Istart.webbsearches!

ironwine · 01.04.2014, 13:49

Hallo, habe auf meiner Startseite seit gestern den webssearches ding. Habe adwcleaner, malwaretypes, hitmanpro, und revouninstaller schon hinter mir. auf chrome wurden alle einstellungen zurückgesetzt. trotzdem geht da ding nicht weg. bitte um rat!
lg

Bootsektor · 01.04.2014, 13:52

Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab.
Poste die Logfiles direkt in deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Posten in Code Tags
Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke.
Dazu:

Klicke über dem Antwortfenster auf die Raute #, dann steht dort in eckigen Klammern [code][/code]
Zwischen den beiden code-Bausteinen fügst Du dann deine Logfiles ein. Also [CODE] Logfile [/CODE]
Wenn die Logs zu lang sein sollten, dann teile sie bitte auf und poste sie dann hier in Deinem Thread, notfalls in mehreren Antworten.

Lass uns mal schauen

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

ironwine · 01.04.2014, 14:06

hallo danke für die schnelle antwort, hier die gewünschten datein
FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Elisürencil (administrator) on ELISÜRENCIL-PC on 01-04-2014 15:01:17
Running from C:\Users\Elisürencil\Downloads\Säms
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Facebook Inc.) C:\Users\Gast\AppData\Local\Facebook\Update\FacebookUpdate.exe
() C:\Program Files (x86)\NETGEAR\WNA3100M\WNA3100M.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\NETGEAR\WNA3100M\WNA3100M.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-09-19] (Microsoft Corporation)
HKU\S-1-5-21-1291778014-852322570-3933637446-1000\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [880528 2013-09-30] (BitTorrent, Inc.)
HKU\S-1-5-21-1291778014-852322570-3933637446-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-1291778014-852322570-3933637446-1000\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-1291778014-852322570-3933637446-1000\...\MountPoints2: {5519ffc0-2e77-11e3-aa9a-806e6f6e6963} - J:\Autorun.exe
HKU\S-1-5-21-1291778014-852322570-3933637446-1000\...\MountPoints2: {ef76fd6c-1acf-11e3-83c2-806e6f6e6963} - F:\autorun.exe
HKU\S-1-5-21-1291778014-852322570-3933637446-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uTorrent] - C:\Program Files (x86)\uTorrent\uTorrent.exe [880528 2013-09-30] (BitTorrent, Inc.)
HKU\S-1-5-21-1291778014-852322570-3933637446-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-1291778014-852322570-3933637446-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-1291778014-852322570-3933637446-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5519ffc0-2e77-11e3-aa9a-806e6f6e6963} - J:\Autorun.exe
HKU\S-1-5-21-1291778014-852322570-3933637446-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ef76fd6c-1acf-11e3-83c2-806e6f6e6963} - F:\autorun.exe
HKU\S-1-5-21-1291778014-852322570-3933637446-501\...\Run: [Facebook Update] - C:\Users\Gast\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-11] (Facebook Inc.)
HKU\S-1-5-21-1291778014-852322570-3933637446-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] - C:\Users\Gast\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-11] (Facebook Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396315544&from=amt&uid=TOSHIBAXMK6476GSX_91H9B168BXX91H9B168B&q={searchTerms}
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

Chrome: 
=======
CHR HomePage: hxxp://www.google.at/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\Elisürencil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-11]
CHR Extension: (Google Drive) - C:\Users\Elisürencil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-11]
CHR Extension: (YouTube) - C:\Users\Elisürencil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-11]
CHR Extension: (Adblock Plus) - C:\Users\Elisürencil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-11]
CHR Extension: (Google-Suche) - C:\Users\Elisürencil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-11]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Elisürencil\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2013-09-11]
CHR Extension: (AdBlock) - C:\Users\Elisürencil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-11]
CHR Extension: (Google Wallet) - C:\Users\Elisürencil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-11]
CHR Extension: (Google Mail) - C:\Users\Elisürencil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-11]
CHR HKCU\...\Chrome\Extension: [gdfglldanmpdjibmppnggdphndfklefg] - C:\Users\Elisürencil\AppData\Local\CRE\gdfglldanmpdjibmppnggdphndfklefg.crx [2013-09-29]
CHR HKLM-x32\...\Chrome\Extension: [gdfglldanmpdjibmppnggdphndfklefg] - C:\Users\Elisürencil\AppData\Local\CRE\gdfglldanmpdjibmppnggdphndfklefg.crx [2013-09-29]

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 WSWNA3100M; C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe [307456 2012-02-24] ()

