Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Optimizer Pro und Spyhunter unter Windows 8 (https://www.trojaner-board.de/155840-optimizer-pro-spyhunter-windows-8-a.html)

der-kurti 29.06.2014 10:12
Optimizer Pro und Spyhunter unter Windows 8
 
Guten morgen,

anscheinend habe ich einen richtig blöden Fehler gemacht und mir den Optimizer Pro heruntergeladen.

Ich habe mir ein neuen Laptop gekauft indem der IE als Browser vorinstalliert war. Nachdem ich seit Jahren mit Google Chrome arbeite, war das erste was ich gemacht habe, Chrome herunterzuladen und meines Wissens auch direkt von einer Google URL.

Beim installieren von Chrome kam es mir eigentlich schon komisch vor, dass ich permanent nach Zusatzsoftware gefragt wurde ob ich es mit installieren will. Ich verneinte zwar jede weitere Software, nichts desto trotz poppte auch gleich das Optimizer Pro auf und das bei mir mehrere Hundert schädliche Software gefunden worden wäre.

Ich bin natürlich gleich hellhörig geworden, da ich ja mein Notebook zum ersten eingeschaltet hatte und mir nur Chrome heruntergeladen hatte.

Dannach habe ich nach Optimizer Pro gegoogelt und festgestellt, dass es sich wohl um ein Torjaner handelt und mir gleich das erste was bei google aufgelistet war Spyhunter heruntergeladen um Optimizer Pro zu entfernen.

Kurz vor der Installation von Syphunter war ich doch noch etwas schlau und habe auch nach der Software gegoogelt und festgestellt, dass auch diese Software nur Mist sein soll.

Jedenfalls habe ich nach bestem Wissen irgendwie alles deinstalliert und bin mir nicht sicher ob nun alles clean ist bei mir und würde es sehr begrüßen, wenn mir jemand hier weiterhelfen kann und mir meine Scan Dateien durchschaut ob ich noch irgendwelche to do´s habe oder nicht.

Vielen Dank im voraus und beste Grüße
Kurti

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 02
Ran by Erkut (administrator) on KURTIS-LAPTOP on 29-06-2014 10:51:02
Running from C:\Users\Erkut\Downloads
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Condusiv Technologies) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Fuyu LIMITED) C:\ProgramData\WindowsProtectManger\wprotectmanager.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dropbox, Inc.) C:\Users\Erkut\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe
() C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe
() C:\Program Files (x86)\NetCrawl\bin\NetCrawl.PurBrowse64.exe
() C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16384_none_622908ad510eb05b\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_SRSSA] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2889072 2013-03-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-11-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-07] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-06-28] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3894098194-677086307-2034191709-1001\...\Run: [GoogleChromeAutoLaunch_20F6763770B7EAAD43619F195218A3DA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
AppInit_DLLs: C:\Program Files (x86)\SupTab\SearchProtect64.dll => C:\Program Files (x86)\SupTab\SearchProtect64.dll [105072 2014-06-19] (Skytech Co., Ltd.)
AppInit_DLLs-x32: C:\Program Files (x86)\SupTab\SearchProtect32.dll => C:\Program Files (x86)\SupTab\SearchProtect32.dll [92272 2014-06-19] (Skytech Co., Ltd.)
Startup: C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Erkut\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: 1EldosIconOverlay -> {450D6ECA-9163-44AC-A5E5-3FE207A086D6} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: BitcasaIconOverlay -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc)
ShellIconOverlayIdentifiers: BitcasaProgressOverlay -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: 1EldosIconOverlay -> {450D6ECA-9163-44AC-A5E5-3FE207A086D6} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656&q={searchTerms}
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656&q={searchTerms}
SearchScopes: HKLM - {CC9E055E-96DD-4295-8FBF-17538BB97C6F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656&q={searchTerms}
SearchScopes: HKLM-x32 - {CC9E055E-96DD-4295-8FBF-17538BB97C6F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {CC9E055E-96DD-4295-8FBF-17538BB97C6F} URL =
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656&q={searchTerms}
SearchScopes: HKCU - {CC9E055E-96DD-4295-8FBF-17538BB97C6F} URL =
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: NetCrawl - {769a91da-209f-47fe-88b9-b0321b0982c8} - C:\Program Files (x86)\NetCrawl\NetCrawlbho.dll (NetCrawl)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-28]

Chrome:
=======
CHR HomePage: hxxp://tdintrade.emea.tdworldwide.com/Pages/Default.aspx
CHR StartupUrls: "hxxp://www.muenchenbiker.de/?open=for_suche&action=new", "hxxp://www.v-stromforum.de/search.php?search_id=unreadposts", "hxxp://de-de.facebook.com/", "hxxp://search.conduit.com/?ctid=CT2481020&SearchSource=48"
CHR DefaultSearchKeyword: google.de_
CHR DefaultSearchURL: hxxp://www.google.de/search?q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-25]
CHR Extension: (Google Drive) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-25]
CHR Extension: (YouTube) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-25]
CHR Extension: (Google Search) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-25]
CHR Extension: (Gutscheincode Melder (von shopclever.de)) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\donengfgiigdigljcljplglplekpiomg [2014-06-25]
CHR Extension: (AdBlock) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-25]
CHR Extension: (avast! Online Security) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-28]
CHR Extension: (Chrome to Mobile) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd [2014-06-25]
CHR Extension: (Dropbox) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-06-25]
CHR Extension: (Google Maps) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-06-25]
CHR Extension: (Google Wallet) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-25]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2014-06-25]
CHR Extension: (Picasa) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-06-25]
CHR Extension: (Gutscheinsammler Finder) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilobbegphefikcgjpajnneiiahhejam [2014-06-25]
CHR Extension: (Gmail) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-28]

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-28] (AVAST Software)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99184 2013-03-25] (ELAN Microelectronics Corp.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [757872 2014-06-19] (Cherished Technololgy LIMITED)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
R2 IntelliMemory; C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [55720 2012-12-21] (Condusiv Technologies)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
R2 Update NetCrawl; C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe [318752 2014-06-29] ()
R2 Util NetCrawl; C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe [318752 2014-06-29] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 WindowsProtectManger; C:\ProgramData\WindowsProtectManger\wprotectmanager.exe [591776 2014-06-12] (Fuyu LIMITED)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-28] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-06-28] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [426848 2014-06-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-06-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-06-28] ()
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [21840 2013-03-25] (ELAN Microelectronic Corp.)
R1 intmfs; C:\Windows\System32\DRIVERS\intmfs.sys [29096 2012-12-21] (Condusiv Technologies)
R0 intmsd; C:\Windows\System32\DRIVERS\intmsd.sys [104872 2012-12-21] (Condusiv Technologies)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
R1 {57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64; C:\Windows\System32\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64.sys [61112 2014-06-13] (StdLib)
S3 SBIOSIO; \??\C:\Users\Erkut\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
S3 TVICPORT; \??\C:\windows\system32\DRIVERS\TVICPORT.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-29 10:51 - 2014-06-29 10:51 - 00023370 _____ () C:\Users\Erkut\Downloads\FRST.txt
2014-06-29 10:50 - 2014-06-29 10:51 - 00000000 ____D () C:\FRST
2014-06-29 10:49 - 2014-06-29 10:49 - 02083328 _____ (Farbar) C:\Users\Erkut\Downloads\FRST64.exe
2014-06-29 10:32 - 2014-06-29 10:32 - 00000000 ___SH () C:\DkHyperbootSync
2014-06-29 09:26 - 2014-06-29 09:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 15
2014-06-29 09:24 - 2014-06-29 09:24 - 02947139 _____ () C:\Users\Erkut\Downloads\O15CTRRemove (1).diagcab
2014-06-28 22:20 - 2014-06-28 22:28 - 02936043 _____ () C:\Users\Erkut\Downloads\O15CTRRemove.diagcab
2014-06-28 22:13 - 2014-06-28 22:13 - 01351872 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x64.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_ (1).exe
2014-06-28 22:07 - 2014-06-28 22:07 - 00000000 ____D () C:\Users\Erkut\Documents\OneNote-Notizbücher
2014-06-28 21:45 - 2014-06-28 21:45 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-06-28 18:22 - 2014-06-28 21:12 - 00000000 ___RD () C:\Users\Erkut\Dropbox
2014-06-28 18:22 - 2014-06-28 18:22 - 00001044 _____ () C:\Users\Erkut\Desktop\Dropbox.lnk
2014-06-28 18:10 - 2014-06-28 18:22 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\DropboxMaster
2014-06-28 18:10 - 2014-06-28 18:10 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-28 18:07 - 2014-06-28 21:13 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Dropbox
2014-06-28 18:06 - 2014-06-28 18:06 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\AVAST Software
2014-06-28 18:05 - 2014-06-28 18:05 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-06-28 18:05 - 2014-06-28 18:05 - 00001976 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-28 18:05 - 2014-06-28 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-28 18:04 - 2014-06-28 18:04 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00426848 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00307344 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-06-28 18:04 - 2014-06-28 18:04 - 00224896 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-06-28 18:04 - 2014-06-28 18:04 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-06-28 18:03 - 2014-06-28 18:03 - 91906368 _____ (AVAST Software) C:\Users\Erkut\Downloads\avast_free_antivirus_setup_9.0.2021.exe
2014-06-28 18:03 - 2014-06-28 18:03 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-28 18:03 - 2014-06-28 18:03 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-28 17:35 - 2014-06-28 17:35 - 00870672 _____ () C:\Users\Erkut\Downloads\Norton_Removal_Tool.exe
2014-06-28 13:10 - 2014-06-28 13:10 - 00000000 ____D () C:\NPE
2014-06-28 13:08 - 2014-06-28 13:14 - 00000000 ____D () C:\Users\Erkut\AppData\Local\NPE
2014-06-28 13:07 - 2014-06-28 13:07 - 03081712 ____N (Symantec Corporation) C:\Users\Erkut\Downloads\NPE.exe
2014-06-28 13:04 - 2014-06-28 13:04 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-06-28 12:39 - 2014-06-28 12:44 - 00000000 ___RD () C:\windows\BrowserChoice
2014-06-28 12:37 - 2014-06-01 17:17 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-06-28 12:35 - 2013-11-01 07:38 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2014-06-28 12:35 - 2013-11-01 05:49 - 00273408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2014-06-28 12:29 - 2014-06-29 09:25 - 00000000 ____D () C:\Users\Erkut\Documents\Outlook-Dateien
2014-06-28 11:51 - 2014-06-28 11:51 - 01351872 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x64.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_.exe
2014-06-28 11:47 - 2014-06-28 11:48 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\setupproplusretail.x86.de-de_act_1_ (1).exe
2014-06-28 11:35 - 2014-06-28 11:35 - 00002033 _____ () C:\Users\Public\Desktop\SideSync.lnk
2014-06-28 11:27 - 2014-06-28 11:27 - 00002050 _____ () C:\Users\Public\Desktop\Support Center.lnk
2014-06-28 11:23 - 2014-06-28 11:23 - 00001992 _____ () C:\Users\Public\Desktop\Help Desk.lnk
2014-06-28 11:19 - 2014-06-28 11:19 - 00003434 _____ () C:\windows\System32\Tasks\Settings
2014-06-28 11:18 - 2014-06-28 11:18 - 00002038 _____ () C:\Users\Public\Desktop\Settings.lnk
2014-06-28 11:05 - 2014-06-28 11:05 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\setupproplusretail.x86.de-de_act_1_.exe
2014-06-28 11:03 - 2014-06-28 11:03 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x86.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_.exe
2014-06-28 11:03 - 2014-06-28 11:03 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x86.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_ (1).exe
2014-06-27 21:52 - 2014-06-28 12:39 - 00000000 ____D () C:\windows\system32\MRT
2014-06-26 20:48 - 2014-06-28 12:37 - 00265050 _____ () C:\windows\msxml4-KB2758694-enu.LOG
2014-06-25 21:21 - 2014-06-25 21:21 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\ATI
2014-06-25 21:21 - 2014-06-25 21:21 - 00000000 ____D () C:\Users\Erkut\AppData\Local\ATI
2014-06-25 21:21 - 2014-06-25 21:21 - 00000000 ____D () C:\ProgramData\ATI
2014-06-25 20:46 - 2014-06-28 11:53 - 01382640 _____ () C:\windowsNIRMALA.tt2
2014-06-25 20:46 - 2014-06-28 11:53 - 01334012 _____ () C:\windowsNIRMALAB.tt2
2014-06-25 18:43 - 2014-06-13 13:36 - 00061112 _____ (StdLib) C:\windows\system32\Drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64.sys
2014-06-25 18:39 - 2014-06-25 18:39 - 00000000 ____D () C:\ProgramData\374311380
2014-06-25 18:28 - 2014-06-25 18:28 - 00288496 _____ () C:\windows\Minidump\062514-27171-01.dmp
2014-06-25 18:17 - 2014-06-25 18:28 - 00000000 ____D () C:\windows\Minidump
2014-06-25 18:16 - 2014-06-25 18:27 - 4051723278 _____ () C:\windows\MEMORY.DMP
2014-06-25 17:53 - 2014-06-25 17:53 - 00001182 _____ () C:\Users\Public\Desktop\MAGIX Video deluxe 2014 Plus.lnk
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Erkut\Documents\MAGIX_MusicEditor
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Xara
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Magix
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-06-25 17:52 - 2014-06-28 10:47 - 00000000 ___RD () C:\Users\Erkut\Documents\MAGIX
2014-06-25 17:52 - 2014-06-25 17:52 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-06-25 17:51 - 2014-06-25 17:58 - 00000000 ____D () C:\ProgramData\MAGIX
2014-06-25 17:51 - 2014-06-25 17:51 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-06-25 17:44 - 2014-06-25 17:58 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\MAGIX
2014-06-25 17:44 - 2014-06-25 17:44 - 02849256 _____ (MAGIX AG) C:\Users\Erkut\Downloads\videodeluxe2014plus_dlm.exe
2014-06-25 17:41 - 2014-06-25 17:41 - 00000000 _____ () C:\Users\Erkut\agent.log
2014-06-25 17:40 - 2014-06-25 17:40 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-25 17:40 - 2014-06-25 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-25 17:39 - 2014-06-29 10:49 - 00001136 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-25 17:39 - 2014-06-28 17:49 - 00001132 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-25 17:39 - 2014-06-25 17:44 - 00004108 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-25 17:39 - 2014-06-25 17:44 - 00003872 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-25 17:39 - 2014-06-25 17:40 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Google
2014-06-25 17:39 - 2014-06-25 17:40 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-25 17:38 - 2014-06-28 10:48 - 00000000 ____D () C:\Program Files (x86)\NetCrawl
2014-06-25 17:37 - 2014-06-25 17:37 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\SupTab
2014-06-25 17:37 - 2014-06-25 17:37 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-06-25 17:37 - 2014-06-25 17:37 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-06-25 17:37 - 2014-06-25 17:37 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-06-25 17:36 - 2014-06-25 17:36 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\sweet-page
2014-06-25 17:36 - 2014-06-25 17:35 - 00784840 _____ (Google Inc.) C:\Users\Erkut\Downloads\google-chrome.exe
2014-06-25 17:34 - 2014-06-25 17:34 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Macromedia
2014-06-25 17:33 - 2014-06-25 17:33 - 00000000 ____D () C:\Users\Erkut\AppData\Local\bitcasa
2014-06-25 17:28 - 2014-06-29 10:32 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3894098194-677086307-2034191709-1001
2014-06-25 17:22 - 2014-06-28 11:35 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Samsung
2014-06-25 17:21 - 2014-06-25 21:18 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Adobe
2014-06-25 17:21 - 2014-06-25 17:21 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-06-25 17:19 - 2014-06-28 21:45 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Adobe
2014-06-25 17:19 - 2014-06-25 17:19 - 00001450 _____ () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-25 17:19 - 2014-06-25 17:19 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Samsung
2014-06-25 17:19 - 2014-06-25 17:19 - 00000000 ____D () C:\Users\Erkut\.android
2014-06-25 17:18 - 2014-06-25 17:18 - 00001202 _____ () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk
2014-06-25 17:18 - 2014-06-25 17:18 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Absolute_Software
2014-06-25 17:18 - 2014-06-25 17:18 - 00000000 _____ () C:\windows\system32\Drivers\144D_SAMSUNG_na_670Z5E_P03A.mrk
2014-06-25 17:18 - 2013-02-25 18:04 - 121849162 _____ () C:\windows\[0407]SamsungStory01_ger.scr
2014-06-25 17:17 - 2014-06-28 11:04 - 00003059 _____ () C:\Users\Erkut\AppData\Roaming\AbsoluteReminder.xml
2014-06-25 17:17 - 2014-06-28 10:47 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-06-25 17:17 - 2014-06-25 17:17 - 00000000 ____D () C:\Users\Erkut\AppData\Local\VirtualStore
2014-06-25 17:16 - 2014-06-28 12:44 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Packages
2014-06-25 17:16 - 2014-06-25 17:16 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Intel
2014-06-25 17:15 - 2014-06-28 18:22 - 00000000 ____D () C:\Users\Erkut
2014-06-25 17:15 - 2014-06-25 17:15 - 00000020 ___SH () C:\Users\Erkut\ntuser.ini
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Vorlagen
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Startmenü
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Netzwerkumgebung
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Lokale Einstellungen
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Eigene Dateien
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Druckumgebung
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Documents\Eigene Musik
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Documents\Eigene Bilder
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\AppData\Local\Verlauf
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\AppData\Local\Anwendungsdaten
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Anwendungsdaten
2014-06-25 17:15 - 2013-05-24 18:49 - 00000000 ___RD () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-06-25 17:15 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-25 17:15 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-06-25 17:15 - 2012-07-26 10:13 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-11 18:55 - 2014-06-11 18:55 - 04446152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc110u.dll
2014-06-11 18:55 - 2014-06-11 18:55 - 04411848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc110.dll
2014-06-11 18:55 - 2014-06-11 18:55 - 00082888 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcm110u.dll
2014-06-11 18:55 - 2014-06-11 18:55 - 00082888 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcm110.dll

