 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update 2014-06-28 18:05 - 2014-06-28 18:05 - 00001976 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-06-28 18:05 - 2014-06-28 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-06-28 18:04 - 2014-06-28 18:04 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2014-06-28 18:04 - 2014-06-28 18:04 - 00426848 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys 2014-06-28 18:04 - 2014-06-28 18:04 - 00307344 _____ (AVAST Software) C:\windows\system32\aswBoot.exe 2014-06-28 18:04 - 2014-06-28 18:04 - 00224896 _____ () C:\windows\system32\Drivers\aswVmm.sys 2014-06-28 18:04 - 2014-06-28 18:04 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys 2014-06-28 18:04 - 2014-06-28 18:04 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys 2014-06-28 18:04 - 2014-06-28 18:04 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys 2014-06-28 18:04 - 2014-06-28 18:04 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys 2014-06-28 18:04 - 2014-06-28 18:04 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr 2014-06-28 18:04 - 2014-06-28 18:04 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys 2014-06-28 18:03 - 2014-06-28 18:03 - 91906368 _____ (AVAST Software) C:\Users\Erkut\Downloads\avast_free_antivirus_setup_9.0.2021.exe 2014-06-28 18:03 - 2014-06-28 18:03 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-06-28 18:03 - 2014-06-28 18:03 - 00000000 ____D () C:\Program Files\AVAST Software 2014-06-28 17:49 - 2014-06-25 17:39 - 00001132 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-28 17:43 - 2013-05-24 19:37 - 00000000 ____D () C:\ProgramData\WinClon 2014-06-28 17:40 - 2012-08-05 23:07 - 00032266 _____ () C:\windows\PFRO.log 2014-06-28 17:40 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-06-28 17:40 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\BBI 2014-06-28 17:36 - 2013-05-24 19:33 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2014-06-28 17:36 - 2013-05-24 19:32 - 00000000 ____D () C:\ProgramData\Norton 2014-06-28 17:35 - 2014-06-28 17:35 - 00870672 _____ () C:\Users\Erkut\Downloads\Norton_Removal_Tool.exe 2014-06-28 13:15 - 2013-05-25 03:26 - 00780976 _____ () C:\windows\system32\perfh010.dat 2014-06-28 13:15 - 2013-05-25 03:26 - 00152608 _____ () C:\windows\system32\perfc010.dat 2014-06-28 13:15 - 2013-05-25 03:20 - 00753134 _____ () C:\windows\system32\perfh007.dat 2014-06-28 13:15 - 2013-05-25 03:20 - 00155826 _____ () C:\windows\system32\perfc007.dat 2014-06-28 13:15 - 2013-05-25 03:13 - 00790022 _____ () C:\windows\system32\perfh00C.dat 2014-06-28 13:15 - 2013-05-25 03:13 - 00155084 _____ () C:\windows\system32\perfc00C.dat 2014-06-28 13:15 - 2012-07-26 09:28 - 03624158 _____ () C:\windows\system32\PerfStringBackup.INI 2014-06-28 13:14 - 2014-06-28 13:08 - 00000000 ____D () C:\Users\Erkut\AppData\Local\NPE 2014-06-28 13:10 - 2014-06-28 13:10 - 00000000 ____D () C:\NPE 2014-06-28 13:07 - 2014-06-28 13:07 - 03081712 ____N (Symantec Corporation) C:\Users\Erkut\Downloads\NPE.exe 2014-06-28 13:04 - 2014-06-28 13:04 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf 2014-06-28 13:04 - 2012-07-26 09:21 - 00026966 _____ () C:\windows\setupact.log 2014-06-28 12:50 - 2013-05-24 19:34 - 00000000 ____D () C:\ProgramData\PopCap Games 2014-06-28 12:44 - 2014-06-28 12:39 - 00000000 ___RD () C:\windows\BrowserChoice 2014-06-28 12:44 - 2014-06-25 17:16 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Packages 2014-06-28 12:44 - 2012-08-05 23:11 - 00000000 ____D () C:\ProgramData\PRICache 2014-06-28 12:42 - 2013-05-24 18:54 - 03550392 _____ () C:\windows\system32\FNTCACHE.DAT 2014-06-28 12:39 - 2014-06-27 21:52 - 00000000 ____D () C:\windows\system32\MRT 2014-06-28 12:37 - 2014-06-26 20:48 - 00265050 _____ () C:\windows\msxml4-KB2758694-enu.LOG 2014-06-28 12:35 - 2012-07-26 07:38 - 00000000 ____D () C:\windows\system32\oobe 2014-06-28 11:53 - 2014-06-25 20:46 - 01382640 _____ () C:\windowsNIRMALA.tt2 2014-06-28 11:53 - 2014-06-25 20:46 - 01334012 _____ () C:\windowsNIRMALAB.tt2 2014-06-28 11:51 - 2014-06-28 11:51 - 01351872 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x64.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_.exe 2014-06-28 11:48 - 2014-06-28 11:47 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\setupproplusretail.x86.de-de_act_1_ (1).exe 2014-06-28 11:35 - 2014-06-28 11:35 - 00002033 _____ () C:\Users\Public\Desktop\SideSync.lnk 2014-06-28 11:35 - 2014-06-25 17:22 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Samsung 2014-06-28 11:35 - 2013-05-24 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2014-06-28 11:35 - 2013-05-24 17:51 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-06-28 11:27 - 2014-06-28 11:27 - 00002050 _____ () C:\Users\Public\Desktop\Support Center.lnk 2014-06-28 11:23 - 2014-06-28 11:23 - 00001992 _____ () C:\Users\Public\Desktop\Help Desk.lnk 2014-06-28 11:19 - 2014-06-28 11:19 - 00003434 _____ () C:\windows\System32\Tasks\Settings 2014-06-28 11:18 - 2014-06-28 11:18 - 00002038 _____ () C:\Users\Public\Desktop\Settings.lnk 2014-06-28 11:09 - 2013-05-24 19:34 - 00000000 ____D () C:\ProgramData\Samsung 2014-06-28 11:05 - 2014-06-28 11:05 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\setupproplusretail.x86.de-de_act_1_.exe 2014-06-28 11:04 - 2014-06-25 17:17 - 00003059 _____ () C:\Users\Erkut\AppData\Roaming\AbsoluteReminder.xml 2014-06-28 11:03 - 2014-06-28 11:03 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x86.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_.exe 2014-06-28 11:03 - 2014-06-28 11:03 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x86.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_ (1).exe 2014-06-28 10:48 - 2014-06-25 17:38 - 00000000 ____D () C:\Program Files (x86)\NetCrawl 2014-06-28 10:47 - 2014-06-25 17:52 - 00000000 ___RD () C:\Users\Erkut\Documents\MAGIX 2014-06-28 10:47 - 2014-06-25 17:17 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security 2014-06-28 10:47 - 2013-05-24 19:32 - 00000000 ____D () C:\windows\system32\Drivers\NISx64 2014-06-28 10:47 - 2013-05-24 17:50 - 00000000 ____D () C:\ProgramData\Intel.sav 2014-06-28 10:47 - 2013-05-24 17:49 - 00000000 ____D () C:\ProgramData\Package Cache 2014-06-28 10:47 - 2013-05-24 17:47 - 00000000 ____D () C:\Program Files\Intel 2014-06-28 10:47 - 2013-05-24 17:46 - 00000000 ____D () C:\Program Files (x86)\Intel 2014-06-28 10:47 - 2012-07-26 10:12 - 00000000 __RHD () C:\Users\Public\Libraries 2014-06-28 10:47 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\ELAMBKUP 2014-06-28 10:47 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\WinMetadata 2014-06-28 10:47 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\WinMetadata 2014-06-28 10:47 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\Macromed 2014-06-28 10:47 - 2012-07-26 07:38 - 00000000 ____D () C:\windows\system32\Sysprep 2014-06-28 10:46 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\registration 2014-06-28 10:44 - 2013-05-24 19:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-06-28 10:44 - 2013-05-24 17:50 - 00000000 ____D () C:\Program Files\Common Files\Intel 2014-06-28 10:44 - 2013-05-24 17:47 - 00000000 ____D () C:\ProgramData\Intel 2014-06-28 10:43 - 2013-05-24 17:50 - 00000000 ____D () C:\Program Files (x86)\Cisco 2014-06-27 21:52 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM 