Bettersurf in Google Chrome

AdsHater · 29.01.2014, 19:12

Hallo,
Ich hab mir heute oder gestern einen Virus eingefangen der mir immer Werbung in meine Browser anzeigt.
Wenn ich unter dieser Werbung steht ads by BetterSurf.
Ich benutze als Browser Google Chrome.

schrauber · 29.01.2014, 19:55

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

AdsHater · 30.01.2014, 13:54

Danke für die schnelle Antwort.
Das ist die Addition.txt :

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2014 01
Ran by utku at 2014-01-30 13:48:10
Running from C:\Users\utku\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

8BitMMO (x32 Version:  - Archive Entertainment)
Acer Backup Manager (x32 Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (x32 Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (x32 Version: 5.00.3504 - Acer Incorporated)
Acer Games (x32 Version: 1.0.2.5 - WildTangent)
Acer Registration (x32 Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (x32 Version: 1.1.0913.2011 - Acer Incorporated)
Acer Updater (x32 Version: 1.02.3500 - Acer Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD APP SDK Runtime (Version: 2.5.775.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.36 - Atheros Communications Inc.)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
BIT.TRIP RUNNER (x32 Version:  - Gaijin Games)
Blacklight: Retribution (x32 Version:  - Zombie, Inc.)
Blender (Version: 2.69 - Blender Foundation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (x32 Version: 2011.1013.754.12275 - Ihr Firmenname) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1013.754.12275 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.1013.754.12275 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.1013.754.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.1013.754.12275 - Advanced Micro Devices, Inc.) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (x32 Version: 1.00.3500 - Acer Incorporated)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Advanced Audio v2 (x32 Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dota 2 (x32 Version:  - Valve)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
ETDWare PS/2-X64 8.0.6.0_WHQL (Version: 8.0.6.0 - ELAN Microelectronic Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garry's Mod (x32 Version:  - Garry)
GIMP 2.8.8 (Version: 2.8.8 - The GIMP Team)
Google Chrome (HKCU Version: 32.0.1700.102 - Google Inc.)
Hi-Rez Studios Authenticate and Update Service (x32 Version: 3.0.0.0 - Hi-Rez Studios)
Identity Card (x32 Version: 1.00.3501 - Acer Incorporated)
InfiniteCrisis_410193F41CAE (x32 Version:  - Turbine, Inc)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Display Audio Driver (x32 Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.2.1004 - Intel Corporation)
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (x32 Version: 0.9 - AppWork GmbH)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (x32 Version: 5.1.7 - Acer Inc.)
League of Legends (x32 Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LogMeIn Hamachi (x32 Version: 2.2.0.114 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.114 - LogMeIn, Inc.) Hidden
LOLReplay (x32 Version: 0.8.5.2 - www.leaguereplays.com)
Magicka: Wizard Wars (x32 Version:  - Paradox North)
Media Player (x32 Version: 1.1 - Media Player)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
Nidhogg (x32 Version: 1 - )
Norton Online Backup (x32 Version: 2.1.17869 - Symantec Corporation)
Notepad++ (x32 Version: 6.5.1 - Notepad++ Team)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation)
OpenOffice 4.0.1 (x32 Version: 4.01.9714 - Apache Software Foundation)
osu! (x32 Version: 0.0.0.0 - peppy)
Pando Media Booster (x32 Version: 2.6.0.7 - Pando Networks Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlanetSide 2 (x32 Version:  - Sony Online Entertainment)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pokémon Trading Card Game Online (x32 Version: 1.0.0 - The Pokémon Company International)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realm of the Mad God (x32 Version:  - Wild Shadow Studios)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
ROBLOX Player (x32 Version:  - ROBLOX Corporation)
ROBLOX Studio 2013 (x32 Version:  - ROBLOX Corporation)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Starbound (x32 Version:  - )
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Team Fortress 2 (x32 Version:  - Valve)
TeamSpeak 3 Client (x32 Version: 3.0.13 - TeamSpeak Systems GmbH)
tools-freebsd (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
tools-linux (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
tools-netware (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
tools-solaris (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
tools-windows (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
tools-winPre2k (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Tribes Ascend (x32 Version: 1.0.1268.1 - Hi-Rez Studios)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.1.23.0 - Intel)
Unity (x32 Version:  - Unity Technologies ApS)
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Video Player (x32 Version: 1.1 - Video Player) <==== ATTENTION
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
VMware Workstation (Version: 10.0.1 - VMware, Inc.) Hidden
VMware Workstation (x32 Version: 10.0.1 - VMware, Inc)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (x32 Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.01 beta 1 (64-bit) (Version: 5.01.1 - win.rar GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

15-01-2014 16:59:31 Windows Update
29-01-2014 17:35:36 Installed SpyHunter
29-01-2014 17:37:11 Installed STOPzilla
29-01-2014 17:41:37 Removed STOPzilla
29-01-2014 17:57:47 Removed STOPzilla

==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-01-29 18:38 - 00000860 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {20D01687-422F-4445-B233-28ACF7949E59} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2239704304-2317340568-1914522398-1000Core => C:\Users\utku\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-09] (Google Inc.)
Task: {5294199A-16E2-423C-A242-1070E886531C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2239704304-2317340568-1914522398-1000UA => C:\Users\utku\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-09] (Google Inc.)
Task: {7CCDD9AD-37D3-455F-976F-42522C8D76C2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-12] (Adobe Systems Incorporated)
Task: {B58A1DA8-9C6E-4440-BF86-0317A6383207} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {BDED5783-4ACC-497F-A7E6-C142E85F8C15} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {E529C56E-D6D6-4EBB-9D9B-52243306E8D6} - \AmiUpdXp No Task File
Task: {FEE46995-4BA8-43BC-AC37-8382C60B87A1} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2239704304-2317340568-1914522398-1000Core.job => C:\Users\utku\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2239704304-2317340568-1914522398-1000UA.job => C:\Users\utku\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-01-21 16:45 - 2009-01-21 16:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2011-10-20 10:00 - 2011-08-09 00:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-10-13 07:52 - 2011-10-13 07:52 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-14 14:21 - 2011-03-14 14:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-11-09 08:29 - 2013-10-10 19:14 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2013-10-18 12:46 - 2013-10-18 12:46 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2014-01-08 14:08 - 2013-12-12 23:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-08 14:08 - 2013-11-05 02:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2013-10-24 09:45 - 2014-01-11 00:33 - 00717312 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-10-30 11:25 - 2014-01-27 20:02 - 01138088 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-10-23 12:07 - 2014-01-11 00:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 15:49 - 2013-06-15 00:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 15:49 - 2013-06-15 00:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 15:49 - 2013-06-15 00:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\utku\AppData\Roaming\Dropbox\bin\libcef.dll
2011-08-24 18:03 - 2011-08-24 18:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2014-01-29 17:38 - 2014-01-23 06:56 - 00715544 _____ () C:\Users\utku\AppData\Local\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
2014-01-29 17:38 - 2014-01-23 06:56 - 00100120 _____ () C:\Users\utku\AppData\Local\Google\Chrome\Application\32.0.1700.102\libegl.dll
2014-01-29 17:38 - 2014-01-23 06:56 - 04055320 _____ () C:\Users\utku\AppData\Local\Google\Chrome\Application\32.0.1700.102\pdf.dll
2014-01-29 17:38 - 2014-01-23 06:57 - 00399640 _____ () C:\Users\utku\AppData\Local\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
2014-01-29 17:38 - 2014-01-23 06:55 - 01634584 _____ () C:\Users\utku\AppData\Local\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
2014-01-29 17:38 - 2014-01-23 06:56 - 13615896 _____ () C:\Users\utku\AppData\Local\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/30/2014 01:34:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/30/2014 01:39:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (01/30/2014 01:37:16 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/30/2014 01:37:16 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Rapid Storage Technology erreicht.

Error: (01/30/2014 01:33:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "sbapifs" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/30/2014 01:33:46 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎29.‎01.‎2014 um 19:35:23 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (01/30/2014 01:34:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 38%
Total physical RAM: 8043.86 MB
Available physical RAM: 4985.07 MB
Total Pagefile: 16085.9 MB
Available Pagefile: 12387.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:449.66 GB) (Free:286.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 09824A7C)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 GB) - (Type=07 NTFS)