==================== One Month Modified Files and Folders =======

2014-06-29 10:51 - 2014-06-29 10:51 - 00023370 _____ () C:\Users\Erkut\Downloads\FRST.txt
2014-06-29 10:51 - 2014-06-29 10:50 - 00000000 ____D () C:\FRST
2014-06-29 10:51 - 2013-05-24 17:49 - 01727776 _____ () C:\windows\WindowsUpdate.log
2014-06-29 10:51 - 2012-07-26 09:59 - 00000000 ____D () C:\windows\CbsTemp
2014-06-29 10:49 - 2014-06-29 10:49 - 02083328 _____ (Farbar) C:\Users\Erkut\Downloads\FRST64.exe
2014-06-29 10:49 - 2014-06-25 17:39 - 00001136 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-29 10:49 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-06-29 10:32 - 2014-06-29 10:32 - 00000000 ___SH () C:\DkHyperbootSync
2014-06-29 10:32 - 2014-06-25 17:28 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3894098194-677086307-2034191709-1001
2014-06-29 10:32 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\en-GB
2014-06-29 10:32 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\en-GB
2014-06-29 10:00 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-06-29 09:32 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-06-29 09:26 - 2014-06-29 09:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 15
2014-06-29 09:25 - 2014-06-28 12:29 - 00000000 ____D () C:\Users\Erkut\Documents\Outlook-Dateien
2014-06-29 09:24 - 2014-06-29 09:24 - 02947139 _____ () C:\Users\Erkut\Downloads\O15CTRRemove (1).diagcab
2014-06-29 09:24 - 2012-07-26 07:26 - 00000194 _____ () C:\windows\win.ini
2014-06-28 22:28 - 2014-06-28 22:20 - 02936043 _____ () C:\Users\Erkut\Downloads\O15CTRRemove.diagcab
2014-06-28 22:13 - 2014-06-28 22:13 - 01351872 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x64.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_ (1).exe
2014-06-28 22:07 - 2014-06-28 22:07 - 00000000 ____D () C:\Users\Erkut\Documents\OneNote-Notizbücher
2014-06-28 21:45 - 2014-06-28 21:45 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-06-28 21:45 - 2014-06-25 17:19 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Adobe
2014-06-28 21:35 - 2013-05-24 19:39 - 00000000 ____D () C:\ProgramData\Temp
2014-06-28 21:13 - 2014-06-28 18:07 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Dropbox
2014-06-28 21:12 - 2014-06-28 18:22 - 00000000 ___RD () C:\Users\Erkut\Dropbox
2014-06-28 18:22 - 2014-06-28 18:22 - 00001044 _____ () C:\Users\Erkut\Desktop\Dropbox.lnk
2014-06-28 18:22 - 2014-06-28 18:10 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\DropboxMaster
2014-06-28 18:22 - 2014-06-25 17:15 - 00000000 ____D () C:\Users\Erkut
2014-06-28 18:10 - 2014-06-28 18:10 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-28 18:06 - 2014-06-28 18:06 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\AVAST Software
2014-06-28 18:05 - 2014-06-28 18:05 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-06-28 18:05 - 2014-06-28 18:05 - 00001976 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-28 18:05 - 2014-06-28 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-28 18:04 - 2014-06-28 18:04 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00426848 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00307344 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-06-28 18:04 - 2014-06-28 18:04 - 00224896 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-06-28 18:04 - 2014-06-28 18:04 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-06-28 18:03 - 2014-06-28 18:03 - 91906368 _____ (AVAST Software) C:\Users\Erkut\Downloads\avast_free_antivirus_setup_9.0.2021.exe
2014-06-28 18:03 - 2014-06-28 18:03 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-28 18:03 - 2014-06-28 18:03 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-28 17:49 - 2014-06-25 17:39 - 00001132 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-28 17:43 - 2013-05-24 19:37 - 00000000 ____D () C:\ProgramData\WinClon
2014-06-28 17:40 - 2012-08-05 23:07 - 00032266 _____ () C:\windows\PFRO.log
2014-06-28 17:40 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-28 17:40 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-06-28 17:36 - 2013-05-24 19:33 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-06-28 17:36 - 2013-05-24 19:32 - 00000000 ____D () C:\ProgramData\Norton
2014-06-28 17:35 - 2014-06-28 17:35 - 00870672 _____ () C:\Users\Erkut\Downloads\Norton_Removal_Tool.exe
2014-06-28 13:15 - 2013-05-25 03:26 - 00780976 _____ () C:\windows\system32\perfh010.dat
2014-06-28 13:15 - 2013-05-25 03:26 - 00152608 _____ () C:\windows\system32\perfc010.dat
2014-06-28 13:15 - 2013-05-25 03:20 - 00753134 _____ () C:\windows\system32\perfh007.dat
2014-06-28 13:15 - 2013-05-25 03:20 - 00155826 _____ () C:\windows\system32\perfc007.dat
2014-06-28 13:15 - 2013-05-25 03:13 - 00790022 _____ () C:\windows\system32\perfh00C.dat
2014-06-28 13:15 - 2013-05-25 03:13 - 00155084 _____ () C:\windows\system32\perfc00C.dat
2014-06-28 13:15 - 2012-07-26 09:28 - 03624158 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-28 13:14 - 2014-06-28 13:08 - 00000000 ____D () C:\Users\Erkut\AppData\Local\NPE
2014-06-28 13:10 - 2014-06-28 13:10 - 00000000 ____D () C:\NPE
2014-06-28 13:07 - 2014-06-28 13:07 - 03081712 ____N (Symantec Corporation) C:\Users\Erkut\Downloads\NPE.exe
2014-06-28 13:04 - 2014-06-28 13:04 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-06-28 13:04 - 2012-07-26 09:21 - 00026966 _____ () C:\windows\setupact.log
2014-06-28 12:50 - 2013-05-24 19:34 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-06-28 12:44 - 2014-06-28 12:39 - 00000000 ___RD () C:\windows\BrowserChoice
2014-06-28 12:44 - 2014-06-25 17:16 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Packages
2014-06-28 12:44 - 2012-08-05 23:11 - 00000000 ____D () C:\ProgramData\PRICache
2014-06-28 12:42 - 2013-05-24 18:54 - 03550392 _____ () C:\windows\system32\FNTCACHE.DAT
2014-06-28 12:39 - 2014-06-27 21:52 - 00000000 ____D () C:\windows\system32\MRT
2014-06-28 12:37 - 2014-06-26 20:48 - 00265050 _____ () C:\windows\msxml4-KB2758694-enu.LOG
2014-06-28 12:35 - 2012-07-26 07:38 - 00000000 ____D () C:\windows\system32\oobe
2014-06-28 11:53 - 2014-06-25 20:46 - 01382640 _____ () C:\windowsNIRMALA.tt2
2014-06-28 11:53 - 2014-06-25 20:46 - 01334012 _____ () C:\windowsNIRMALAB.tt2
2014-06-28 11:51 - 2014-06-28 11:51 - 01351872 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x64.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_.exe
2014-06-28 11:48 - 2014-06-28 11:47 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\setupproplusretail.x86.de-de_act_1_ (1).exe
2014-06-28 11:35 - 2014-06-28 11:35 - 00002033 _____ () C:\Users\Public\Desktop\SideSync.lnk
2014-06-28 11:35 - 2014-06-25 17:22 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Samsung
2014-06-28 11:35 - 2013-05-24 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-06-28 11:35 - 2013-05-24 17:51 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-06-28 11:27 - 2014-06-28 11:27 - 00002050 _____ () C:\Users\Public\Desktop\Support Center.lnk
2014-06-28 11:23 - 2014-06-28 11:23 - 00001992 _____ () C:\Users\Public\Desktop\Help Desk.lnk
2014-06-28 11:19 - 2014-06-28 11:19 - 00003434 _____ () C:\windows\System32\Tasks\Settings
2014-06-28 11:18 - 2014-06-28 11:18 - 00002038 _____ () C:\Users\Public\Desktop\Settings.lnk
2014-06-28 11:09 - 2013-05-24 19:34 - 00000000 ____D () C:\ProgramData\Samsung
2014-06-28 11:05 - 2014-06-28 11:05 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\setupproplusretail.x86.de-de_act_1_.exe
2014-06-28 11:04 - 2014-06-25 17:17 - 00003059 _____ () C:\Users\Erkut\AppData\Roaming\AbsoluteReminder.xml
2014-06-28 11:03 - 2014-06-28 11:03 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x86.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_.exe
2014-06-28 11:03 - 2014-06-28 11:03 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x86.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_ (1).exe
2014-06-28 10:48 - 2014-06-25 17:38 - 00000000 ____D () C:\Program Files (x86)\NetCrawl
2014-06-28 10:47 - 2014-06-25 17:52 - 00000000 ___RD () C:\Users\Erkut\Documents\MAGIX
2014-06-28 10:47 - 2014-06-25 17:17 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-06-28 10:47 - 2013-05-24 19:32 - 00000000 ____D () C:\windows\system32\Drivers\NISx64
2014-06-28 10:47 - 2013-05-24 17:50 - 00000000 ____D () C:\ProgramData\Intel.sav
2014-06-28 10:47 - 2013-05-24 17:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-28 10:47 - 2013-05-24 17:47 - 00000000 ____D () C:\Program Files\Intel
2014-06-28 10:47 - 2013-05-24 17:46 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-06-28 10:47 - 2012-07-26 10:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-06-28 10:47 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-06-28 10:47 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\WinMetadata
2014-06-28 10:47 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\WinMetadata
2014-06-28 10:47 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\Macromed
2014-06-28 10:47 - 2012-07-26 07:38 - 00000000 ____D () C:\windows\system32\Sysprep
2014-06-28 10:46 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\registration
2014-06-28 10:44 - 2013-05-24 19:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-06-28 10:44 - 2013-05-24 17:50 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-06-28 10:44 - 2013-05-24 17:47 - 00000000 ____D () C:\ProgramData\Intel
2014-06-28 10:43 - 2013-05-24 17:50 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-06-27 21:52 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-06-25 21:21 - 2014-06-25 21:21 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\ATI
2014-06-25 21:21 - 2014-06-25 21:21 - 00000000 ____D () C:\Users\Erkut\AppData\Local\ATI
2014-06-25 21:21 - 2014-06-25 21:21 - 00000000 ____D () C:\ProgramData\ATI
2014-06-25 21:18 - 2014-06-25 17:21 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Adobe
2014-06-25 19:54 - 2013-05-24 17:46 - 00000000 ____D () C:\Intel
2014-06-25 18:39 - 2014-06-25 18:39 - 00000000 ____D () C:\ProgramData\374311380
2014-06-25 18:28 - 2014-06-25 18:28 - 00288496 _____ () C:\windows\Minidump\062514-27171-01.dmp
2014-06-25 18:28 - 2014-06-25 18:17 - 00000000 ____D () C:\windows\Minidump
2014-06-25 18:27 - 2014-06-25 18:16 - 4051723278 _____ () C:\windows\MEMORY.DMP
2014-06-25 18:16 - 2013-05-25 09:36 - 00165742 ____N () C:\windows\Minidump\062514-53515-01.dmp
2014-06-25 17:58 - 2014-06-25 17:51 - 00000000 ____D () C:\ProgramData\MAGIX
2014-06-25 17:58 - 2014-06-25 17:44 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\MAGIX
2014-06-25 17:53 - 2014-06-25 17:53 - 00001182 _____ () C:\Users\Public\Desktop\MAGIX Video deluxe 2014 Plus.lnk
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Erkut\Documents\MAGIX_MusicEditor
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Xara
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Magix
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-06-25 17:52 - 2014-06-25 17:52 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-06-25 17:51 - 2014-06-25 17:51 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-06-25 17:44 - 2014-06-25 17:44 - 02849256 _____ (MAGIX AG) C:\Users\Erkut\Downloads\videodeluxe2014plus_dlm.exe
2014-06-25 17:44 - 2014-06-25 17:39 - 00004108 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-25 17:44 - 2014-06-25 17:39 - 00003872 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-25 17:41 - 2014-06-25 17:41 - 00000000 _____ () C:\Users\Erkut\agent.log
2014-06-25 17:40 - 2014-06-25 17:40 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-25 17:40 - 2014-06-25 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-25 17:40 - 2014-06-25 17:39 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Google
2014-06-25 17:40 - 2014-06-25 17:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-25 17:37 - 2014-06-25 17:37 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\SupTab
2014-06-25 17:37 - 2014-06-25 17:37 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-06-25 17:37 - 2014-06-25 17:37 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-06-25 17:37 - 2014-06-25 17:37 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-06-25 17:36 - 2014-06-25 17:36 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\sweet-page
2014-06-25 17:35 - 2014-06-25 17:36 - 00784840 _____ (Google Inc.) C:\Users\Erkut\Downloads\google-chrome.exe
2014-06-25 17:34 - 2014-06-25 17:34 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Macromedia
2014-06-25 17:33 - 2014-06-25 17:33 - 00000000 ____D () C:\Users\Erkut\AppData\Local\bitcasa
2014-06-25 17:21 - 2014-06-25 17:21 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-06-25 17:19 - 2014-06-25 17:19 - 00001450 _____ () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-25 17:19 - 2014-06-25 17:19 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Samsung
2014-06-25 17:19 - 2014-06-25 17:19 - 00000000 ____D () C:\Users\Erkut\.android
2014-06-25 17:18 - 2014-06-25 17:18 - 00001202 _____ () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk
2014-06-25 17:18 - 2014-06-25 17:18 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Absolute_Software
2014-06-25 17:18 - 2014-06-25 17:18 - 00000000 _____ () C:\windows\system32\Drivers\144D_SAMSUNG_na_670Z5E_P03A.mrk
2014-06-25 17:17 - 2014-06-25 17:17 - 00000000 ____D () C:\Users\Erkut\AppData\Local\VirtualStore
2014-06-25 17:16 - 2014-06-25 17:16 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Intel
2014-06-25 17:16 - 2012-07-26 10:12 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
2014-06-25 17:16 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\WinStore
2014-06-25 17:15 - 2014-06-25 17:15 - 00000020 ___SH () C:\Users\Erkut\ntuser.ini
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Vorlagen
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Startmenü
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Netzwerkumgebung
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Lokale Einstellungen
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Eigene Dateien
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Druckumgebung
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Documents\Eigene Musik
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Documents\Eigene Bilder
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\AppData\Local\Verlauf
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\AppData\Local\Anwendungsdaten
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Anwendungsdaten
2014-06-13 13:36 - 2014-06-25 18:43 - 00061112 _____ (StdLib) C:\windows\system32\Drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64.sys
2014-06-11 18:55 - 2014-06-11 18:55 - 04446152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc110u.dll
2014-06-11 18:55 - 2014-06-11 18:55 - 04411848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc110.dll
2014-06-11 18:55 - 2014-06-11 18:55 - 00082888 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcm110u.dll
2014-06-11 18:55 - 2014-06-11 18:55 - 00082888 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcm110.dll
2014-06-01 17:17 - 2014-06-28 12:37 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


Some content of TEMP:
====================
C:\Users\Erkut\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1g9u1p.dll
C:\Users\Erkut\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2012-08-05 23:07

==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2014 02
Ran by Erkut at 2014-06-29 10:52:10
Running from C:\Users\Erkut\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.2.0.26 - Absolute Software)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.21127 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{77A7CE43-5A1E-8282-931B-E0CC4C075793}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bitcasa version 0.9.20.4135 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4135 - Bitcasa Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1127.15.314 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1127.15.314 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1127.15.314 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.1127.15.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1127.15.314 - Advanced Micro Devices, Inc.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
ETDWare X64 11.7.10.4_WHQL (HKLM\...\Elantech) (Version: 11.7.10.4 - ELAN Microelectronic Corp.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36843 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.6.1.0536 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software Driver (Version: 15.06.1000.0199 - Intel Corporation) Hidden
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{87d45b7e-19da-4dd5-9214-5e0d587c312f}) (Version: 15.6.1 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 15.06.1000.0142 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
IntelliMemory (HKLM\...\{40320F22-7D70-49DB-9D66-B6FAE5F36B47}) (Version: 1.0.32.0 - Condusiv Technologies)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{49209082-E4F9-410D-B74D-E6506977F30B}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 Plus (HKLM-x32\...\MX.{85061988-E889-4A37-9CB7-4F695AC35544}) (Version: 13.0.2.8 - MAGIX AG)
MAGIX Video deluxe 2014 Plus (Version: 13.0.2.8 - MAGIX AG) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NetCrawl (HKLM\...\NetCrawl) (Version: 2014.06.24.214734 - NetCrawl)
OEM Application Profile (HKLM-x32\...\{EE55B368-EBDF-98F3-CFE7-7CE4ADBC4553}) (Version: 1.00.0004 - Advanced Micro Devices, Inc.)
Phone Screen Sharing (HKLM-x32\...\{DF02C515-40B5-45AC-A601-5DC69D03885C}) (Version: 2.0.0.21 - RSUPPORT)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.9.1212.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6818 - Realtek Semiconductor Corp.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39036 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.7 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
SideSync (HKLM-x32\...\{59687468-8CE9-4ABF-9C6A-5C31F0E09F8B}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
SRS Premium Sound (HKLM-x32\...\{E44F8A34-529E-4318-A0E1-1893C337A47F}) (Version: 1.00.2600 - DTS, Inc.)
Support Center (HKLM\...\{AB0DEFBB-1A16-47B5-86D2-39F0A2B24AE4}) (Version: 2.1.1210 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.14 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
sweet-page uninstall (HKLM-x32\...\sweet-page uninstall) (Version:  - sweet-page) <==== ATTENTION
User Guide (HKLM-x32\...\{C7343D0D-E05B-4561-AAF1-8EDF0FEA1EAE}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WindowsProtectManger20.0.0.401 (HKLM-x32\...\WindowsProtectManger) (Version: 20.0.0.401 - Fuyu LIMITED) <==== ATTENTION

==================== Restore Points  =========================

25-06-2014 17:55:23 Intel® PROSet/Wireless Software
28-06-2014 08:40:25 Wiederherstellungsvorgang

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {03A70337-00BA-4B18-8888-7FB3BF4444E4} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-13] (Intel Corporation)
Task: {072A0C1E-9D0B-4A5A-8E94-89BE06D1F513} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-06-01] (Microsoft Corporation)
Task: {129BFEBC-FC51-47FA-A67D-FB068A7B2B57} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2014-01-29] (Samsung Electronics CO., LTD.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {40254841-9AA3-442B-934D-BE1BCD6A39ED} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-13] (Intel Corporation)
Task: {43D4FDAA-4606-4A46-831F-DEC7419338C5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\WSCStub.exe
Task: {779A1234-9901-4668-827A-4CB7A6C4D817} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-04-30] (SEC)
Task: {7CACB453-74E4-4097-B0A4-21624104B2C3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-28] (AVAST Software)
Task: {9D8A24F5-BE19-44C2-B301-82191EB33F73} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\SymErr.exe
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\windows\system32\dism.exe [2012-07-26] (Microsoft Corporation)
Task: {B591987F-6924-4519-B933-58E7291EC981} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\SymErr.exe
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {DD4AC9A6-1819-47F1-89EE-F6EC68EEEDC0} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-03-19] (Samsung Electronics CO., LTD.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EE6722B4-1A9B-4008-9EBB-90351FB18C81} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-25] (Google Inc.)
Task: {F4FED40C-6C6C-4101-8A4E-2E19DFE6446D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-25] (Google Inc.)
Task: {F8E9F306-F34A-402E-A5B7-FB560F72E779} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-29 13:20 - 2014-01-29 13:20 - 00084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2013-02-05 06:50 - 2013-01-16 05:27 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-03-19 11:41 - 2014-03-19 11:41 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2014-06-24 23:47 - 2014-06-29 09:21 - 00318752 _____ () C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe
2014-06-25 18:42 - 2014-06-29 09:24 - 00318752 _____ () C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe
2014-06-29 09:24 - 2014-06-27 18:14 - 00287008 _____ () C:\Program Files (x86)\NetCrawl\bin\NetCrawl.PurBrowse64.exe
2014-06-29 09:24 - 2014-06-29 07:16 - 00096544 _____ () C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe
2014-01-29 13:20 - 2014-01-29 13:20 - 00027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 01141056 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00059712 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00102720 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2013-05-24 17:47 - 2013-01-14 20:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-06-28 18:04 - 2014-06-28 18:04 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-06-28 18:04 - 2014-06-28 18:04 - 02787840 _____ () C:\Program Files\AVAST Software\Avast\defs\14062601\algo.dll
2014-06-28 18:07 - 2014-06-28 18:07 - 02789376 _____ () C:\Program Files\AVAST Software\Avast\defs\14062800\algo.dll
2014-06-28 18:04 - 2014-06-28 18:04 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-28 18:10 - 2014-06-28 18:10 - 00041984 _____ () c:\users\erkut\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1g9u1p.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Erkut\AppData\Roaming\Dropbox\bin\libcef.dll
2014-06-29 09:24 - 2014-06-29 07:16 - 00183584 _____ () C:\Program Files (x86)\NetCrawl\bin\NetCrawlBAApp.dll
2014-06-25 17:40 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-25 17:40 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-25 17:40 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-25 17:40 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-25 17:40 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-06-25 17:40 - 2014-06-05 15:58 - 14612296 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/29/2014 10:01:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1ae8

Startzeit: 01cf9308544abc1c

Endzeit: 4294967295

Anwendungspfad: C:\windows\system32\wwahost.exe

Berichts-ID: 8d1488d4-ff63-11e3-be7d-c4d987011e08

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.WindowsLive.Mail

Error: (06/29/2014 10:01:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: KURTIS-LAPTOP)
Description: Das Paket „microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (06/28/2014 10:03:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/28/2014 00:47:28 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Fehler beim Laden des Protokollhandlers Mapi15. Fehlerbeschreibung: (HRESULT : 0x80004005).

Error: (06/28/2014 00:34:00 PM) (Source: Microsoft Office 15) (EventID: 2000) (User: )
Description: Microsoft OutlookOutlook konnte beim letzten Mal nicht gestartet werden. Der abgesicherte Modus kann Ihnen bei der Problembehandlung behilflich sein. Einige Features sind aber in diesem Modus möglicherweise nicht verfügbar.

Möchten Sie im abgesicherten Modus starten?

Error: (06/28/2014 00:29:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 15.0.4623.1000, Zeitstempel: 0x53728c66
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420, Zeitstempel: 0x505ab405
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000ea485
ID des fehlerhaften Prozesses: 0x1ae0
Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0
Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1
Pfad des fehlerhaften Moduls: OUTLOOK.EXE2
Berichtskennung: OUTLOOK.EXE3
Vollständiger Name des fehlerhaften Pakets: OUTLOOK.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: OUTLOOK.EXE5

Error: (06/28/2014 00:08:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KURTIS-LAPTOP)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (06/28/2014 00:08:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 16.4.4396.1016 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 106c

Startzeit: 01cf92b250b8f7cf

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 14ade344-feac-11e3-be7a-c4d987011e08

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.WindowsLive.Mail

Error: (06/28/2014 11:00:00 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1764) SRUJet: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\windows\system32\SRU\SRU0004D.log.

Error: (06/28/2014 10:59:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FIRSTRUN.EXE, Version: 15.0.4454.1000, Zeitstempel: 0x509a3a3b
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x139c
Startzeit der fehlerhaften Anwendung: 0xFIRSTRUN.EXE0
Pfad der fehlerhaften Anwendung: FIRSTRUN.EXE1
Pfad des fehlerhaften Moduls: FIRSTRUN.EXE2
Berichtskennung: FIRSTRUN.EXE3
Vollständiger Name des fehlerhaften Pakets: FIRSTRUN.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FIRSTRUN.EXE5


System errors:
=============
Error: (06/29/2014 10:00:49 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (06/29/2014 09:37:44 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (06/29/2014 09:31:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (06/29/2014 09:28:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/29/2014 09:28:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/28/2014 09:37:03 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (06/28/2014 06:08:28 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (06/28/2014 06:05:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! EmHWID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127

Error: (06/28/2014 05:35:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Norton Internet Security" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/28/2014 01:08:42 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "NPEService" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.