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R1 MpKsl5161ed2f; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ED1BDBE0-F7A1-41B0-B001-8243342DF081}\MpKsl5161ed2f.sys [45352 2014-03-31] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-09-30] (Duplex Secure Ltd.)
R3 wna3100m; C:\Windows\System32\DRIVERS\wna3100m.sys [1094760 2011-12-30] (NETGEAR Corporation                           )
U3 a0vnzfmm; C:\Windows\System32\Drivers\a0vnzfmm.sys [0 ] (Advanced Micro Devices)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-01 14:54 - 2014-04-01 15:01 - 00000000 ____D () C:\FRST
2014-04-01 05:21 - 2014-04-01 05:21 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-04-01 05:10 - 2014-04-01 05:22 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-01 04:05 - 2014-04-01 14:50 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-01 04:05 - 2014-04-01 04:05 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-01 04:05 - 2014-04-01 04:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-01 04:05 - 2014-04-01 04:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-01 04:05 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-01 04:05 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-01 04:05 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 03:44 - 2014-04-01 04:54 - 00000000 ____D () C:\AdwCleaner
2014-04-01 03:26 - 2014-04-01 03:29 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-03-31 23:05 - 2014-03-31 23:05 - 00470359 _____ () C:\Users\Elisürencil\Desktop\hd-wallpaper-maldives-beach.jpeg
2014-03-31 22:56 - 2014-03-31 23:25 - 00001456 _____ () C:\Users\Elisürencil\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-03-31 22:41 - 2014-04-01 02:07 - 00000000 ____D () C:\Users\Elisürencil\Desktop\bi
2014-03-31 21:54 - 2014-03-31 22:03 - 00000000 ____D () C:\Users\Elisürencil\Desktop\bı
2014-03-31 20:03 - 2014-03-31 20:03 - 00003464 _____ () C:\Windows\System32\Tasks\{BF6D4C1F-C4AB-4E97-8F20-8193E39D1C28}
2014-03-31 01:14 - 2014-03-31 01:14 - 00000000 ____D () C:\Users\Elisürencil\Desktop\Originals
2014-03-21 22:56 - 2014-03-28 23:50 - 00000000 ____D () C:\Users\Elisürencil\Desktop\kus
2014-03-21 04:12 - 2014-03-21 04:13 - 00000000 ____D () C:\Program Files\Recuva
2014-03-13 04:01 - 2013-12-21 11:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-13 04:01 - 2013-12-21 10:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-12 19:02 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 19:02 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 19:02 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 19:02 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 19:02 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 19:02 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 19:02 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 19:02 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 19:02 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 19:02 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 19:02 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 19:02 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 19:02 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 19:02 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 19:02 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 19:02 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 19:02 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 19:02 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 19:02 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 19:02 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 19:02 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 19:02 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 19:02 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 19:02 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 19:02 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 19:02 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 19:02 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 19:02 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 19:02 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 19:02 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 19:02 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 19:02 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 19:02 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 19:02 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 19:02 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 19:02 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 19:02 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 19:02 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 19:02 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 19:02 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 19:02 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 19:02 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 19:02 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 19:02 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 19:02 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 19:02 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 19:02 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 19:02 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-11 14:59 - 2014-03-11 15:00 - 00000000 ____D () C:\Users\Gast\AppData\Local\Facebook
2014-03-11 14:59 - 2014-03-11 14:59 - 00501248 _____ (Facebook Inc.) C:\Users\Gast\Downloads\FacebookVideoCallSetup_v1.2.205.0 (2).exe
2014-03-10 21:48 - 2014-03-10 21:48 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-10 21:48 - 2014-03-10 21:48 - 00000000 ____D () C:\Users\Elisürencil\AppData\Local\Skype
2014-03-10 17:44 - 2014-03-31 01:12 - 00001456 _____ () C:\Users\Elisürencil\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-03-10 17:37 - 2014-03-10 17:37 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant
2014-03-10 17:26 - 2013-07-19 04:01 - 00056336 ____N (Corel Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys
2014-03-10 17:26 - 2012-04-24 04:01 - 00011376 ____N (Corel Corporation) C:\Windows\system32\Drivers\cdralw2k.sys
2014-03-10 17:26 - 2012-04-24 04:01 - 00010864 ____N (Corel Corporation) C:\Windows\system32\Drivers\cdr4_xp.sys
2014-03-10 16:48 - 2014-03-10 17:20 - 00000000 ____D () C:\Users\Elisürencil\Adobe Photoshop Elements 12
2014-03-10 16:46 - 2014-03-10 16:46 - 00000000 ____D () C:\Users\Elisürencil\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2014-03-10 16:46 - 2014-03-10 16:46 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-03-10 16:46 - 2014-03-10 16:46 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-03-09 10:42 - 2014-03-09 10:43 - 00501248 _____ (Facebook Inc.) C:\Users\Gast\Downloads\FacebookVideoCallSetup_v1.2.205.0 (1).exe
2014-03-08 15:02 - 2014-01-07 08:24 - 00359128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsPStor.sys
2014-03-08 15:01 - 2011-09-02 12:46 - 09887848 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsPStorIcon.dll
2014-03-08 13:09 - 2014-03-08 15:02 - 00000000 ____D () C:\Windows\SysWOW64\sda
2014-03-08 13:08 - 2014-01-07 08:10 - 00313048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsBaStor.sys
2014-03-08 13:08 - 2014-01-03 10:34 - 00465624 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsPer.sys
2014-03-08 13:08 - 2014-01-03 10:08 - 00291544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsP2Stor.sys
2014-03-08 13:08 - 2014-01-03 07:33 - 00271064 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUStor.sys
2014-03-08 13:08 - 2014-01-03 05:14 - 00331992 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUVStor.sys
2014-03-08 13:08 - 2013-04-25 12:12 - 09889352 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2014-03-08 12:22 - 2014-03-08 12:22 - 00000355 _____ () C:\Users\Elisürencil\Desktop\Computer - Verknüpfung.lnk
2014-03-07 19:18 - 2014-03-07 19:18 - 00501248 _____ (Facebook Inc.) C:\Users\Gast\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2014-03-06 22:07 - 2014-03-16 11:52 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-03-06 20:54 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-03-06 20:54 - 2014-01-01 01:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-03-06 20:54 - 2013-12-06 04:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-06 20:54 - 2013-12-06 04:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-03-06 20:54 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-06 20:54 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-03-06 20:54 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-03-06 20:54 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-03-06 20:54 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-03-06 20:54 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-03-06 20:54 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-06 20:54 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-03-06 20:54 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-03-06 20:54 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-03-06 20:54 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-03-06 20:54 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-03-06 20:54 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-03-06 20:54 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-03-06 20:54 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-03-06 20:54 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-03-06 20:54 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-03-06 20:54 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-03-06 20:54 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-03-06 20:54 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-03-06 20:54 - 2013-11-27 03:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-03-06 20:54 - 2013-11-27 03:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-03-06 20:54 - 2013-11-27 03:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-03-06 20:54 - 2013-11-27 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-03-06 20:54 - 2013-11-27 03:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-03-06 20:54 - 2013-11-27 03:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-03-06 20:53 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-06 20:53 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-06 20:53 - 2013-11-27 03:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-03-06 20:53 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-03-06 20:53 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-06 20:53 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-06 20:30 - 2014-03-06 20:30 - 00000000 ____D () C:\Program Files (x86)\NETGEAR
2014-03-06 20:30 - 2011-12-30 16:23 - 01094760 _____ (NETGEAR Corporation ) C:\Windows\system32\Drivers\wna3100m.sys
2014-03-06 20:30 - 2011-07-07 00:31 - 00595968 _____ (Realtek Semiconductor Corp. ) C:\Windows\SysWOW64\Rtlihvs.dll
2014-03-06 20:30 - 2011-07-07 00:31 - 00595968 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll
2014-03-06 20:29 - 2014-03-06 20:29 - 00000000 ____D () C:\Users\Elisürencil\AppData\Roaming\InstallShield