==================== End Of Log ============================

und das hier die FRST.txt:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by utku (administrator) on UTKU-PC on 30-01-2014 13:42:02
Running from C:\Users\utku\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Dropbox, Inc.) C:\Users\utku\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Users\utku\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\utku\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\utku\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\utku\AppData\Local\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\utku\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Users\utku\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [vmware-tray.exe] - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [111696 2013-10-18] (VMware, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3813200 2014-01-23] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Google Update] - C:\Users\utku\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-09] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20588704 2013-11-15] (Skype Technologies S.A.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1815976 2014-01-27] (Valve Corporation)
HKCU\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKCU\...\Run: [NextLive] - C:\Users\utku\AppData\Roaming\newnext.me\nengine.dll [1283584 2013-11-14] (NewNextDotMe)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
Startup: C:\Users\utku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\utku\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: GreyGray - {ae60e6ed-49dd-4099-8b5e-386a4908d5d5} - C:\Program Files (x86)\GreyGray\GreyGrayBHO.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Chrome: 
=======
CHR Extension: (Google Drive) - C:\Users\utku\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-09]
CHR Extension: (YouTube) - C:\Users\utku\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-09]
CHR Extension: (Adblock Plus) - C:\Users\utku\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-09]
CHR Extension: (Google-Suche) - C:\Users\utku\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-09]
CHR Extension: (AdBlock) - C:\Users\utku\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-09]
CHR Extension: (Media Player) - C:\Users\utku\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmbpgobolgklcldjiflpdgbjbfdmehi [2014-01-29]
CHR Extension: (Google Wallet) - C:\Users\utku\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-09]
CHR Extension: (Google Mail) - C:\Users\utku\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-09]
CHR HKLM-x32\...\Chrome\Extension: [dpldobbfogfhjhkhmcpfjgkndgpijgej] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta603\ch\VideoPlayerV3beta603.crx [2014-01-07]
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2013-11-25]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-12-13] (LogMeIn, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
S3 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14405200 2013-10-18] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-12] (Avira Operations GmbH & Co. KG)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
S2 sbapifs; system32\DRIVERS\sbapifs.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-30 13:42 - 2014-01-30 13:46 - 00013645 _____ C:\Users\utku\Desktop\FRST.txt
2014-01-30 13:41 - 2014-01-30 13:42 - 00000000 ____D C:\FRST
2014-01-30 13:41 - 2014-01-30 13:41 - 02079744 _____ (Farbar) C:\Users\utku\Desktop\FRST64.exe
2014-01-30 13:40 - 2014-01-30 13:41 - 02079744 _____ (Farbar) C:\Users\utku\Downloads\FRST64.exe
2014-01-29 19:01 - 2014-01-29 19:01 - 00000000 ____D C:\Windows\ERUNT
2014-01-29 18:57 - 2014-01-29 18:57 - 00000480 _____ C:\Windows\system32\Drivers\kgpcpy.cfg
2014-01-29 18:37 - 2014-01-29 18:59 - 00000000 ____D C:\ProgramData\STOPzilla!
2014-01-29 17:49 - 2014-01-29 17:52 - 00000000 ____D C:\AdwCleaner
2014-01-29 17:29 - 2014-01-29 17:29 - 00000306 __RSH C:\ProgramData\ntuser.pol
2014-01-29 17:29 - 2014-01-29 17:29 - 00000000 ____D C:\Program Files (x86)\MediaPlayerV1
2014-01-28 15:24 - 2014-01-28 15:24 - 00000219 _____ C:\Users\utku\Desktop\Dota 2.url
2014-01-28 15:03 - 2014-01-28 15:03 - 00000930 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-01-28 15:03 - 2014-01-28 15:03 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2014-01-27 12:05 - 2014-01-27 12:05 - 02314844 _____ () C:\Users\utku\Desktop\TechnicLauncher.exe
2014-01-27 09:33 - 2014-01-27 09:55 - 00000000 ____D C:\Users\utku\Desktop\Neuer Ordner (2)
2014-01-26 10:11 - 2014-01-26 10:11 - 00000000 ____D C:\Users\utku\Documents\LOLReplay
2014-01-26 10:11 - 2014-01-26 10:11 - 00000000 ____D C:\Program Files (x86)\LOLReplay
2014-01-23 17:56 - 2014-01-28 20:12 - 00000000 ____D C:\Users\utku\AppData\Roaming\.minecraft
2014-01-23 17:53 - 2014-01-23 17:53 - 00000000 ____D C:\Users\utku\AppData\Roaming\ATI
2014-01-23 17:53 - 2014-01-23 17:53 - 00000000 ____D C:\Users\utku\AppData\Local\ATI
2014-01-23 17:53 - 2014-01-23 17:53 - 00000000 ____D C:\ProgramData\ATI
2014-01-22 16:57 - 2014-01-22 16:59 - 00000000 ____D C:\Users\utku\Desktop\Coding
2014-01-20 14:40 - 2014-01-20 15:18 - 00000000 ____D C:\Users\utku\Desktop\Neuer Ordner
2014-01-16 14:54 - 2014-01-25 15:30 - 00000000 ____D C:\Users\utku\AppData\Roaming\Nidhogg
2014-01-16 14:54 - 2014-01-16 14:54 - 00000780 _____ C:\Users\Public\Desktop\Nidhogg.lnk
2014-01-16 14:54 - 2014-01-16 14:54 - 00000000 ____D C:\ProgramData\Steam
2014-01-16 14:54 - 2014-01-16 14:54 - 00000000 ____D C:\Program Files (x86)\Nidhogg
2014-01-15 16:49 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 16:49 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 16:49 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 16:49 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 16:49 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 16:49 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 16:49 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 16:49 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 16:49 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-15 14:10 - 2014-01-15 14:10 - 00000000 ____D C:\Users\utku\Desktop\ClientFiles
2014-01-15 14:07 - 2014-01-15 14:06 - 00010560 _____ C:\Users\utku\Desktop\OCS.jar
2014-01-13 17:20 - 2012-04-13 18:55 - 3057254400 _____ C:\Users\utku\Desktop\Madmax786412.iso
2014-01-13 16:36 - 2014-01-13 17:33 - 00000000 ____D C:\Users\utku\Documents\Virtual Machines
2014-01-13 16:18 - 2014-01-19 19:54 - 00000000 ____D C:\Users\utku\AppData\Roaming\VMware
2014-01-13 16:18 - 2014-01-19 19:54 - 00000000 ____D C:\Users\utku\AppData\Local\VMware
2014-01-13 16:16 - 2014-01-13 16:16 - 00000000 ____D C:\Users\utku\Desktop\Schule
2014-01-13 16:16 - 2013-10-18 12:46 - 00064080 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2014-01-13 16:16 - 2013-10-08 18:21 - 00073296 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2014-01-13 16:16 - 2013-10-08 18:21 - 00067664 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2014-01-13 16:16 - 2013-10-08 18:21 - 00063568 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2014-01-13 16:15 - 2014-01-13 16:15 - 00001024 _____ C:\Windows\SysWOW64\%TMP%
2014-01-13 16:15 - 2014-01-13 16:15 - 00000000 ____D C:\Program Files\Common Files\VMware
2014-01-13 16:15 - 2013-10-18 12:45 - 00930384 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2014-01-13 16:15 - 2013-10-18 12:45 - 00437328 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2014-01-13 16:15 - 2013-10-18 12:45 - 00358480 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2014-01-13 16:15 - 2013-10-18 12:45 - 00030800 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2014-01-13 16:15 - 2013-10-09 08:04 - 00053816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2014-01-13 16:14 - 2014-01-30 13:33 - 00000000 ____D C:\ProgramData\VMware
2014-01-13 16:14 - 2014-01-13 16:14 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2014-01-13 16:14 - 2014-01-13 16:14 - 00000000 ____D C:\Program Files (x86)\VMware
2014-01-10 15:45 - 2014-01-10 15:45 - 00000000 ____D C:\Program Files (x86)\VideoPlayerV3
2014-01-09 18:44 - 2014-01-09 18:44 - 00000000 ____D C:\Users\utku\Documents\Fax
2014-01-07 13:01 - 2014-01-07 13:01 - 00262144 _____ C:\Windows\Minidump\010714-23868-01.dmp
2014-01-04 15:46 - 2014-01-04 15:46 - 00000000 ____D C:\Users\utku\AppData\Roaming\.mono
2014-01-04 15:46 - 2014-01-04 15:46 - 00000000 ____D C:\ProgramData\.mono
2014-01-04 15:42 - 2014-01-04 15:43 - 00000000 ____D C:\Users\utku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokémon Trading Card Game Online
2014-01-04 15:42 - 2014-01-04 15:42 - 00000000 ____D C:\Users\utku\AppData\Roaming\Pokémon Trading Card Game Online
2013-12-31 13:02 - 2013-12-31 13:02 - 00002153 _____ C:\Users\utku\AppData\Local\recently-used.xbel
2013-12-31 13:02 - 2013-12-31 13:02 - 00000000 ___RD C:\Users\utku\AppData\Roaming\Brother