2014-06-25 21:21 - 2014-06-25 21:21 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\ATI 2014-06-25 21:21 - 2014-06-25 21:21 - 00000000 ____D () C:\Users\Erkut\AppData\Local\ATI 2014-06-25 21:21 - 2014-06-25 21:21 - 00000000 ____D () C:\ProgramData\ATI 2014-06-25 21:18 - 2014-06-25 17:21 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Adobe 2014-06-25 19:54 - 2013-05-24 17:46 - 00000000 ____D () C:\Intel 2014-06-25 18:39 - 2014-06-25 18:39 - 00000000 ____D () C:\ProgramData\374311380 2014-06-25 18:28 - 2014-06-25 18:28 - 00288496 _____ () C:\windows\Minidump\062514-27171-01.dmp 2014-06-25 18:28 - 2014-06-25 18:17 - 00000000 ____D () C:\windows\Minidump 2014-06-25 18:27 - 2014-06-25 18:16 - 4051723278 _____ () C:\windows\MEMORY.DMP 2014-06-25 18:16 - 2013-05-25 09:36 - 00165742 ____N () C:\windows\Minidump\062514-53515-01.dmp 2014-06-25 17:58 - 2014-06-25 17:51 - 00000000 ____D () C:\ProgramData\MAGIX 2014-06-25 17:58 - 2014-06-25 17:44 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\MAGIX 2014-06-25 17:53 - 2014-06-25 17:53 - 00001182 _____ () C:\Users\Public\Desktop\MAGIX Video deluxe 2014 Plus.lnk 2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Public\Documents\MAGIX 2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Erkut\Documents\MAGIX_MusicEditor 2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Xara 2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Magix 2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX 2014-06-25 17:52 - 2014-06-25 17:52 - 00000000 ____D () C:\Program Files (x86)\MAGIX 2014-06-25 17:51 - 2014-06-25 17:51 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0 2014-06-25 17:44 - 2014-06-25 17:44 - 02849256 _____ (MAGIX AG) C:\Users\Erkut\Downloads\videodeluxe2014plus_dlm.exe 2014-06-25 17:44 - 2014-06-25 17:39 - 00004108 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-25 17:44 - 2014-06-25 17:39 - 00003872 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-25 17:41 - 2014-06-25 17:41 - 00000000 _____ () C:\Users\Erkut\agent.log 2014-06-25 17:40 - 2014-06-25 17:40 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-06-25 17:40 - 2014-06-25 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-06-25 17:40 - 2014-06-25 17:39 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Google 2014-06-25 17:40 - 2014-06-25 17:39 - 00000000 ____D () C:\Program Files (x86)\Google 2014-06-25 17:37 - 2014-06-25 17:37 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\SupTab 2014-06-25 17:37 - 2014-06-25 17:37 - 00000000 ____D () C:\ProgramData\WindowsProtectManger 2014-06-25 17:37 - 2014-06-25 17:37 - 00000000 ____D () C:\ProgramData\IePluginServices 2014-06-25 17:37 - 2014-06-25 17:37 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-06-25 17:36 - 2014-06-25 17:36 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\sweet-page 2014-06-25 17:35 - 2014-06-25 17:36 - 00784840 _____ (Google Inc.) C:\Users\Erkut\Downloads\google-chrome.exe 2014-06-25 17:34 - 2014-06-25 17:34 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Macromedia 2014-06-25 17:33 - 2014-06-25 17:33 - 00000000 ____D () C:\Users\Erkut\AppData\Local\bitcasa 2014-06-25 17:21 - 2014-06-25 17:21 - 00000000 ____D () C:\windows\System32\Tasks\WPD 2014-06-25 17:19 - 2014-06-25 17:19 - 00001450 _____ () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-06-25 17:19 - 2014-06-25 17:19 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Samsung 2014-06-25 17:19 - 2014-06-25 17:19 - 00000000 ____D () C:\Users\Erkut\.android 2014-06-25 17:18 - 2014-06-25 17:18 - 00001202 _____ () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk 2014-06-25 17:18 - 2014-06-25 17:18 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Absolute_Software 2014-06-25 17:18 - 2014-06-25 17:18 - 00000000 _____ () C:\windows\system32\Drivers\144D_SAMSUNG_na_670Z5E_P03A.mrk 2014-06-25 17:17 - 2014-06-25 17:17 - 00000000 ____D () C:\Users\Erkut\AppData\Local\VirtualStore 2014-06-25 17:16 - 2014-06-25 17:16 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Intel 2014-06-25 17:16 - 2012-07-26 10:12 - 00000000 ___RD () C:\windows\ImmersiveControlPanel 2014-06-25 17:16 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\WinStore 2014-06-25 17:15 - 2014-06-25 17:15 - 00000020 ___SH () C:\Users\Erkut\ntuser.ini 2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Vorlagen 2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Startmenü 2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Netzwerkumgebung 2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Lokale Einstellungen 2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Eigene Dateien 2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Druckumgebung 2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Documents\Eigene Musik 2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Documents\Eigene Bilder 2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\AppData\Local\Verlauf 2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\AppData\Local\Anwendungsdaten 2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Anwendungsdaten 2014-06-13 13:36 - 2014-06-25 18:43 - 00061112 _____ (StdLib) C:\windows\system32\Drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64.sys 2014-06-11 18:55 - 2014-06-11 18:55 - 04446152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc110u.dll 2014-06-11 18:55 - 2014-06-11 18:55 - 04411848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc110.dll 2014-06-11 18:55 - 2014-06-11 18:55 - 00082888 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcm110u.dll 2014-06-11 18:55 - 2014-06-11 18:55 - 00082888 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcm110.dll 2014-06-01 17:17 - 2014-06-28 12:37 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe Files to move or delete: ==================== C:\ProgramData\MakeMarkerFile.exe C:\Users\EasySurvey\EasySurvey.exe Some content of TEMP: ==================== C:\Users\Erkut\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1g9u1p.dll C:\Users\Erkut\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2012-08-05 23:07 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2014 02 Ran by Erkut at 2014-06-29 10:52:10 Running from C:\Users\Erkut\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.2.0.26 - Absolute Software) Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated) Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated) AMD Accelerated Video Transcoding (Version: 12.5.100.21127 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{77A7CE43-5A1E-8282-931B-E0CC4C075793}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.) avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software) Bitcasa version 0.9.20.4135 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4135 - Bitcasa Inc.) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center (x32 Version: 2012.1127.15.314 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.1127.15.314 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.1127.15.314 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Profiles Mobile (x32 Version: 2012.1127.15.314 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.1127.15.314 - Advanced Micro Devices, Inc.) Hidden CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.) CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.) Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.) Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.) ETDWare X64 11.7.10.4_WHQL (HKLM\...\Elantech) (Version: 11.7.10.4 - ELAN Microelectronic Corp.) Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.) Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36843 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation) Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.6.1.0536 - Intel Corporation) Hidden Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation) Intel(R) PROSet/Wireless WiFi Software Driver (Version: 15.06.1000.0199 - Intel Corporation) Hidden Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{87d45b7e-19da-4dd5-9214-5e0d587c312f}) (Version: 15.6.1 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (Version: 15.06.1000.0142 - Intel Corporation) Hidden Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden IntelliMemory (HKLM\...\{40320F22-7D70-49DB-9D66-B6FAE5F36B47}) (Version: 1.0.32.0 - Condusiv Technologies) MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{49209082-E4F9-410D-B74D-E6506977F30B}) (Version: 7.0.2.6 - MAGIX AG) MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden MAGIX Video deluxe 2014 Plus (HKLM-x32\...\MX.{85061988-E889-4A37-9CB7-4F695AC35544}) (Version: 13.0.2.8 - MAGIX AG) MAGIX Video deluxe 2014 Plus (Version: 13.0.2.8 - MAGIX AG) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) NetCrawl (HKLM\...\NetCrawl) (Version: 2014.06.24.214734 - NetCrawl) OEM Application Profile (HKLM-x32\...\{EE55B368-EBDF-98F3-CFE7-7CE4ADBC4553}) (Version: 1.00.0004 - Advanced Micro Devices, Inc.) Phone Screen Sharing (HKLM-x32\...\{DF02C515-40B5-45AC-A601-5DC69D03885C}) (Version: 2.0.0.21 - RSUPPORT) Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.9.1212.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6818 - Realtek Semiconductor Corp.) Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39036 - Realtek Semiconductor Corp.) Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.7 - Samsung Electronics CO., LTD.) S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.) Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.) SideSync (HKLM-x32\...\{59687468-8CE9-4ABF-9C6A-5C31F0E09F8B}) (Version: 2.0.0 - Samsung Electronics CO., LTD.) SRS Premium Sound (HKLM-x32\...\{E44F8A34-529E-4318-A0E1-1893C337A47F}) (Version: 1.00.2600 - DTS, Inc.) Support Center (HKLM\...\{AB0DEFBB-1A16-47B5-86D2-39F0A2B24AE4}) (Version: 2.1.1210 - Samsung Electronics CO., LTD.) Support Center FAQ (x32 Version: 1.0.14 - Samsung Electronics CO., LTD.) Hidden SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.) sweet-page uninstall (HKLM-x32\...\sweet-page uninstall) (Version: - sweet-page) <==== ATTENTION User Guide (HKLM-x32\...\{C7343D0D-E05B-4561-AAF1-8EDF0FEA1EAE}) (Version: 1.2.00 - Samsung Electronics CO., LTD.) Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden WindowsProtectManger20.0.0.401 (HKLM-x32\...\WindowsProtectManger) (Version: 20.0.0.401 - Fuyu LIMITED) <==== ATTENTION ==================== Restore Points ========================= 25-06-2014 17:55:23 Intel® PROSet/Wireless Software 28-06-2014 08:40:25 Wiederherstellungsvorgang ==================== Hosts content: ========================== 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {03A70337-00BA-4B18-8888-7FB3BF4444E4} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-13] (Intel Corporation) Task: {072A0C1E-9D0B-4A5A-8E94-89BE06D1F513} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-06-01] (Microsoft Corporation) Task: {129BFEBC-FC51-47FA-A67D-FB068A7B2B57} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2014-01-29] (Samsung Electronics CO., LTD.) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {40254841-9AA3-442B-934D-BE1BCD6A39ED} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-13] (Intel Corporation) Task: {43D4FDAA-4606-4A46-831F-DEC7419338C5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\WSCStub.exe Task: {779A1234-9901-4668-827A-4CB7A6C4D817} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-04-30] (SEC) Task: {7CACB453-74E4-4097-B0A4-21624104B2C3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-28] (AVAST Software) Task: {9D8A24F5-BE19-44C2-B301-82191EB33F73} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\SymErr.exe Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\windows\system32\dism.exe [2012-07-26] (Microsoft Corporation) Task: {B591987F-6924-4519-B933-58E7291EC981} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\SymErr.exe Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {DD4AC9A6-1819-47F1-89EE-F6EC68EEEDC0} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-03-19] (Samsung Electronics CO., LTD.) Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {EE6722B4-1A9B-4008-9EBB-90351FB18C81} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-25] (Google Inc.) Task: {F4FED40C-6C6C-4101-8A4E-2E19DFE6446D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-25] (Google Inc.) Task: {F8E9F306-F34A-402E-A5B7-FB560F72E779} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-01-29 13:20 - 2014-01-29 13:20 - 00084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe 2013-02-05 06:50 - 2013-01-16 05:27 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-03-19 11:41 - 2014-03-19 11:41 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll 2014-06-24 23:47 - 2014-06-29 09:21 - 00318752 _____ () C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe 2014-06-25 18:42 - 2014-06-29 09:24 - 00318752 _____ () C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe 2014-06-29 09:24 - 2014-06-27 18:14 - 00287008 _____ () C:\Program Files (x86)\NetCrawl\bin\NetCrawl.PurBrowse64.exe 2014-06-29 09:24 - 2014-06-29 07:16 - 00096544 _____ () C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe 2014-01-29 13:20 - 2014-01-29 13:20 - 00027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 01141056 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 00059712 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 00102720 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll 2013-05-24 17:47 - 2013-01-14 20:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2014-06-28 18:04 - 2014-06-28 18:04 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-06-28 18:04 - 2014-06-28 18:04 - 02787840 _____ () C:\Program Files\AVAST Software\Avast\defs\14062601\algo.dll 2014-06-28 18:07 - 2014-06-28 18:07 - 02789376 _____ () C:\Program Files\AVAST Software\Avast\defs\14062800\algo.dll 2014-06-28 18:04 - 2014-06-28 18:04 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-06-28 18:10 - 2014-06-28 18:10 - 00041984 _____ () c:\users\erkut\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1g9u1p.dll 2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Erkut\AppData\Roaming\Dropbox\bin\libcef.dll 2014-06-29 09:24 - 2014-06-29 07:16 - 00183584 _____ () C:\Program Files (x86)\NetCrawl\bin\NetCrawlBAApp.dll 2014-06-25 17:40 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll 2014-06-25 17:40 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll 2014-06-25 17:40 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll 2014-06-25 17:40 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll 2014-06-25 17:40 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll 2014-06-25 17:40 - 2014-06-05 15:58 - 14612296 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/29/2014 10:01:45 