==================== One Month Modified Files and Folders =======

2014-04-01 15:01 - 2014-04-01 14:54 - 00000000 ____D () C:\FRST
2014-04-01 15:01 - 2013-10-02 18:49 - 00000000 ____D () C:\Users\Elisürencil\Downloads\Säms
2014-04-01 15:01 - 2013-09-30 00:15 - 00000000 ____D () C:\Users\Elisürencil\AppData\Roaming\uTorrent
2014-04-01 14:50 - 2014-04-01 04:05 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-01 14:40 - 2013-09-11 13:27 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-01 14:40 - 2013-09-11 11:43 - 01119394 _____ () C:\Windows\WindowsUpdate.log
2014-04-01 14:38 - 2009-07-14 06:45 - 00015504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-01 14:38 - 2009-07-14 06:45 - 00015504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-01 14:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-01 14:30 - 2009-07-14 06:51 - 00037028 _____ () C:\Windows\setupact.log
2014-04-01 12:27 - 2013-09-11 13:27 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-01 07:48 - 2013-09-11 12:50 - 00054536 _____ () C:\Windows\PFRO.log
2014-04-01 06:55 - 2013-11-16 22:09 - 00060712 _____ () C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-01 06:55 - 2013-11-16 22:09 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Adobe
2014-04-01 05:22 - 2014-04-01 05:10 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-01 05:21 - 2014-04-01 05:21 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-04-01 05:21 - 2013-09-11 18:49 - 00000000 ____D () C:\Users\Elisürencil\Desktop\LR
2014-04-01 05:12 - 2013-09-11 20:12 - 00000000 ____D () C:\Users\Elisürencil\AppData\Roaming\Skype
2014-04-01 05:06 - 2013-10-14 15:17 - 00000000 ____D () C:\Program Files (x86)\SqueakyChocolate
2014-04-01 04:54 - 2014-04-01 03:44 - 00000000 ____D () C:\AdwCleaner
2014-04-01 04:05 - 2014-04-01 04:05 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-01 04:05 - 2014-04-01 04:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-01 04:05 - 2014-04-01 04:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-01 04:00 - 2009-07-14 19:58 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-04-01 04:00 - 2009-07-14 19:58 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-04-01 04:00 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-01 03:53 - 2009-07-14 06:45 - 06332056 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-01 03:49 - 2013-11-16 22:35 - 00000000 ____D () C:\Users\Elisürencil\Desktop\sfıpagsnaomg
2014-04-01 03:29 - 2014-04-01 03:26 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-01 03:25 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-01 03:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-01 02:07 - 2014-03-31 22:41 - 00000000 ____D () C:\Users\Elisürencil\Desktop\bi
2014-04-01 02:01 - 2013-09-11 13:39 - 00000000 ____D () C:\Users\Elisürencil\AppData\Local\Adobe
2014-03-31 23:25 - 2014-03-31 22:56 - 00001456 _____ () C:\Users\Elisürencil\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-03-31 23:05 - 2014-03-31 23:05 - 00470359 _____ () C:\Users\Elisürencil\Desktop\hd-wallpaper-maldives-beach.jpeg
2014-03-31 22:30 - 2013-09-11 16:55 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-03-31 22:23 - 2013-09-11 14:21 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-31 22:23 - 2013-09-11 14:19 - 00000000 ____D () C:\Program Files\Adobe
2014-03-31 22:21 - 2013-09-11 12:55 - 00060712 _____ () C:\Users\Elisürencil\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-31 22:18 - 2013-09-11 13:42 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-03-31 22:11 - 2013-09-11 13:48 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-31 22:11 - 2013-09-11 13:43 - 00000000 ____D () C:\Users\Elisürencil\AppData\Roaming\Adobe
2014-03-31 22:03 - 2014-03-31 21:54 - 00000000 ____D () C:\Users\Elisürencil\Desktop\bı
2014-03-31 20:47 - 2014-03-31 20:11 - 00000000 ____D () C:\Users\Elisürencil\Downloads\Adobe Photoshop CS6 13.0.1 Final  Multilanguage (cracked dll) [ChingLiu]
2014-03-31 20:21 - 2014-03-31 19:32 - 00000000 ____D () C:\Users\Elisürencil\Downloads\Adobe Photoshop CS6 13.0.1 Final  Multilanguage (cracked dll)
2014-03-31 20:03 - 2014-03-31 20:03 - 00003464 _____ () C:\Windows\System32\Tasks\{BF6D4C1F-C4AB-4E97-8F20-8193E39D1C28}
2014-03-31 03:03 - 2013-09-11 20:26 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-03-31 03:02 - 2013-09-11 20:26 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-31 03:02 - 2013-09-11 20:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-03-31 01:14 - 2014-03-31 01:14 - 00000000 ____D () C:\Users\Elisürencil\Desktop\Originals
2014-03-31 01:12 - 2014-03-10 17:44 - 00001456 _____ () C:\Users\Elisürencil\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-03-31 00:55 - 2013-11-01 17:08 - 00000000 ____D () C:\Users\Elisürencil\Desktop\l1111
2014-03-28 23:50 - 2014-03-21 22:56 - 00000000 ____D () C:\Users\Elisürencil\Desktop\kus