Microsoft Office Sessions:
=========================
Error: (06/29/2014 10:01:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.2.9200.164201ae801cf9308544abc1c4294967295C:\windows\system32\wwahost.exe8d1488d4-ff63-11e3-be7d-c4d987011e08microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail

Error: (06/29/2014 10:01:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: KURTIS-LAPTOP)
Description: microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe

Error: (06/28/2014 10:03:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/28/2014 00:47:28 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: Mapi15(HRESULT : 0x80004005)

Error: (06/28/2014 00:34:00 PM) (Source: Microsoft Office 15) (EventID: 2000) (User: )
Description: Microsoft OutlookOutlook konnte beim letzten Mal nicht gestartet werden. Der abgesicherte Modus kann Ihnen bei der Problembehandlung behilflich sein. Einige Features sind aber in diesem Modus möglicherweise nicht verfügbar.

Möchten Sie im abgesicherten Modus starten?

Error: (06/28/2014 00:29:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OUTLOOK.EXE15.0.4623.100053728c66ntdll.dll6.2.9200.16420505ab405c000037400000000000ea4851ae001cf92bbcbab8050C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXEC:\windows\SYSTEM32\ntdll.dll0e044da4-feaf-11e3-be7a-c4d987011e08

Error: (06/28/2014 00:08:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KURTIS-LAPTOP)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927142

Error: (06/28/2014 00:08:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe16.4.4396.1016106c01cf92b250b8f7cf4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe14ade344-feac-11e3-be7a-c4d987011e08microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail

Error: (06/28/2014 11:00:00 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost1764SRUJet: C:\windows\system32\SRU\SRU0004D.log-1811 (0xfffff8ed)

Error: (06/28/2014 10:59:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FIRSTRUN.EXE15.0.4454.1000509a3a3bMSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd139c01cf92af4da4429aC:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXEC:\windows\SYSTEM32\MSVCR100.dll8bbcb021-fea2-11e3-be78-c4d987011e08


==================== Memory info ===========================

Percentage of memory in use: 53%
Total physical RAM: 8076.76 MB
Available physical RAM: 3722.08 MB
Total Pagefile: 16268.77 MB
Available Pagefile: 11422.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:906.82 GB) (Free:839.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 68918664)

Partition: GPT Partition Type.

==================== End Of Log ============================

M-K-D-B 29.06.2014 10:19
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Danke für deine Mitarbeit!






Zitat:
Running from C:\Users\Erkut\Downloads
Alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.





Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 3
Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann.
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
  • Starte Zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    iedefaults;
    resetIEproxy;
    FFdefaults;
    CHRdefaults;
    emptyclsid;
    autoclean;
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit der Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:\ .
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken).





Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von Zoek,
  • die beiden neuen Logdateien von FRST.

der-kurti 29.06.2014 12:16
Hallo Matthias,

vielen Dank für Deine Unterstützung.

Ich habe den AdwCleaner auf mein Deskop heruntergeladen und gestartet, jedoch bewegt sich leider nichts und es öffnet sich kein Installationsprogramm oder die Nutzungsbestimmung hierzu.

Weißt Du evt. Rat ?

Gruß
Kurti

M-K-D-B 29.06.2014 12:33
Servus,


bekommst du eine Fehlermeldung oder Ähnliches?


Benenne die adwcleaner.exe in der-kurti.exe um und versuche erneut das Tool zu starten.


Wenn das auch nicht hilft:

Starte deinen Rechner nach dieser Anleitung und führe das Tool im abgesicherten Modus aus.

der-kurti 29.06.2014 15:48
Hallo,

ich habe keinerlei Fehlermeldung erhalten, nur beim ersten Start, dass es möglicherweise mein PC schaden kann wenn ich das Programm ausführe und die Frage ob ich es dennoch starten will. Ich bejahte aber es rührte sich gar nichts mehr. Auch weitere Doppelklick Aktionen führten zu nichts. Dann habe ich ein Neustart gemacht und seitdem arbeitet mein Laptop, weil es 54 Updates installiert und bin erst bei update Nummer 35.

Danach werde ich weiter deinen Anweisungen nachgehen können, kann aber locker noch eine Stunde dauern. :headbang:

Hallo,

leider hat das Programm auch im abgesichertem Modus nicht gestartet. Sowohl mit doppelklick als auch mit rechter Maustaste und Programm öffnen, rührt sich leider gar nichts. :-(

Ich habe die Datei auch auf der-kurti.exe abgeändert gehabt, jedoch ohne Erfolg.
Kann es sein dass es nicht für Windows 8 gestartet werden kann ?

Gruß
Kurti

M-K-D-B 30.06.2014 15:28
Zitat:
Zitat von der-kurti (Beitrag 1323335)
Kann es sein dass es nicht für Windows 8 gestartet werden kann ?
AdwCleaner funktiniert einwandfrei unter Windows 8, also mir sind keine Probleme bekannt.


Ok, dann machen wir es anders:
Führe zunächst MBAM und Zoek aus, dann erst AdwCleaner. Zum Schluss FRST wie beschrieben als Kontrolle.

der-kurti 30.06.2014 17:03
Hallo,

beide Programme habe ich runtergeladen und beim MBAM bekomme ich die Fehlermeldung:
The setup files are corrupted. Please obtain a new copy of the programm

Beim ausführen von Zoek erhalte ich die Meldung:
Diese App kann auf dem PC nicht ausgeführt werden, Wenden Sie sich an den Softwareherausgeber, um eine geeignete Version für Ihren PC zu finden.

:-(

schaut ja schlimmer aus als ich befürchtet habe.

M-K-D-B 30.06.2014 18:10
Servus,


klappt das hier?



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

der-kurti 30.06.2014 18:37
Hallo,

das hat nun geklappt. Anbei die Datei.
P.S. Werde jetzt offline sein, wegen dem Deutschland Spiel

Code:
ComboFix 14-06-30.01 - Erkut 30.06.2014  19:25:25.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.8077.5920 [GMT 2:00]
ausgeführt von:: c:\users\Erkut\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\374311380
c:\programdata\374311380\BITAC01.tmp
c:\programdata\Roaming
c:\users\Erkut\AppData\Local\Microsoft\Windows\Temporary Internet Files\MxUpdate.exe
c:\users\Erkut\AppData\Local\Microsoft\Windows\Temporary Internet Files\NetCrawl_iels
C:\windowsNIRMALA.tt2
C:\windowsNIRMALAB.tt2
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-05-28 bis 2014-06-30  ))))))))))))))))))))))))))))))
.
.
2014-06-30 17:34 . 2014-06-30 17:34        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-06-30 16:28 . 2014-05-31 05:16        703992        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-30 16:28 . 2014-05-31 05:16        105464        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-29 18:31 . 2014-04-03 11:22        2233176        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2014-06-29 18:31 . 2014-02-05 23:41        595968        ----a-w-        c:\windows\system32\qedit.dll
2014-06-29 18:31 . 2014-02-05 23:37        496640        ----a-w-        c:\windows\SysWow64\qedit.dll
2014-06-29 15:36 . 2013-09-04 03:11        576512        ----a-w-        c:\windows\system32\drivers\afd.sys
2014-06-29 14:10 . 2013-04-02 23:12        30720        ----a-w-        c:\windows\system32\cryptdlg.dll
2014-06-29 14:10 . 2013-04-02 23:37        25088        ----a-w-        c:\windows\SysWow64\cryptdlg.dll
2014-06-29 14:07 . 2014-06-29 14:07        283312        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10242.bin
2014-06-29 12:28 . 2014-01-27 03:39        1939288        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2014-06-29 12:28 . 2014-01-11 06:48        5979648        ----a-w-        c:\windows\system32\mstscax.dll
2014-06-29 12:28 . 2014-01-11 05:06        5092352        ----a-w-        c:\windows\SysWow64\mstscax.dll
2014-06-29 12:28 . 2014-01-02 23:32        523264        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2014-06-29 12:28 . 2014-02-03 23:56        332632        ----a-w-        c:\windows\system32\drivers\storport.sys
2014-06-29 12:28 . 2014-02-03 23:56        278872        ----a-w-        c:\windows\system32\drivers\msiscsi.sys
2014-06-29 12:28 . 2014-01-31 00:48        485888        ----a-w-        c:\windows\SysWow64\WSDApi.dll
2014-06-29 12:28 . 2014-01-31 00:06        599040        ----a-w-        c:\windows\system32\WSDApi.dll
2014-06-29 12:28 . 2014-01-15 23:42        118784        ----a-w-        c:\windows\system32\drivers\dfsc.sys
2014-06-29 12:28 . 2014-01-02 23:35        365568        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll
2014-06-29 12:18 . 2014-04-03 11:19        328024        ----a-w-        c:\windows\system32\drivers\Classpnp.sys
2014-06-29 12:18 . 2014-04-03 03:44        619008        ----a-w-        c:\windows\system32\drivers\srv2.sys
2014-06-29 12:18 . 2014-03-24 23:42        305152        ----a-w-        c:\windows\SysWow64\wusa.exe
2014-06-29 12:18 . 2014-03-24 22:56        309760        ----a-w-        c:\windows\system32\wusa.exe
2014-06-29 11:55 . 2013-07-24 23:07        13661696        ----a-w-        c:\windows\system32\Windows.UI.Xaml.dll
2014-06-29 11:55 . 2013-07-24 23:10        10799104        ----a-w-        c:\windows\SysWow64\Windows.UI.Xaml.dll
2014-06-29 11:55 . 2013-08-30 05:20        1173504        ----a-w-        c:\windows\system32\UIAutomationCore.dll
2014-06-29 11:55 . 2013-08-29 23:48        914432        ----a-w-        c:\windows\SysWow64\UIAutomationCore.dll
2014-06-29 11:55 . 2013-09-13 22:33        328192        ----a-w-        c:\windows\system32\ubpm.dll
2014-06-29 11:55 . 2013-08-21 06:39        465240        ----a-w-        c:\windows\system32\drivers\fvevol.sys
2014-06-29 11:55 . 2013-08-10 06:30        151896        ----a-w-        c:\windows\system32\drivers\tpm.sys
2014-06-29 11:55 . 2013-09-13 22:36        247296        ----a-w-        c:\windows\SysWow64\ubpm.dll
2014-06-29 11:55 . 2013-08-30 05:43        61784        ----a-w-        c:\windows\system32\drivers\crashdmp.sys
2014-06-29 11:32 . 2013-10-31 05:56        915968        ----a-w-        c:\windows\system32\MPSSVC.dll
2014-06-29 11:32 . 2013-10-31 05:56        758784        ----a-w-        c:\windows\system32\FirewallAPI.dll
2014-06-29 11:32 . 2013-10-31 04:01        550400        ----a-w-        c:\windows\SysWow64\FirewallAPI.dll
2014-06-29 11:32 . 2013-10-13 20:49        100696        ----a-w-        c:\windows\system32\drivers\disk.sys
2014-06-29 11:32 . 2013-08-27 05:21        227840        ----a-w-        c:\windows\system32\WebClnt.dll
2014-06-29 11:32 . 2013-08-26 22:29        199168        ----a-w-        c:\windows\SysWow64\WebClnt.dll
2014-06-29 11:32 . 2013-10-31 03:42        74752        ----a-w-        c:\windows\system32\drivers\mpsdrv.sys
2014-06-29 11:32 . 2013-08-27 05:19        104448        ----a-w-        c:\windows\system32\davclnt.dll
2014-06-29 11:32 . 2013-08-26 22:28        86016        ----a-w-        c:\windows\SysWow64\davclnt.dll
2014-06-29 11:09 . 2014-03-01 09:47        1258496        ----a-w-        c:\windows\system32\kernel32.dll
2014-06-29 11:09 . 2014-03-01 09:47        1120768        ----a-w-        c:\windows\system32\gpedit.dll
2014-06-29 11:09 . 2014-02-26 23:18        370688        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2014-06-29 11:09 . 2014-02-26 23:18        215040        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2014-06-29 11:09 . 2014-03-01 08:07        1075200        ----a-w-        c:\windows\SysWow64\gpedit.dll
2014-06-29 11:09 . 2014-02-26 23:18        247808        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2014-06-29 11:09 . 2013-11-25 23:17        83968        ----a-w-        c:\windows\system32\drivers\hidclass.sys
2014-06-29 11:09 . 2014-02-15 04:15        78336        ----a-w-        c:\windows\system32\drivers\IPMIDrv.sys
2014-06-29 08:50 . 2014-06-29 08:53        --------        d-----w-        C:\FRST
2014-06-29 08:31 . 2014-01-31 00:06        1628160        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-06-29 08:31 . 2014-01-31 00:48        1339392        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-06-29 07:26 . 2014-06-29 07:26        --------        d-----w-        c:\program files (x86)\Microsoft Office 15
2014-06-29 07:20 . 2013-09-28 03:35        288768        ----a-w-        c:\windows\system32\drivers\portcls.sys
2014-06-28 19:45 . 2014-06-28 19:45        --------        d-----w-        c:\programdata\regid.1986-12.com.adobe
2014-06-28 19:36 . 2013-08-07 05:15        144896        ----a-w-        c:\windows\system32\tssdisai.dll
2014-06-28 19:36 . 2012-11-10 04:22        122880        ----a-w-        c:\windows\system32\VmHostAI.dll
2014-06-28 19:36 . 2012-11-10 04:22        126976        ----a-w-        c:\windows\system32\RDWebAI.dll
2014-06-28 19:36 . 2012-11-10 04:20        135680        ----a-w-        c:\windows\system32\appserverai.dll
2014-06-28 19:36 . 2012-11-10 04:23        132608        ----a-w-        c:\windows\SysWow64\poqexec.exe
2014-06-28 19:36 . 2012-11-10 04:23        148480        ----a-w-        c:\windows\system32\poqexec.exe
2014-06-28 19:24 . 2013-05-23 22:25        694272        ----a-w-        c:\windows\SysWow64\rpcrt4.dll
2014-06-28 19:24 . 2013-07-06 00:15        652288        ----a-w-        c:\windows\system32\comctl32.dll
2014-06-28 19:24 . 2013-07-04 02:13        541696        ----a-w-        c:\windows\SysWow64\comctl32.dll
2014-06-28 19:23 . 2013-04-11 22:30        1421312        ----a-w-        c:\windows\SysWow64\DWrite.dll
2014-06-28 19:23 . 2013-04-11 22:22        1838080        ----a-w-        c:\windows\system32\DWrite.dll
2014-06-28 19:17 . 2013-04-10 22:35        1617920        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2014-06-28 19:17 . 2013-04-10 22:35        2035200        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2014-06-28 19:17 . 2013-04-10 22:35        1272320        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-06-28 19:17 . 2013-04-11 04:12        1029632        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2014-06-28 19:17 . 2013-04-11 04:12        1413632        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2014-06-28 19:17 . 2013-04-10 22:35        1318912        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2014-06-28 19:17 . 2013-04-10 22:35        1306112        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2014-06-28 19:17 . 2014-05-03 05:47        3246592        ----a-w-        c:\windows\system32\rdpcorets.dll
2014-06-28 19:17 . 2014-05-03 03:34        235520        ----a-w-        c:\windows\system32\rdpudd.dll
2014-06-28 19:16 . 2013-10-19 05:45        62976        ----a-w-        c:\windows\system32\imagehlp.dll
2014-06-28 19:16 . 2013-10-19 04:04        59392        ----a-w-        c:\windows\SysWow64\imagehlp.dll
2014-06-28 19:16 . 2013-05-04 06:59        2842112        ----a-w-        c:\windows\system32\WMVDECOD.DLL
2014-06-28 19:16 . 2013-05-04 04:57        2620928        ----a-w-        c:\windows\SysWow64\WMVDECOD.DLL
2014-06-28 19:16 . 2013-07-01 22:14        25600        ----a-w-        c:\windows\system32\drivers\usbprint.sys
2014-06-28 19:16 . 2013-06-29 03:08        32768        ----a-w-        c:\windows\system32\drivers\hidparse.sys
2014-06-28 19:16 . 2014-01-12 23:30        2238976        ----a-w-        c:\windows\system32\d3d10warp.dll
2014-06-28 19:16 . 2013-11-20 00:15        3842560        ----a-w-        c:\windows\system32\d2d1.dll
2014-06-28 19:16 . 2013-11-19 23:57        3288576        ----a-w-        c:\windows\SysWow64\d2d1.dll
2014-06-28 19:16 . 2014-01-12 23:30        2032640        ----a-w-        c:\windows\SysWow64\d3d10warp.dll
2014-06-28 19:16 . 2013-07-19 22:13        124112        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-06-28 19:16 . 2013-07-19 22:13        102608        ----a-w-        c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2014-06-28 16:23 . 2014-05-24 01:25        61440        ----a-w-        c:\windows\SysWow64\iesetup.dll
2014-06-28 16:23 . 2014-05-24 02:46        39936        ----a-w-        c:\windows\system32\iernonce.dll
2014-06-28 16:23 . 2014-05-24 02:10        770736        ----a-w-        c:\program files (x86)\Internet Explorer\iexplore.exe
2014-06-28 16:23 . 2014-05-24 01:25        109056        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2014-06-28 16:23 . 2014-05-24 01:09        2706432        ----a-w-        c:\windows\system32\mshtml.tlb
2014-06-28 16:21 . 2013-04-23 23:13        1013248        ----a-w-        c:\windows\SysWow64\certutil.exe
2014-06-28 16:21 . 2013-04-23 23:12        109056        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2014-06-28 16:21 . 2013-04-23 22:56        1255936        ----a-w-        c:\windows\system32\certutil.exe
2014-06-28 16:21 . 2013-04-23 22:55        141312        ----a-w-        c:\windows\system32\cryptnet.dll
2014-06-28 16:21 . 2013-05-15 02:25        888320        ----a-w-        c:\windows\system32\autochk.exe
2014-06-28 16:21 . 2013-05-15 02:25        542208        ----a-w-        c:\windows\system32\untfs.dll
2014-06-28 16:21 . 2013-05-15 02:24        793088        ----a-w-        c:\windows\SysWow64\autochk.exe
2014-06-28 16:21 . 2013-05-15 02:24        482816        ----a-w-        c:\windows\SysWow64\untfs.dll
2014-06-28 16:20 . 2014-02-08 04:34        4036608        ----a-w-        c:\windows\system32\win32k.sys
2014-06-28 16:19 . 2013-03-02 08:23        100864        ----a-w-        c:\windows\SysWow64\SettingSyncInfo.dll
2014-06-28 16:19 . 2013-03-02 08:22        357888        ----a-w-        c:\windows\SysWow64\netcfgx.dll
2014-06-28 16:19 . 2013-03-02 08:21        550912        ----a-w-        c:\windows\SysWow64\drvstore.dll
2014-06-28 16:19 . 2013-03-02 08:21        145408        ----a-w-        c:\windows\SysWow64\powercfg.cpl
2014-06-28 16:19 . 2013-03-02 08:24        4298240        ----a-w-        c:\program files (x86)\Windows NT\Accessories\wordpad.exe
2014-06-28 16:19 . 2013-03-02 08:23        195072        ----a-w-        c:\program files (x86)\Windows NT\Accessories\WordpadFilter.dll
2014-06-28 16:19 . 2013-03-02 08:23        893952        ----a-w-        c:\windows\SysWow64\winmde.dll
2014-06-28 16:19 . 2013-03-02 08:23        504320        ----a-w-        c:\windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
2014-06-28 16:19 . 2013-03-02 08:23        601088        ----a-w-        c:\windows\SysWow64\Windows.Globalization.dll
2014-06-28 16:19 . 2013-03-02 08:21        36352        ----a-w-        c:\windows\SysWow64\DevDispItemProvider.dll
2014-06-28 16:17 . 2013-03-02 02:45        180224        ----a-w-        c:\windows\system32\SystemEventsBrokerServer.dll
2014-06-28 16:16 . 2014-03-28 08:23        19759104        ----a-w-        c:\windows\system32\shell32.dll
2014-06-28 16:15 . 2013-08-15 22:43        83968        ----a-w-        c:\windows\SysWow64\OEMLicense.dll
2014-06-28 16:15 . 2013-08-15 22:43        167424        ----a-w-        c:\windows\SysWow64\WSClient.dll
2014-06-28 16:15 . 2013-08-15 22:42        76800        ----a-w-        c:\windows\SysWow64\setupcln.dll
2014-06-28 16:15 . 2013-08-15 22:42        91648        ----a-w-        c:\windows\SysWow64\sppc.dll
2014-06-28 16:15 . 2013-08-15 22:43        159232        ----a-w-        c:\windows\SysWow64\WSSync.dll
2014-06-28 16:15 . 2013-08-15 22:43        20992        ----a-w-        c:\windows\SysWow64\wups.dll
2014-06-28 16:13 . 2013-07-13 04:24        261120        ----a-w-        c:\windows\SysWow64\wintrust.dll
2014-06-28 16:13 . 2013-07-13 04:23        87040        ----a-w-        c:\windows\SysWow64\apprepapi.dll
2014-06-28 16:13 . 2013-07-13 04:23        74240        ----a-w-        c:\windows\SysWow64\apprepsync.dll
2014-06-28 16:12 . 2013-07-13 06:18        337408        ----a-w-        c:\windows\system32\wintrust.dll
2014-06-28 16:12 . 2013-07-13 06:16        68096        ----a-w-        c:\windows\system32\cryptsvc.dll
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-25 15:15 . 2012-07-26 08:13        23264        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
2014-06-19 09:40        513648        ----a-w-        c:\program files (x86)\SupTab\SupTab.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{769a91da-209f-47fe-88b9-b0321b0982c8}]
2014-06-24 21:47        249632        ----a-w-        c:\program files (x86)\NetCrawl\NetCrawlBHO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{450D6ECA-9163-44AC-A5E5-3FE207A086D6}"
[HKEY_CLASSES_ROOT\CLSID\{450D6ECA-9163-44AC-A5E5-3FE207A086D6}]
2012-08-06 03:41        158224        ----a-w-        c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\Erkut\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\Erkut\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        131248        ----a-w-        c:\users\Erkut\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-08-06 03:41        158224        ----a-w-        c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_20F6763770B7EAAD43619F195218A3DA"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-06-05 860488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-26 642216]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-03-07 310640]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-08-15 97392]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-28 4086432]
.
c:\users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Erkut\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 IePluginServices;IePlugin Services;c:\programdata\IePluginServices\PluginService.exe;c:\programdata\IePluginServices\PluginService.exe [x]
R2 SWUpdateService;SW Update Service;c:\programdata\Samsung\SW Update Service\SWMAgent.exe;c:\programdata\Samsung\SW Update Service\SWMAgent.exe [x]
R2 Update NetCrawl;Update NetCrawl;c:\program files (x86)\NetCrawl\updateNetCrawl.exe;c:\program files (x86)\NetCrawl\updateNetCrawl.exe [x]
R2 WindowsProtectManger;WindowsProtectManger Service;c:\programdata\WindowsProtectManger\wprotectmanager.exe;c:\programdata\WindowsProtectManger\wprotectmanager.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 SBIOSIO;SBIOSIO;c:\users\Erkut\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys;c:\users\Erkut\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 intmsd;IntelliMemory Storage Filter Driver;c:\windows\system32\DRIVERS\intmsd.sys;c:\windows\SYSNATIVE\DRIVERS\intmsd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 {57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64;{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64;c:\windows\system32\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64.sys;c:\windows\SYSNATIVE\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]
S1 intmfs;IntelliMemory File System Filter Driver;c:\windows\system32\DRIVERS\intmfs.sys;c:\windows\SYSNATIVE\DRIVERS\intmfs.sys [x]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 Easy Launcher;Easy Launcher;c:\program files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe;c:\program files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [x]
S2 ETDService;Elan Service;c:\program files\Elantech\ETDService.exe;c:\program files\Elantech\ETDService.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 IntelliMemory;IntelliMemory;c:\program files\Condusiv Technologies\IntelliMemory\IntelliMem.exe;c:\program files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Util NetCrawl;Util NetCrawl;c:\program files (x86)\NetCrawl\bin\utilNetCrawl.exe;c:\program files (x86)\NetCrawl\bin\utilNetCrawl.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\System32\drivers\AMPPAL.sys;c:\windows\SYSNATIVE\drivers\AMPPAL.sys [x]
S3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 ETD;Samsung PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 ETDSMBus;ETDSMBus;c:\windows\system32\DRIVERS\ETDSMBus.sys;c:\windows\SYSNATIVE\DRIVERS\ETDSMBus.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\System32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]
S3 NETwNe64;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 8 64-Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x]
S3 RadioHIDMini;Radio HID Mini-driver;c:\windows\System32\drivers\RadioHIDMini.sys;c:\windows\SYSNATIVE\drivers\RadioHIDMini.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 usb3Hub;USB-IF USB 3.0 Hub;c:\windows\System32\drivers\usb3Hub.sys;c:\windows\SYSNATIVE\drivers\usb3Hub.sys [x]
S3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\System32\drivers\XHCIPort.sys;c:\windows\SYSNATIVE\drivers\XHCIPort.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-25 15:40        1091912        ----a-w-        c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-25 15:39]
.
2014-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-25 15:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-06-28 16:04        634872        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{450D6ECA-9163-44AC-A5E5-3FE207A086D6}"
[HKEY_CLASSES_ROOT\CLSID\{450D6ECA-9163-44AC-A5E5-3FE207A086D6}]
2012-08-06 03:42        190480        ----a-w-        c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BitcasaIconOverlay]
@="{A6975448-A999-49BB-B3E4-7730CF6A82C0}"
[HKEY_CLASSES_ROOT\CLSID\{A6975448-A999-49BB-B3E4-7730CF6A82C0}]
2012-12-27 07:58        570880        ----a-w-        c:\program files\Bitcasa\ExplorerMenu.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BitcasaProgressOverlay]
@="{6FB8D52A-0064-45B2-B687-F596FEAD09C2}"
[HKEY_CLASSES_ROOT\CLSID\{6FB8D52A-0064-45B2-B687-F596FEAD09C2}]
2012-12-27 07:58        570880        ----a-w-        c:\program files\Bitcasa\ExplorerMenu.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\Erkut\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\Erkut\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\Erkut\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09        164016        ----a-w-        c:\users\Erkut\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-08-06 03:42        190480        ----a-w-        c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-12-12 13263072]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-01-04 1260256]
"RtHDVBg_SRSSA"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-01-04 1260256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-01-25 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-25 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-01-25 442352]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2012-09-30 11582848]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"Bitcasa"="c:\program files\Bitcasa\Bitcasa.exe" [2012-12-27 4365824]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.sweet-page.com/?type=hp&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656
mDefault_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656&q={searchTerms}
mDefault_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656
mStart Page = hxxp://www.sweet-page.com/?type=hp&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1403710608&from=cor&uid=ST1000LM024XHN-M101MBB_S31UJ9CDA03656&q={searchTerms}
IE: An Bluetooth senden - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2014-06-30  19:36:36
ComboFix-quarantined-files.txt  2014-06-30 17:36
.
Vor Suchlauf: 10 Verzeichnis(se), 890.331.209.728 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 890.277.265.408 Bytes frei
.
- - End Of File - - B36C9FBB422C48C7ED27E4F02D44ABD2
5FB38429D5D77768867C76DCBDB35194