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1ae8 Startzeit: 01cf9308544abc1c Endzeit: 4294967295 Anwendungspfad: C:\windows\system32\wwahost.exe Berichts-ID: 8d1488d4-ff63-11e3-be7d-c4d987011e08 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.WindowsLive.Mail Error: (06/29/2014 10:01:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: KURTIS-LAPTOP) Description: Das Paket „microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe“ wurde beendet, da das Anhalten zu lange dauerte. Error: (06/28/2014 10:03:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (06/28/2014 00:47:28 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: Fehler beim Laden des Protokollhandlers Mapi15. Fehlerbeschreibung: (HRESULT : 0x80004005). Error: (06/28/2014 00:34:00 PM) (Source: Microsoft Office 15) (EventID: 2000) (User: ) Description: Microsoft OutlookOutlook konnte beim letzten Mal nicht gestartet werden. Der abgesicherte Modus kann Ihnen bei der Problembehandlung behilflich sein. Einige Features sind aber in diesem Modus möglicherweise nicht verfügbar. Möchten Sie im abgesicherten Modus starten? Error: (06/28/2014 00:29:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 15.0.4623.1000, Zeitstempel: 0x53728c66 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420, Zeitstempel: 0x505ab405 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000ea485 ID des fehlerhaften Prozesses: 0x1ae0 Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0 Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1 Pfad des fehlerhaften Moduls: OUTLOOK.EXE2 Berichtskennung: OUTLOOK.EXE3 Vollständiger Name des fehlerhaften Pakets: OUTLOOK.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: OUTLOOK.EXE5 Error: (06/28/2014 00:08:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KURTIS-LAPTOP) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (06/28/2014 00:08:04 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm LiveComm.exe, Version 16.4.4396.1016 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 106c Startzeit: 01cf92b250b8f7cf Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 14ade344-feac-11e3-be7a-c4d987011e08 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.WindowsLive.Mail Error: (06/28/2014 11:00:00 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (1764) SRUJet: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\windows\system32\SRU\SRU0004D.log. Error: (06/28/2014 10:59:44 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: FIRSTRUN.EXE, Version: 15.0.4454.1000, Zeitstempel: 0x509a3a3b Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0x139c Startzeit der fehlerhaften Anwendung: 0xFIRSTRUN.EXE0 Pfad der fehlerhaften Anwendung: FIRSTRUN.EXE1 Pfad des fehlerhaften Moduls: FIRSTRUN.EXE2 Berichtskennung: FIRSTRUN.EXE3 Vollständiger Name des fehlerhaften Pakets: FIRSTRUN.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FIRSTRUN.EXE5 System errors: ============= Error: (06/29/2014 10:00:49 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10. Error: (06/29/2014 09:37:44 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10. Error: (06/29/2014 09:31:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert. Error: (06/29/2014 09:28:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (06/29/2014 09:28:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (06/28/2014 09:37:03 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10. Error: (06/28/2014 06:08:28 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10. Error: (06/28/2014 06:05:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "avast! EmHWID" wurde aufgrund folgenden Fehlers nicht gestartet: %%127 Error: (06/28/2014 05:35:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Norton Internet Security" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (06/28/2014 01:08:42 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Der Dienst "NPEService" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Microsoft Office Sessions: ========================= Error: (06/29/2014 10:01:45 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: wwahost.exe6.2.9200.164201ae801cf9308544abc1c4294967295C:\windows\system32\wwahost.exe8d1488d4-ff63-11e3-be7d-c4d987011e08microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail Error: (06/29/2014 10:01:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: KURTIS-LAPTOP) Description: microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe Error: (06/28/2014 10:03:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (06/28/2014 00:47:28 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: Mapi15(HRESULT : 0x80004005) Error: (06/28/2014 00:34:00 PM) (Source: Microsoft Office 15) (EventID: 2000) (User: ) Description: Microsoft OutlookOutlook konnte beim letzten Mal nicht gestartet werden. Der abgesicherte Modus kann Ihnen bei der Problembehandlung behilflich sein. Einige Features sind aber in diesem Modus möglicherweise nicht verfügbar. Möchten Sie im abgesicherten Modus starten? Error: (06/28/2014 00:29:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: OUTLOOK.EXE15.0.4623.100053728c66ntdll.dll6.2.9200.16420505ab405c000037400000000000ea4851ae001cf92bbcbab8050C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXEC:\windows\SYSTEM32\ntdll.dll0e044da4-feaf-11e3-be7a-c4d987011e08 Error: (06/28/2014 00:08:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KURTIS-LAPTOP) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927142 Error: (06/28/2014 00:08:04 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: LiveComm.exe16.4.4396.1016106c01cf92b250b8f7cf4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe14ade344-feac-11e3-be7a-c4d987011e08microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail Error: (06/28/2014 11:00:00 AM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost1764SRUJet: C:\windows\system32\SRU\SRU0004D.log-1811 (0xfffff8ed) Error: (06/28/2014 10:59:44 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: FIRSTRUN.EXE15.0.4454.1000509a3a3bMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd139c01cf92af4da4429aC:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXEC:\windows\SYSTEM32\MSVCR100.dll8bbcb021-fea2-11e3-be78-c4d987011e08 ==================== Memory info =========================== Percentage of memory in use: 53% Total physical RAM: 8076.76 MB Available physical RAM: 3722.08 MB Total Pagefile: 16268.77 MB Available Pagefile: 11422.55 MB Total Virtual: 8192 MB Available Virtual: 8191.78 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:906.82 GB) (Free:839.13 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 68918664) Partition: GPT Partition Type. ==================== End Of Log ============================ |
29.06.2014, 10:19 | #2 | |
/// TB-Ausbilder | Optimizer Pro und Spyhunter unter Windows 8Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags: So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Zitat:
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen. Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3 Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann. Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
29.06.2014, 12:16 | #3 |
| Optimizer Pro und Spyhunter unter Windows 8 Hallo Matthias,
__________________vielen Dank für Deine Unterstützung. Ich habe den AdwCleaner auf mein Deskop heruntergeladen und gestartet, jedoch bewegt sich leider nichts und es öffnet sich kein Installationsprogramm oder die Nutzungsbestimmung hierzu. Weißt Du evt. Rat ? Gruß Kurti |
29.06.2014, 12:33 | #4 |