==================== One Month Modified Files and Folders =======

2014-01-30 13:46 - 2014-01-30 13:42 - 00013645 _____ C:\Users\utku\Desktop\FRST.txt
2014-01-30 13:46 - 2013-11-08 22:28 - 01436918 _____ C:\Windows\WindowsUpdate.log
2014-01-30 13:46 - 2009-07-14 05:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-30 13:46 - 2009-07-14 05:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-30 13:43 - 2013-11-09 08:35 - 00000000 ____D C:\Users\utku\AppData\Roaming\Skype
2014-01-30 13:42 - 2014-01-30 13:41 - 00000000 ____D C:\FRST
2014-01-30 13:41 - 2014-01-30 13:41 - 02079744 _____ (Farbar) C:\Users\utku\Desktop\FRST64.exe
2014-01-30 13:41 - 2014-01-30 13:40 - 02079744 _____ (Farbar) C:\Users\utku\Downloads\FRST64.exe
2014-01-30 13:35 - 2013-12-28 12:19 - 00000000 ___RD C:\Users\utku\Dropbox
2014-01-30 13:34 - 2013-12-28 12:17 - 00000000 ____D C:\Users\utku\AppData\Roaming\Dropbox
2014-01-30 13:34 - 2013-12-21 16:19 - 00000000 ____D C:\Users\utku\AppData\Roaming\newnext.me
2014-01-30 13:34 - 2013-11-18 19:10 - 00000000 ____D C:\Users\utku\AppData\Local\LogMeIn Hamachi
2014-01-30 13:34 - 2013-11-09 13:24 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-30 13:34 - 2013-11-08 23:35 - 00000000 ____D C:\ProgramData\clear.fi
2014-01-30 13:33 - 2014-01-13 16:14 - 00000000 ____D C:\ProgramData\VMware
2014-01-30 13:33 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-30 13:33 - 2009-07-14 05:51 - 00065137 _____ C:\Windows\setupact.log
2014-01-29 19:26 - 2013-11-15 19:23 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-29 19:03 - 2013-11-09 08:28 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2239704304-2317340568-1914522398-1000UA.job
2014-01-29 19:01 - 2014-01-29 19:01 - 00000000 ____D C:\Windows\ERUNT
2014-01-29 18:59 - 2014-01-29 18:37 - 00000000 ____D C:\ProgramData\STOPzilla!
2014-01-29 18:57 - 2014-01-29 18:57 - 00000480 _____ C:\Windows\system32\Drivers\kgpcpy.cfg
2014-01-29 18:31 - 2013-11-09 08:32 - 00000000 ____D C:\Users\utku\AppData\Local\PMB Files
2014-01-29 18:31 - 2013-11-09 08:32 - 00000000 ____D C:\ProgramData\PMB Files
2014-01-29 17:52 - 2014-01-29 17:49 - 00000000 ____D C:\AdwCleaner
2014-01-29 17:30 - 2013-12-11 13:36 - 00000308 _____ C:\extensions.ini
2014-01-29 17:29 - 2014-01-29 17:29 - 00000306 __RSH C:\ProgramData\ntuser.pol
2014-01-29 17:29 - 2014-01-29 17:29 - 00000000 ____D C:\Program Files (x86)\MediaPlayerV1
2014-01-29 17:29 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2014-01-29 17:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2014-01-28 20:12 - 2014-01-23 17:56 - 00000000 ____D C:\Users\utku\AppData\Roaming\.minecraft
2014-01-28 15:24 - 2014-01-28 15:24 - 00000219 _____ C:\Users\utku\Desktop\Dota 2.url
2014-01-28 15:03 - 2014-01-28 15:03 - 00000930 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-01-28 15:03 - 2014-01-28 15:03 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2014-01-27 12:23 - 2013-12-21 16:24 - 00000000 ____D C:\Users\utku\AppData\Roaming\.technic
2014-01-27 12:05 - 2014-01-27 12:05 - 02314844 _____ () C:\Users\utku\Desktop\TechnicLauncher.exe
2014-01-27 11:03 - 2013-11-09 08:28 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2239704304-2317340568-1914522398-1000Core.job
2014-01-27 09:55 - 2014-01-27 09:33 - 00000000 ____D C:\Users\utku\Desktop\Neuer Ordner (2)
2014-01-26 10:11 - 2014-01-26 10:11 - 00000000 ____D C:\Users\utku\Documents\LOLReplay
2014-01-26 10:11 - 2014-01-26 10:11 - 00000000 ____D C:\Program Files (x86)\LOLReplay
2014-01-26 09:15 - 2013-11-22 17:45 - 00000000 ____D C:\Program Files (x86)\JDownloader
2014-01-25 16:51 - 2013-11-09 07:21 - 00699592 _____ C:\Windows\system32\perfh007.dat
2014-01-25 16:51 - 2013-11-09 07:21 - 00149382 _____ C:\Windows\system32\perfc007.dat
2014-01-25 16:51 - 2009-07-14 06:13 - 01620762 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-25 15:30 - 2014-01-16 14:54 - 00000000 ____D C:\Users\utku\AppData\Roaming\Nidhogg
2014-01-25 12:13 - 2013-11-10 16:52 - 00000000 ____D C:\Users\utku\AppData\Roaming\TS3Client
2014-01-23 17:55 - 2013-11-09 08:32 - 00000000 ____D C:\Users\utku\Desktop\Startdateien
2014-01-23 17:53 - 2014-01-23 17:53 - 00000000 ____D C:\Users\utku\AppData\Roaming\ATI
2014-01-23 17:53 - 2014-01-23 17:53 - 00000000 ____D C:\Users\utku\AppData\Local\ATI
2014-01-23 17:53 - 2014-01-23 17:53 - 00000000 ____D C:\ProgramData\ATI
2014-01-22 16:59 - 2014-01-22 16:57 - 00000000 ____D C:\Users\utku\Desktop\Coding
2014-01-20 15:18 - 2014-01-20 14:40 - 00000000 ____D C:\Users\utku\Desktop\Neuer Ordner
2014-01-19 19:54 - 2014-01-13 16:18 - 00000000 ____D C:\Users\utku\AppData\Roaming\VMware
2014-01-19 19:54 - 2014-01-13 16:18 - 00000000 ____D C:\Users\utku\AppData\Local\VMware
2014-01-16 14:54 - 2014-01-16 14:54 - 00000780 _____ C:\Users\Public\Desktop\Nidhogg.lnk
2014-01-16 14:54 - 2014-01-16 14:54 - 00000000 ____D C:\ProgramData\Steam
2014-01-16 14:54 - 2014-01-16 14:54 - 00000000 ____D C:\Program Files (x86)\Nidhogg
2014-01-16 14:23 - 2013-11-08 23:28 - 00000000 ___RD C:\Users\utku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 14:22 - 2013-12-28 12:18 - 00000000 ____D C:\Users\utku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-16 14:18 - 2009-07-14 05:45 - 00309880 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 18:01 - 2013-11-09 13:18 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 17:59 - 2013-11-09 13:18 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 14:10 - 2014-01-15 14:10 - 00000000 ____D C:\Users\utku\Desktop\ClientFiles
2014-01-15 14:06 - 2014-01-15 14:07 - 00010560 _____ C:\Users\utku\Desktop\OCS.jar
2014-01-13 17:33 - 2014-01-13 16:36 - 00000000 ____D C:\Users\utku\Documents\Virtual Machines
2014-01-13 16:17 - 2013-12-13 15:57 - 00000000 ____D C:\Users\utku\Desktop\cct-0.9.5
2014-01-13 16:16 - 2014-01-13 16:16 - 00000000 ____D C:\Users\utku\Desktop\Schule
2014-01-13 16:15 - 2014-01-13 16:15 - 00001024 _____ C:\Windows\SysWOW64\%TMP%
2014-01-13 16:15 - 2014-01-13 16:15 - 00000000 ____D C:\Program Files\Common Files\VMware
2014-01-13 16:15 - 2013-11-28 17:16 - 01641654 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-13 16:14 - 2014-01-13 16:14 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2014-01-13 16:14 - 2014-01-13 16:14 - 00000000 ____D C:\Program Files (x86)\VMware
2014-01-11 10:41 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-10 15:45 - 2014-01-10 15:45 - 00000000 ____D C:\Program Files (x86)\VideoPlayerV3
2014-01-09 18:44 - 2014-01-09 18:44 - 00000000 ____D C:\Users\utku\Documents\Fax
2014-01-07 13:01 - 2014-01-07 13:01 - 00262144 _____ C:\Windows\Minidump\010714-23868-01.dmp
2014-01-07 13:01 - 2013-12-03 17:00 - 00000000 ____D C:\Windows\Minidump
2014-01-07 13:01 - 2013-12-03 16:59 - 545832220 _____ C:\Windows\MEMORY.DMP
2014-01-07 11:26 - 2009-07-14 03:34 - 00000462 _____ C:\Windows\win.ini
2014-01-06 11:23 - 2013-12-20 12:30 - 00000003 _____ C:\Windows\system32\HRUPPROG.TXT
2014-01-04 15:46 - 2014-01-04 15:46 - 00000000 ____D C:\Users\utku\AppData\Roaming\.mono
2014-01-04 15:46 - 2014-01-04 15:46 - 00000000 ____D C:\ProgramData\.mono
2014-01-04 15:43 - 2014-01-04 15:42 - 00000000 ____D C:\Users\utku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokémon Trading Card Game Online
2014-01-04 15:42 - 2014-01-04 15:42 - 00000000 ____D C:\Users\utku\AppData\Roaming\Pokémon Trading Card Game Online
2013-12-31 13:08 - 2013-11-29 14:47 - 00000000 ____D C:\Users\utku\.gimp-2.8
2013-12-31 13:03 - 2013-11-10 13:35 - 00000425 _____ C:\Windows\BRWMARK.INI
2013-12-31 13:02 - 2013-12-31 13:02 - 00002153 _____ C:\Users\utku\AppData\Local\recently-used.xbel
2013-12-31 13:02 - 2013-12-31 13:02 - 00000000 ___RD C:\Users\utku\AppData\Roaming\Brother

Some content of TEMP:
====================
C:\Users\utku\AppData\Local\Temp\avgnt.exe
C:\Users\utku\AppData\Local\Temp\Better-Surf.exe
C:\Users\utku\AppData\Local\Temp\BetterSurfPlusInstaller.exe
C:\Users\utku\AppData\Local\Temp\DeskMetrics.dll
C:\Users\utku\AppData\Local\Temp\Quarantine.exe
C:\Users\utku\AppData\Local\Temp\Setup.exe
C:\Users\utku\AppData\Local\Temp\Setup1.exe
C:\Users\utku\AppData\Local\Temp\Setup2.exe
C:\Users\utku\AppData\Local\Temp\SHSetup.exe
C:\Users\utku\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\utku\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-03 11:34

==================== End Of Log ============================

--- --- ---

schrauber · 31.01.2014, 08:50

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

AdsHater · 01.02.2014, 09:39

Ich habe zurzeit leider kein Internet, deswegen kann ich die Logs erst später schicken.

Mein Internet ist wieder da.

Das ist der Malwarebytes log:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.01.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
utku :: UTKU-PC [Administrator]