M-K-D-B 01.07.2014 16:20
Servus,



bitte erst Rkill ausführen, dann nochmal AdwCleaner, MBAM und Zoek versuchen.

Rechner nach Rkill nicht neu starten!



Suchlauf mit rKill

Bitte lade dir rKill von Grinler auf deinen Desktop von einem der folgenden Links: RKill oder http://www.trojaner-board.de/85629-rkill-download.html
  • Starte nun das Programm durch einen Doppelklick.
  • Wenn sich jetzt kein schwarzes Fenster öffnet, dann versuche einen der anderen Downloadlinks.
  • Das Tool wird jetzt einige Minuten lang laufen und verschiedene Einstellungen prüfen und neu setzen.
  • Nach dem Ende der Abarbeitung öffnet sich automatisch die Logdatei rkill.txt.
  • Bitte poste sie in deinen Thread in CODE-Tags (Anleitung).

der-kurti 01.07.2014 16:42
Servus,

anbei die Textdatei zu rkill

Code:
Rkill 2.6.7 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 hxxp://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/01/2014 05:24:26 PM in x64 mode.
Windows Version: Windows 8

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

  [HKLM\SOFTWARE\Microsoft\Windows Defender]
  "DisableAntiSpyware" = dword:00000001

 * Windows Firewall Disabled

  [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
  "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * WUDFRd [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1      localhost

Program finished at: 07/01/2014 05:24:38 PM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)
So jetzt hat auch AdwCleaner geklappt und hier ist die Textdatei dazu
Code:
# AdwCleaner v3.214 - Bericht erstellt am 01/07/2014 um 17:34:41
# Aktualisiert 29/06/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Erkut - KURTIS-LAPTOP
# Gestartet von : C:\Users\Erkut\Desktop\adwcleaner_3.214.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : IePluginServices
[#] Dienst Gelöscht : Update NetCrawl
[#] Dienst Gelöscht : Util NetCrawl
[#] Dienst Gelöscht : WindowsProtectManger

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\WindowsProtectManger
[!] Ordner Gelöscht : C:\Program Files (x86)\NetCrawl
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Users\Erkut\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\Erkut\AppData\Roaming\sweet-page
Ordner Gelöscht : C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\donengfgiigdigljcljplglplekpiomg
Datei Gelöscht : C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\NetCrawl
Schlüssel Gelöscht : HKCU\Software\SecuredDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\NetCrawl
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWindowsProtectManger
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\sweet-pageSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsProtectManger
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetCrawl

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16921

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v35.0.1916.153

[ Datei : C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Startup_urls] : hxxp://search.conduit.com/?ctid=CT2481020&SearchSource=48
Gelöscht [Extension] : donengfgiigdigljcljplglplekpiomg

*************************

AdwCleaner[R0].txt - [6634 octets] - [01/07/2014 17:32:19]
AdwCleaner[S0].txt - [5656 octets] - [01/07/2014 17:34:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5716 octets] ##########
MBAM und Zoek versuche ich gleich im Anschluss

M-K-D-B 01.07.2014 17:02
Zitat:
Zitat von der-kurti (Beitrag 1324416)
MBAM und Zoek versuche ich gleich im Anschluss
ok :)

der-kurti 01.07.2014 17:06
anbei mbam.txt

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 01.07.2014
Suchlauf-Zeit: 17:50:57
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.01.05
Rootkit Datenbank: v2014.07.01.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Erkut

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 304090
Verstrichene Zeit: 6 Min, 58 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 6
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64, In Quarantäne, [2c2dbbdfb1ca4beb010ef3178a7a8a76],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64, In Quarantäne, [ec6dd2c8dd9ed660b8570307be4629d7],
PUP.Optional.NetCrawl.A, HKLM\SOFTWARE\WOW6432NODE\NetCrawl, In Quarantäne, [2c2d8f0b7efd62d4490ebff2956d60a0],
PUP.Optional.SuperFish.A, HKU\S-1-5-21-3894098194-677086307-2034191709-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, In Quarantäne, [2732f4a6cab173c3bbe1d4db837fc33d],
PUP.Optional.NetCrawl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{769a91da-209f-47fe-88b9-b0321b0982c8}, In Quarantäne, [39202d6d7407d95d2bc7415220e4a060],
PUP.Optional.NetCrawl.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{769A91DA-209F-47FE-88B9-B0321B0982C8}, In Quarantäne, [39202d6d7407d95d2bc7415220e4a060],

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[adac029864172511dea1622cef15a25e]

Ordner: 0
(No malicious items detected)

Dateien: 5
PUP.Optional.Superfish.A, C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Löschen bei Neustart, [0455abefef8c56e03c38c9f2ef139e62],
PUP.Optional.Superfish.A, C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Löschen bei Neustart, [01586c2eeb90db5bc0b4516a10f2a45c],
PUP.Optional.Sanbreel.A, C:\Windows\System32\Drivers\{57F143AE-1ECD-493D-9DDB-32C45A3CECD5}GW64.SYS, In Quarantäne, [2c2dbbdfb1ca4beb010ef3178a7a8a76],
PUP.Optional.Sanbreel.A, C:\Windows\System32\Drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys, In Quarantäne, [ec6dd2c8dd9ed660b8570307be4629d7],
PUP.Optional.Conduit.A, C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (      "startup_urls": [ "hxxp://www.muenchenbiker.de/?open=for_suche&action=new", "hxxp://www.v-stromforum.de/search.php?search_id=unreadposts", "hxxp://de-de.facebook.com/", "hxxp://search.conduit.com/?ctid=CT2481020&SearchSource=48" ],), Ersetzt,[0b4e5a40f08b89ad13a3704d63a1d42c]

Physische Sektoren: 0
(No malicious items detected)


(end)
jetzt mache ich mich an Zoek ran ;-)

M-K-D-B 01.07.2014 17:11
Zitat:
Zitat von der-kurti (Beitrag 1324452)
jetzt mache ich mich an Zoek ran ;-)
gut so. :)


Dann noch FRST zur Kontrolle, damit wir weitermachen können.

der-kurti 01.07.2014 17:13
So hier ist die Zoek Datei:

Code:
Zoek.exe v5.0.0.0 Updated 30-06-2014
Tool run by Erkut on 01.07.2014 at 18:10:30,60.
Microsoft Windows 8 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Erkut\Desktop\zoek.exe    [Scan all users] [Script inserted]

==== System Restore Info ======================

01.07.2014 18:11:51 Zoek.exe System Restore Point Created Succesfully.

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{CC9E055E-96DD-4295-8FBF-17538BB97C6F} Unknown  Url="Not_Found"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 01.07.2014 at 18:12:24,13 ======================

M-K-D-B 01.07.2014 17:16
Jetzt noch FRST ausführen bitte. :)

der-kurti 01.07.2014 17:20
Hier die Results :


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-06-2014
Ran by Erkut (administrator) on KURTIS-LAPTOP on 01-07-2014 18:16:16
Running from C:\Users\Erkut\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Condusiv Technologies) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Users\Erkut\Desktop\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Users\Erkut\Desktop\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Users\Erkut\Desktop\Malwarebytes Anti-Malware\mbam.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Dropbox, Inc.) C:\Users\Erkut\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_SRSSA] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2889072 2013-03-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-11-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-07] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-06-28] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3894098194-677086307-2034191709-1001\...\Run: [GoogleChromeAutoLaunch_20F6763770B7EAAD43619F195218A3DA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
Startup: C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Erkut\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: 1EldosIconOverlay -> {450D6ECA-9163-44AC-A5E5-3FE207A086D6} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: BitcasaIconOverlay -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc)
ShellIconOverlayIdentifiers: BitcasaProgressOverlay -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: 1EldosIconOverlay -> {450D6ECA-9163-44AC-A5E5-3FE207A086D6} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {CC9E055E-96DD-4295-8FBF-17538BB97C6F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {CC9E055E-96DD-4295-8FBF-17538BB97C6F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - {CC9E055E-96DD-4295-8FBF-17538BB97C6F} URL =
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-28]

Chrome:
=======
CHR HomePage: hxxp://tdintrade.emea.tdworldwide.com/Pages/Default.aspx
CHR StartupUrls: "hxxp://www.muenchenbiker.de/?open=for_suche&action=new", "hxxp://www.v-stromforum.de/search.php?search_id=unreadposts", "hxxp://de-de.facebook.com/", "hxxp://search.conduit.com/?ctid=CT2481020&SearchSource=48"
CHR DefaultSearchKeyword: google.de_
CHR DefaultSearchURL: hxxp://www.google.de/search?q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-25]
CHR Extension: (Google Drive) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-25]
CHR Extension: (YouTube) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-25]
CHR Extension: (Google Search) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-25]
CHR Extension: (Gutscheincode Melder (von shopclever.de)) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\donengfgiigdigljcljplglplekpiomg [2014-06-25]
CHR Extension: (AdBlock) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-25]
CHR Extension: (avast! Online Security) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-28]
CHR Extension: (Chrome to Mobile) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd [2014-06-25]
CHR Extension: (Dropbox) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-06-25]
CHR Extension: (Google Maps) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-06-25]
CHR Extension: (Google Wallet) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-25]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2014-06-25]
CHR Extension: (Picasa) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-06-25]
CHR Extension: (Gutscheinsammler Finder) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilobbegphefikcgjpajnneiiahhejam [2014-06-25]
CHR Extension: (Gmail) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-28]