/// TB-Ausbilder | Optimizer Pro und Spyhunter unter Windows 8 Servus, bekommst du eine Fehlermeldung oder Ähnliches? Benenne die adwcleaner.exe in der-kurti.exe um und versuche erneut das Tool zu starten. Wenn das auch nicht hilft: Starte deinen Rechner nach dieser Anleitung und führe das Tool im abgesicherten Modus aus. |
29.06.2014, 15:48 | #5 |
| Optimizer Pro und Spyhunter unter Windows 8 Hallo, ich habe keinerlei Fehlermeldung erhalten, nur beim ersten Start, dass es möglicherweise mein PC schaden kann wenn ich das Programm ausführe und die Frage ob ich es dennoch starten will. Ich bejahte aber es rührte sich gar nichts mehr. Auch weitere Doppelklick Aktionen führten zu nichts. Dann habe ich ein Neustart gemacht und seitdem arbeitet mein Laptop, weil es 54 Updates installiert und bin erst bei update Nummer 35. Danach werde ich weiter deinen Anweisungen nachgehen können, kann aber locker noch eine Stunde dauern. Hallo, leider hat das Programm auch im abgesichertem Modus nicht gestartet. Sowohl mit doppelklick als auch mit rechter Maustaste und Programm öffnen, rührt sich leider gar nichts. :-( Ich habe die Datei auch auf der-kurti.exe abgeändert gehabt, jedoch ohne Erfolg. Kann es sein dass es nicht für Windows 8 gestartet werden kann ? Gruß Kurti |
30.06.2014, 15:28 | #6 |
/// TB-Ausbilder | Optimizer Pro und Spyhunter unter Windows 8 AdwCleaner funktiniert einwandfrei unter Windows 8, also mir sind keine Probleme bekannt. Ok, dann machen wir es anders: Führe zunächst MBAM und Zoek aus, dann erst AdwCleaner. Zum Schluss FRST wie beschrieben als Kontrolle. |
30.06.2014, 17:03 | #7 |
| Optimizer Pro und Spyhunter unter Windows 8 Hallo, beide Programme habe ich runtergeladen und beim MBAM bekomme ich die Fehlermeldung: The setup files are corrupted. Please obtain a new copy of the programm Beim ausführen von Zoek erhalte ich die Meldung: Diese App kann auf dem PC nicht ausgeführt werden, Wenden Sie sich an den Softwareherausgeber, um eine geeignete Version für Ihren PC zu finden. :-( schaut ja schlimmer aus als ich befürchtet habe. |
30.06.2014, 18:10 | #8 |
/// TB-Ausbilder | Optimizer Pro und Spyhunter unter Windows 8 Servus, klappt das hier? Scan mit Combofix
|
30.06.2014, 18:37 | #9 |
| Optimizer Pro und Spyhunter unter Windows 8 Hallo, das hat nun geklappt. Anbei die Datei. P.S. Werde jetzt offline sein, wegen dem Deutschland Spiel Code:
ATTFilter ComboFix 14-06-30.01 - Erkut 30.06.2014 19:25:25.1.4 - x64 Microsoft Windows 8 6.2.9200.0.1252.49.1031.18.8077.5920 [GMT 2:00] ausgeführt von:: c:\users\Erkut\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\374311380 c:\programdata\374311380\BITAC01.tmp c:\programdata\Roaming c:\users\Erkut\AppData\Local\Microsoft\Windows\Temporary Internet Files\MxUpdate.exe c:\users\Erkut\AppData\Local\Microsoft\Windows\Temporary Internet Files\NetCrawl_iels C:\windowsNIRMALA.tt2 C:\windowsNIRMALAB.tt2 . . ((((((((((((((((((((((( Dateien erstellt von 2014-05-28 bis 2014-06-30 )))))))))))))))))))))))))))))) . . 2014-06-30 17:34 . 2014-06-30 17:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-06-30 16:28 . 2014-05-31 05:16 703992 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-06-30 16:28 . 2014-05-31 05:16 105464 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-06-29 18:31 . 2014-04-03 11:22 2233176 ----a-w- c:\windows\system32\drivers\tcpip.sys 2014-06-29 18:31 . 2014-02-05 23:41 595968 ----a-w- c:\windows\system32\qedit.dll 2014-06-29 18:31 . 2014-02-05 23:37 496640 ----a-w- c:\windows\SysWow64\qedit.dll 2014-06-29 15:36 . 2013-09-04 03:11 576512 ----a-w- c:\windows\system32\drivers\afd.sys 2014-06-29 14:10 . 2013-04-02 23:12 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2014-06-29 14:10 . 2013-04-02 23:37 25088 ----a-w- c:\windows\SysWow64\cryptdlg.dll 2014-06-29 14:07 . 2014-06-29 14:07 283312 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10242.bin 2014-06-29 12:28 . 2014-01-27 03:39 1939288 ----a-w- c:\windows\system32\drivers\ntfs.sys 2014-06-29 12:28 . 2014-01-11 06:48 5979648 ----a-w- c:\windows\system32\mstscax.dll 2014-06-29 12:28 . 2014-01-11 05:06 5092352 ----a-w- c:\windows\SysWow64\mstscax.dll 2014-06-29 12:28 . 2014-01-02 23:32 523264 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2014-06-29 12:28 . 2014-02-03 23:56 332632 ----a-w- c:\windows\system32\drivers\storport.sys 2014-06-29 12:28 . 2014-02-03 23:56 278872 ----a-w- c:\windows\system32\drivers\msiscsi.sys 2014-06-29 12:28 . 2014-01-31 00:48 485888 ----a-w- c:\windows\SysWow64\WSDApi.dll 2014-06-29 12:28 . 2014-01-31 00:06 599040 ----a-w- c:\windows\system32\WSDApi.dll 2014-06-29 12:28 . 2014-01-15 23:42 118784 ----a-w- c:\windows\system32\drivers\dfsc.sys 2014-06-29 12:28 . 2014-01-02 23:35 365568 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2014-06-29 12:18 . 2014-04-03 11:19 328024 ----a-w- c:\windows\system32\drivers\Classpnp.sys 2014-06-29 12:18 . 2014-04-03 03:44 619008 ----a-w- c:\windows\system32\drivers\srv2.sys 2014-06-29 12:18 . 2014-03-24 23:42 305152 ----a-w- c:\windows\SysWow64\wusa.exe 2014-06-29 12:18 . 2014-03-24 22:56 309760 ----a-w- c:\windows\system32\wusa.exe 2014-06-29 11:55 . 2013-07-24 23:07 13661696 ----a-w- c:\windows\system32\Windows.UI.Xaml.dll 2014-06-29 11:55 . 2013-07-24 23:10 10799104 ----a-w- c:\windows\SysWow64\Windows.UI.Xaml.dll 2014-06-29 11:55 . 2013-08-30 05:20 1173504 ----a-w- c:\windows\system32\UIAutomationCore.dll 2014-06-29 11:55 . 2013-08-29 23:48 914432 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll 2014-06-29 11:55 . 2013-09-13 22:33 328192 ----a-w- c:\windows\system32\ubpm.dll 2014-06-29 11:55 . 2013-08-21 06:39 465240 ----a-w- c:\windows\system32\drivers\fvevol.sys 2014-06-29 11:55 . 2013-08-10 06:30 151896 ----a-w- c:\windows\system32\drivers\tpm.sys 2014-06-29 11:55 . 2013-09-13 22:36 247296 ----a-w- c:\windows\SysWow64\ubpm.dll 2014-06-29 11:55 . 2013-08-30 05:43 61784 ----a-w- c:\windows\system32\drivers\crashdmp.sys 2014-06-29 11:32 . 2013-10-31 05:56 915968 ----a-w- c:\windows\system32\MPSSVC.dll 2014-06-29 11:32 . 2013-10-31 05:56 758784 ----a-w- c:\windows\system32\FirewallAPI.dll 2014-06-29 11:32 . 2013-10-31 04:01 550400 ----a-w- c:\windows\SysWow64\FirewallAPI.dll 2014-06-29 11:32 . 2013-10-13 20:49 100696 ----a-w- c:\windows\system32\drivers\disk.sys 2014-06-29 11:32 . 2013-08-27 05:21 227840 ----a-w- c:\windows\system32\WebClnt.dll 2014-06-29 11:32 . 2013-08-26 22:29 199168 ----a-w- c:\windows\SysWow64\WebClnt.dll 2014-06-29 11:32 . 2013-10-31 03:42 74752 ----a-w- c:\windows\system32\drivers\mpsdrv.sys 2014-06-29 11:32 . 2013-08-27 05:19 104448 ----a-w- c:\windows\system32\davclnt.dll 2014-06-29 11:32 . 2013-08-26 22:28 86016 ----a-w- c:\windows\SysWow64\davclnt.dll 2014-06-29 11:09 . 2014-03-01 09:47 1258496 ----a-w- c:\windows\system32\kernel32.dll 2014-06-29 11:09 . 2014-03-01 09:47 1120768 ----a-w- c:\windows\system32\gpedit.dll 2014-06-29 11:09 . 2014-02-26 23:18 370688 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2014-06-29 11:09 . 2014-02-26 23:18 215040 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2014-06-29 11:09 . 2014-03-01 08:07 1075200 ----a-w- c:\windows\SysWow64\gpedit.dll 2014-06-29 11:09 . 2014-02-26 23:18 247808 ----a-w- c:\windows\system32\drivers\srvnet.sys 2014-06-29 11:09 . 