01.02.2014 09:03:08
mbam-log-2014-02-01 (09-03-08).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 209758
Laufzeit: 7 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Users\utku\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 9
HKCR\CLSID\{ae60e6ed-49dd-4099-8b5e-386a4908d5d5} (PUP.Optional.GreyGray.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{fe34fa86-9846-47aa-8e21-108c4d3eb7b1} (PUP.Optional.GreyGray.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{630BB364-173F-49E6-8510-6E0C86B25593} (PUP.Optional.GreyGray.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE60E6ED-49DD-4099-8B5E-386A4908D5D5} (PUP.Optional.GreyGray.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE60E6ED-49DD-4099-8B5E-386A4908D5D5} (PUP.Optional.GreyGray.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE60E6ED-49DD-4099-8B5E-386A4908D5D5} (PUP.Optional.GreyGray.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\MediaPlayerV1alpha264 (PUP.Optional.MediaPlayerAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Player (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaPlayerV1alpha264 (PUP.Optional.MediaPlayerAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Daten: C:\Windows\SysWOW64\rundll32.exe "C:\Users\utku\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|ext@MediaPlayerV1alpha264.net (PUP.Optional.MediaPlayerAlpha.A) -> Daten: C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha264\ff -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 25
C:\Program Files (x86)\Better-Surf (PUP.Optional.BetterSurf) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Better-Surf\ch (PUP.Optional.BetterSurf) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Better-Surf\ff (PUP.Optional.BetterSurf) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Better-Surf\ff\chrome (PUP.Optional.BetterSurf) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Better-Surf\ff\chrome\content (PUP.Optional.BetterSurf) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Better-Surf\ie (PUP.Optional.BetterSurf) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\utku\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Löschen bei Neustart.
C:\Users\utku\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\WebexpEnhancedV1 (PUP.Optional.Webexp) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta603 (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta603\ch (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta603\ff (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta603\ff\chrome (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta603\ff\chrome\content (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta603\ff\chrome\content\icons (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta603\ff\chrome\content\icons\default (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta603\ie (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha264 (PUP.Optional.MediaPlayerAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha264\ch (PUP.Optional.MediaPlayerAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha264\ff (PUP.Optional.MediaPlayerAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha264\ff\chrome (PUP.Optional.MediaPlayerAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha264\ff\chrome\content (PUP.Optional.MediaPlayerAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha264\ff\chrome\content\icons (PUP.Optional.MediaPlayerAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha264\ff\chrome\content\icons\default (PUP.Optional.MediaPlayerAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha264\ie (PUP.Optional.MediaPlayerAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 35
C:\Users\utku\AppData\Local\Temp\Better-Surf.exe (Adware.BetterSurf) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\utku\AppData\Local\Temp\Setup.exe (Adware.BetterSurf) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\utku\AppData\Local\Temp\Setup1.exe (Adware.BetterSurf) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\utku\AppData\Local\Temp\Setup2.exe (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\utku\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Better-Surf\ch\Chrome.crx (PUP.Optional.BetterSurf) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Better-Surf\ff\Better-Surf.xpi (PUP.Optional.BetterSurf) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Better-Surf\ff\build.cmd (PUP.Optional.BetterSurf) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Better-Surf\ff\chrome.manifest (PUP.Optional.BetterSurf) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Better-Surf\ff\install.rdf (PUP.Optional.BetterSurf) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Better-Surf\ff\chrome\content\better-surf.js (PUP.Optional.BetterSurf) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Better-Surf\ff\chrome\content\firefox.js (PUP.Optional.BetterSurf) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Better-Surf\ff\chrome\content\overlay.xul (PUP.Optional.BetterSurf) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\utku\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\utku\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta603\uninstall.exe (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta603\ch\VideoPlayerV3beta603.crx (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta603\ff\chrome.manifest (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta603\ff\install.rdf (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta603\ff\chrome\content\ffVideoPlayerV3beta603.js (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta603\ff\chrome\content\ffVideoPlayerV3beta603ffaction.js (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta603\ff\chrome\content\overlay.xul (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta603\ff\chrome\content\icons\Thumbs.db (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta603\ff\chrome\content\icons\default\VideoPlayerV3beta603_32.png (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta603\ie\VideoPlayerV3beta603.dll (Adware.VPlayer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha264\uninstall.exe (PUP.Optional.MediaPlayerAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha264\ch\MediaPlayerV1alpha264.crx (PUP.Optional.MediaPlayerAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha264\ff\chrome.manifest (PUP.Optional.MediaPlayerAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha264\ff\install.rdf (PUP.Optional.MediaPlayerAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha264\ff\chrome\content\ffMediaPlayerV1alpha264.js (PUP.Optional.MediaPlayerAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha264\ff\chrome\content\ffMediaPlayerV1alpha264ffaction.js (PUP.Optional.MediaPlayerAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha264\ff\chrome\content\overlay.xul (PUP.Optional.MediaPlayerAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha264\ff\chrome\content\icons\Thumbs.db (PUP.Optional.MediaPlayerAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha264\ff\chrome\content\icons\default\MediaPlayerV1alpha264_32.png (PUP.Optional.MediaPlayerAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha264\ie\MediaPlayerV1alpha264.dll (PUP.Optional.MediaPlayerAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Das der ADWcleaner log :

Code:

ATTFilter

# AdwCleaner v3.018 - Bericht erstellt am 01/02/2014 um 09:20:16
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : utku - UTKU-PC
# Gestartet von : C:\Users\utku\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v

[ Datei : C:\Users\utku\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1940 octets] - [29/01/2014 17:49:26]
AdwCleaner[R1].txt - [894 octets] - [01/02/2014 09:18:46]
AdwCleaner[S0].txt - [1953 octets] - [29/01/2014 17:51:36]
AdwCleaner[S1].txt - [816 octets] - [01/02/2014 09:20:16]

########## EOF -< C:\AdwCleaner\AdwCleaner[S1].txt - [875 octets] ##########

Das der Jrt log :

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by utku on 01.02.2014 at  9:26:33,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.02.2014 at  9:31:33,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Und das hier der FRST log :

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 02
Ran by utku (administrator) on UTKU-PC on 01-02-2014 09:34:38
Running from C:\Users\utku\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\utku\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [vmware-tray.exe] - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [111696 2013-10-18] (VMware, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3813200 2014-01-23] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2239704304-2317340568-1914522398-1000\...\Run: [Google Update] - C:\Users\utku\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-09] (Google Inc.)
HKU\S-1-5-21-2239704304-2317340568-1914522398-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20588704 2013-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-2239704304-2317340568-1914522398-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\S-1-5-21-2239704304-2317340568-1914522398-1000\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
Startup: C:\Users\utku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\utku\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR Extension: (Google Drive) - C:\Users\utku\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-09]
CHR Extension: (YouTube) - C:\Users\utku\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-09]
CHR Extension: (Adblock Plus) - C:\Users\utku\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-09]
CHR Extension: (Google-Suche) - C:\Users\utku\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-09]
CHR Extension: (AdBlock) - C:\Users\utku\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-09]
CHR Extension: (Media Player) - C:\Users\utku\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmbpgobolgklcldjiflpdgbjbfdmehi [2014-01-29]
CHR Extension: (Google Wallet) - C:\Users\utku\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-09]
CHR Extension: (Google Mail) - C:\Users\utku\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-09]
CHR HKLM-x32\...\Chrome\Extension: [dpldobbfogfhjhkhmcpfjgkndgpijgej] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta603\ch\VideoPlayerV3beta603.crx [2013-11-09]
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2013-11-09]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-12-13] (LogMeIn, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
S3 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14405200 2013-10-18] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-12] (Avira Operations GmbH & Co. KG)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
S2 sbapifs; system32\DRIVERS\sbapifs.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-01 09:32 - 2014-02-01 09:32 - 00000000 ____D () C:\Users\utku\Desktop\FRST-OlderVersion
2014-02-01 09:31 - 2014-02-01 09:31 - 00000624 _____ () C:\Users\utku\Desktop\JRT.txt
2014-02-01 09:26 - 2014-02-01 09:26 - 01037068 _____ (Thisisu) C:\Users\utku\Desktop\JRT.exe
2014-02-01 09:25 - 2014-02-01 09:26 - 01037068 _____ (Thisisu) C:\Users\utku\Downloads\JRT.exe
2014-02-01 09:22 - 2014-02-01 09:25 - 00000955 _____ () C:\Users\utku\Desktop\AdwCleaner[S1].txt
2014-02-01 09:18 - 2014-02-01 09:18 - 01166132 _____ () C:\Users\utku\Downloads\adwcleaner.exe
2014-02-01 09:18 - 2014-02-01 09:18 - 01166132 _____ () C:\Users\utku\Desktop\adwcleaner.exe
2014-02-01 09:00 - 2014-02-01 09:00 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\utku\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-01 09:00 - 2014-02-01 09:00 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-01 09:00 - 2014-02-01 09:00 - 00000000 ____D () C:\Users\utku\AppData\Roaming\Malwarebytes
2014-02-01 09:00 - 2014-02-01 09:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-01 09:00 - 2014-02-01 09:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-01 09:00 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-30 13:48 - 2014-01-30 13:49 - 00027533 _____ () C:\Users\utku\Desktop\Addition.txt
2014-01-30 13:42 - 2014-02-01 09:34 - 00012982 _____ () C:\Users\utku\Desktop\FRST.txt
2014-01-30 13:41 - 2014-02-01 09:34 - 00000000 ____D () C:\FRST
2014-01-30 13:41 - 2014-02-01 09:32 - 02080256 _____ (Farbar) C:\Users\utku\Desktop\FRST64.exe
2014-01-30 13:40 - 2014-01-30 13:41 - 02079744 _____ (Farbar) C:\Users\utku\Downloads\FRST64.exe
2014-01-29 19:01 - 2014-01-29 19:01 - 00000000 ____D () C:\Windows\ERUNT
2014-01-29 18:57 - 2014-01-29 18:57 - 00000480 _____ () C:\Windows\system32\Drivers\kgpcpy.cfg
2014-01-29 18:37 - 2014-01-29 18:59 - 00000000 ____D () C:\ProgramData\STOPzilla!
2014-01-29 17:49 - 2014-02-01 09:20 - 00000000 ____D () C:\AdwCleaner
2014-01-29 17:29 - 2014-02-01 09:13 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerV1
2014-01-29 17:29 - 2014-01-29 17:29 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-01-28 15:24 - 2014-01-28 15:24 - 00000219 _____ () C:\Users\utku\Desktop\Dota 2.url
2014-01-28 15:03 - 2014-01-28 15:03 - 00000930 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-01-28 15:03 - 2014-01-28 15:03 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-01-27 12:05 - 2014-01-27 12:05 - 02314844 _____ () C:\Users\utku\Desktop\TechnicLauncher.exe
2014-01-27 09:33 - 2014-01-27 09:55 - 00000000 ____D () C:\Users\utku\Desktop\Neuer Ordner (2)
2014-01-26 10:11 - 2014-01-26 10:11 - 00000000 ____D () C:\Users\utku\Documents\LOLReplay
2014-01-26 10:11 - 2014-01-26 10:11 - 00000000 ____D () C:\Program Files (x86)\LOLReplay
2014-01-23 17:56 - 2014-01-28 20:12 - 00000000 ____D () C:\Users\utku\AppData\Roaming\.minecraft
2014-01-23 17:53 - 2014-01-23 17:53 - 00000000 ____D () C:\Users\utku\AppData\Roaming\ATI
2014-01-23 17:53 - 2014-01-23 17:53 - 00000000 ____D () C:\Users\utku\AppData\Local\ATI
2014-01-23 17:53 - 2014-01-23 17:53 - 00000000 ____D () C:\ProgramData\ATI
2014-01-22 16:57 - 2014-01-22 16:59 - 00000000 ____D () C:\Users\utku\Desktop\Coding
2014-01-20 14:40 - 2014-01-20 15:18 - 00000000 ____D () C:\Users\utku\Desktop\Neuer Ordner
2014-01-16 14:54 - 2014-01-25 15:30 - 00000000 ____D () C:\Users\utku\AppData\Roaming\Nidhogg
2014-01-16 14:54 - 2014-01-16 14:54 - 00000780 _____ () C:\Users\Public\Desktop\Nidhogg.lnk
2014-01-16 14:54 - 2014-01-16 14:54 - 00000000 ____D () C:\ProgramData\Steam
2014-01-16 14:54 - 2014-01-16 14:54 - 00000000 ____D () C:\Program Files (x86)\Nidhogg
2014-01-15 16:49 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 16:49 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 16:49 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 16:49 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 16:49 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 16:49 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 16:49 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 16:49 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 16:49 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-15 14:10 - 2014-01-15 14:10 - 00000000 ____D () C:\Users\utku\Desktop\ClientFiles
2014-01-15 14:07 - 2014-01-15 14:06 - 00010560 _____ () C:\Users\utku\Desktop\OCS.jar
2014-01-13 16:36 - 2014-01-13 17:33 - 00000000 ____D () C:\Users\utku\Documents\Virtual Machines
2014-01-13 16:18 - 2014-01-19 19:54 - 00000000 ____D () C:\Users\utku\AppData\Roaming\VMware
2014-01-13 16:18 - 2014-01-19 19:54 - 00000000 ____D () C:\Users\utku\AppData\Local\VMware
2014-01-13 16:16 - 2014-01-13 16:16 - 00000000 ____D () C:\Users\utku\Desktop\Schule
2014-01-13 16:16 - 2013-10-18 12:46 - 00064080 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2014-01-13 16:16 - 2013-10-08 18:21 - 00073296 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2014-01-13 16:16 - 2013-10-08 18:21 - 00067664 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2014-01-13 16:16 - 2013-10-08 18:21 - 00063568 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2014-01-13 16:15 - 2014-01-13 16:15 - 00001024 _____ () C:\Windows\SysWOW64\%TMP%
2014-01-13 16:15 - 2014-01-13 16:15 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-01-13 16:15 - 2013-10-18 12:45 - 00930384 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2014-01-13 16:15 - 2013-10-18 12:45 - 00437328 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2014-01-13 16:15 - 2013-10-18 12:45 - 00358480 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2014-01-13 16:15 - 2013-10-18 12:45 - 00030800 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2014-01-13 16:15 - 2013-10-09 08:04 - 00053816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2014-01-13 16:14 - 2014-02-01 09:21 - 00000000 ____D () C:\ProgramData\VMware
2014-01-13 16:14 - 2014-01-13 16:14 - 00000000 ____D () C:\Users\Public\Documents\Shared Virtual Machines
2014-01-13 16:14 - 2014-01-13 16:14 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-01-10 15:45 - 2014-02-01 09:13 - 00000000 ____D () C:\Program Files (x86)\VideoPlayerV3
2014-01-09 18:44 - 2014-01-09 18:44 - 00000000 ____D () C:\Users\utku\Documents\Fax
2014-01-07 13:01 - 2014-01-07 13:01 - 00262144 _____ () C:\Windows\Minidump\010714-23868-01.dmp
2014-01-04 15:46 - 2014-01-04 15:46 - 00000000 ____D () C:\Users\utku\AppData\Roaming\.mono
2014-01-04 15:46 - 2014-01-04 15:46 - 00000000 ____D () C:\ProgramData\.mono
2014-01-04 15:42 - 2014-01-04 15:43 - 00000000 ____D () C:\Users\utku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokémon Trading Card Game Online
2014-01-04 15:42 - 2014-01-04 15:42 - 00000000 ____D () C:\Users\utku\AppData\Roaming\Pokémon Trading Card Game Online