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-28] (AVAST Software)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99184 2013-03-25] (ELAN Microelectronics Corp.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
R2 IntelliMemory; C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [55720 2012-12-21] (Condusiv Technologies)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 MBAMScheduler; C:\Users\Erkut\Desktop\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Users\Erkut\Desktop\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-06-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [426848 2014-06-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-06-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-06-28] ()
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [21840 2013-03-25] (ELAN Microelectronic Corp.)
R1 intmfs; C:\Windows\System32\DRIVERS\intmfs.sys [29096 2012-12-21] (Condusiv Technologies)
R0 intmsd; C:\Windows\System32\DRIVERS\intmsd.sys [104872 2012-12-21] (Condusiv Technologies)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 SBIOSIO; \??\C:\Users\Erkut\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
S3 TVICPORT; \??\C:\windows\system32\DRIVERS\TVICPORT.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-01 18:16 - 2014-07-01 18:16 - 00019671 _____ () C:\Users\Erkut\Desktop\FRST.txt
2014-07-01 18:14 - 2014-07-01 18:15 - 02083328 _____ (Farbar) C:\Users\Erkut\Desktop\FRST64.exe
2014-07-01 18:11 - 2014-07-01 18:12 - 00002523 _____ () C:\zoek-results.log
2014-07-01 18:10 - 2014-07-01 18:10 - 00000000 ____D () C:\zoek_backup
2014-07-01 18:08 - 2014-07-01 18:08 - 01285120 _____ () C:\Users\Erkut\Desktop\zoek.exe
2014-07-01 18:00 - 2014-07-01 18:00 - 00003473 _____ () C:\Users\Erkut\Desktop\mbam.txt
2014-07-01 17:48 - 2014-07-01 18:04 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-01 17:47 - 2014-07-01 17:47 - 00000781 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-01 17:47 - 2014-07-01 17:47 - 00000000 ____D () C:\Users\Erkut\Desktop\Malwarebytes Anti-Malware
2014-07-01 17:47 - 2014-07-01 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-01 17:47 - 2014-07-01 17:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-01 17:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-01 17:47 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-01 17:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-01 17:45 - 2014-07-01 17:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Erkut\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-01 17:33 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-07-01 17:32 - 2014-07-01 17:34 - 00000000 ____D () C:\AdwCleaner
2014-07-01 17:29 - 2014-07-01 17:29 - 01346519 _____ () C:\Users\Erkut\Desktop\adwcleaner_3.214.exe
2014-07-01 17:24 - 2014-07-01 17:24 - 00002628 _____ () C:\Users\Erkut\Desktop\Rkill.txt
2014-07-01 17:23 - 2014-07-01 17:23 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Erkut\Desktop\rkill.com
2014-07-01 17:20 - 2014-07-01 17:20 - 00030370 _____ () C:\ComboFix.txt
2014-06-30 19:24 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-06-30 19:24 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-06-30 19:24 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-06-30 19:24 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-06-30 19:24 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-06-30 19:24 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2014-06-30 19:24 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-06-30 19:24 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-06-30 19:24 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-06-30 19:23 - 2014-07-01 17:20 - 00000000 ____D () C:\Qoobox
2014-06-30 19:23 - 2014-06-30 19:35 - 00000000 ____D () C:\windows\erdnt
2014-06-30 19:23 - 2014-06-30 19:23 - 05212874 ____R (Swearware) C:\Users\Erkut\Desktop\ComboFix.exe
2014-06-30 19:17 - 2014-06-30 19:17 - 03550392 _____ () C:\windows\system32\FNTCACHE.DAT
2014-06-30 18:33 - 2014-06-30 18:44 - 19423027 _____ () C:\Users\Erkut\Downloads\BASW-83356A7O.ZIP
2014-06-30 18:28 - 2014-05-31 07:16 - 00703992 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-06-30 18:28 - 2014-05-31 07:16 - 00105464 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-29 20:31 - 2014-04-03 13:22 - 02233176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-29 20:31 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-06-29 20:31 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-06-29 17:37 - 2014-04-30 00:32 - 01301504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-06-29 17:37 - 2014-04-30 00:22 - 01023488 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-06-29 17:37 - 2014-04-19 11:39 - 00628024 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-06-29 17:37 - 2014-04-19 10:45 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-06-29 17:37 - 2014-04-19 10:45 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-06-29 17:37 - 2014-04-19 08:57 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-06-29 17:37 - 2014-04-19 08:57 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-06-29 17:37 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-06-29 17:37 - 2013-10-10 13:53 - 00096600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2014-06-29 17:37 - 2013-10-10 11:21 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2014-06-29 17:37 - 2013-10-10 11:20 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2014-06-29 17:36 - 2013-09-04 05:11 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-06-29 16:18 - 2014-06-29 16:18 - 00000000 ____D () C:\windows\pss
2014-06-29 16:10 - 2013-04-03 01:37 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll
2014-06-29 16:10 - 2013-04-03 01:12 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
2014-06-29 14:29 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2014-06-29 14:29 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\windows\explorer.exe
2014-06-29 14:29 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2014-06-29 14:29 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2014-06-29 14:29 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2014-06-29 14:29 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2014-06-29 14:29 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfasfsrcsnk.dll
2014-06-29 14:29 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll
2014-06-29 14:29 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2014-06-29 14:29 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\vds.exe
2014-06-29 14:29 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\vdsutil.dll
2014-06-29 14:29 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\MbaeParserTask.exe
2014-06-29 14:29 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2014-06-29 14:29 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2014-06-29 14:29 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2014-06-29 14:29 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2014-06-29 14:29 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\windows\system32\mfasfsrcsnk.dll
2014-06-29 14:29 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll
2014-06-29 14:29 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-06-29 14:29 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupManager.dll
2014-06-29 14:29 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthAvrcpTg.sys
2014-06-29 14:29 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-06-29 14:29 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-06-29 14:29 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2014-06-29 14:29 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2014-06-29 14:28 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-06-29 14:28 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-06-29 14:28 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
2014-06-29 14:28 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2014-06-29 14:28 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-06-29 14:28 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
2014-06-29 14:28 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-06-29 14:28 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-06-29 14:28 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2014-06-29 14:28 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2014-06-29 14:18 - 2014-04-03 13:19 - 00328024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2014-06-29 14:18 - 2014-04-03 05:44 - 00619008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-06-29 14:18 - 2014-04-01 00:08 - 00387268 _____ () C:\windows\system32\ApnDatabase.xml
2014-06-29 14:18 - 2014-03-25 01:42 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\wusa.exe
2014-06-29 14:18 - 2014-03-25 00:56 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\wusa.exe
2014-06-29 14:05 - 2013-10-09 03:33 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-06-29 14:05 - 2013-10-09 00:30 - 00628736 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-06-29 14:05 - 2013-10-09 00:30 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-06-29 14:05 - 2013-10-09 00:30 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-06-29 14:05 - 2013-10-09 00:30 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-06-29 14:05 - 2013-10-09 00:28 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-06-29 14:05 - 2013-10-09 00:27 - 03279872 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-06-29 14:05 - 2013-10-09 00:27 - 01622016 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-06-29 14:05 - 2013-10-09 00:27 - 00773120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-06-29 14:05 - 2013-10-09 00:27 - 00252928 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-06-29 14:05 - 2013-10-09 00:27 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-06-29 14:05 - 2013-10-09 00:27 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-06-29 14:05 - 2013-10-09 00:27 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-06-29 14:05 - 2013-10-05 08:10 - 00285016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2014-06-29 14:05 - 2013-10-02 04:50 - 00447320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2014-06-29 14:05 - 2013-09-28 07:48 - 00778752 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-06-29 14:05 - 2013-09-28 05:58 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-06-29 14:05 - 2013-09-19 09:32 - 01455448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-06-29 14:05 - 2013-08-30 07:19 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\resutils.dll
2014-06-29 14:05 - 2013-08-30 07:18 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\clusapi.dll
2014-06-29 14:05 - 2013-08-30 01:48 - 00488960 _____ (Microsoft Corporation) C:\windows\SysWOW64\resutils.dll
2014-06-29 14:05 - 2013-08-30 01:47 - 00302080 _____ (Microsoft Corporation) C:\windows\SysWOW64\clusapi.dll
2014-06-29 13:55 - 2013-09-14 00:36 - 00247296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2014-06-29 13:55 - 2013-09-14 00:33 - 00328192 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2014-06-29 13:55 - 2013-08-30 07:43 - 00061784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\crashdmp.sys
2014-06-29 13:55 - 2013-08-30 07:20 - 01173504 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2014-06-29 13:55 - 2013-08-30 01:48 - 00914432 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2014-06-29 13:55 - 2013-08-21 08:39 - 00465240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2014-06-29 13:55 - 2013-08-10 08:30 - 00151896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys
2014-06-29 13:55 - 2013-07-25 01:10 - 10799104 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2014-06-29 13:55 - 2013-07-25 01:07 - 13661696 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2014-06-29 13:44 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msgpioclx.sys
2014-06-29 13:44 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2014-06-29 13:44 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2014-06-29 13:44 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\windows\SysWOW64\LocationApi.dll
2014-06-29 13:44 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\windows\system32\wwanmm.dll
2014-06-29 13:44 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\wwanconn.dll
2014-06-29 13:44 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Wwanadvui.dll
2014-06-29 13:44 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\windows\system32\LocationApi.dll
2014-06-29 13:44 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-06-29 13:44 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.BackgroundTransfer.dll
2014-06-29 13:44 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2014-06-29 13:44 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2014-06-29 13:44 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2014-06-29 13:44 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\openfiles.exe
2014-06-29 13:44 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\openfiles.exe
2014-06-29 13:44 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
2014-06-29 13:44 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
2014-06-29 13:44 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys
2014-06-29 13:44 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\HdAudio.sys
2014-06-29 13:44 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-06-29 13:44 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\wcmsvc.dll
2014-06-29 13:44 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll
2014-06-29 13:44 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\windows\system32\winmmbase.dll
2014-06-29 13:44 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\winmm.dll
2014-06-29 13:44 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmmbase.dll
2014-06-29 13:44 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmm.dll
2014-06-29 13:44 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\WinSCard.dll
2014-06-29 13:44 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\windows\system32\WinSCard.dll
2014-06-29 13:44 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2014-06-29 13:44 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2014-06-29 13:44 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2014-06-29 13:44 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2014-06-29 13:44 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2014-06-29 13:44 - 2012-10-24 06:54 - 00396008 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2014-06-29 13:44 - 2012-10-12 08:13 - 00109568 _____ (Microsoft Corporation) C:\windows\system32\dskquota.dll
2014-06-29 13:44 - 2012-10-12 07:39 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\dskquota.dll
2014-06-29 13:32 - 2013-10-31 07:56 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2014-06-29 13:32 - 2013-10-31 07:56 - 00758784 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll
2014-06-29 13:32 - 2013-10-31 06:01 - 00550400 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll
2014-06-29 13:32 - 2013-10-31 05:42 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys
2014-06-29 13:32 - 2013-10-13 22:49 - 00100696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2014-06-29 13:32 - 2013-08-27 07:21 - 00227840 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-06-29 13:32 - 2013-08-27 07:19 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2014-06-29 13:32 - 2013-08-27 00:29 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-06-29 13:32 - 2013-08-27 00:28 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2014-06-29 13:15 - 2013-08-10 07:21 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2014-06-29 13:15 - 2013-08-10 07:21 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncInfo.dll
2014-06-29 13:15 - 2013-08-10 05:58 - 00356352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2014-06-29 13:15 - 2013-08-03 08:40 - 01374208 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll
2014-06-29 13:15 - 2013-08-03 08:40 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wvc.dll
2014-06-29 13:15 - 2013-08-03 08:40 - 00462336 _____ (Microsoft Corporation) C:\windows\system32\sysmon.ocx
2014-06-29 13:15 - 2013-08-03 07:14 - 00399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysmon.ocx
2014-06-29 13:15 - 2013-08-03 07:13 - 01245696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll
2014-06-29 13:15 - 2013-08-03 07:13 - 00437248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wvc.dll
2014-06-29 13:15 - 2013-08-02 08:28 - 10116608 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-06-29 13:15 - 2013-08-02 08:28 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2014-06-29 13:15 - 2013-08-02 08:26 - 02304512 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-06-29 13:15 - 2013-08-02 07:08 - 08858112 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-06-29 13:15 - 2013-08-02 07:08 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2014-06-29 13:15 - 2013-08-02 07:06 - 02035712 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-06-29 13:15 - 2013-07-25 01:10 - 00158208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mbsmsapi.dll
2014-06-29 13:15 - 2013-07-25 01:06 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\mbsmsapi.dll
2014-06-29 13:15 - 2013-04-10 01:17 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2014-06-29 13:15 - 2013-04-10 00:29 - 00893952 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2014-06-29 13:15 - 2012-11-20 07:24 - 01164800 _____ (Microsoft Corporation) C:\windows\SysWOW64\Display.dll
2014-06-29 13:15 - 2012-11-20 07:17 - 01184256 _____ (Microsoft Corporation) C:\windows\system32\Display.dll
2014-06-29 13:15 - 2012-11-20 07:02 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDKURD.DLL
2014-06-29 13:15 - 2012-11-20 06:59 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDKURD.DLL
2014-06-29 13:09 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-06-29 13:09 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll
2014-06-29 13:09 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll
2014-06-29 13:09 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-06-29 13:09 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2014-06-29 13:09 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2014-06-29 13:09 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-06-29 13:09 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys
2014-06-29 13:09 - 2013-11-26 01:17 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2014-06-29 12:34 - 2014-06-29 12:34 - 00001022 _____ () C:\Users\Erkut\Desktop\Dropbox.lnk
2014-06-29 11:27 - 2014-07-01 17:27 - 00000000 ____D () C:\Users\Erkut\AppData\Local\CrashDumps
2014-06-29 10:52 - 2014-06-29 10:53 - 00032413 _____ () C:\Users\Erkut\Downloads\Addition.txt
2014-06-29 10:51 - 2014-06-29 10:53 - 00055670 _____ () C:\Users\Erkut\Downloads\FRST.txt
2014-06-29 10:50 - 2014-07-01 18:16 - 00000000 ____D () C:\FRST
2014-06-29 10:31 - 2014-01-31 02:48 - 01339392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-06-29 10:31 - 2014-01-31 02:06 - 01628160 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-06-29 09:26 - 2014-06-29 09:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 15
2014-06-29 09:24 - 2014-06-29 09:24 - 02947139 _____ () C:\Users\Erkut\Downloads\O15CTRRemove (1).diagcab
2014-06-29 09:20 - 2013-09-28 05:35 - 00288768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2014-06-28 22:20 - 2014-06-28 22:28 - 02936043 _____ () C:\Users\Erkut\Downloads\O15CTRRemove.diagcab
2014-06-28 22:13 - 2014-06-28 22:13 - 01351872 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x64.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_ (1).exe
2014-06-28 22:07 - 2014-06-28 22:07 - 00000000 ____D () C:\Users\Erkut\Documents\OneNote-Notizbücher
2014-06-28 21:45 - 2014-06-28 21:45 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-06-28 21:36 - 2013-08-07 07:15 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\tssdisai.dll
2014-06-28 21:36 - 2012-11-10 06:23 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2014-06-28 21:36 - 2012-11-10 06:23 - 00132608 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2014-06-28 21:36 - 2012-11-10 06:22 - 00126976 _____ (Microsoft Corporation) C:\windows\system32\RDWebAI.dll
2014-06-28 21:36 - 2012-11-10 06:22 - 00122880 _____ (Microsoft Corporation) C:\windows\system32\VmHostAI.dll
2014-06-28 21:36 - 2012-11-10 06:20 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\appserverai.dll
2014-06-28 21:25 - 2014-03-07 02:47 - 01419264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-28 21:25 - 2014-03-07 02:08 - 01845760 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-28 21:25 - 2013-07-06 00:02 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2014-06-28 21:25 - 2013-07-06 00:01 - 00210560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2014-06-28 21:25 - 2013-07-02 03:41 - 00337752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2014-06-28 21:25 - 2013-07-02 03:41 - 00213336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS
2014-06-28 21:25 - 2013-07-01 03:42 - 00623448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-06-28 21:25 - 2013-07-01 03:42 - 00498008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-06-28 21:25 - 2013-07-01 03:42 - 00079192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-06-28 21:25 - 2013-07-01 03:42 - 00021848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-06-28 21:25 - 2013-06-29 05:07 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-06-28 21:25 - 2013-06-29 05:06 - 00120832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-06-28 21:25 - 2013-06-22 07:45 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2014-06-28 21:25 - 2013-06-22 07:45 - 00054488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys
2014-06-28 21:25 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-06-28 21:24 - 2013-07-06 02:15 - 00652288 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2014-06-28 21:24 - 2013-07-04 04:13 - 00541696 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2014-06-28 21:24 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-06-28 21:23 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2014-06-28 21:23 - 2013-04-12 00:22 - 01838080 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2014-06-28 21:22 - 2013-04-09 07:33 - 00489576 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-06-28 21:22 - 2013-04-09 07:33 - 00446792 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-06-28 21:22 - 2013-04-09 07:33 - 00253544 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2014-06-28 21:22 - 2013-04-09 07:20 - 00306952 _____ (Microsoft Corporation) C:\windows\system32\kd_02_10ec.dll
2014-06-28 21:22 - 2013-04-09 07:20 - 00086280 _____ (Microsoft Corporation) C:\windows\system32\kdnet.dll
2014-06-28 21:22 - 2013-04-09 07:18 - 00077960 _____ (Microsoft Corporation) C:\windows\system32\kdvm.dll
2014-06-28 21:22 - 2013-04-09 07:17 - 01829408 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-06-28 21:22 - 2013-04-09 06:52 - 00816128 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2014-06-28 21:22 - 2013-04-09 06:52 - 00804352 _____ (Microsoft Corporation) C:\windows\system32\RecoveryDrive.exe
2014-06-28 21:22 - 2013-04-09 06:52 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2014-06-28 21:22 - 2013-04-09 06:52 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
2014-06-28 21:22 - 2013-04-09 06:52 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\Robocopy.exe
2014-06-28 21:22 - 2013-04-09 06:51 - 14267904 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2014-06-28 21:22 - 2013-04-09 06:51 - 03552768 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2014-06-28 21:22 - 2013-04-09 06:51 - 00595456 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.dll
2014-06-28 21:22 - 2013-04-09 06:51 - 00456704 _____ (Microsoft Corporation) C:\windows\system32\wpncore.dll
2014-06-28 21:22 - 2013-04-09 06:51 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2014-06-28 21:22 - 2013-04-09 06:51 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\wscsvc.dll
2014-06-28 21:22 - 2013-04-09 06:50 - 02107904 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2014-06-28 21:22 - 2013-04-09 06:50 - 00745984 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2014-06-28 21:22 - 2013-04-09 06:50 - 00435200 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2014-06-28 21:22 - 2013-04-09 06:50 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\GenuineCenter.dll
2014-06-28 21:22 - 2013-04-09 06:50 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\mssprxy.dll
2014-06-28 21:22 - 2013-04-09 06:50 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll
2014-06-28 21:22 - 2013-04-09 06:50 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\msshooks.dll
2014-06-28 21:22 - 2013-04-09 06:49 - 01444864 _____ (Microsoft Corporation) C:\windows\system32\MSAudDecMFT.dll
2014-06-28 21:22 - 2013-04-09 06:49 - 00468992 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll
2014-06-28 21:22 - 2013-04-09 06:49 - 00281088 _____ (Microsoft Corporation) C:\windows\system32\mfreadwrite.dll
2014-06-28 21:22 - 2013-04-09 06:49 - 00231936 _____ (Microsoft Corporation) C:\windows\system32\fhengine.dll
2014-06-28 21:22 - 2013-04-09 06:49 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\iuilp.dll
2014-06-28 21:22 - 2013-04-09 06:49 - 00196096 _____ (Microsoft Corporation) C:\windows\system32\dmvdsitf.dll
2014-06-28 21:22 - 2013-04-09 06:49 - 00172544 _____ (Microsoft Corporation) C:\windows\system32\dwmredir.dll
2014-06-28 21:22 - 2013-04-09 06:49 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\fmifs.dll
2014-06-28 21:22 - 2013-04-09 06:48 - 00169472 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2014-06-28 21:22 - 2013-04-09 04:34 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidbth.sys
2014-06-28 21:22 - 2013-04-09 04:33 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndproxy.sys
2014-06-28 21:22 - 2013-04-09 04:32 - 00805376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2014-06-28 21:22 - 2013-04-09 04:31 - 00083456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wanarp.sys
2014-06-28 21:22 - 2013-04-09 01:44 - 00123880 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscapi.dll
2014-06-28 21:22 - 2013-04-09 01:39 - 01408896 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-06-28 21:22 - 2013-04-09 01:37 - 00426024 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-06-28 21:22 - 2013-04-09 01:37 - 00324368 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-06-28 21:22 - 2013-04-08 23:52 - 11878912 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2014-06-28 21:22 - 2013-04-08 23:52 - 00670208 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2014-06-28 21:22 - 2013-04-08 23:52 - 00302592 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2014-06-28 21:22 - 2013-04-08 23:52 - 00171008 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFilterHost.exe
2014-06-28 21:22 - 2013-04-08 23:52 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Robocopy.exe
2014-06-28 21:22 - 2013-04-08 23:51 - 02767360 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2014-06-28 21:22 - 2013-04-08 23:51 - 01593344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2014-06-28 21:22 - 2013-04-08 23:51 - 01113600 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSAudDecMFT.dll
2014-06-28 21:22 - 2013-04-08 23:51 - 00659456 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2014-06-28 21:22 - 2013-04-08 23:51 - 00411136 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.dll
2014-06-28 21:22 - 2013-04-08 23:51 - 00403968 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2014-06-28 21:22 - 2013-04-08 23:51 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll
2014-06-28 21:22 - 2013-04-08 23:51 - 00214528 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfreadwrite.dll
2014-06-28 21:22 - 2013-04-08 23:51 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssphtb.dll
2014-06-28 21:22 - 2013-04-08 23:51 - 00155648 _____ (Microsoft Corporation) C:\windows\SysWOW64\dmvdsitf.dll
2014-06-28 21:22 - 2013-04-08 23:51 - 00041984 _____ (Microsoft Corporation) C:\windows\SysWOW64\fmifs.dll
2014-06-28 21:22 - 2013-04-08 23:51 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssprxy.dll
2014-06-28 21:22 - 2013-04-08 23:51 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msshooks.dll
2014-06-28 21:22 - 2013-04-05 01:30 - 00503080 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2014-06-28 21:22 - 2013-03-16 00:05 - 00298456 _____ (Microsoft Corporation) C:\windows\system32\rsaenh.dll
2014-06-28 21:22 - 2013-03-16 00:05 - 00252928 _____ (Microsoft Corporation) C:\windows\SysWOW64\rsaenh.dll
2014-06-28 21:17 - 2014-05-03 07:47 - 03246592 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-06-28 21:17 - 2014-05-03 05:34 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-06-28 21:16 - 2014-01-13 01:30 - 02238976 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-06-28 21:16 - 2014-01-13 01:30 - 02032640 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-06-28 21:16 - 2013-11-20 02:15 - 03842560 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-06-28 21:16 - 2013-11-20 01:57 - 03288576 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-06-28 21:16 - 2013-10-19 07:45 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2014-06-28 21:16 - 2013-10-19 06:04 - 00059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2014-06-28 21:16 - 2013-07-20 00:13 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-06-28 21:16 - 2013-07-20 00:13 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-06-28 21:16 - 2013-07-02 00:14 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbprint.sys
2014-06-28 21:16 - 2013-06-29 05:08 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2014-06-28 21:16 - 2013-05-04 08:59 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2014-06-28 21:16 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2014-06-28 21:15 - 2013-05-04 09:58 - 00120736 _____ (Microsoft Corporation) C:\windows\system32\AuthHost.exe