2013-11-25 23:17 83968 ----a-w- c:\windows\system32\drivers\hidclass.sys 2014-06-29 11:09 . 2014-02-15 04:15 78336 ----a-w- c:\windows\system32\drivers\IPMIDrv.sys 2014-06-29 08:50 . 2014-06-29 08:53 -------- d-----w- C:\FRST 2014-06-29 08:31 . 2014-01-31 00:06 1628160 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-06-29 08:31 . 2014-01-31 00:48 1339392 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2014-06-29 07:26 . 2014-06-29 07:26 -------- d-----w- c:\program files (x86)\Microsoft Office 15 2014-06-29 07:20 . 2013-09-28 03:35 288768 ----a-w- c:\windows\system32\drivers\portcls.sys 2014-06-28 19:45 . 2014-06-28 19:45 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2014-06-28 19:36 . 2013-08-07 05:15 144896 ----a-w- c:\windows\system32\tssdisai.dll 2014-06-28 19:36 . 2012-11-10 04:22 122880 ----a-w- c:\windows\system32\VmHostAI.dll 2014-06-28 19:36 . 2012-11-10 04:22 126976 ----a-w- c:\windows\system32\RDWebAI.dll 2014-06-28 19:36 . 2012-11-10 04:20 135680 ----a-w- c:\windows\system32\appserverai.dll 2014-06-28 19:36 . 2012-11-10 04:23 132608 ----a-w- c:\windows\SysWow64\poqexec.exe 2014-06-28 19:36 . 2012-11-10 04:23 148480 ----a-w- c:\windows\system32\poqexec.exe 2014-06-28 19:24 . 2013-05-23 22:25 694272 ----a-w- c:\windows\SysWow64\rpcrt4.dll 2014-06-28 19:24 . 2013-07-06 00:15 652288 ----a-w- c:\windows\system32\comctl32.dll 2014-06-28 19:24 . 2013-07-04 02:13 541696 ----a-w- c:\windows\SysWow64\comctl32.dll 2014-06-28 19:23 . 2013-04-11 22:30 1421312 ----a-w- c:\windows\SysWow64\DWrite.dll 2014-06-28 19:23 . 2013-04-11 22:22 1838080 ----a-w- c:\windows\system32\DWrite.dll 2014-06-28 19:17 . 2013-04-10 22:35 1617920 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2014-06-28 19:17 . 2013-04-10 22:35 2035200 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll 2014-06-28 19:17 . 2013-04-10 22:35 1272320 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2014-06-28 19:17 . 2013-04-11 04:12 1029632 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Ink\journal.dll 2014-06-28 19:17 . 2013-04-11 04:12 1413632 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll 2014-06-28 19:17 . 2013-04-10 22:35 1318912 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2014-06-28 19:17 . 2013-04-10 22:35 1306112 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2014-06-28 19:17 . 2014-05-03 05:47 3246592 ----a-w- c:\windows\system32\rdpcorets.dll 2014-06-28 19:17 . 2014-05-03 03:34 235520 ----a-w- c:\windows\system32\rdpudd.dll 2014-06-28 19:16 . 2013-10-19 05:45 62976 ----a-w- c:\windows\system32\imagehlp.dll 2014-06-28 19:16 . 2013-10-19 04:04 59392 ----a-w- c:\windows\SysWow64\imagehlp.dll 2014-06-28 19:16 . 2013-05-04 06:59 2842112 ----a-w- c:\windows\system32\WMVDECOD.DLL 2014-06-28 19:16 . 2013-05-04 04:57 2620928 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL 2014-06-28 19:16 . 2013-07-01 22:14 25600 ----a-w- c:\windows\system32\drivers\usbprint.sys 2014-06-28 19:16 . 2013-06-29 03:08 32768 ----a-w- c:\windows\system32\drivers\hidparse.sys 2014-06-28 19:16 . 2014-01-12 23:30 2238976 ----a-w- c:\windows\system32\d3d10warp.dll 2014-06-28 19:16 . 2013-11-20 00:15 3842560 ----a-w- c:\windows\system32\d2d1.dll 2014-06-28 19:16 . 2013-11-19 23:57 3288576 ----a-w- c:\windows\SysWow64\d2d1.dll 2014-06-28 19:16 . 2014-01-12 23:30 2032640 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2014-06-28 19:16 . 2013-07-19 22:13 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-06-28 19:16 . 2013-07-19 22:13 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll 2014-06-28 16:23 . 2014-05-24 01:25 61440 ----a-w- c:\windows\SysWow64\iesetup.dll 2014-06-28 16:23 . 2014-05-24 02:46 39936 ----a-w- c:\windows\system32\iernonce.dll 2014-06-28 16:23 . 2014-05-24 02:10 770736 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe 2014-06-28 16:23 . 2014-05-24 01:25 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll 2014-06-28 16:23 . 2014-05-24 01:09 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2014-06-28 16:21 . 2013-04-23 23:13 1013248 ----a-w- c:\windows\SysWow64\certutil.exe 2014-06-28 16:21 . 2013-04-23 23:12 109056 ----a-w- c:\windows\SysWow64\cryptnet.dll 2014-06-28 16:21 . 2013-04-23 22:56 1255936 ----a-w- c:\windows\system32\certutil.exe 2014-06-28 16:21 . 2013-04-23 22:55 141312 ----a-w- c:\windows\system32\cryptnet.dll 2014-06-28 16:21 . 2013-05-15 02:25 888320 ----a-w- c:\windows\system32\autochk.exe 2014-06-28 16:21 . 2013-05-15 02:25 542208 ----a-w- c:\windows\system32\untfs.dll 2014-06-28 16:21 . 2013-05-15 02:24 793088 ----a-w- c:\windows\SysWow64\autochk.exe 2014-06-28 16:21 . 2013-05-15 02:24 482816 ----a-w- c:\windows\SysWow64\untfs.dll 2014-06-28 16:20 . 2014-02-08 04:34 4036608 ----a-w- c:\windows\system32\win32k.sys 2014-06-28 16:19 . 2013-03-02 08:23 100864 ----a-w- c:\windows\SysWow64\SettingSyncInfo.dll 2014-06-28 16:19 . 2013-03-02 08:22 357888 ----a-w- c:\windows\SysWow64\netcfgx.dll 2014-06-28 16:19 . 2013-03-02 08:21 550912 ----a-w- c:\windows\SysWow64\drvstore.dll 2014-06-28 16:19 . 2013-03-02 08:21 145408 ----a-w- c:\windows\SysWow64\powercfg.cpl 2014-06-28 16:19 . 2013-03-02 08:24 4298240 ----a-w- c:\program files (x86)\Windows NT\Accessories\wordpad.exe 2014-06-28 16:19 . 2013-03-02 08:23 195072 ----a-w- c:\program files (x86)\Windows NT\Accessories\WordpadFilter.dll 2014-06-28 16:19 . 2013-03-02 08:23 893952 ----a-w- c:\windows\SysWow64\winmde.dll 2014-06-28 16:19 . 2013-03-02 08:23 504320 ----a-w- c:\windows\SysWow64\Windows.Security.Authentication.OnlineId.dll 2014-06-28 16:19 . 2013-03-02 08:23 601088 ----a-w- c:\windows\SysWow64\Windows.Globalization.dll 2014-06-28 16:19 . 2013-03-02 08:21 36352 ----a-w- c:\windows\SysWow64\DevDispItemProvider.dll 2014-06-28 16:17 . 2013-03-02 02:45 180224 ----a-w- c:\windows\system32\SystemEventsBrokerServer.dll 2014-06-28 16:16 . 2014-03-28 08:23 19759104 ----a-w- c:\windows\system32\shell32.dll 2014-06-28 16:15 . 2013-08-15 22:43 83968 ----a-w- c:\windows\SysWow64\OEMLicense.dll 2014-06-28 16:15 . 2013-08-15 22:43 167424 ----a-w- c:\windows\SysWow64\WSClient.dll 2014-06-28 16:15 . 2013-08-15 22:42 76800 ----a-w- c:\windows\SysWow64\setupcln.dll 2014-06-28 16:15 . 2013-08-15 22:42 91648 ----a-w- c:\windows\SysWow64\sppc.dll 2014-06-28 16:15 . 2013-08-15 22:43 159232 ----a-w- c:\windows\SysWow64\WSSync.dll 2014-06-28 16:15 . 2013-08-15 22:43 20992 ----a-w- c:\windows\SysWow64\wups.dll 2014-06-28 16:13 . 2013-07-13 04:24 261120 ----a-w- c:\windows\SysWow64\wintrust.dll 2014-06-28 16:13 . 2013-07-13 04:23 87040 ----a-w- c:\windows\SysWow64\apprepapi.dll 2014-06-28 16:13 . 2013-07-13 04:23 74240 ----a-w- c:\windows\SysWow64\apprepsync.dll 2014-06-28 16:12 . 2013-07-13 06:18 337408 ----a-w- c:\windows\system32\wintrust.dll 2014-06-28 16:12 . 2013-07-13 06:16 68096 ----a-w- c:\windows\system32\cryptsvc.dll . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-06-25 15:15 . 2012-07-26 08:13 23264 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] 2014-06-19 09:40 513648 ----a-w- c:\program files (x86)\SupTab\SupTab.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{769a91da-209f-47fe-88b9-b0321b0982c8}] 2014-06-24 21:47 249632 ----a-w- c:\program files (x86)\NetCrawl\NetCrawlBHO.