2014-03-26 05:22 - 2013-09-11 13:27 - 00004116 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-26 05:22 - 2013-09-11 13:27 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-24 20:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-24 00:59 - 2013-09-11 12:23 - 00000000 ____D () C:\Users\Elisürencil
2014-03-21 04:13 - 2014-03-21 04:12 - 00000000 ____D () C:\Program Files\Recuva
2014-03-19 05:25 - 2013-09-15 01:11 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-16 11:52 - 2014-03-06 22:07 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-03-15 21:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-03-11 15:00 - 2014-03-11 14:59 - 00000000 ____D () C:\Users\Gast\AppData\Local\Facebook
2014-03-11 14:59 - 2014-03-11 14:59 - 00501248 _____ (Facebook Inc.) C:\Users\Gast\Downloads\FacebookVideoCallSetup_v1.2.205.0 (2).exe
2014-03-11 09:52 - 2013-06-18 21:50 - 00133928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys
2014-03-10 21:48 - 2014-03-10 21:48 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-10 21:48 - 2014-03-10 21:48 - 00000000 ____D () C:\Users\Elisürencil\AppData\Local\Skype
2014-03-10 21:48 - 2013-09-11 20:12 - 00000000 ____D () C:\ProgramData\Skype
2014-03-10 17:37 - 2014-03-10 17:37 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant
2014-03-10 17:20 - 2014-03-10 16:48 - 00000000 ____D () C:\Users\Elisürencil\Adobe Photoshop Elements 12
2014-03-10 16:46 - 2014-03-10 16:46 - 00000000 ____D () C:\Users\Elisürencil\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2014-03-10 16:46 - 2014-03-10 16:46 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-03-10 16:46 - 2014-03-10 16:46 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-03-09 10:43 - 2014-03-09 10:42 - 00501248 _____ (Facebook Inc.) C:\Users\Gast\Downloads\FacebookVideoCallSetup_v1.2.205.0 (1).exe
2014-03-09 07:36 - 2013-11-16 22:09 - 00000000 ____D () C:\Users\Gast
2014-03-08 20:08 - 2013-09-11 17:09 - 00001456 _____ () C:\Users\Elisürencil\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-03-08 16:26 - 2013-09-11 12:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-08 15:02 - 2014-03-08 13:09 - 00000000 ____D () C:\Windows\SysWOW64\sda
2014-03-08 15:01 - 2013-09-11 12:37 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-03-08 15:01 - 2011-02-10 21:23 - 00000000 ____D () C:\SWSetup
2014-03-08 12:22 - 2014-03-08 12:22 - 00000355 _____ () C:\Users\Elisürencil\Desktop\Computer - Verknüpfung.lnk
2014-03-07 19:18 - 2014-03-07 19:18 - 00501248 _____ (Facebook Inc.) C:\Users\Gast\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2014-03-07 02:07 - 2013-10-02 19:43 - 00000000 ____D () C:\Program Files (x86)\EA GAMES
2014-03-07 02:04 - 2013-10-09 01:09 - 00000000 ____D () C:\ProgramData\Big Fish
2014-03-07 02:04 - 2013-10-09 01:08 - 00000000 ____D () C:\BigFishCache
2014-03-07 02:04 - 2013-09-30 21:58 - 00000000 ____D () C:\Users\Elisürencil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-03-06 22:08 - 2013-11-16 22:09 - 00002247 _____ () C:\Users\Gast\Desktop\Google Chrome.lnk
2014-03-06 22:06 - 2013-11-16 22:09 - 00001421 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-06 20:30 - 2014-03-06 20:30 - 00000000 ____D () C:\Program Files (x86)\NETGEAR
2014-03-06 20:29 - 2014-03-06 20:29 - 00000000 ____D () C:\Users\Elisürencil\AppData\Roaming\InstallShield
2014-03-05 09:26 - 2014-04-01 04:05 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-04-01 04:05 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-04-01 04:05 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\Elisürencil\AppData\Local\Temp\0_Offer_0.exe
C:\Users\Elisürencil\AppData\Local\Temp\1_Offer_4.exe
C:\Users\Elisürencil\AppData\Local\Temp\2620326.exe
C:\Users\Elisürencil\AppData\Local\Temp\AutoRun.exe
C:\Users\Elisürencil\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Elisürencil\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Elisürencil\AppData\Local\Temp\D1396315535.exe
C:\Users\Elisürencil\AppData\Local\Temp\DownloadManager.exe
C:\Users\Elisürencil\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Elisürencil\AppData\Local\Temp\drm_dyndata_7380011.dll
C:\Users\Elisürencil\AppData\Local\Temp\eauninstall.exe
C:\Users\Elisürencil\AppData\Local\Temp\First15.exe
C:\Users\Elisürencil\AppData\Local\Temp\nsf9E54.exe
C:\Users\Elisürencil\AppData\Local\Temp\nsp4F5.exe
C:\Users\Elisürencil\AppData\Local\Temp\nsp9657.exe
C:\Users\Elisürencil\AppData\Local\Temp\nspD7E.exe
C:\Users\Elisürencil\AppData\Local\Temp\nsw204E.exe
C:\Users\Elisürencil\AppData\Local\Temp\Product108.exe
C:\Users\Elisürencil\AppData\Local\Temp\Quarantine.exe
C:\Users\Elisürencil\AppData\Local\Temp\readSTILog.dll
C:\Users\Elisürencil\AppData\Local\Temp\setup.exe
C:\Users\Elisürencil\AppData\Local\Temp\The Sims 2 Seasons_uninst.exe
C:\Users\Elisürencil\AppData\Local\Temp\VP6Install.exe
C:\Users\Elisürencil\AppData\Local\Temp\VP6VFW.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-31 09:19