==================== One Month Modified Files and Folders =======

2014-02-01 09:34 - 2014-01-30 13:42 - 00012982 _____ () C:\Users\utku\Desktop\FRST.txt
2014-02-01 09:34 - 2014-01-30 13:41 - 00000000 ____D () C:\FRST
2014-02-01 09:32 - 2014-02-01 09:32 - 00000000 ____D () C:\Users\utku\Desktop\FRST-OlderVersion
2014-02-01 09:32 - 2014-01-30 13:41 - 02080256 _____ (Farbar) C:\Users\utku\Desktop\FRST64.exe
2014-02-01 09:31 - 2014-02-01 09:31 - 00000624 _____ () C:\Users\utku\Desktop\JRT.txt
2014-02-01 09:29 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-01 09:29 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-01 09:26 - 2014-02-01 09:26 - 01037068 _____ (Thisisu) C:\Users\utku\Desktop\JRT.exe
2014-02-01 09:26 - 2014-02-01 09:25 - 01037068 _____ (Thisisu) C:\Users\utku\Downloads\JRT.exe
2014-02-01 09:26 - 2013-11-15 19:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-01 09:26 - 2013-11-08 22:28 - 01548357 _____ () C:\Windows\WindowsUpdate.log
2014-02-01 09:25 - 2014-02-01 09:22 - 00000955 _____ () C:\Users\utku\Desktop\AdwCleaner[S1].txt
2014-02-01 09:25 - 2013-11-18 19:10 - 00000000 ____D () C:\Users\utku\AppData\Local\LogMeIn Hamachi
2014-02-01 09:25 - 2013-11-09 13:24 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-01 09:23 - 2013-11-09 08:35 - 00000000 ____D () C:\Users\utku\AppData\Roaming\Skype
2014-02-01 09:22 - 2013-12-28 12:19 - 00000000 ___RD () C:\Users\utku\Dropbox
2014-02-01 09:22 - 2013-12-28 12:17 - 00000000 ____D () C:\Users\utku\AppData\Roaming\Dropbox
2014-02-01 09:21 - 2014-01-13 16:14 - 00000000 ____D () C:\ProgramData\VMware
2014-02-01 09:21 - 2013-11-08 23:35 - 00000000 ____D () C:\ProgramData\clear.fi
2014-02-01 09:21 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-01 09:21 - 2009-07-14 05:51 - 00065361 _____ () C:\Windows\setupact.log
2014-02-01 09:20 - 2014-01-29 17:49 - 00000000 ____D () C:\AdwCleaner
2014-02-01 09:18 - 2014-02-01 09:18 - 01166132 _____ () C:\Users\utku\Downloads\adwcleaner.exe
2014-02-01 09:18 - 2014-02-01 09:18 - 01166132 _____ () C:\Users\utku\Desktop\adwcleaner.exe
2014-02-01 09:15 - 2010-11-21 04:47 - 00126266 _____ () C:\Windows\PFRO.log
2014-02-01 09:13 - 2014-01-29 17:29 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerV1
2014-02-01 09:13 - 2014-01-10 15:45 - 00000000 ____D () C:\Program Files (x86)\VideoPlayerV3
2014-02-01 09:03 - 2013-11-09 08:28 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2239704304-2317340568-1914522398-1000UA.job
2014-02-01 09:00 - 2014-02-01 09:00 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\utku\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-01 09:00 - 2014-02-01 09:00 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-01 09:00 - 2014-02-01 09:00 - 00000000 ____D () C:\Users\utku\AppData\Roaming\Malwarebytes
2014-02-01 09:00 - 2014-02-01 09:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-01 09:00 - 2014-02-01 09:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-30 18:42 - 2013-11-10 16:52 - 00000000 ____D () C:\Users\utku\AppData\Roaming\TS3Client
2014-01-30 18:42 - 2013-11-09 08:32 - 00000000 ____D () C:\Users\utku\AppData\Local\PMB Files
2014-01-30 18:00 - 2013-11-09 08:32 - 00000000 ____D () C:\ProgramData\PMB Files
2014-01-30 13:49 - 2014-01-30 13:48 - 00027533 _____ () C:\Users\utku\Desktop\Addition.txt
2014-01-30 13:41 - 2014-01-30 13:40 - 02079744 _____ (Farbar) C:\Users\utku\Downloads\FRST64.exe
2014-01-29 19:01 - 2014-01-29 19:01 - 00000000 ____D () C:\Windows\ERUNT
2014-01-29 18:59 - 2014-01-29 18:37 - 00000000 ____D () C:\ProgramData\STOPzilla!
2014-01-29 18:57 - 2014-01-29 18:57 - 00000480 _____ () C:\Windows\system32\Drivers\kgpcpy.cfg
2014-01-29 17:30 - 2013-12-11 13:36 - 00000308 _____ () C:\extensions.ini
2014-01-29 17:29 - 2014-01-29 17:29 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-01-29 17:29 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-01-29 17:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-01-28 20:12 - 2014-01-23 17:56 - 00000000 ____D () C:\Users\utku\AppData\Roaming\.minecraft
2014-01-28 15:24 - 2014-01-28 15:24 - 00000219 _____ () C:\Users\utku\Desktop\Dota 2.url
2014-01-28 15:03 - 2014-01-28 15:03 - 00000930 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-01-28 15:03 - 2014-01-28 15:03 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-01-27 12:23 - 2013-12-21 16:24 - 00000000 ____D () C:\Users\utku\AppData\Roaming\.technic
2014-01-27 12:05 - 2014-01-27 12:05 - 02314844 _____ () C:\Users\utku\Desktop\TechnicLauncher.exe
2014-01-27 11:03 - 2013-11-09 08:28 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2239704304-2317340568-1914522398-1000Core.job
2014-01-27 09:55 - 2014-01-27 09:33 - 00000000 ____D () C:\Users\utku\Desktop\Neuer Ordner (2)
2014-01-26 10:11 - 2014-01-26 10:11 - 00000000 ____D () C:\Users\utku\Documents\LOLReplay
2014-01-26 10:11 - 2014-01-26 10:11 - 00000000 ____D () C:\Program Files (x86)\LOLReplay
2014-01-26 09:15 - 2013-11-22 17:45 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-01-25 16:51 - 2013-11-09 07:21 - 00699592 _____ () C:\Windows\system32\perfh007.dat
2014-01-25 16:51 - 2013-11-09 07:21 - 00149382 _____ () C:\Windows\system32\perfc007.dat
2014-01-25 16:51 - 2009-07-14 06:13 - 01620762 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-25 15:30 - 2014-01-16 14:54 - 00000000 ____D () C:\Users\utku\AppData\Roaming\Nidhogg
2014-01-23 17:55 - 2013-11-09 08:32 - 00000000 ____D () C:\Users\utku\Desktop\Startdateien
2014-01-23 17:53 - 2014-01-23 17:53 - 00000000 ____D () C:\Users\utku\AppData\Roaming\ATI
2014-01-23 17:53 - 2014-01-23 17:53 - 00000000 ____D () C:\Users\utku\AppData\Local\ATI
2014-01-23 17:53 - 2014-01-23 17:53 - 00000000 ____D () C:\ProgramData\ATI
2014-01-22 16:59 - 2014-01-22 16:57 - 00000000 ____D () C:\Users\utku\Desktop\Coding
2014-01-20 15:18 - 2014-01-20 14:40 - 00000000 ____D () C:\Users\utku\Desktop\Neuer Ordner
2014-01-19 19:54 - 2014-01-13 16:18 - 00000000 ____D () C:\Users\utku\AppData\Roaming\VMware
2014-01-19 19:54 - 2014-01-13 16:18 - 00000000 ____D () C:\Users\utku\AppData\Local\VMware
2014-01-16 14:54 - 2014-01-16 14:54 - 00000780 _____ () C:\Users\Public\Desktop\Nidhogg.lnk
2014-01-16 14:54 - 2014-01-16 14:54 - 00000000 ____D () C:\ProgramData\Steam
2014-01-16 14:54 - 2014-01-16 14:54 - 00000000 ____D () C:\Program Files (x86)\Nidhogg
2014-01-16 14:23 - 2013-11-08 23:28 - 00000000 ___RD () C:\Users\utku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 14:22 - 2013-12-28 12:18 - 00000000 ____D () C:\Users\utku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-16 14:18 - 2009-07-14 05:45 - 00309880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 18:01 - 2013-11-09 13:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 17:59 - 2013-11-09 13:18 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 14:10 - 2014-01-15 14:10 - 00000000 ____D () C:\Users\utku\Desktop\ClientFiles
2014-01-15 14:06 - 2014-01-15 14:07 - 00010560 _____ () C:\Users\utku\Desktop\OCS.jar
2014-01-13 17:33 - 2014-01-13 16:36 - 00000000 ____D () C:\Users\utku\Documents\Virtual Machines
2014-01-13 16:17 - 2013-12-13 15:57 - 00000000 ____D () C:\Users\utku\Desktop\cct-0.9.5
2014-01-13 16:16 - 2014-01-13 16:16 - 00000000 ____D () C:\Users\utku\Desktop\Schule
2014-01-13 16:15 - 2014-01-13 16:15 - 00001024 _____ () C:\Windows\SysWOW64\%TMP%
2014-01-13 16:15 - 2014-01-13 16:15 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-01-13 16:15 - 2013-11-28 17:16 - 01641654 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-13 16:14 - 2014-01-13 16:14 - 00000000 ____D () C:\Users\Public\Documents\Shared Virtual Machines
2014-01-13 16:14 - 2014-01-13 16:14 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-01-11 10:41 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-09 18:44 - 2014-01-09 18:44 - 00000000 ____D () C:\Users\utku\Documents\Fax
2014-01-07 13:01 - 2014-01-07 13:01 - 00262144 _____ () C:\Windows\Minidump\010714-23868-01.dmp
2014-01-07 13:01 - 2013-12-03 17:00 - 00000000 ____D () C:\Windows\Minidump
2014-01-07 13:01 - 2013-12-03 16:59 - 545832220 _____ () C:\Windows\MEMORY.DMP
2014-01-07 11:26 - 2009-07-14 03:34 - 00000462 _____ () C:\Windows\win.ini
2014-01-06 11:23 - 2013-12-20 12:30 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2014-01-04 15:46 - 2014-01-04 15:46 - 00000000 ____D () C:\Users\utku\AppData\Roaming\.mono
2014-01-04 15:46 - 2014-01-04 15:46 - 00000000 ____D () C:\ProgramData\.mono
2014-01-04 15:43 - 2014-01-04 15:42 - 00000000 ____D () C:\Users\utku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokémon Trading Card Game Online
2014-01-04 15:42 - 2014-01-04 15:42 - 00000000 ____D () C:\Users\utku\AppData\Roaming\Pokémon Trading Card Game Online