2014-06-28 21:15 - 2013-05-04 08:59 - 01483776 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2014-06-28 21:15 - 2013-05-04 08:59 - 00812544 _____ (Microsoft Corporation) C:\windows\system32\Magnify.exe
2014-06-28 21:15 - 2013-05-04 08:58 - 01332736 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2014-06-28 21:15 - 2013-05-04 08:58 - 00470528 _____ (Microsoft Corporation) C:\windows\system32\netprofmsvc.dll
2014-06-28 21:15 - 2013-05-04 08:58 - 00330240 _____ (Microsoft Corporation) C:\windows\system32\stobject.dll
2014-06-28 21:15 - 2013-05-04 08:58 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\netplwiz.dll
2014-06-28 21:15 - 2013-05-04 08:58 - 00151552 _____ (Microsoft Corporation) C:\windows\system32\netprofm.dll
2014-06-28 21:15 - 2013-05-04 08:58 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\psmsrv.dll
2014-06-28 21:15 - 2013-05-04 08:57 - 01131520 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentServer.dll
2014-06-28 21:15 - 2013-05-04 08:57 - 00708096 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.dll
2014-06-28 21:15 - 2013-05-04 08:57 - 00560640 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
2014-06-28 21:15 - 2013-05-04 08:57 - 00501760 _____ (Microsoft Corporation) C:\windows\system32\DevicePairing.dll
2014-06-28 21:15 - 2013-05-04 08:57 - 00389120 _____ (Microsoft Corporation) C:\windows\system32\BCP47Langs.dll
2014-06-28 21:15 - 2013-05-04 08:57 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\bisrv.dll
2014-06-28 21:15 - 2013-05-04 08:57 - 00122368 _____ (Microsoft Corporation) C:\windows\system32\biwinrt.dll
2014-06-28 21:15 - 2013-05-04 08:57 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\muifontsetup.dll
2014-06-28 21:15 - 2013-05-04 08:56 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\intl.cpl
2014-06-28 21:15 - 2013-05-04 06:58 - 00758784 _____ (Microsoft Corporation) C:\windows\SysWOW64\Magnify.exe
2014-06-28 21:15 - 2013-05-04 06:57 - 00303616 _____ (Microsoft Corporation) C:\windows\SysWOW64\stobject.dll
2014-06-28 21:15 - 2013-05-04 06:57 - 00151040 _____ (Microsoft Corporation) C:\windows\SysWOW64\netplwiz.dll
2014-06-28 21:15 - 2013-05-04 06:57 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\netprofm.dll
2014-06-28 21:15 - 2013-05-04 06:57 - 00018432 _____ (Microsoft Corporation) C:\windows\SysWOW64\npmproxy.dll
2014-06-28 21:15 - 2013-05-04 06:57 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\muifontsetup.dll
2014-06-28 21:15 - 2013-05-04 06:56 - 00449536 _____ (Microsoft Corporation) C:\windows\SysWOW64\DevicePairing.dll
2014-06-28 21:15 - 2013-05-04 06:56 - 00411136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
2014-06-28 21:15 - 2013-05-04 06:56 - 00309760 _____ (Microsoft Corporation) C:\windows\SysWOW64\BCP47Langs.dll
2014-06-28 21:15 - 2013-05-04 06:56 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\biwinrt.dll
2014-06-28 21:15 - 2013-05-04 06:55 - 00389632 _____ (Microsoft Corporation) C:\windows\SysWOW64\intl.cpl
2014-06-28 21:15 - 2013-05-04 06:51 - 00014848 _____ (Microsoft) C:\windows\system32\rars.rs
2014-06-28 21:15 - 2013-05-04 06:48 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidusb.sys
2014-06-28 21:15 - 2013-05-04 06:47 - 00427520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys
2014-06-28 21:15 - 2013-05-04 06:10 - 00014848 _____ (Microsoft) C:\windows\SysWOW64\rars.rs
2014-06-28 21:15 - 2013-03-02 04:45 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\taskhost.exe
2014-06-28 21:15 - 2013-03-02 04:45 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\taskhostex.exe
2014-06-28 18:23 - 2014-05-24 04:46 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-28 18:23 - 2014-05-24 03:26 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-28 18:23 - 2014-05-24 03:26 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-28 18:23 - 2014-05-24 03:25 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-06-28 18:23 - 2014-05-24 03:25 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-28 18:23 - 2014-05-24 03:25 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-28 18:23 - 2014-05-24 03:09 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-28 18:22 - 2014-07-01 18:05 - 00000000 ___RD () C:\Users\Erkut\Dropbox
2014-06-28 18:22 - 2014-05-24 04:48 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-28 18:22 - 2014-05-24 04:47 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-28 18:22 - 2014-05-24 04:47 - 01366016 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-28 18:22 - 2014-05-24 04:47 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-06-28 18:22 - 2014-05-24 04:47 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-06-28 18:22 - 2014-05-24 04:46 - 19290112 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-28 18:22 - 2014-05-24 04:46 - 15368704 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-28 18:22 - 2014-05-24 04:46 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-28 18:22 - 2014-05-24 04:46 - 02650112 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-28 18:22 - 2014-05-24 04:46 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-06-28 18:22 - 2014-05-24 04:46 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-28 18:22 - 2014-05-24 04:46 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-28 18:22 - 2014-05-24 04:46 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-06-28 18:22 - 2014-05-24 04:46 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-28 18:22 - 2014-05-24 04:46 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-28 18:22 - 2014-05-24 04:46 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-28 18:22 - 2014-05-24 04:45 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-28 18:22 - 2014-05-24 04:45 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-28 18:22 - 2014-05-24 04:45 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-28 18:22 - 2014-05-24 03:26 - 14365696 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-28 18:22 - 2014-05-24 03:26 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-28 18:22 - 2014-05-24 03:26 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-28 18:22 - 2014-05-24 03:26 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-28 18:22 - 2014-05-24 03:26 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-06-28 18:22 - 2014-05-24 03:25 - 13731328 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-28 18:22 - 2014-05-24 03:25 - 02862080 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-28 18:22 - 2014-05-24 03:25 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-28 18:22 - 2014-05-24 03:25 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-28 18:22 - 2014-05-24 03:25 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-06-28 18:22 - 2014-05-24 03:25 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-28 18:22 - 2014-05-24 03:25 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-28 18:22 - 2014-05-24 03:25 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-28 18:22 - 2014-05-24 03:03 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-28 18:22 - 2014-05-24 00:37 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-06-28 18:21 - 2013-05-15 04:25 - 00888320 _____ (Microsoft Corporation) C:\windows\system32\autochk.exe
2014-06-28 18:21 - 2013-05-15 04:25 - 00542208 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
2014-06-28 18:21 - 2013-05-15 04:24 - 00793088 _____ (Microsoft Corporation) C:\windows\SysWOW64\autochk.exe
2014-06-28 18:21 - 2013-05-15 04:24 - 00482816 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
2014-06-28 18:21 - 2013-04-24 01:13 - 01013248 _____ (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
2014-06-28 18:21 - 2013-04-24 01:12 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2014-06-28 18:21 - 2013-04-24 00:56 - 01255936 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
2014-06-28 18:21 - 2013-04-24 00:55 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2014-06-28 18:20 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-06-28 18:19 - 2013-03-02 10:23 - 00893952 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmde.dll
2014-06-28 18:19 - 2013-03-02 10:23 - 00601088 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll
2014-06-28 18:19 - 2013-03-02 10:23 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2014-06-28 18:19 - 2013-03-02 10:23 - 00100864 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncInfo.dll
2014-06-28 18:19 - 2013-03-02 10:22 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcfgx.dll
2014-06-28 18:19 - 2013-03-02 10:21 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\drvstore.dll
2014-06-28 18:19 - 2013-03-02 10:21 - 00145408 _____ (Microsoft Corporation) C:\windows\SysWOW64\powercfg.cpl
2014-06-28 18:19 - 2013-03-02 10:21 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\DevDispItemProvider.dll
2014-06-28 18:18 - 2013-03-02 12:57 - 00077544 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storahci.sys
2014-06-28 18:18 - 2013-03-02 12:39 - 00495336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vhdmp.sys
2014-06-28 18:18 - 2013-03-02 11:59 - 00411880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-06-28 18:18 - 2013-03-02 04:45 - 01149952 _____ (Microsoft Corporation) C:\windows\system32\winmde.dll
2014-06-28 18:18 - 2013-03-02 04:45 - 01101824 _____ (Microsoft Corporation) C:\windows\system32\wmpmde.dll
2014-06-28 18:18 - 2013-03-02 04:45 - 00171008 _____ (Microsoft Corporation) C:\windows\system32\TimeBrokerServer.dll
2014-06-28 18:18 - 2013-03-02 04:45 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\wpdbusenum.dll
2014-06-28 18:18 - 2013-03-02 04:15 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mouhid.sys
2014-06-28 18:18 - 2013-03-01 06:56 - 00156672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rfcomm.sys
2014-06-28 18:18 - 2013-03-01 06:56 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\monitor.sys
2014-06-28 18:17 - 2014-03-28 08:18 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-06-28 18:17 - 2013-03-02 12:39 - 00069864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pdc.sys
2014-06-28 18:17 - 2013-03-02 04:45 - 00951808 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll
2014-06-28 18:17 - 2013-03-02 04:45 - 00645120 _____ (Microsoft Corporation) C:\windows\system32\Windows.Security.Authentication.OnlineId.dll
2014-06-28 18:17 - 2013-03-02 04:45 - 00245248 _____ (Microsoft Corporation) C:\windows\system32\usbmon.dll
2014-06-28 18:17 - 2013-03-02 04:45 - 00240640 _____ (Microsoft Corporation) C:\windows\system32\fsquirt.exe
2014-06-28 18:17 - 2013-03-02 04:45 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\SystemEventsBrokerServer.dll
2014-06-28 18:17 - 2013-03-02 04:45 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\WSDPrintProxy.DLL
2014-06-28 18:17 - 2013-03-02 04:44 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\drvstore.dll
2014-06-28 18:17 - 2013-03-02 04:44 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\netcfgx.dll
2014-06-28 18:17 - 2013-03-02 04:44 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\discan.dll
2014-06-28 18:17 - 2013-03-02 04:44 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\NdisImPlatform.dll
2014-06-28 18:17 - 2013-03-02 04:44 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\DevDispItemProvider.dll
2014-06-28 18:17 - 2013-03-02 04:43 - 02146304 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2014-06-28 18:17 - 2013-03-02 04:43 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\powercfg.cpl
2014-06-28 18:17 - 2013-03-01 06:55 - 01175040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys
2014-06-28 18:16 - 2014-03-28 10:23 - 19759104 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-06-28 18:15 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSClient.dll
2014-06-28 18:15 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSSync.dll
2014-06-28 18:15 - 2013-08-16 00:43 - 00083968 _____ () C:\windows\SysWOW64\OEMLicense.dll
2014-06-28 18:15 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-06-28 18:15 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\windows\SysWOW64\sppc.dll
2014-06-28 18:15 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\setupcln.dll
2014-06-28 18:14 - 2013-08-16 07:41 - 00058200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dam.sys
2014-06-28 18:14 - 2013-08-16 07:39 - 02371728 _____ (Microsoft Corporation) C:\windows\system32\WSService.dll
2014-06-28 18:14 - 2013-08-16 07:22 - 04917760 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2014-06-28 18:14 - 2013-08-16 07:21 - 01164288 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
2014-06-28 18:14 - 2013-08-16 07:21 - 00368640 _____ (Microsoft Corporation) C:\windows\system32\sppwinob.dll
2014-06-28 18:14 - 2013-08-16 07:21 - 00204800 _____ (Microsoft Corporation) C:\windows\system32\WSClient.dll
2014-06-28 18:14 - 2013-08-16 07:21 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
2014-06-28 18:14 - 2013-08-16 07:21 - 00183808 _____ (Microsoft Corporation) C:\windows\system32\WSSync.dll
2014-06-28 18:14 - 2013-08-16 07:21 - 00120320 _____ (Microsoft Corporation) C:\windows\system32\sppc.dll
2014-06-28 18:14 - 2013-08-16 07:21 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\setupcln.dll
2014-06-28 18:14 - 2013-08-16 07:21 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-06-28 18:14 - 2013-08-16 07:21 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-06-28 18:14 - 2013-08-16 07:20 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2014-06-28 18:13 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2014-06-28 18:13 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepapi.dll
2014-06-28 18:13 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepsync.dll
2014-06-28 18:12 - 2013-12-09 02:45 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-28 18:12 - 2013-12-09 01:59 - 00600064 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-28 18:12 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2014-06-28 18:12 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2014-06-28 18:12 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\apprepapi.dll
2014-06-28 18:12 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\apprepsync.dll
2014-06-28 18:12 - 2013-05-27 01:17 - 00035328 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2014-06-28 18:12 - 2013-05-27 00:59 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2014-06-28 18:12 - 2013-05-25 05:15 - 00362496 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2014-06-28 18:12 - 2013-05-25 04:32 - 00300032 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2014-06-28 18:12 - 2013-04-27 07:20 - 00733184 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2014-06-28 18:11 - 2013-10-02 01:37 - 01569280 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-06-28 18:11 - 2013-10-02 01:26 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-06-28 18:10 - 2014-07-01 18:05 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\DropboxMaster
2014-06-28 18:10 - 2014-06-29 12:34 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-28 18:09 - 2013-02-02 07:41 - 01437184 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2014-06-28 18:09 - 2013-02-02 07:31 - 01690624 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2014-06-28 18:07 - 2014-07-01 18:05 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Dropbox
2014-06-28 18:06 - 2014-06-28 18:06 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\AVAST Software
2014-06-28 18:05 - 2014-07-01 17:39 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-06-28 18:05 - 2014-06-28 18:05 - 00001976 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-28 18:05 - 2014-06-28 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-28 18:04 - 2014-06-28 18:04 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00426848 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00307344 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-06-28 18:04 - 2014-06-28 18:04 - 00224896 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-06-28 18:04 - 2014-06-28 18:04 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-06-28 18:03 - 2014-06-28 18:03 - 91906368 _____ (AVAST Software) C:\Users\Erkut\Downloads\avast_free_antivirus_setup_9.0.2021.exe
2014-06-28 18:03 - 2014-06-28 18:03 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-28 18:03 - 2014-06-28 18:03 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-28 18:01 - 2013-10-10 11:32 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2014-06-28 18:01 - 2013-10-10 11:30 - 00162304 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrobj.dll
2014-06-28 18:01 - 2013-10-10 11:30 - 00156160 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2014-06-28 18:01 - 2013-10-10 11:24 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2014-06-28 18:01 - 2013-10-10 11:23 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2014-06-28 18:01 - 2013-10-10 11:22 - 00222720 _____ (Microsoft Corporation) C:\windows\system32\scrobj.dll
2014-06-28 18:01 - 2013-10-10 11:22 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2014-06-28 18:01 - 2013-03-15 02:17 - 00861184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2014-06-28 17:59 - 2013-08-23 09:22 - 02062848 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
2014-06-28 17:59 - 2013-08-23 03:44 - 01711616 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2014-06-28 17:59 - 2013-03-06 09:10 - 00112872 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-06-28 17:59 - 2013-03-06 08:29 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2014-06-28 17:58 - 2014-03-28 21:19 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2014-06-28 17:58 - 2014-03-24 00:11 - 00269592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2014-06-28 17:56 - 2014-04-12 09:23 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll
2014-06-28 17:56 - 2014-04-12 09:23 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-06-28 17:56 - 2014-04-12 09:23 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-06-28 17:56 - 2014-04-12 09:23 - 00178688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-06-28 17:56 - 2014-04-12 09:23 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-06-28 17:56 - 2014-04-12 09:22 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-06-28 17:56 - 2014-04-12 09:22 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-06-28 17:56 - 2014-03-11 02:41 - 00559104 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-06-28 17:56 - 2014-03-11 02:41 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-06-28 17:56 - 2014-03-11 02:41 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-06-28 17:56 - 2014-03-10 05:05 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-06-28 17:56 - 2014-03-10 03:27 - 00099840 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-06-28 17:55 - 2014-04-12 11:27 - 00172888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-06-28 17:55 - 2014-04-12 11:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-06-28 17:55 - 2014-04-12 11:09 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll
2014-06-28 17:55 - 2014-04-12 11:09 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-06-28 17:55 - 2014-04-12 11:09 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-06-28 17:55 - 2014-04-12 11:09 - 00094720 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-06-28 17:55 - 2014-04-12 11:08 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-06-28 17:55 - 2014-04-12 11:08 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-06-28 17:55 - 2014-04-12 11:08 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
2014-06-28 17:55 - 2014-04-12 11:08 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-06-28 17:55 - 2014-04-12 11:07 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-06-28 17:55 - 2014-04-12 08:58 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\workerdd.dll
2014-06-28 17:55 - 2014-03-11 05:32 - 06987096 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-06-28 17:55 - 2014-03-11 05:25 - 00100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-06-28 17:55 - 2014-03-11 02:39 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-06-28 17:55 - 2014-03-11 02:38 - 00982016 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-06-28 17:55 - 2014-03-11 02:38 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-06-28 17:55 - 2014-03-11 02:38 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-06-28 17:55 - 2014-03-11 02:38 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2014-06-28 17:55 - 2014-03-11 02:38 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-06-28 17:55 - 2014-03-11 02:38 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-06-28 17:55 - 2014-03-11 02:38 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-06-28 17:55 - 2014-03-04 01:07 - 00570216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2014-06-28 17:55 - 2013-12-05 01:37 - 00451072 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-06-28 17:55 - 2013-11-23 08:43 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2014-06-28 17:55 - 2013-11-23 07:05 - 00368640 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2014-06-28 17:54 - 2013-12-05 01:43 - 00583680 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-06-28 17:53 - 2014-03-28 10:23 - 01287168 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2014-06-28 17:53 - 2013-03-02 10:23 - 00375808 _____ (Microsoft Corporation) C:\windows\SysWOW64\ReAgent.dll
2014-06-28 17:53 - 2013-03-02 04:44 - 01011200 _____ (Microsoft Corporation) C:\windows\system32\reseteng.dll
2014-06-28 17:51 - 2013-03-22 05:49 - 02382336 _____ (Microsoft Corporation) C:\windows\SysWOW64\esent.dll
2014-06-28 17:51 - 2013-03-22 00:47 - 02851840 _____ (Microsoft Corporation) C:\windows\system32\esent.dll
2014-06-28 17:35 - 2014-06-28 17:35 - 00870672 _____ () C:\Users\Erkut\Downloads\Norton_Removal_Tool.exe
2014-06-28 13:10 - 2014-06-28 13:10 - 00000000 ____D () C:\NPE
2014-06-28 13:08 - 2014-06-28 13:14 - 00000000 ____D () C:\Users\Erkut\AppData\Local\NPE
2014-06-28 13:07 - 2014-06-28 13:07 - 03081712 ____N (Symantec Corporation) C:\Users\Erkut\Downloads\NPE.exe
2014-06-28 13:04 - 2014-06-28 13:04 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-06-28 12:39 - 2014-06-28 12:44 - 00000000 ___RD () C:\windows\BrowserChoice
2014-06-28 12:37 - 2014-06-01 17:17 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-06-28 12:35 - 2013-11-01 07:38 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2014-06-28 12:35 - 2013-11-01 05:49 - 00273408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2014-06-28 12:29 - 2014-06-29 09:25 - 00000000 ____D () C:\Users\Erkut\Documents\Outlook-Dateien
2014-06-28 11:51 - 2014-06-28 11:51 - 01351872 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x64.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_.exe
2014-06-28 11:47 - 2014-06-28 11:48 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\setupproplusretail.x86.de-de_act_1_ (1).exe
2014-06-28 11:35 - 2014-06-28 11:35 - 00002033 _____ () C:\Users\Public\Desktop\SideSync.lnk
2014-06-28 11:27 - 2014-06-28 11:27 - 00002050 _____ () C:\Users\Public\Desktop\Support Center.lnk
2014-06-28 11:23 - 2014-06-28 11:23 - 00001992 _____ () C:\Users\Public\Desktop\Help Desk.lnk
2014-06-28 11:19 - 2014-06-28 11:19 - 00003434 _____ () C:\windows\System32\Tasks\Settings
2014-06-28 11:18 - 2014-06-28 11:18 - 00002038 _____ () C:\Users\Public\Desktop\Settings.lnk
2014-06-28 11:05 - 2014-06-28 11:05 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\setupproplusretail.x86.de-de_act_1_.exe
2014-06-28 11:03 - 2014-06-28 11:03 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x86.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_.exe
2014-06-28 11:03 - 2014-06-28 11:03 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x86.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_ (1).exe
2014-06-27 21:52 - 2014-06-28 12:39 - 00000000 ____D () C:\windows\system32\MRT
2014-06-26 20:48 - 2014-06-28 12:37 - 00265050 _____ () C:\windows\msxml4-KB2758694-enu.LOG
2014-06-25 21:21 - 2014-06-25 21:21 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\ATI
2014-06-25 21:21 - 2014-06-25 21:21 - 00000000 ____D () C:\Users\Erkut\AppData\Local\ATI
2014-06-25 21:21 - 2014-06-25 21:21 - 00000000 ____D () C:\ProgramData\ATI
2014-06-25 18:28 - 2014-06-25 18:28 - 00288496 _____ () C:\windows\Minidump\062514-27171-01.dmp
2014-06-25 18:17 - 2014-06-25 18:28 - 00000000 ____D () C:\windows\Minidump
2014-06-25 18:16 - 2014-06-25 18:27 - 4051723278 _____ () C:\windows\MEMORY.DMP
2014-06-25 17:53 - 2014-06-25 17:53 - 00001182 _____ () C:\Users\Public\Desktop\MAGIX Video deluxe 2014 Plus.lnk
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Erkut\Documents\MAGIX_MusicEditor
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Xara
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Magix
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-06-25 17:52 - 2014-06-28 10:47 - 00000000 ___RD () C:\Users\Erkut\Documents\MAGIX
2014-06-25 17:52 - 2014-06-25 17:52 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-06-25 17:51 - 2014-06-25 17:58 - 00000000 ____D () C:\ProgramData\MAGIX
2014-06-25 17:51 - 2014-06-25 17:51 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-06-25 17:44 - 2014-06-25 17:58 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\MAGIX
2014-06-25 17:44 - 2014-06-25 17:44 - 02849256 _____ (MAGIX AG) C:\Users\Erkut\Downloads\videodeluxe2014plus_dlm.exe
2014-06-25 17:41 - 2014-06-25 17:41 - 00000000 _____ () C:\Users\Erkut\agent.log
2014-06-25 17:40 - 2014-06-25 17:40 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-25 17:40 - 2014-06-25 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-25 17:39 - 2014-07-01 18:04 - 00001132 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-25 17:39 - 2014-07-01 17:49 - 00001136 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-25 17:39 - 2014-06-25 17:44 - 00004108 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-25 17:39 - 2014-06-25 17:44 - 00003872 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-25 17:39 - 2014-06-25 17:40 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Google
2014-06-25 17:39 - 2014-06-25 17:40 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-25 17:38 - 2014-07-01 17:34 - 00000000 ____D () C:\Program Files (x86)\NetCrawl
2014-06-25 17:36 - 2014-06-25 17:35 - 00784840 _____ (Google Inc.) C:\Users\Erkut\Downloads\google-chrome.exe
2014-06-25 17:34 - 2014-06-25 17:34 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Macromedia
2014-06-25 17:33 - 2014-06-25 17:33 - 00000000 ____D () C:\Users\Erkut\AppData\Local\bitcasa
2014-06-25 17:28 - 2014-06-29 10:32 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3894098194-677086307-2034191709-1001
2014-06-25 17:22 - 2014-06-28 11:35 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Samsung
2014-06-25 17:21 - 2014-06-25 21:18 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Adobe
2014-06-25 17:21 - 2014-06-25 17:21 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-06-25 17:19 - 2014-06-28 21:45 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Adobe
2014-06-25 17:19 - 2014-06-25 17:19 - 00001450 _____ () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-25 17:19 - 2014-06-25 17:19 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Samsung
2014-06-25 17:19 - 2014-06-25 17:19 - 00000000 ____D () C:\Users\Erkut\.android
2014-06-25 17:18 - 2014-06-25 17:18 - 00001202 _____ () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk
2014-06-25 17:18 - 2014-06-25 17:18 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Absolute_Software
2014-06-25 17:18 - 2014-06-25 17:18 - 00000000 _____ () C:\windows\system32\Drivers\144D_SAMSUNG_na_670Z5E_P03A.mrk
2014-06-25 17:18 - 2013-02-25 18:04 - 121849162 _____ () C:\windows\[0407]SamsungStory01_ger.scr
2014-06-25 17:17 - 2014-06-28 11:04 - 00003059 _____ () C:\Users\Erkut\AppData\Roaming\AbsoluteReminder.xml
2014-06-25 17:17 - 2014-06-28 10:47 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-06-25 17:17 - 2014-06-25 17:17 - 00000000 ____D () C:\Users\Erkut\AppData\Local\VirtualStore
2014-06-25 17:16 - 2014-06-28 12:44 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Packages
2014-06-25 17:16 - 2014-06-25 17:16 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Intel
2014-06-25 17:15 - 2014-06-28 18:22 - 00000000 ____D () C:\Users\Erkut
2014-06-25 17:15 - 2014-06-25 17:15 - 00000020 ___SH () C:\Users\Erkut\ntuser.ini
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Vorlagen
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Startmenü
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Netzwerkumgebung
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Lokale Einstellungen
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Eigene Dateien
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Druckumgebung
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Documents\Eigene Musik
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Documents\Eigene Bilder
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\AppData\Local\Verlauf
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\AppData\Local\Anwendungsdaten
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Anwendungsdaten
2014-06-25 17:15 - 2013-05-24 18:49 - 00000000 ___RD () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-06-25 17:15 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-25 17:15 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-06-25 17:15 - 2012-07-26 10:13 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-11 18:55 - 2014-06-11 18:55 - 04446152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc110u.dll
2014-06-11 18:55 - 2014-06-11 18:55 - 04411848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc110.dll
2014-06-11 18:55 - 2014-06-11 18:55 - 00082888 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcm110u.dll
2014-06-11 18:55 - 2014-06-11 18:55 - 00082888 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcm110.dll