==================== End Of Log ============================

--- --- ---

addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Elisürencil at 2014-04-01 14:58:36
Running from C:\Users\Elisürencil\Downloads\Säms
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.1.2.232 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe)
AMD APP SDK Runtime (Version: 2.5.775.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{ACD449FA-9DF3-779D-DA68-11D486963225}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2011.0928.607.9079 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.60928.0618 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 1.00.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0928.607.9079 - Ihr Firmenname) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0928.607.9079 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0928.607.9079 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0928.607.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.0928.0606.9079 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.0928.607.9079 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd)
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version:  - )
Die Sims 2: Nightlife (HKLM-x32\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version:  - )
Die Sims 2: Open For Business (HKLM-x32\...\{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}) (Version:  - )
Die Sims™ 2 Freizeit-Spaß (HKLM-x32\...\{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}) (Version:  - Electronic Arts)
Die Sims™ 2 Haustiere (HKLM-x32\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version:  - )
Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires (HKLM-x32\...\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}) (Version:  - Electronic Arts)
Die Sims™ 2 Villen- und Garten-Accessoires (HKLM-x32\...\{1A2A15C2-6780-49c1-B296-503230E9DE00}) (Version:  - Electronic Arts)
Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{B18BEB15-A9DA-43D7-BAE1-C6C67484C2C0}) (Version: 5.1.1 - Hewlett-Packard)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.14.1022 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.14.1022 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Hartlauer Foto World (HKLM-x32\...\Hartlauer Foto World) (Version: 5.0.4 - CEWE COLOR AG u Co. OHG)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Mario Forever Galaxy (HKLM-x32\...\Mario Forever Galaxy) (Version:  - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Movavi Video Editor (HKLM-x32\...\Movavi Video Editor 9) (Version: 9.1.0 - Movavi)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NETGEAR WNA3100M N300 Wireless USB Adapter (HKLM-x32\...\{D3580358-0F78-402A-BE53-2E9D06383E04}) (Version: 1.0.0.17 - NETGEAR)
OnlineFotoservice (HKLM-x32\...\OnlineFotoservice) (Version: 5.0.4 - CEWE COLOR AG u Co. OHG)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Pixum Fotobuch (HKLM-x32\...\Pixum Fotobuch) (Version: 5.0.1 - CEWE COLOR AG u Co. OHG)
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.37 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.85 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.10.0416 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Snap.Do (HKLM-x32\...\{F4F6F37C-8D19-4DAD-BF7B-0953133FD43F}) (Version: 11.20.1.15636 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKCU\...\{0d738064-4a67-40aa-b487-f65f22bb6e7b}) (Version: 11.7.1.13233 - ReSoft Ltd.) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
The Sims™ 2 Seasons (HKLM-x32\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version:  - )
The Treasures of Mystery Island 2_The Gates of Fate (remove only) (HKLM-x32\...\TOMI2.TheGatesOfFate) (Version:  - JenkatGames)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
zebNet® Windows Keyfinder TNG 5.0.1.2 (HKLM\...\{1A3C22F2-D546-4EC0-927E-EFAEDAC18C52}) (Version: 5.0.1.2 - zebNet® Ltd)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0B6B7FD2-3E6F-45EE-9682-FDA86FF62FCD} - System32\Tasks\AdobeAAMUpdater-1.0-Elisürencil-PC-Elisürencil => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {43E9FFBF-E4DC-41D5-82D5-9AC4C4E228A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-11] (Google Inc.)
Task: {463E9AA7-9711-4EFA-A73E-8B78D3F7BC63} - System32\Tasks\{4467C6F4-074B-4B52-8747-EC828951D581} => C:\Users\Elisürencil\Desktop\Sims2.exe
Task: {583A17FB-E71E-4DF1-A489-4B1BA218D863} - System32\Tasks\{2865F5F9-F238-40CD-8612-B2AB11A77FA2} => C:\Users\Elisürencil\Desktop\Sims2.exe
Task: {986D6136-1EF7-493B-A304-8342FB5C51BD} - System32\Tasks\AdobeAAMUpdater-1.0-Elisürencil-PC-probe => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {BA225959-B0E9-4354-A24C-013DFD32C744} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-11] (Google Inc.)
Task: {D6673A9E-122A-4542-9E78-B01EB8377C47} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {F9E9E235-F364-4750-8C42-149B89FE3594} - System32\Tasks\{B80FE7D2-D100-48F7-BD65-CCAA8A8A2C68} => C:\Users\Elisürencil\Desktop\Sims2.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-09-28 06:19 - 2011-09-28 06:19 - 00073728 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-03-06 20:30 - 2012-02-24 11:31 - 00307456 _____ () C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe
2013-08-30 10:01 - 2013-08-30 10:01 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
2014-03-06 20:30 - 2012-05-02 11:02 - 08253696 _____ () C:\Program Files (x86)\NETGEAR\WNA3100M\WNA3100M.exe
2013-08-30 10:01 - 2013-08-30 10:01 - 04579696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2011-09-28 06:19 - 2011-09-28 06:19 - 00103424 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-09-28 06:06 - 2011-09-28 06:06 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 13:42 - 2011-06-17 13:42 - 00016384 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-03-06 20:30 - 2012-04-18 14:20 - 00413696 _____ () C:\Program Files (x86)\NETGEAR\WNA3100M\WifiLib.dll
2014-03-06 20:30 - 2011-12-22 15:03 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvcLib.dll
2013-09-03 15:25 - 2013-09-03 15:25 - 32726528 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2013-03-13 13:42 - 2013-06-05 14:21 - 00071560 _____ () C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll
2013-08-30 10:00 - 2013-08-30 10:00 - 00381808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CCInvokeAAM.dll
2014-03-15 19:11 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 19:11 - 2014-03-15 02:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-15 19:11 - 2014-03-15 02:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-15 19:11 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 19:11 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 19:11 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-15 19:11 - 2014-03-15 02:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:302ECBD6
AlternateDataStreams: C:\ProgramData\Temp:8AB6C1D7
AlternateDataStreams: C:\ProgramData\Temp:E32966C0