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay] @="{450D6ECA-9163-44AC-A5E5-3FE207A086D6}" [HKEY_CLASSES_ROOT\CLSID\{450D6ECA-9163-44AC-A5E5-3FE207A086D6}] 2012-08-06 03:41 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Erkut\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Erkut\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Erkut\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}" [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}] 2012-08-06 03:41 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_20F6763770B7EAAD43619F195218A3DA"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-06-05 860488] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-26 642216] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-03-07 310640] "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-08-15 97392] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-28 4086432] . c:\users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Erkut\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "PromptOnSecureDesktop"= 0 (0x0) "ConsentPromptBehaviorAdmin"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "EnableCursorSuppression"= 1 (0x1) "ConsentPromptBehaviorUser"= 3 (0x3) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] R2 IePluginServices;IePlugin Services;c:\programdata\IePluginServices\PluginService.exe;c:\programdata\IePluginServices\PluginService.exe [x] R2 SWUpdateService;SW Update Service;c:\programdata\Samsung\SW Update Service\SWMAgent.exe;c:\programdata\Samsung\SW Update Service\SWMAgent.exe [x] R2 Update NetCrawl;Update NetCrawl;c:\program files (x86)\NetCrawl\updateNetCrawl.exe;c:\program files (x86)\NetCrawl\updateNetCrawl.exe [x] R2 WindowsProtectManger;WindowsProtectManger Service;c:\programdata\WindowsProtectManger\wprotectmanager.exe;c:\programdata\WindowsProtectManger\wprotectmanager.exe [x] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x] R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R3 SBIOSIO;SBIOSIO;c:\users\Erkut\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys;c:\users\Erkut\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [x] S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x] S0 intmsd;IntelliMemory Storage Filter Driver;c:\windows\system32\DRIVERS\intmsd.sys;c:\windows\SYSNATIVE\DRIVERS\intmsd.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 {57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64;{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64;c:\windows\system32\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64.sys;c:\windows\SYSNATIVE\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64.sys [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x] S1 intmfs;IntelliMemory File System Filter Driver;c:\windows\system32\DRIVERS\intmfs.sys;c:\windows\SYSNATIVE\DRIVERS\intmfs.sys [x] S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x] S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x] S2 Easy Launcher;Easy Launcher;c:\program files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe;c:\program files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [x] S2 ETDService;Elan Service;c:\program files\Elantech\ETDService.exe;c:\program files\Elantech\ETDService.exe [x] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x] S2 IntelliMemory;IntelliMemory;c:\program files\Condusiv Technologies\IntelliMemory\IntelliMem.exe;c:\program files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 Util NetCrawl;Util NetCrawl;c:\program files (x86)\NetCrawl\bin\utilNetCrawl.exe;c:\program files (x86)\NetCrawl\bin\utilNetCrawl.exe [x] S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\System32\drivers\AMPPAL.sys;c:\windows\SYSNATIVE\drivers\AMPPAL.sys [x] S3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x] S3 ETD;Samsung PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 ETDSMBus;ETDSMBus;c:\windows\system32\DRIVERS\ETDSMBus.sys;c:\windows\SYSNATIVE\DRIVERS\ETDSMBus.sys [x] S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x] S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iwdbus;IWD Bus Enumerator;c:\windows\System32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x] S3 NETwNe64;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 8 64-Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x] S3 RadioHIDMini;Radio HID Mini-driver;c:\windows\System32\drivers\RadioHIDMini.sys;c:\windows\SYSNATIVE\drivers\RadioHIDMini.sys [x] S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x] S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x] S3 usb3Hub;USB-IF USB 3.0 Hub;c:\windows\System32\drivers\usb3Hub.sys;c:\windows\SYSNATIVE\drivers\usb3Hub.sys [x] S3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\System32\drivers\XHCIPort.sys;c:\windows\SYSNATIVE\drivers\XHCIPort.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-06-25 15:40 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2014-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-25 15:39] . 2014-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-25 15:39] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-06-28 16:04 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay] @="{450D6ECA-9163-44AC-A5E5-3FE207A086D6}" [HKEY_CLASSES_ROOT\CLSID\{450D6ECA-9163-44AC-A5E5-3FE207A086D6}] 2012-08-06 03:42 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BitcasaIconOverlay] @="{A6975448-A999-49BB-B3E4-7730CF6A82C0}" [HKEY_CLASSES_ROOT\CLSID\{A6975448-A999-49BB-B3E4-7730CF6A82C0}] 2012-12-27 07:58 570880 ----a-w- c:\program files\Bitcasa\ExplorerMenu.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BitcasaProgressOverlay] @="{6FB8D52A-0064-45B2-B687-F596FEAD09C2}" [HKEY_CLASSES_ROOT\CLSID\{6FB8D52A-0064-45B2-B687-F596FEAD09C2}] 2012-12-27 07:58 570880 ----a-w- c:\program files\Bitcasa\ExplorerMenu.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Erkut\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Erkut\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Erkut\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Erkut\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}" [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}] 2012-08-06 03:42 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-12-12 13263072] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-01-04 1260256] "RtHDVBg_SRSSA"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-01-04 1260256] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-01-25 172016] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-25 399856] "Persistence"="c:\windows\system32\igfxpers.exe" [2013-01-25 442352] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2012-09-30 11582848] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608] "Bitcasa"="c:\program files\Bitcasa\Bitcasa.exe" [2012-12-27 4365824] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.sweet-page.com/?type=hp&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656 mDefault_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656&q={searchTerms} mDefault_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656 mStart Page = hxxp://www.sweet-page.com/?type=hp&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656 mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656&q={searchTerms} IE: An Bluetooth senden - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm TCP: DhcpNameServer = 192.168.178.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) @SACL=(02 0000) . Zeit der Fertigstellung: 2014-06-30 19:36:36 ComboFix-quarantined-files.txt 2014-06-30 17:36 . Vor Suchlauf: 10 Verzeichnis(se), 890.331.209.728 Bytes frei Nach Suchlauf: 13 Verzeichnis(se), 890.277.265.408 Bytes frei . - - End Of File - - B36C9FBB422C48C7ED27E4F02D44ABD2 5FB38429D5D77768867C76DCBDB35194 |