Some content of TEMP:
====================
C:\Users\utku\AppData\Local\Temp\avgnt.exe
C:\Users\utku\AppData\Local\Temp\BetterSurfPlusInstaller.exe
C:\Users\utku\AppData\Local\Temp\DeskMetrics.dll
C:\Users\utku\AppData\Local\Temp\Quarantine.exe
C:\Users\utku\AppData\Local\Temp\SHSetup.exe
C:\Users\utku\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\utku\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-03 11:34

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 01.02.2014, 17:43

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

AdsHater · 02.02.2014, 10:48

Das ist der ESET log :

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=11a0f7efb8b31846826cfe2df26ec417
# engine=16904
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-02 09:23:23
# local_time=2014-02-02 10:23:23 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 72162 9904161 64938 0
# compatibility_mode=5893 16776574 100 94 7334032 142962853 0 0
# scanned=231028
# found=1
# cleaned=0
# scan_time=6624
sh=F1BF51E0B860C740DC72E86410216D9C25DBDA5E ft=1 fh=f53642ac04b49d5c vn="a variant of Win32/AdWare.BetterSurf.C application" ac=I fn="C:\Users\utku\AppData\Local\Temp\BetterSurfPlusInstaller.exe"

Das der SecurityCheck log:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 45  
 Java version out of Date! 
 Adobe Flash Player 11.9.900.170  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.76  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

und hier der frst log :