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: CyberLink WebCam Virtual Driver
Description: CyberLink WebCam Virtual Driver
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: CyberLink
Service: clwvd
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2014 04:31:36 AM) (Source: MsiInstaller) (User: Elisürencil-PC)
Description: Product: Snap.Do -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationFailed, entry: InstallationFailed, library: C:\Windows\Installer\MSI7697.tmp

Error: (04/01/2014 04:31:35 AM) (Source: MsiInstaller) (User: Elisürencil-PC)
Description: Product: Snap.Do -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationStartUninstall, entry: InstallationStartUninstall, library: C:\Windows\Installer\MSI65F3.tmp

Error: (04/01/2014 03:32:34 AM) (Source: MsiInstaller) (User: Elisürencil-PC)
Description: Produkt: Smileys We Love Toolbar for IE -- Fehler 1722. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Ein Programm, das im Rahmen der Installation ausgeführt wurde, wurde nicht erfolgreich abgeschlossen. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: _974FD6A7_FA08_4F5F_8F11_FD5D14F1680E, Pfad: C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxregistrator.exe, Befehl: /uninstall="C:\Program Files (x86)\Smileys We Love Toolbar for IE\SmileysWeLoveToolbar.dll" /privileges=admin

Error: (03/31/2014 07:26:24 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Photoshop.exe, Version: 14.0.0.0, Zeitstempel: 0x51763d4f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x78fc
Startzeit der fehlerhaften Anwendung: 0xPhotoshop.exe0
Pfad der fehlerhaften Anwendung: Photoshop.exe1
Pfad des fehlerhaften Moduls: Photoshop.exe2
Berichtskennung: Photoshop.exe3

Error: (03/31/2014 07:26:03 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Photoshop.exe, Version: 14.0.0.0, Zeitstempel: 0x51763d4f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x70f0
Startzeit der fehlerhaften Anwendung: 0xPhotoshop.exe0
Pfad der fehlerhaften Anwendung: Photoshop.exe1
Pfad des fehlerhaften Moduls: Photoshop.exe2
Berichtskennung: Photoshop.exe3

Error: (03/31/2014 07:22:53 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Photoshop.exe, Version: 14.0.0.0, Zeitstempel: 0x51763d4f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x6a3c
Startzeit der fehlerhaften Anwendung: 0xPhotoshop.exe0
Pfad der fehlerhaften Anwendung: Photoshop.exe1
Pfad des fehlerhaften Moduls: Photoshop.exe2
Berichtskennung: Photoshop.exe3

Error: (03/31/2014 01:20:42 PM) (Source: Chrome) (User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=33.0.1750.154;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\b053736e-a326-4210-acb8-9715eb296acc.dmp

Error: (03/31/2014 09:19:43 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (03/29/2014 03:48:53 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (03/29/2014 02:06:02 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.