01.07.2014, 16:20 | #10 |
/// TB-Ausbilder | Optimizer Pro und Spyhunter unter Windows 8 Servus, bitte erst Rkill ausführen, dann nochmal AdwCleaner, MBAM und Zoek versuchen. Rechner nach Rkill nicht neu starten! Suchlauf mit rKill Bitte lade dir rKill von Grinler auf deinen Desktop von einem der folgenden Links: RKill oder http://www.trojaner-board.de/85629-rkill-download.html
|
01.07.2014, 16:42 | #11 |
| Optimizer Pro und Spyhunter unter Windows 8 Servus, anbei die Textdatei zu rkill Code:
ATTFilter Rkill 2.6.7 by Lawrence Abrams (Grinler) hxxp://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: hxxp://www.bleepingcomputer.com/forums/topic308364.html Program started at: 07/01/2014 05:24:26 PM in x64 mode. Windows Version: Windows 8 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 * Windows Firewall Disabled [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = dword:00000000 Checking Windows Service Integrity: * WUDFRd [Missing Service] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 07/01/2014 05:24:38 PM Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s) Code:
ATTFilter # AdwCleaner v3.214 - Bericht erstellt am 01/07/2014 um 17:34:41 # Aktualisiert 29/06/2014 von Xplode # Betriebssystem : Windows 8 (64 bits) # Benutzername : Erkut - KURTIS-LAPTOP # Gestartet von : C:\Users\Erkut\Desktop\adwcleaner_3.214.exe # Option : Löschen ***** [ Dienste ] ***** [#] Dienst Gelöscht : IePluginServices [#] Dienst Gelöscht : Update NetCrawl [#] Dienst Gelöscht : Util NetCrawl [#] Dienst Gelöscht : WindowsProtectManger ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\IePluginServices Ordner Gelöscht : C:\ProgramData\WindowsProtectManger [!] Ordner Gelöscht : C:\Program Files (x86)\NetCrawl Ordner Gelöscht : C:\Program Files (x86)\SupTab Ordner Gelöscht : C:\Users\Erkut\AppData\Roaming\SupTab Ordner Gelöscht : C:\Users\Erkut\AppData\Roaming\sweet-page Ordner Gelöscht : C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\donengfgiigdigljcljplglplekpiomg Datei Gelöscht : C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage Datei Gelöscht : C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gelöscht : HKCU\Software\InstallCore Schlüssel Gelöscht : HKCU\Software\NetCrawl Schlüssel Gelöscht : HKCU\Software\SecuredDownload Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Schlüssel Gelöscht : HKLM\Software\NetCrawl Schlüssel Gelöscht : HKLM\Software\SupDp Schlüssel Gelöscht : HKLM\Software\SupTab Schlüssel Gelöscht : HKLM\Software\supWindowsProtectManger Schlüssel Gelöscht : HKLM\Software\supWPM Schlüssel Gelöscht : HKLM\Software\sweet-pageSoftware Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsProtectManger Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetCrawl ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16921 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] -\\ Google Chrome v35.0.1916.153 [ Datei : C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht [Startup_urls] : hxxp://search.conduit.com/?ctid=CT2481020&SearchSource=48 Gelöscht [Extension] : donengfgiigdigljcljplglplekpiomg ************************* AdwCleaner[R0].txt - [6634 octets] - [01/07/2014 17:32:19] AdwCleaner[S0].txt - [5656 octets] - [01/07/2014 17:34:41] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5716 octets] ########## |
01.07.2014, 17:02 | #12 |
/// TB-Ausbilder | Optimizer Pro und Spyhunter unter Windows 8 |
01.07.2014, 17:06 | #13 |
| Optimizer Pro und Spyhunter unter Windows 8 anbei mbam.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 01.07.2014 Suchlauf-Zeit: 17:50:57 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.01.05 Rootkit Datenbank: v2014.07.01.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 8 CPU: x64 Dateisystem: NTFS Benutzer: Erkut Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 304090 Verstrichene Zeit: 6 Min, 58 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 6 PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64, In Quarantäne, [2c2dbbdfb1ca4beb010ef3178a7a8a76], PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64, In Quarantäne, [ec6dd2c8dd9ed660b8570307be4629d7], PUP.Optional.NetCrawl.A, HKLM\SOFTWARE\WOW6432NODE\NetCrawl, In Quarantäne, [2c2d8f0b7efd62d4490ebff2956d60a0], PUP.Optional.SuperFish.A, HKU\S-1-5-21-3894098194-677086307-2034191709-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, In Quarantäne, [2732f4a6cab173c3bbe1d4db837fc33d], PUP.Optional.NetCrawl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{769a91da-209f-47fe-88b9-b0321b0982c8}, In Quarantäne, [39202d6d7407d95d2bc7415220e4a060], PUP.Optional.NetCrawl.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{769A91DA-209F-47FE-88B9-B0321B0982C8}, In Quarantäne, [39202d6d7407d95d2bc7415220e4a060], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 1 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[adac029864172511dea1622cef15a25e] Ordner: 0 (No malicious items detected) Dateien: 5 PUP.Optional.Superfish.A, C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Löschen bei Neustart, [0455abefef8c56e03c38c9f2ef139e62], PUP.Optional.Superfish.A, C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Löschen bei Neustart, [01586c2eeb90db5bc0b4516a10f2a45c], PUP.Optional.Sanbreel.A, C:\Windows\System32\Drivers\{57F143AE-1ECD-493D-9DDB-32C45A3CECD5}GW64.SYS, In Quarantäne, [2c2dbbdfb1ca4beb010ef3178a7a8a76], PUP.Optional.Sanbreel.A, C:\Windows\System32\Drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys, In Quarantäne, [ec6dd2c8dd9ed660b8570307be4629d7], PUP.Optional.Conduit.A, C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://www.muenchenbiker.de/?open=for_suche&action=new", "hxxp://www.v-stromforum.de/search.php?search_id=unreadposts", "hxxp://de-de.facebook.com/", "hxxp://search.conduit.com/?ctid=CT2481020&SearchSource=48" ],), Ersetzt,[0b4e5a40f08b89ad13a3704d63a1d42c] Physische Sektoren: 0 (No malicious items detected) (end) |
01.07.2014, 17:11 | #14 |
/// TB-Ausbilder | Optimizer Pro und Spyhunter unter Windows 8 gut so. Dann noch FRST zur Kontrolle, damit wir weitermachen können. |
01.07.2014, 17:13 | #15 |
| Optimizer Pro und Spyhunter unter Windows 8 So hier ist die Zoek Datei: Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 30-06-2014 Tool run by Erkut on 01.07.2014 at 18:10:30,60. Microsoft Windows 8 6.2.9200 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Erkut\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 01.07.2014 18:11:51 Zoek.exe System Restore Point Created Succesfully. ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="hxxp://www.google.com" "Default_Page_URL"="hxxp://www.google.com" "Start Page"="hxxp://www.google.com" "Search Page"="hxxp://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="hxxp://www.google.com" "Default_Page_URL"="hxxp://www.google.com" "Start Page"="hxxp://www.google.com" "Search Page"="hxxp://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {CC9E055E-96DD-4295-8FBF-17538BB97C6F} Unknown Url="Not_Found" ==== C:\zoek_backup content ====================== C:\zoek_backup (files=0 folders=0 0 bytes) ==== EOF on 01.07.2014 at 18:12:24,13 ====================== |