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 02
Ran by utku (administrator) on UTKU-PC on 02-02-2014 10:36:16
Running from C:\Users\utku\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Dropbox, Inc.) C:\Users\utku\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Google Inc.) C:\Users\utku\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\utku\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\utku\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\utku\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\utku\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\utku\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [vmware-tray.exe] - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [111696 2013-10-18] (VMware, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3813200 2014-01-23] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2239704304-2317340568-1914522398-1000\...\Run: [Google Update] - C:\Users\utku\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-09] (Google Inc.)
HKU\S-1-5-21-2239704304-2317340568-1914522398-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20588704 2013-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-2239704304-2317340568-1914522398-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\S-1-5-21-2239704304-2317340568-1914522398-1000\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
Startup: C:\Users\utku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\utku\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Chrome: 
=======
CHR Extension: (Google Drive) - C:\Users\utku\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-09]
CHR Extension: (YouTube) - C:\Users\utku\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-09]
CHR Extension: (Adblock Plus) - C:\Users\utku\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-09]
CHR Extension: (Google-Suche) - C:\Users\utku\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-09]
CHR Extension: (AdBlock) - C:\Users\utku\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-09]
CHR Extension: (Media Player) - C:\Users\utku\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbmbpgobolgklcldjiflpdgbjbfdmehi [2014-01-29]
CHR Extension: (Google Wallet) - C:\Users\utku\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-09]
CHR Extension: (Google Mail) - C:\Users\utku\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-09]
CHR HKLM-x32\...\Chrome\Extension: [dpldobbfogfhjhkhmcpfjgkndgpijgej] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta603\ch\VideoPlayerV3beta603.crx [2013-11-09]
CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2013-11-09]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-12-13] (LogMeIn, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
S3 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14405200 2013-10-18] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-12] (Avira Operations GmbH & Co. KG)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
S2 sbapifs; system32\DRIVERS\sbapifs.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-02 10:30 - 2014-02-02 10:30 - 00987425 _____ () C:\Users\utku\Downloads\SecurityCheck.exe
2014-02-02 10:30 - 2014-02-02 10:30 - 00987425 _____ () C:\Users\utku\Desktop\SecurityCheck.exe
2014-02-02 09:55 - 2014-02-02 09:56 - 00000000 ____D () C:\Users\utku\AppData\Local\Microsoft Games
2014-02-02 08:35 - 2014-02-02 09:55 - 00001001 _____ () C:\Users\utku\Desktop\Neues Textdokument (2).txt
2014-02-02 08:31 - 2014-02-02 08:31 - 02347384 _____ (ESET) C:\Users\utku\Downloads\esetsmartinstaller_enu.exe
2014-02-01 15:58 - 2014-02-01 15:58 - 00000000 _____ () C:\Users\utku\Desktop\Neues Textdokument.txt
2014-02-01 09:32 - 2014-02-01 09:32 - 00000000 ____D () C:\Users\utku\Desktop\FRST-OlderVersion
2014-02-01 09:31 - 2014-02-01 09:31 - 00000624 _____ () C:\Users\utku\Desktop\JRT.txt
2014-02-01 09:26 - 2014-02-01 09:26 - 01037068 _____ (Thisisu) C:\Users\utku\Desktop\JRT.exe
2014-02-01 09:25 - 2014-02-01 09:26 - 01037068 _____ (Thisisu) C:\Users\utku\Downloads\JRT.exe
2014-02-01 09:22 - 2014-02-01 09:25 - 00000955 _____ () C:\Users\utku\Desktop\AdwCleaner[S1].txt
2014-02-01 09:18 - 2014-02-01 09:18 - 01166132 _____ () C:\Users\utku\Downloads\adwcleaner.exe
2014-02-01 09:18 - 2014-02-01 09:18 - 01166132 _____ () C:\Users\utku\Desktop\adwcleaner.exe
2014-02-01 09:00 - 2014-02-01 09:00 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\utku\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-01 09:00 - 2014-02-01 09:00 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-01 09:00 - 2014-02-01 09:00 - 00000000 ____D () C:\Users\utku\AppData\Roaming\Malwarebytes
2014-02-01 09:00 - 2014-02-01 09:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-01 09:00 - 2014-02-01 09:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-01 09:00 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-30 13:48 - 2014-02-01 09:35 - 00024566 _____ () C:\Users\utku\Desktop\Addition.txt
2014-01-30 13:42 - 2014-02-02 10:36 - 00013773 _____ () C:\Users\utku\Desktop\FRST.txt
2014-01-30 13:41 - 2014-02-02 10:36 - 00000000 ____D () C:\FRST
2014-01-30 13:41 - 2014-02-01 09:32 - 02080256 _____ (Farbar) C:\Users\utku\Desktop\FRST64.exe
2014-01-30 13:40 - 2014-01-30 13:41 - 02079744 _____ (Farbar) C:\Users\utku\Downloads\FRST64.exe
2014-01-29 19:01 - 2014-01-29 19:01 - 00000000 ____D () C:\Windows\ERUNT
2014-01-29 18:57 - 2014-01-29 18:57 - 00000480 _____ () C:\Windows\system32\Drivers\kgpcpy.cfg
2014-01-29 18:37 - 2014-01-29 18:59 - 00000000 ____D () C:\ProgramData\STOPzilla!
2014-01-29 17:49 - 2014-02-01 09:20 - 00000000 ____D () C:\AdwCleaner
2014-01-29 17:29 - 2014-02-01 09:13 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerV1
2014-01-29 17:29 - 2014-01-29 17:29 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-01-28 15:24 - 2014-01-28 15:24 - 00000219 _____ () C:\Users\utku\Desktop\Dota 2.url
2014-01-28 15:03 - 2014-01-28 15:03 - 00000930 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-01-28 15:03 - 2014-01-28 15:03 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-01-27 12:05 - 2014-01-27 12:05 - 02314844 _____ () C:\Users\utku\Desktop\TechnicLauncher.exe
2014-01-27 09:33 - 2014-01-27 09:55 - 00000000 ____D () C:\Users\utku\Desktop\Neuer Ordner (2)
2014-01-26 10:11 - 2014-01-26 10:11 - 00000000 ____D () C:\Users\utku\Documents\LOLReplay
2014-01-26 10:11 - 2014-01-26 10:11 - 00000000 ____D () C:\Program Files (x86)\LOLReplay
2014-01-23 17:56 - 2014-02-01 10:31 - 00000000 ____D () C:\Users\utku\AppData\Roaming\.minecraft
2014-01-23 17:53 - 2014-01-23 17:53 - 00000000 ____D () C:\Users\utku\AppData\Roaming\ATI
2014-01-23 17:53 - 2014-01-23 17:53 - 00000000 ____D () C:\Users\utku\AppData\Local\ATI
2014-01-23 17:53 - 2014-01-23 17:53 - 00000000 ____D () C:\ProgramData\ATI
2014-01-22 16:57 - 2014-01-22 16:59 - 00000000 ____D () C:\Users\utku\Desktop\Coding
2014-01-20 14:40 - 2014-01-20 15:18 - 00000000 ____D () C:\Users\utku\Desktop\Neuer Ordner
2014-01-16 14:54 - 2014-02-02 10:20 - 00000000 ____D () C:\Users\utku\AppData\Roaming\Nidhogg
2014-01-16 14:54 - 2014-01-16 14:54 - 00000780 _____ () C:\Users\Public\Desktop\Nidhogg.lnk
2014-01-16 14:54 - 2014-01-16 14:54 - 00000000 ____D () C:\ProgramData\Steam
2014-01-16 14:54 - 2014-01-16 14:54 - 00000000 ____D () C:\Program Files (x86)\Nidhogg
2014-01-15 16:49 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 16:49 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 16:49 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 16:49 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 16:49 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 16:49 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 16:49 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 16:49 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 16:49 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-15 14:10 - 2014-01-15 14:10 - 00000000 ____D () C:\Users\utku\Desktop\ClientFiles
2014-01-15 14:07 - 2014-01-15 14:06 - 00010560 _____ () C:\Users\utku\Desktop\OCS.jar
2014-01-13 16:36 - 2014-01-13 17:33 - 00000000 ____D () C:\Users\utku\Documents\Virtual Machines
2014-01-13 16:18 - 2014-01-19 19:54 - 00000000 ____D () C:\Users\utku\AppData\Roaming\VMware
2014-01-13 16:18 - 2014-01-19 19:54 - 00000000 ____D () C:\Users\utku\AppData\Local\VMware
2014-01-13 16:16 - 2014-01-13 16:16 - 00000000 ____D () C:\Users\utku\Desktop\Schule
2014-01-13 16:16 - 2013-10-18 12:46 - 00064080 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2014-01-13 16:16 - 2013-10-08 18:21 - 00073296 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2014-01-13 16:16 - 2013-10-08 18:21 - 00067664 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2014-01-13 16:16 - 2013-10-08 18:21 - 00063568 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2014-01-13 16:15 - 2014-01-13 16:15 - 00001024 _____ () C:\Windows\SysWOW64\%TMP%
2014-01-13 16:15 - 2014-01-13 16:15 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-01-13 16:15 - 2013-10-18 12:45 - 00930384 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2014-01-13 16:15 - 2013-10-18 12:45 - 00437328 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2014-01-13 16:15 - 2013-10-18 12:45 - 00358480 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2014-01-13 16:15 - 2013-10-18 12:45 - 00030800 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2014-01-13 16:15 - 2013-10-09 08:04 - 00053816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2014-01-13 16:14 - 2014-02-02 08:27 - 00000000 ____D () C:\ProgramData\VMware
2014-01-13 16:14 - 2014-01-13 16:14 - 00000000 ____D () C:\Users\Public\Documents\Shared Virtual Machines
2014-01-13 16:14 - 2014-01-13 16:14 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-01-10 15:45 - 2014-02-01 09:13 - 00000000 ____D () C:\Program Files (x86)\VideoPlayerV3
2014-01-09 18:44 - 2014-01-09 18:44 - 00000000 ____D () C:\Users\utku\Documents\Fax
2014-01-07 13:01 - 2014-01-07 13:01 - 00262144 _____ () C:\Windows\Minidump\010714-23868-01.dmp
2014-01-04 15:46 - 2014-01-04 15:46 - 00000000 ____D () C:\Users\utku\AppData\Roaming\.mono
2014-01-04 15:46 - 2014-01-04 15:46 - 00000000 ____D () C:\ProgramData\.mono
2014-01-04 15:42 - 2014-01-04 15:43 - 00000000 ____D () C:\Users\utku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokémon Trading Card Game Online
2014-01-04 15:42 - 2014-01-04 15:42 - 00000000 ____D () C:\Users\utku\AppData\Roaming\Pokémon Trading Card Game Online