System errors:
=============
Error: (04/01/2014 02:36:45 PM) (Source: DCOM) (User: Elisürencil-PC)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Elisürencil-PCGastS-1-5-21-1291778014-852322570-3933637446-501LocalHost (unter Verwendung von LRPC)

Error: (04/01/2014 02:31:38 PM) (Source: DCOM) (User: Elisürencil-PC)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Elisürencil-PCGastS-1-5-21-1291778014-852322570-3933637446-501LocalHost (unter Verwendung von LRPC)

Error: (04/01/2014 02:31:38 PM) (Source: DCOM) (User: Elisürencil-PC)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Elisürencil-PCGastS-1-5-21-1291778014-852322570-3933637446-501LocalHost (unter Verwendung von LRPC)

Error: (04/01/2014 02:31:37 PM) (Source: DCOM) (User: Elisürencil-PC)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Elisürencil-PCGastS-1-5-21-1291778014-852322570-3933637446-501LocalHost (unter Verwendung von LRPC)

Error: (04/01/2014 02:31:37 PM) (Source: DCOM) (User: Elisürencil-PC)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Elisürencil-PCGastS-1-5-21-1291778014-852322570-3933637446-501LocalHost (unter Verwendung von LRPC)

Error: (04/01/2014 02:31:36 PM) (Source: DCOM) (User: Elisürencil-PC)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Elisürencil-PCGastS-1-5-21-1291778014-852322570-3933637446-501LocalHost (unter Verwendung von LRPC)

Error: (04/01/2014 02:31:36 PM) (Source: DCOM) (User: Elisürencil-PC)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Elisürencil-PCGastS-1-5-21-1291778014-852322570-3933637446-501LocalHost (unter Verwendung von LRPC)

Error: (04/01/2014 02:31:35 PM) (Source: DCOM) (User: Elisürencil-PC)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Elisürencil-PCGastS-1-5-21-1291778014-852322570-3933637446-501LocalHost (unter Verwendung von LRPC)

Error: (04/01/2014 02:31:35 PM) (Source: DCOM) (User: Elisürencil-PC)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Elisürencil-PCGastS-1-5-21-1291778014-852322570-3933637446-501LocalHost (unter Verwendung von LRPC)

Error: (04/01/2014 02:31:35 PM) (Source: DCOM) (User: Elisürencil-PC)
Description: AnwendungsspezifischLokalAktivierung{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}Elisürencil-PCGastS-1-5-21-1291778014-852322570-3933637446-501LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (04/01/2014 04:31:36 AM) (Source: MsiInstaller)(User: Elisürencil-PC)
Description: Product: Snap.Do -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationFailed, entry: InstallationFailed, library: C:\Windows\Installer\MSI7697.tmp (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/01/2014 04:31:35 AM) (Source: MsiInstaller)(User: Elisürencil-PC)
Description: Product: Snap.Do -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationStartUninstall, entry: InstallationStartUninstall, library: C:\Windows\Installer\MSI65F3.tmp (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/01/2014 03:32:34 AM) (Source: MsiInstaller)(User: Elisürencil-PC)
Description: Produkt: Smileys We Love Toolbar for IE -- Fehler 1722. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Ein Programm, das im Rahmen der Installation ausgeführt wurde, wurde nicht erfolgreich abgeschlossen. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: _974FD6A7_FA08_4F5F_8F11_FD5D14F1680E, Pfad: C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxregistrator.exe, Befehl: /uninstall="C:\Program Files (x86)\Smileys We Love Toolbar for IE\SmileysWeLoveToolbar.dll" /privileges=admin (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/31/2014 07:26:24 PM) (Source: Application Error)(User: )
Description: Photoshop.exe14.0.0.051763d4fKERNELBASE.dll6.1.7601.1822951fb1116c06d007e0000c41f78fc01cf4d0656546b7fC:\Program Files (x86)\Adobe\Adobe Photoshop CC\Photoshop.exeC:\Windows\syswow64\KERNELBASE.dll9505cfa9-b8f9-11e3-a835-0c0c0c0c0c01

Error: (03/31/2014 07:26:03 PM) (Source: Application Error)(User: )
Description: Photoshop.exe14.0.0.051763d4fKERNELBASE.dll6.1.7601.1822951fb1116c06d007e0000c41f70f001cf4d0649e31e3bC:\Program Files (x86)\Adobe\Adobe Photoshop CC\Photoshop.exeC:\Windows\syswow64\KERNELBASE.dll887931cf-b8f9-11e3-a835-0c0c0c0c0c01

Error: (03/31/2014 07:22:53 PM) (Source: Application Error)(User: )
Description: Photoshop.exe14.0.0.051763d4fKERNELBASE.dll6.1.7601.1822951fb1116c06d007e0000c41f6a3c01cf4d05d4f8d13bC:\Program Files (x86)\Adobe\Adobe Photoshop CC\Photoshop.exeC:\Windows\syswow64\KERNELBASE.dll17297e31-b8f9-11e3-a835-0c0c0c0c0c01

Error: (03/31/2014 01:20:42 PM) (Source: Chrome)(User: NT-AUTORITÄT)
Description: Chrome has encountered a fatal error.
ver=33.0.1750.154;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\b053736e-a326-4210-acb8-9715eb296acc.dmp