==================== One Month Modified Files and Folders =======

2014-07-01 18:16 - 2014-07-01 18:16 - 00019671 _____ () C:\Users\Erkut\Desktop\FRST.txt
2014-07-01 18:16 - 2014-06-29 10:50 - 00000000 ____D () C:\FRST
2014-07-01 18:15 - 2014-07-01 18:14 - 02083328 _____ (Farbar) C:\Users\Erkut\Desktop\FRST64.exe
2014-07-01 18:12 - 2014-07-01 18:11 - 00002523 _____ () C:\zoek-results.log
2014-07-01 18:10 - 2014-07-01 18:10 - 00000000 ____D () C:\zoek_backup
2014-07-01 18:08 - 2014-07-01 18:08 - 01285120 _____ () C:\Users\Erkut\Desktop\zoek.exe
2014-07-01 18:07 - 2013-05-24 19:37 - 00000000 ____D () C:\ProgramData\WinClon
2014-07-01 18:07 - 2013-05-24 17:49 - 01335236 _____ () C:\windows\WindowsUpdate.log
2014-07-01 18:05 - 2014-06-28 18:22 - 00000000 ___RD () C:\Users\Erkut\Dropbox
2014-07-01 18:05 - 2014-06-28 18:10 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\DropboxMaster
2014-07-01 18:05 - 2014-06-28 18:07 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Dropbox
2014-07-01 18:04 - 2014-07-01 17:48 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-01 18:04 - 2014-06-25 17:39 - 00001132 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-01 18:03 - 2012-08-05 23:07 - 00036118 _____ () C:\windows\PFRO.log
2014-07-01 18:03 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-01 18:02 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-07-01 18:02 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\Help
2014-07-01 18:02 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-07-01 18:00 - 2014-07-01 18:00 - 00003473 _____ () C:\Users\Erkut\Desktop\mbam.txt
2014-07-01 17:49 - 2014-06-25 17:39 - 00001136 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-01 17:47 - 2014-07-01 17:47 - 00000781 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-01 17:47 - 2014-07-01 17:47 - 00000000 ____D () C:\Users\Erkut\Desktop\Malwarebytes Anti-Malware
2014-07-01 17:47 - 2014-07-01 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-01 17:47 - 2014-07-01 17:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-01 17:46 - 2013-05-25 03:20 - 00753134 _____ () C:\windows\system32\perfh007.dat
2014-07-01 17:46 - 2013-05-25 03:20 - 00155826 _____ () C:\windows\system32\perfc007.dat
2014-07-01 17:46 - 2012-07-26 09:28 - 01745416 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-01 17:45 - 2014-07-01 17:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Erkut\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-01 17:41 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-07-01 17:39 - 2014-06-28 18:05 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-07-01 17:34 - 2014-07-01 17:32 - 00000000 ____D () C:\AdwCleaner
2014-07-01 17:34 - 2014-06-25 17:38 - 00000000 ____D () C:\Program Files (x86)\NetCrawl
2014-07-01 17:34 - 2012-07-26 07:26 - 00000194 _____ () C:\windows\win.ini
2014-07-01 17:29 - 2014-07-01 17:29 - 01346519 _____ () C:\Users\Erkut\Desktop\adwcleaner_3.214.exe
2014-07-01 17:27 - 2014-06-29 11:27 - 00000000 ____D () C:\Users\Erkut\AppData\Local\CrashDumps
2014-07-01 17:24 - 2014-07-01 17:24 - 00002628 _____ () C:\Users\Erkut\Desktop\Rkill.txt
2014-07-01 17:23 - 2014-07-01 17:23 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Erkut\Desktop\rkill.com
2014-07-01 17:20 - 2014-07-01 17:20 - 00030370 _____ () C:\ComboFix.txt
2014-07-01 17:20 - 2014-06-30 19:23 - 00000000 ____D () C:\Qoobox
2014-07-01 17:18 - 2012-07-26 07:26 - 00000215 _____ () C:\windows\system.ini
2014-06-30 19:36 - 2013-05-24 19:39 - 00000000 ____D () C:\Users\EasySurvey
2014-06-30 19:36 - 2012-07-26 07:37 - 00000000 __RHD () C:\Users\Default
2014-06-30 19:35 - 2014-06-30 19:23 - 00000000 ____D () C:\windows\erdnt
2014-06-30 19:23 - 2014-06-30 19:23 - 05212874 ____R (Swearware) C:\Users\Erkut\Desktop\ComboFix.exe
2014-06-30 19:17 - 2014-06-30 19:17 - 03550392 _____ () C:\windows\system32\FNTCACHE.DAT
2014-06-30 18:44 - 2014-06-30 18:33 - 19423027 _____ () C:\Users\Erkut\Downloads\BASW-83356A7O.ZIP
2014-06-30 18:25 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\WinStore
2014-06-30 18:25 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-06-30 18:24 - 2012-07-26 10:12 - 00000000 ___RD () C:\windows\ToastData
2014-06-30 18:24 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-06-30 18:24 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-06-30 18:24 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-06-30 18:24 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-06-30 18:24 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-06-30 18:24 - 2012-07-26 07:38 - 00000000 ____D () C:\windows\system32\oobe
2014-06-30 17:51 - 2012-07-26 09:59 - 00000000 ____D () C:\windows\CbsTemp
2014-06-29 16:18 - 2014-06-29 16:18 - 00000000 ____D () C:\windows\pss
2014-06-29 15:46 - 2012-07-26 10:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-29 15:46 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\SecureBootUpdates
2014-06-29 15:45 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-06-29 15:45 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-06-29 15:45 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-06-29 15:45 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-06-29 15:45 - 2012-07-26 07:38 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-06-29 15:45 - 2012-07-26 07:38 - 00000000 ____D () C:\windows\system32\Dism
2014-06-29 15:43 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\migwiz
2014-06-29 15:43 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\SysWOW64\winrm
2014-06-29 15:43 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\SysWOW64\slmgr
2014-06-29 15:43 - 2012-07-26 07:38 - 00000000 ____D () C:\windows\SysWOW64\oobe
2014-06-29 15:43 - 2012-07-26 07:37 - 00000000 ____D () C:\windows\servicing
2014-06-29 15:42 - 2013-05-25 03:13 - 00000000 ____D () C:\windows\SysWOW64\XPSViewer
2014-06-29 15:42 - 2012-07-26 10:12 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
2014-06-29 15:42 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\MUI
2014-06-29 15:42 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\Com
2014-06-29 15:42 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\migwiz
2014-06-29 15:42 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\SysWOW64\WCN
2014-06-29 15:42 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\SysWOW64\sysprep
2014-06-29 15:42 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\SysWOW64\Printing_Admin_Scripts
2014-06-29 15:42 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\system32\winrm
2014-06-29 15:37 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\system32\WCN
2014-06-29 15:37 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\system32\slmgr
2014-06-29 15:37 - 2012-07-26 07:38 - 00000000 ____D () C:\windows\system32\Sysprep
2014-06-29 15:36 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\system32\Printing_Admin_Scripts
2014-06-29 15:35 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\SystemResetPlatform
2014-06-29 15:35 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\Com
2014-06-29 15:28 - 2013-05-25 03:30 - 00000000 ____D () C:\windows\en-GB
2014-06-29 15:28 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\en-GB
2014-06-29 15:28 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\System
2014-06-29 15:27 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\en-GB
2014-06-29 15:25 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\MUI
2014-06-29 13:17 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\rescache
2014-06-29 12:34 - 2014-06-29 12:34 - 00001022 _____ () C:\Users\Erkut\Desktop\Dropbox.lnk
2014-06-29 12:34 - 2014-06-28 18:10 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-29 10:53 - 2014-06-29 10:52 - 00032413 _____ () C:\Users\Erkut\Downloads\Addition.txt
2014-06-29 10:53 - 2014-06-29 10:51 - 00055670 _____ () C:\Users\Erkut\Downloads\FRST.txt
2014-06-29 10:32 - 2014-06-25 17:28 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3894098194-677086307-2034191709-1001
2014-06-29 09:32 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-06-29 09:26 - 2014-06-29 09:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 15
2014-06-29 09:25 - 2014-06-28 12:29 - 00000000 ____D () C:\Users\Erkut\Documents\Outlook-Dateien
2014-06-29 09:24 - 2014-06-29 09:24 - 02947139 _____ () C:\Users\Erkut\Downloads\O15CTRRemove (1).diagcab
2014-06-28 22:28 - 2014-06-28 22:20 - 02936043 _____ () C:\Users\Erkut\Downloads\O15CTRRemove.diagcab
2014-06-28 22:13 - 2014-06-28 22:13 - 01351872 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x64.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_ (1).exe
2014-06-28 22:07 - 2014-06-28 22:07 - 00000000 ____D () C:\Users\Erkut\Documents\OneNote-Notizbücher
2014-06-28 21:45 - 2014-06-28 21:45 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-06-28 21:45 - 2014-06-25 17:19 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Adobe
2014-06-28 21:35 - 2013-05-24 19:39 - 00000000 ____D () C:\ProgramData\Temp
2014-06-28 18:22 - 2014-06-25 17:15 - 00000000 ____D () C:\Users\Erkut
2014-06-28 18:06 - 2014-06-28 18:06 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\AVAST Software
2014-06-28 18:05 - 2014-06-28 18:05 - 00001976 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-28 18:05 - 2014-06-28 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-28 18:04 - 2014-06-28 18:04 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00426848 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00307344 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-06-28 18:04 - 2014-06-28 18:04 - 00224896 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-06-28 18:04 - 2014-06-28 18:04 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-06-28 18:03 - 2014-06-28 18:03 - 91906368 _____ (AVAST Software) C:\Users\Erkut\Downloads\avast_free_antivirus_setup_9.0.2021.exe
2014-06-28 18:03 - 2014-06-28 18:03 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-28 18:03 - 2014-06-28 18:03 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-28 17:36 - 2013-05-24 19:33 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-06-28 17:36 - 2013-05-24 19:32 - 00000000 ____D () C:\ProgramData\Norton
2014-06-28 17:35 - 2014-06-28 17:35 - 00870672 _____ () C:\Users\Erkut\Downloads\Norton_Removal_Tool.exe
2014-06-28 13:14 - 2014-06-28 13:08 - 00000000 ____D () C:\Users\Erkut\AppData\Local\NPE
2014-06-28 13:10 - 2014-06-28 13:10 - 00000000 ____D () C:\NPE
2014-06-28 13:07 - 2014-06-28 13:07 - 03081712 ____N (Symantec Corporation) C:\Users\Erkut\Downloads\NPE.exe
2014-06-28 13:04 - 2014-06-28 13:04 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-06-28 13:04 - 2012-07-26 09:21 - 00026966 _____ () C:\windows\setupact.log
2014-06-28 12:50 - 2013-05-24 19:34 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-06-28 12:44 - 2014-06-28 12:39 - 00000000 ___RD () C:\windows\BrowserChoice
2014-06-28 12:44 - 2014-06-25 17:16 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Packages
2014-06-28 12:44 - 2012-08-05 23:11 - 00000000 ____D () C:\ProgramData\PRICache
2014-06-28 12:39 - 2014-06-27 21:52 - 00000000 ____D () C:\windows\system32\MRT
2014-06-28 12:37 - 2014-06-26 20:48 - 00265050 _____ () C:\windows\msxml4-KB2758694-enu.LOG
2014-06-28 11:51 - 2014-06-28 11:51 - 01351872 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x64.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_.exe
2014-06-28 11:48 - 2014-06-28 11:47 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\setupproplusretail.x86.de-de_act_1_ (1).exe
2014-06-28 11:35 - 2014-06-28 11:35 - 00002033 _____ () C:\Users\Public\Desktop\SideSync.lnk
2014-06-28 11:35 - 2014-06-25 17:22 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Samsung
2014-06-28 11:35 - 2013-05-24 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-06-28 11:35 - 2013-05-24 17:51 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-06-28 11:27 - 2014-06-28 11:27 - 00002050 _____ () C:\Users\Public\Desktop\Support Center.lnk
2014-06-28 11:23 - 2014-06-28 11:23 - 00001992 _____ () C:\Users\Public\Desktop\Help Desk.lnk
2014-06-28 11:19 - 2014-06-28 11:19 - 00003434 _____ () C:\windows\System32\Tasks\Settings
2014-06-28 11:18 - 2014-06-28 11:18 - 00002038 _____ () C:\Users\Public\Desktop\Settings.lnk
2014-06-28 11:09 - 2013-05-24 19:34 - 00000000 ____D () C:\ProgramData\Samsung
2014-06-28 11:05 - 2014-06-28 11:05 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\setupproplusretail.x86.de-de_act_1_.exe
2014-06-28 11:04 - 2014-06-25 17:17 - 00003059 _____ () C:\Users\Erkut\AppData\Roaming\AbsoluteReminder.xml
2014-06-28 11:03 - 2014-06-28 11:03 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x86.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_.exe
2014-06-28 11:03 - 2014-06-28 11:03 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x86.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_ (1).exe
2014-06-28 10:47 - 2014-06-25 17:52 - 00000000 ___RD () C:\Users\Erkut\Documents\MAGIX
2014-06-28 10:47 - 2014-06-25 17:17 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-06-28 10:47 - 2013-05-24 19:32 - 00000000 ____D () C:\windows\system32\Drivers\NISx64
2014-06-28 10:47 - 2013-05-24 17:50 - 00000000 ____D () C:\ProgramData\Intel.sav
2014-06-28 10:47 - 2013-05-24 17:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-28 10:47 - 2013-05-24 17:47 - 00000000 ____D () C:\Program Files\Intel
2014-06-28 10:47 - 2013-05-24 17:46 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-06-28 10:47 - 2012-07-26 10:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-06-28 10:47 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-06-28 10:47 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\WinMetadata
2014-06-28 10:47 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\WinMetadata
2014-06-28 10:47 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\Macromed
2014-06-28 10:46 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\registration
2014-06-28 10:44 - 2013-05-24 19:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-06-28 10:44 - 2013-05-24 17:50 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-06-28 10:44 - 2013-05-24 17:47 - 00000000 ____D () C:\ProgramData\Intel
2014-06-28 10:43 - 2013-05-24 17:50 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-06-27 21:52 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-06-25 21:21 - 2014-06-25 21:21 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\ATI
2014-06-25 21:21 - 2014-06-25 21:21 - 00000000 ____D () C:\Users\Erkut\AppData\Local\ATI
2014-06-25 21:21 - 2014-06-25 21:21 - 00000000 ____D () C:\ProgramData\ATI
2014-06-25 21:18 - 2014-06-25 17:21 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Adobe
2014-06-25 19:54 - 2013-05-24 17:46 - 00000000 ____D () C:\Intel
2014-06-25 18:28 - 2014-06-25 18:28 - 00288496 _____ () C:\windows\Minidump\062514-27171-01.dmp
2014-06-25 18:28 - 2014-06-25 18:17 - 00000000 ____D () C:\windows\Minidump
2014-06-25 18:27 - 2014-06-25 18:16 - 4051723278 _____ () C:\windows\MEMORY.DMP
2014-06-25 18:16 - 2013-05-25 09:36 - 00165742 ____N () C:\windows\Minidump\062514-53515-01.dmp
2014-06-25 17:58 - 2014-06-25 17:51 - 00000000 ____D () C:\ProgramData\MAGIX
2014-06-25 17:58 - 2014-06-25 17:44 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\MAGIX
2014-06-25 17:53 - 2014-06-25 17:53 - 00001182 _____ () C:\Users\Public\Desktop\MAGIX Video deluxe 2014 Plus.lnk
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Erkut\Documents\MAGIX_MusicEditor
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Xara
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Magix
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-06-25 17:52 - 2014-06-25 17:52 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-06-25 17:51 - 2014-06-25 17:51 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-06-25 17:44 - 2014-06-25 17:44 - 02849256 _____ (MAGIX AG) C:\Users\Erkut\Downloads\videodeluxe2014plus_dlm.exe
2014-06-25 17:44 - 2014-06-25 17:39 - 00004108 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-25 17:44 - 2014-06-25 17:39 - 00003872 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-25 17:41 - 2014-06-25 17:41 - 00000000 _____ () C:\Users\Erkut\agent.log
2014-06-25 17:40 - 2014-06-25 17:40 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-25 17:40 - 2014-06-25 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-25 17:40 - 2014-06-25 17:39 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Google
2014-06-25 17:40 - 2014-06-25 17:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-25 17:35 - 2014-06-25 17:36 - 00784840 _____ (Google Inc.) C:\Users\Erkut\Downloads\google-chrome.exe
2014-06-25 17:34 - 2014-06-25 17:34 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Macromedia
2014-06-25 17:33 - 2014-06-25 17:33 - 00000000 ____D () C:\Users\Erkut\AppData\Local\bitcasa
2014-06-25 17:21 - 2014-06-25 17:21 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-06-25 17:19 - 2014-06-25 17:19 - 00001450 _____ () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-25 17:19 - 2014-06-25 17:19 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Samsung
2014-06-25 17:19 - 2014-06-25 17:19 - 00000000 ____D () C:\Users\Erkut\.android
2014-06-25 17:18 - 2014-06-25 17:18 - 00001202 _____ () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk
2014-06-25 17:18 - 2014-06-25 17:18 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Absolute_Software
2014-06-25 17:18 - 2014-06-25 17:18 - 00000000 _____ () C:\windows\system32\Drivers\144D_SAMSUNG_na_670Z5E_P03A.mrk
2014-06-25 17:17 - 2014-06-25 17:17 - 00000000 ____D () C:\Users\Erkut\AppData\Local\VirtualStore
2014-06-25 17:16 - 2014-06-25 17:16 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Intel
2014-06-25 17:15 - 2014-06-25 17:15 - 00000020 ___SH () C:\Users\Erkut\ntuser.ini
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Vorlagen
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Startmenü
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Netzwerkumgebung
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Lokale Einstellungen
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Eigene Dateien
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Druckumgebung
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Documents\Eigene Musik
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Documents\Eigene Bilder
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\AppData\Local\Verlauf
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\AppData\Local\Anwendungsdaten
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Anwendungsdaten
2014-06-11 18:55 - 2014-06-11 18:55 - 04446152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc110u.dll
2014-06-11 18:55 - 2014-06-11 18:55 - 04411848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc110.dll
2014-06-11 18:55 - 2014-06-11 18:55 - 00082888 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcm110u.dll
2014-06-11 18:55 - 2014-06-11 18:55 - 00082888 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcm110.dll
2014-06-01 17:17 - 2014-06-28 12:37 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


Some content of TEMP:
====================
C:\Users\Erkut\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcxcm0m.dll
C:\Users\Erkut\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2012-08-05 23:07