==================== One Month Modified Files and Folders =======

2014-02-02 10:36 - 2014-01-30 13:42 - 00013773 _____ () C:\Users\utku\Desktop\FRST.txt
2014-02-02 10:36 - 2014-01-30 13:41 - 00000000 ____D () C:\FRST
2014-02-02 10:30 - 2014-02-02 10:30 - 00987425 _____ () C:\Users\utku\Downloads\SecurityCheck.exe
2014-02-02 10:30 - 2014-02-02 10:30 - 00987425 _____ () C:\Users\utku\Desktop\SecurityCheck.exe
2014-02-02 10:28 - 2013-11-09 08:35 - 00000000 ____D () C:\Users\utku\AppData\Roaming\Skype
2014-02-02 10:27 - 2013-11-09 13:24 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-02 10:26 - 2013-11-15 19:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-02 10:23 - 2013-11-08 22:28 - 01594852 _____ () C:\Windows\WindowsUpdate.log
2014-02-02 10:20 - 2014-01-16 14:54 - 00000000 ____D () C:\Users\utku\AppData\Roaming\Nidhogg
2014-02-02 10:03 - 2013-11-09 08:28 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2239704304-2317340568-1914522398-1000UA.job
2014-02-02 09:56 - 2014-02-02 09:55 - 00000000 ____D () C:\Users\utku\AppData\Local\Microsoft Games
2014-02-02 09:55 - 2014-02-02 08:35 - 00001001 _____ () C:\Users\utku\Desktop\Neues Textdokument (2).txt
2014-02-02 08:35 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-02 08:35 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-02 08:31 - 2014-02-02 08:31 - 02347384 _____ (ESET) C:\Users\utku\Downloads\esetsmartinstaller_enu.exe
2014-02-02 08:28 - 2013-12-28 12:17 - 00000000 ____D () C:\Users\utku\AppData\Roaming\Dropbox
2014-02-02 08:27 - 2014-01-13 16:14 - 00000000 ____D () C:\ProgramData\VMware
2014-02-02 08:27 - 2013-12-28 12:19 - 00000000 ___RD () C:\Users\utku\Dropbox
2014-02-02 08:27 - 2013-11-18 19:10 - 00000000 ____D () C:\Users\utku\AppData\Local\LogMeIn Hamachi
2014-02-02 08:27 - 2013-11-08 23:35 - 00000000 ____D () C:\ProgramData\clear.fi
2014-02-02 08:26 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-02 08:26 - 2009-07-14 05:51 - 00065585 _____ () C:\Windows\setupact.log
2014-02-01 19:06 - 2013-11-09 08:32 - 00000000 ____D () C:\Users\utku\AppData\Local\PMB Files
2014-02-01 19:06 - 2013-11-09 08:32 - 00000000 ____D () C:\ProgramData\PMB Files
2014-02-01 17:38 - 2013-11-10 16:52 - 00000000 ____D () C:\Users\utku\AppData\Roaming\TS3Client
2014-02-01 15:58 - 2014-02-01 15:58 - 00000000 _____ () C:\Users\utku\Desktop\Neues Textdokument.txt
2014-02-01 11:03 - 2013-11-09 08:28 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2239704304-2317340568-1914522398-1000Core.job
2014-02-01 10:37 - 2013-11-09 08:32 - 00000000 ____D () C:\Users\utku\Desktop\Startdateien
2014-02-01 10:31 - 2014-01-23 17:56 - 00000000 ____D () C:\Users\utku\AppData\Roaming\.minecraft
2014-02-01 09:35 - 2014-01-30 13:48 - 00024566 _____ () C:\Users\utku\Desktop\Addition.txt
2014-02-01 09:32 - 2014-02-01 09:32 - 00000000 ____D () C:\Users\utku\Desktop\FRST-OlderVersion
2014-02-01 09:32 - 2014-01-30 13:41 - 02080256 _____ (Farbar) C:\Users\utku\Desktop\FRST64.exe
2014-02-01 09:31 - 2014-02-01 09:31 - 00000624 _____ () C:\Users\utku\Desktop\JRT.txt
2014-02-01 09:26 - 2014-02-01 09:26 - 01037068 _____ (Thisisu) C:\Users\utku\Desktop\JRT.exe
2014-02-01 09:26 - 2014-02-01 09:25 - 01037068 _____ (Thisisu) C:\Users\utku\Downloads\JRT.exe
2014-02-01 09:25 - 2014-02-01 09:22 - 00000955 _____ () C:\Users\utku\Desktop\AdwCleaner[S1].txt
2014-02-01 09:20 - 2014-01-29 17:49 - 00000000 ____D () C:\AdwCleaner
2014-02-01 09:18 - 2014-02-01 09:18 - 01166132 _____ () C:\Users\utku\Downloads\adwcleaner.exe
2014-02-01 09:18 - 2014-02-01 09:18 - 01166132 _____ () C:\Users\utku\Desktop\adwcleaner.exe
2014-02-01 09:15 - 2010-11-21 04:47 - 00126266 _____ () C:\Windows\PFRO.log
2014-02-01 09:13 - 2014-01-29 17:29 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerV1
2014-02-01 09:13 - 2014-01-10 15:45 - 00000000 ____D () C:\Program Files (x86)\VideoPlayerV3
2014-02-01 09:00 - 2014-02-01 09:00 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\utku\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-01 09:00 - 2014-02-01 09:00 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-01 09:00 - 2014-02-01 09:00 - 00000000 ____D () C:\Users\utku\AppData\Roaming\Malwarebytes
2014-02-01 09:00 - 2014-02-01 09:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-01 09:00 - 2014-02-01 09:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-30 13:41 - 2014-01-30 13:40 - 02079744 _____ (Farbar) C:\Users\utku\Downloads\FRST64.exe
2014-01-29 19:01 - 2014-01-29 19:01 - 00000000 ____D () C:\Windows\ERUNT
2014-01-29 18:59 - 2014-01-29 18:37 - 00000000 ____D () C:\ProgramData\STOPzilla!
2014-01-29 18:57 - 2014-01-29 18:57 - 00000480 _____ () C:\Windows\system32\Drivers\kgpcpy.cfg
2014-01-29 17:30 - 2013-12-11 13:36 - 00000308 _____ () C:\extensions.ini
2014-01-29 17:29 - 2014-01-29 17:29 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-01-29 17:29 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-01-29 17:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-01-28 15:24 - 2014-01-28 15:24 - 00000219 _____ () C:\Users\utku\Desktop\Dota 2.url
2014-01-28 15:03 - 2014-01-28 15:03 - 00000930 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-01-28 15:03 - 2014-01-28 15:03 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-01-27 12:23 - 2013-12-21 16:24 - 00000000 ____D () C:\Users\utku\AppData\Roaming\.technic
2014-01-27 12:05 - 2014-01-27 12:05 - 02314844 _____ () C:\Users\utku\Desktop\TechnicLauncher.exe
2014-01-27 09:55 - 2014-01-27 09:33 - 00000000 ____D () C:\Users\utku\Desktop\Neuer Ordner (2)
2014-01-26 10:11 - 2014-01-26 10:11 - 00000000 ____D () C:\Users\utku\Documents\LOLReplay
2014-01-26 10:11 - 2014-01-26 10:11 - 00000000 ____D () C:\Program Files (x86)\LOLReplay
2014-01-26 09:15 - 2013-11-22 17:45 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-01-25 16:51 - 2013-11-09 07:21 - 00699592 _____ () C:\Windows\system32\perfh007.dat
2014-01-25 16:51 - 2013-11-09 07:21 - 00149382 _____ () C:\Windows\system32\perfc007.dat
2014-01-25 16:51 - 2009-07-14 06:13 - 01620762 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-23 17:53 - 2014-01-23 17:53 - 00000000 ____D () C:\Users\utku\AppData\Roaming\ATI
2014-01-23 17:53 - 2014-01-23 17:53 - 00000000 ____D () C:\Users\utku\AppData\Local\ATI
2014-01-23 17:53 - 2014-01-23 17:53 - 00000000 ____D () C:\ProgramData\ATI
2014-01-22 16:59 - 2014-01-22 16:57 - 00000000 ____D () C:\Users\utku\Desktop\Coding
2014-01-20 15:18 - 2014-01-20 14:40 - 00000000 ____D () C:\Users\utku\Desktop\Neuer Ordner
2014-01-19 19:54 - 2014-01-13 16:18 - 00000000 ____D () C:\Users\utku\AppData\Roaming\VMware
2014-01-19 19:54 - 2014-01-13 16:18 - 00000000 ____D () C:\Users\utku\AppData\Local\VMware
2014-01-16 14:54 - 2014-01-16 14:54 - 00000780 _____ () C:\Users\Public\Desktop\Nidhogg.lnk
2014-01-16 14:54 - 2014-01-16 14:54 - 00000000 ____D () C:\ProgramData\Steam
2014-01-16 14:54 - 2014-01-16 14:54 - 00000000 ____D () C:\Program Files (x86)\Nidhogg
2014-01-16 14:23 - 2013-11-08 23:28 - 00000000 ___RD () C:\Users\utku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 14:22 - 2013-12-28 12:18 - 00000000 ____D () C:\Users\utku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-16 14:18 - 2009-07-14 05:45 - 00309880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 18:01 - 2013-11-09 13:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 17:59 - 2013-11-09 13:18 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 14:10 - 2014-01-15 14:10 - 00000000 ____D () C:\Users\utku\Desktop\ClientFiles
2014-01-15 14:06 - 2014-01-15 14:07 - 00010560 _____ () C:\Users\utku\Desktop\OCS.jar
2014-01-13 17:33 - 2014-01-13 16:36 - 00000000 ____D () C:\Users\utku\Documents\Virtual Machines
2014-01-13 16:17 - 2013-12-13 15:57 - 00000000 ____D () C:\Users\utku\Desktop\cct-0.9.5
2014-01-13 16:16 - 2014-01-13 16:16 - 00000000 ____D () C:\Users\utku\Desktop\Schule
2014-01-13 16:15 - 2014-01-13 16:15 - 00001024 _____ () C:\Windows\SysWOW64\%TMP%
2014-01-13 16:15 - 2014-01-13 16:15 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-01-13 16:15 - 2013-11-28 17:16 - 01641654 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-13 16:14 - 2014-01-13 16:14 - 00000000 ____D () C:\Users\Public\Documents\Shared Virtual Machines
2014-01-13 16:14 - 2014-01-13 16:14 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-01-11 10:41 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-09 18:44 - 2014-01-09 18:44 - 00000000 ____D () C:\Users\utku\Documents\Fax
2014-01-07 13:01 - 2014-01-07 13:01 - 00262144 _____ () C:\Windows\Minidump\010714-23868-01.dmp
2014-01-07 13:01 - 2013-12-03 17:00 - 00000000 ____D () C:\Windows\Minidump
2014-01-07 13:01 - 2013-12-03 16:59 - 545832220 _____ () C:\Windows\MEMORY.DMP
2014-01-07 11:26 - 2009-07-14 03:34 - 00000462 _____ () C:\Windows\win.ini
2014-01-06 11:23 - 2013-12-20 12:30 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2014-01-04 15:46 - 2014-01-04 15:46 - 00000000 ____D () C:\Users\utku\AppData\Roaming\.mono
2014-01-04 15:46 - 2014-01-04 15:46 - 00000000 ____D () C:\ProgramData\.mono
2014-01-04 15:43 - 2014-01-04 15:42 - 00000000 ____D () C:\Users\utku\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokémon Trading Card Game Online
2014-01-04 15:42 - 2014-01-04 15:42 - 00000000 ____D () C:\Users\utku\AppData\Roaming\Pokémon Trading Card Game Online

Some content of TEMP:
====================
C:\Users\utku\AppData\Local\Temp\avgnt.exe
C:\Users\utku\AppData\Local\Temp\BetterSurfPlusInstaller.exe
C:\Users\utku\AppData\Local\Temp\DeskMetrics.dll
C:\Users\utku\AppData\Local\Temp\Quarantine.exe
C:\Users\utku\AppData\Local\Temp\SHSetup.exe
C:\Users\utku\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\utku\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-03 11:34

==================== End Of Log ============================

--- --- ---

--- --- ---

der virus ist leider immer noch da

.

schrauber · 03.02.2014, 10:43

Java und Adobe updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Chrome komplett deinstallieren, keine Daten behalten, neu installieren.

AdsHater · 03.02.2014, 14:45

Der Virus ist immer noch da

.
Ich hab noch bei den Erweiterungen nachgeguckt und da ist eine erweiterung, die MediaPlayer heißt.
Ich hab so ein gefühl das der Virus dieses MediaPlayer teil ist.
Man kann das MediaPlayer teil nicht Löschen

.

Meine Befürchtungen haben sich bestätigt.
Ich habe den AvastBrowser Clean-Up benutzt und die Erweiterung deaktiviert die Werbung wird nicht mehr angezeigt.

schrauber · 04.02.2014, 09:57

Verbindest Du mit einem Google Konto in Chrome?

AdsHater · 06.02.2014, 07:17

Nein

schrauber · 06.02.2014, 17:54

Haste die ERweiterung jetzt komplett gelöscht? Problem immer noch weg?

04.02.2014, 09:57	#10
schrauber /// the machine /// TB-Ausbilder	Bettersurf in Google Chrome Verbindest Du mit einem Google Konto in Chrome? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

06.02.2014, 17:54	#12
schrauber /// the machine /// TB-Ausbilder	Bettersurf in Google Chrome Haste die ERweiterung jetzt komplett gelöscht? Problem immer noch weg? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Bettersurf in Google Chrome

Plagegeister aller Art und deren Bekämpfung: Bettersurf in Google Chrome