Error: (03/31/2014 09:19:43 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll.ManifestC:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll.Manifest2

Error: (03/29/2014 03:48:53 PM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll.ManifestC:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll.Manifest2

Error: (03/29/2014 02:06:02 PM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll.ManifestC:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll.Manifest2


==================== Memory info =========================== 

Percentage of memory in use: 69%
Total physical RAM: 3561.41 MB
Available physical RAM: 1085.61 MB
Total Pagefile: 7120.99 MB
Available Pagefile: 3952.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:292.04 GB) (Free:109.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:15.71 GB) (Free:1.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.1 GB) FAT32
Drive g: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive j: (Sims2EP9) (CDROM) (Total:0.7 GB) (Free:0 GB) CDFS
Drive s: (Ceren) (Fixed) (Total:284.25 GB) (Free:218.8 GB) NTFS
Drive x: (WNA3100M) (CDROM) (Total:0.08 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 1ECE8725)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=199 MB) - (Type=42)
Partition 3: (Not Active) - (Size=292 GB) - (Type=42)
Partition 4: (Not Active) - (Size=304 GB) - (Type=42)

==================== End Of Log ============================

Bootsektor · 01.04.2014, 14:34

Hallo ironwine,

in Chrome sehe ich da tatsächlich auch nichts mehr, startest du den Browser über eine Verlinkung auf dem Desktop oder von der Taskleiste aus?

Schritt 1
Bitte deinstalliere folgende Programme (falls vorhanden) :

Snap.Do
Snap.Do Engine

Dazu gehe auf:
den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen

Schritt 2

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396315544&from=amt&uid=TOSHIBAXMK6476GSX_91H9B168BXX91H9B168B&q={searchTerms}
C:\Users\Elisürencil\AppData\Local\Temp\*.dll
C:\Users\Elisürencil\AppData\Local\Temp\*.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 3
Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.

Starte die sc-cleaner.exe mit einem Doppelclick.
Bestätige die Meldung Shortcut Cleaner Finished am Ende des Suchlaufs mit Ok.
Eine Logdatei wird sich öffnen (sc-cleaner.txt).
Poste den Inhalt mit deiner nächsten Antwort.

Wenn das Problem der Startseite nach diesem Schritt immer noch vorhanden sein sollte, mache bitte folgendes
optionaler Schritt

Gehe auf das Icon des betreffenden Browsers
rechtsklick
rechtsklick auf den Browsernamen (Google Chrome, Internetexplorer....)
linksklick auf Eigenschaften
Reiter Verknüpfung
Teile mir mit, was dort steht

ironwine · 01.04.2014, 15:41

Hallo,
snapdo gelöscht

fixlog

Code:

ATTFilter


	Code: 

 ATTFilter

  
	Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Elisürencil at 2014-04-01 16:33:36 Run:1
Running from C:\Users\Elisürencil\Downloads\Säms
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396315544&from=amt&uid=TOSHIBAXMK6476GSX_91H9B168BXX91H9B168B&q={searchTerms}
C:\Users\Elisürencil\AppData\Local\Temp\*.dll
C:\Users\Elisürencil\AppData\Local\Temp\*.exe
*****************

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
C:\Users\Elisürencil\AppData\Local\Temp\*.dll => Moved successfully.
C:\Users\Elisürencil\AppData\Local\Temp\*.exe => Moved successfully.

==== End of Fixlog ====

sc cleaner

Code:

ATTFilter

Shortcut Cleaner 1.3.1 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 7 Home Premium Service Pack 1
Program started at: 04/01/2014 04:38:46 PM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Elisürencil\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Elisürencil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Elisürencil\Desktop


0 bad shortcuts found.

Program finished at: 04/01/2014 04:38:47 PM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)

Das Problem mit der Startseite hat sich gelöst!!!!! Vielen Dank!!!!
Muss ich noch etwas machen, bleiben noch reste auf dem Pc übrig?

Bootsektor · 01.04.2014, 16:16

Zitat:

Muss ich noch etwas machen, bleiben noch reste auf dem Pc übrig?

Ja, wir machen noch die Kontrollscans. Hattest du das Log von Malwarebytes gespeichert? Wenn ja, poste mir dieses, wenn nicht, wäre es gut, wenn du eben noch mal einen Scan damit machen könntest.

optionaler Schritt 1
Downloade Dir bitte Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad.
Windows Vista und höher: mit Rechtsklick "als Administrator starten"
Starte Malwarebytes' Anti-Malware (MBAM).
Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language German aus.
Klicke auf Armaturenbrett und auf Jetzt aktualisieren, um die Datenbank zu updaten.
Klicke im Anschluss auf Suchlauf, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf jetzt starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Aktionen anwenden.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Wähle Exportieren auf Textdatei (.txt) und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 2
Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Bootsektor · 08.04.2014, 12:04

Hallo,

ich habe schon länger keine Antwort mehr von Dir erhalten. Benötigst Du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von Dir höre, gehe ich davon aus, dass sich das Thema erledigt hat.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.

Bootsektor · 16.04.2014, 23:14

Fehlende Rückmeldung
Schicke bitte eine PM an mich falls Du weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

Istart.webbsearches!

Plagegeister aller Art und deren Bekämpfung: Istart.webbsearches!