==================== End Of Log ============================
--- --- ---

der-kurti 01.07.2014 17:20
und hier ist die zweite:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2014
Ran by Erkut at 2014-07-01 18:16:52
Running from C:\Users\Erkut\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.2.0.26 - Absolute Software)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.21127 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{77A7CE43-5A1E-8282-931B-E0CC4C075793}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bitcasa version 0.9.20.4135 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4135 - Bitcasa Inc.)
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version:  - Alactro LLC)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1127.15.314 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1127.15.314 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1127.15.314 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.1127.15.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1127.15.314 - Advanced Micro Devices, Inc.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
ETDWare X64 11.7.10.4_WHQL (HKLM\...\Elantech) (Version: 11.7.10.4 - ELAN Microelectronic Corp.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36843 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.6.1.0536 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software Driver (Version: 15.06.1000.0199 - Intel Corporation) Hidden
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{87d45b7e-19da-4dd5-9214-5e0d587c312f}) (Version: 15.6.1 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 15.06.1000.0142 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
IntelliMemory (HKLM\...\{40320F22-7D70-49DB-9D66-B6FAE5F36B47}) (Version: 1.0.32.0 - Condusiv Technologies)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{49209082-E4F9-410D-B74D-E6506977F30B}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 Plus (HKLM-x32\...\MX.{85061988-E889-4A37-9CB7-4F695AC35544}) (Version: 13.0.2.8 - MAGIX AG)
MAGIX Video deluxe 2014 Plus (Version: 13.0.2.8 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{EE55B368-EBDF-98F3-CFE7-7CE4ADBC4553}) (Version: 1.00.0004 - Advanced Micro Devices, Inc.)
Phone Screen Sharing (HKLM-x32\...\{DF02C515-40B5-45AC-A601-5DC69D03885C}) (Version: 2.0.0.21 - RSUPPORT)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.9.1212.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6818 - Realtek Semiconductor Corp.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39036 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.7 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
SideSync (HKLM-x32\...\{59687468-8CE9-4ABF-9C6A-5C31F0E09F8B}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
SRS Premium Sound (HKLM-x32\...\{E44F8A34-529E-4318-A0E1-1893C337A47F}) (Version: 1.00.2600 - DTS, Inc.)
Support Center (HKLM\...\{AB0DEFBB-1A16-47B5-86D2-39F0A2B24AE4}) (Version: 2.1.1210 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.14 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
sweet-page uninstall (HKLM-x32\...\sweet-page uninstall) (Version:  - sweet-page) <==== ATTENTION
User Guide (HKLM-x32\...\{C7343D0D-E05B-4561-AAF1-8EDF0FEA1EAE}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

25-06-2014 17:55:23 Intel® PROSet/Wireless Software
28-06-2014 08:40:25 Wiederherstellungsvorgang
29-06-2014 10:55:21 Sprachpaketdeinstallation
01-07-2014 15:09:52 ComboFix created restore point

==================== Hosts content: ==========================

2012-07-26 07:26 - 2014-06-30 19:34 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {03A70337-00BA-4B18-8888-7FB3BF4444E4} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-13] (Intel Corporation)
Task: {072A0C1E-9D0B-4A5A-8E94-89BE06D1F513} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-06-01] (Microsoft Corporation)
Task: {0EFABB3C-98CC-4CF7-839E-1C6E9662DFBD} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {129BFEBC-FC51-47FA-A67D-FB068A7B2B57} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2014-01-29] (Samsung Electronics CO., LTD.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {40254841-9AA3-442B-934D-BE1BCD6A39ED} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-13] (Intel Corporation)
Task: {43D4FDAA-4606-4A46-831F-DEC7419338C5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\WSCStub.exe
Task: {779A1234-9901-4668-827A-4CB7A6C4D817} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-04-30] (SEC)
Task: {7CACB453-74E4-4097-B0A4-21624104B2C3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-28] (AVAST Software)
Task: {9D8A24F5-BE19-44C2-B301-82191EB33F73} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\SymErr.exe
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B591987F-6924-4519-B933-58E7291EC981} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\SymErr.exe
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {DD4AC9A6-1819-47F1-89EE-F6EC68EEEDC0} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-03-19] (Samsung Electronics CO., LTD.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EE6722B4-1A9B-4008-9EBB-90351FB18C81} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-25] (Google Inc.)
Task: {F4FED40C-6C6C-4101-8A4E-2E19DFE6446D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-25] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-29 13:20 - 2014-01-29 13:20 - 00084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2013-01-03 02:50 - 2012-11-01 07:43 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-02-05 06:50 - 2013-01-16 05:27 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-03-19 11:41 - 2014-03-19 11:41 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2014-06-28 18:04 - 2014-06-28 18:04 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-01 17:38 - 2014-07-01 17:38 - 02789376 _____ () C:\Program Files\AVAST Software\Avast\defs\14063001\algo.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 01141056 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00059712 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00102720 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2014-06-25 17:40 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-25 17:40 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-25 17:40 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-25 17:40 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-25 17:40 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-07-01 18:04 - 2014-07-01 18:04 - 00043008 _____ () c:\users\erkut\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcxcm0m.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Erkut\AppData\Roaming\Dropbox\bin\libcef.dll
2014-06-28 18:04 - 2014-06-28 18:04 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-05-24 17:47 - 2013-01-14 20:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/01/2014 05:27:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: der-kurti.exe, Version: 0.0.0.0, Zeitstempel: 0x4f25baec
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00059472
ID des fehlerhaften Prozesses: 0x774
Startzeit der fehlerhaften Anwendung: 0xder-kurti.exe0
Pfad der fehlerhaften Anwendung: der-kurti.exe1
Pfad des fehlerhaften Moduls: der-kurti.exe2
Berichtskennung: der-kurti.exe3
Vollständiger Name des fehlerhaften Pakets: der-kurti.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: der-kurti.exe5

Error: (06/30/2014 07:18:02 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhostex (2076) WebCacheLocal: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1032 auf.

Error: (06/30/2014 07:18:02 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostex (2076) WebCacheLocal: Versuch, Datei "C:\Users\Erkut\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (06/30/2014 06:36:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: der-kurti.exe, Version: 0.0.0.0, Zeitstempel: 0x4f25baec
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00059472
ID des fehlerhaften Prozesses: 0x1b4c
Startzeit der fehlerhaften Anwendung: 0xder-kurti.exe0
Pfad der fehlerhaften Anwendung: der-kurti.exe1
Pfad des fehlerhaften Moduls: der-kurti.exe2
Berichtskennung: der-kurti.exe3
Vollständiger Name des fehlerhaften Pakets: der-kurti.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: der-kurti.exe5

Error: (06/30/2014 06:36:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: der-kurti.exe, Version: 0.0.0.0, Zeitstempel: 0x4f25baec
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00059472
ID des fehlerhaften Prozesses: 0x1268
Startzeit der fehlerhaften Anwendung: 0xder-kurti.exe0
Pfad der fehlerhaften Anwendung: der-kurti.exe1
Pfad des fehlerhaften Moduls: der-kurti.exe2
Berichtskennung: der-kurti.exe3
Vollständiger Name des fehlerhaften Pakets: der-kurti.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: der-kurti.exe5

Error: (06/30/2014 06:30:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: der-kurti.exe, Version: 0.0.0.0, Zeitstempel: 0x4f25baec
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00059472
ID des fehlerhaften Prozesses: 0xf9c
Startzeit der fehlerhaften Anwendung: 0xder-kurti.exe0
Pfad der fehlerhaften Anwendung: der-kurti.exe1
Pfad des fehlerhaften Moduls: der-kurti.exe2
Berichtskennung: der-kurti.exe3
Vollständiger Name des fehlerhaften Pakets: der-kurti.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: der-kurti.exe5

Error: (06/30/2014 06:11:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: der-kurti.exe, Version: 0.0.0.0, Zeitstempel: 0x4f25baec
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00059472
ID des fehlerhaften Prozesses: 0x8f8
Startzeit der fehlerhaften Anwendung: 0xder-kurti.exe0
Pfad der fehlerhaften Anwendung: der-kurti.exe1
Pfad des fehlerhaften Moduls: der-kurti.exe2
Berichtskennung: der-kurti.exe3
Vollständiger Name des fehlerhaften Pakets: der-kurti.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: der-kurti.exe5

Error: (06/30/2014 06:05:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: der-kurti.exe, Version: 0.0.0.0, Zeitstempel: 0x4f25baec
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00059472
ID des fehlerhaften Prozesses: 0x730
Startzeit der fehlerhaften Anwendung: 0xder-kurti.exe0
Pfad der fehlerhaften Anwendung: der-kurti.exe1
Pfad des fehlerhaften Moduls: der-kurti.exe2
Berichtskennung: der-kurti.exe3
Vollständiger Name des fehlerhaften Pakets: der-kurti.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: der-kurti.exe5

Error: (06/30/2014 05:49:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: der-kurti.exe, Version: 0.0.0.0, Zeitstempel: 0x4f25baec
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00059472
ID des fehlerhaften Prozesses: 0x10e0
Startzeit der fehlerhaften Anwendung: 0xder-kurti.exe0
Pfad der fehlerhaften Anwendung: der-kurti.exe1
Pfad des fehlerhaften Moduls: der-kurti.exe2
Berichtskennung: der-kurti.exe3
Vollständiger Name des fehlerhaften Pakets: der-kurti.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: der-kurti.exe5

Error: (06/29/2014 08:18:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: der-kurti.exe, Version: 0.0.0.0, Zeitstempel: 0x4f25baec
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00059472
ID des fehlerhaften Prozesses: 0x109c
Startzeit der fehlerhaften Anwendung: 0xder-kurti.exe0
Pfad der fehlerhaften Anwendung: der-kurti.exe1
Pfad des fehlerhaften Moduls: der-kurti.exe2
Berichtskennung: der-kurti.exe3
Vollständiger Name des fehlerhaften Pakets: der-kurti.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: der-kurti.exe5


System errors:
=============
Error: (07/01/2014 06:02:57 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (07/01/2014 05:35:30 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (07/01/2014 05:30:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Active File Monitor V11" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/01/2014 05:18:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/01/2014 05:15:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/30/2014 07:34:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/30/2014 07:33:21 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys

Error: (06/30/2014 07:29:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (06/30/2014 07:23:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SW Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/30/2014 07:23:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "WindowsProtectManger Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (07/01/2014 05:27:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: der-kurti.exe0.0.0.04f25baecntdll.dll6.2.9200.16578515fac6ec00000050005947277401cf9540fe6f95e3C:\Users\Erkut\Desktop\der-kurti.exeC:\windows\SYSTEM32\ntdll.dll3cf1eaec-0134-11e4-be89-c4d987011e08

Error: (06/30/2014 07:18:02 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhostex2076WebCacheLocal: -1032

Error: (06/30/2014 07:18:02 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostex2076WebCacheLocal: C:\Users\Erkut\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (06/30/2014 06:36:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: der-kurti.exe0.0.0.04f25baecntdll.dll6.2.9200.16578515fac6ec0000005000594721b4c01cf948180fad3c7C:\Users\Erkut\Desktop\der-kurti.exeC:\windows\SYSTEM32\ntdll.dllbeaed4a3-0074-11e4-be88-c4d987011e08

Error: (06/30/2014 06:36:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: der-kurti.exe0.0.0.04f25baecntdll.dll6.2.9200.16578515fac6ec000000500059472126801cf948179064558C:\Users\Erkut\Desktop\der-kurti.exeC:\windows\SYSTEM32\ntdll.dllb6d9368d-0074-11e4-be88-c4d987011e08

Error: (06/30/2014 06:30:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: der-kurti.exe0.0.0.04f25baecntdll.dll6.2.9200.16578515fac6ec000000500059472f9c01cf948091b50e5eC:\Users\Erkut\Desktop\der-kurti.exeC:\windows\SYSTEM32\ntdll.dlld3616df2-0073-11e4-be88-c4d987011e08

Error: (06/30/2014 06:11:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: der-kurti.exe0.0.0.04f25baecntdll.dll6.2.9200.16578515fac6ec0000005000594728f801cf947e024f9144C:\Users\Erkut\Desktop\der-kurti.exeC:\windows\SYSTEM32\ntdll.dll401a86fa-0071-11e4-be87-c4d987011e08

Error: (06/30/2014 06:05:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: der-kurti.exe0.0.0.04f25baecntdll.dll6.2.9200.16578515fac6ec00000050005947273001cf947d1c4e8927C:\Users\Erkut\Desktop\der-kurti.exeC:\windows\SYSTEM32\ntdll.dll5a1fb874-0070-11e4-be87-c4d987011e08

Error: (06/30/2014 05:49:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: der-kurti.exe0.0.0.04f25baecntdll.dll6.2.9200.16578515fac6ec00000050005947210e001cf947ade08d785C:\Users\Erkut\Desktop\der-kurti.exeC:\windows\SYSTEM32\ntdll.dll1cade2ca-006e-11e4-be87-c4d987011e08

Error: (06/29/2014 08:18:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: der-kurti.exe0.0.0.04f25baecntdll.dll6.2.9200.16578515fac6ec000000500059472109c01cf93c676eaadebC:\Users\Erkut\Desktop\der-kurti.exeC:\windows\SYSTEM32\ntdll.dllb58ca191-ffb9-11e3-be87-c4d987011e08


CodeIntegrity Errors:
===================================
  Date: 2014-06-30 19:33:21.289
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 81%
Total physical RAM: 8076.76 MB
Available physical RAM: 1478.91 MB
Total Pagefile: 16268.77 MB
Available Pagefile: 9469.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:906.82 GB) (Free:830.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 68918664)

Partition: GPT Partition Type.

==================== End Of Log ============================

M-K-D-B 02.07.2014 08:25
Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.




Schritt 1
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :regfind
    sweet-page
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.






Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von SystemLook,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

der-kurti 02.07.2014 20:00
Hi,

anbei das Ergebnis von Schritt 1:

Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 18:02 on 02/07/2014 by Erkut
Administrator - Elevation successful

Invalid Context: regfind sweet-page

-= EOF =-
Hier das Ergebnis von Eset:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=28badac97a9a214ea36817195926e924
# engine=18989
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-02 06:49:11
# local_time=2014-07-02 08:49:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 292011 355533 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 181467 43446505 0 0
# scanned=271509
# found=31
# cleaned=0
# scan_time=9455
sh=6A75791557F75B43600A62424E17F3C7ED066822 ft=1 fh=b41fc7f522710e77 vn="Variante von Win32/BrowseFox.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\NetCrawlBHO.dll.vir"
sh=BDF129AE71F5F0F7809722E2DD3F5D3E0F4EE906 ft=1 fh=89b1207a94c4b442 vn="Variante von MSIL/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\NetCrawlBrowserFilter.exe.vir"
sh=281913B623A128E102247D02DD9FB8922F0912FC ft=1 fh=50c80f2b6c38f9e0 vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\NetCrawlUn.exe.vir"
sh=CA45BD00BC5E16FCADC1BF4C7B33BDCE05F360E2 ft=1 fh=936cb75c6189e734 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\tmp3473.tmp.vir"
sh=BFEF4D539EE292A3A4AE67EACF8DB762434BA685 ft=1 fh=eeffc819dde3edcb vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\updateNetCrawl.exe.vir"
sh=3AAEEF9023B1A73879BC2DF3C66CDD55E7F3E75E ft=1 fh=5b7a3dae0f2800db vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe.vir"
sh=E2C011DD9EB03538463ADD34A99B0ABE74E185D2 ft=1 fh=e57b80af10705fd4 vn="Variante von Win64/BrowseFox.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\NetCrawl.PurBrowse64.exe.vir"
sh=BEF6191BE62D225D882A795D96B2568AAAF82021 ft=1 fh=f487812e703ace51 vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\NetCrawlBAApp.dll.vir"
sh=BFEF4D539EE292A3A4AE67EACF8DB762434BA685 ft=1 fh=eeffc819dde3edcb vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe.vir"
sh=3ABDC4F876C1F08867AACCBFCE7A8491DF6F180F ft=1 fh=f70ae1497d0e44cf vn="Variante von Win32/BrowseFox.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}.dll.vir"
sh=451E1C90C545D1CDDEBAA64F1EA05A9EC0D2667C ft=1 fh=6207b2ba36c9a832 vn="Variante von Win32/BrowseFox.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\{6fcd6092-9615-4f7f-8898-8df53980e5d2}.dll.vir"
sh=B9F8E35E52853A3EE940568B983F3CD59F954B56 ft=1 fh=ea5599a74404395b vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.Bromon.dll.vir"
sh=D20D349B588E957870015249098D6063224B4CD9 ft=1 fh=d5c17b4150addd98 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.BroStats.dll.vir"
sh=F10ED83B346877E6F6626D9907D733E577C401D5 ft=1 fh=eb8d4f56e3bc38d5 vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.BrowserAdapterS.dll.vir"
sh=21D03A05EAA20A58F30FEFF79D3F7A51953A438E ft=1 fh=50dfc4f36a3272e7 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.CompatibilityChecker.dll.vir"
sh=4D89F852184704C81FFA2FEEC5C1203EF6733679 ft=1 fh=8db0cf78eda06264 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.FeSvc.dll.vir"
sh=4883AFB2CF455B18AA42A0FFD1491EFF021C481F ft=1 fh=36cedccb4d4175ea vn="Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.FFUpdate.dll.vir"
sh=077F92A475BE964AC9FB51C9174BD0C403462C3F ft=1 fh=76374ba05f27000f vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.IEUpdate.dll.vir"
sh=BB08B8BECFD039F49CD091F23181C7BC2C4B72C0 ft=1 fh=f82a0323cfa553a8 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.PurBrowseG.dll.vir"
sh=EC8AD155F4B30C30C2CE91EC13DF7A78ACC70C22 ft=1 fh=6ace80e88dec6440 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.Repmon.dll.vir"
sh=047D99E909F761A7DEA06B779AFE19B554A50C8E ft=1 fh=2380586d2a5d399e vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=7CE87614C256EF192C11FE5BAE8F5370D323C954 ft=1 fh=fada82384f0fa257 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=A5C29D6E3E18E7337B054F2ED1716420C855E89D ft=1 fh=9eebf1fc4a4ec7f6 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterfacef32.dll.vir"
sh=CB0FACA0EFAC61A0E2C06A7AA2FB1226B4D259F6 ft=1 fh=748dcd1285b267f0 vn="Win64/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=E9186EE9441DC1FFCEDC1B85C7E8F9610F74C545 ft=1 fh=217025d488d26a6f vn="Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir"
sh=D900E7A2C4BEC4703960CFAC1B7F534858C113C4 ft=1 fh=61d87035b3a8bda7 vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=A49D9289FA3CA48D8D169576B73DDB066388C6A7 ft=1 fh=1fb2be0293b378cf vn="Variante von Win32/ELEX.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=251A3803C9AB15C6EAF576250F78DC4CC1D843F7 ft=1 fh=bbd71f22d491c083 vn="Variante von Win32/ELEX.AM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsProtectManger\wprotectmanager.exe.vir"
sh=3AAEEF9023B1A73879BC2DF3C66CDD55E7F3E75E ft=1 fh=5b7a3dae0f2800db vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NetCrawl\bin\NetCrawl.BrowserAdapter.exe"
sh=BEF6191BE62D225D882A795D96B2568AAAF82021 ft=1 fh=f487812e703ace51 vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NetCrawl\bin\NetCrawlBAApp.dll"
sh=451E1C90C545D1CDDEBAA64F1EA05A9EC0D2667C ft=1 fh=6207b2ba36c9a832 vn="Variante von Win32/BrowseFox.K evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\NetCrawl\bin\{6fcd6092-9615-4f7f-8898-8df53980e5d2}.dll"
Security check done:

Code:
Results of screen317's Security Check version 0.99.83 
  x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Defender 
avast! Antivirus 
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Reader 10.1.3 Adobe Reader out of Date! 
 Google Chrome 35.0.1916.153 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Erkut Desktop Malwarebytes Anti-Malware mbamscheduler.exe
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

M-K-D-B 03.07.2014 18:17
systemlook nochmal ausführen, du hast nicht den kompletten Text in das Suchfeld kopiert. :)

der-kurti 04.07.2014 10:00
Hi,

so jetzt nochmal laufen lassen :

Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 22:17 on 03/07/2014 by Erkut
Administrator - Elevation successful

========== regfind ==========

Searching for "sweet-page"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\ARP]
"1"="Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall sweet-page uninstall C:\Users\Erkut\AppData\Roaming\sweet-page\UninstallManager.exe  -ptid=cor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstall]
"DisplayName"="sweet-page uninstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstall]
"UninstallString"="C:\Users\Erkut\AppData\Roaming\sweet-page\UninstallManager.exe  -ptid=cor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstall]
"DisplayIcon"="C:\Users\Erkut\AppData\Roaming\sweet-page\UninstallManager.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstall]
"Publisher"="sweet-page"

-= EOF =-
Ist es den diesmal vollständig ? Schaut auch etwas wenig aus aber ich hoffe diesmal passt es.

M-K-D-B 04.07.2014 15:05
Ja, passt. :)



FRST nochmal bitte:

  • Starte die FRST.exe erneut. Setze einen Haken vor Addition und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.

der-kurti 04.07.2014 15:35
anbei die Ergebnisse:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2014
Ran by Erkut (administrator) on KURTIS-LAPTOP on 04-07-2014 16:24:30
Running from C:\Users\Erkut\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Condusiv Technologies) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Users\Erkut\Desktop\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Users\Erkut\Desktop\Malwarebytes Anti-Malware\mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Malwarebytes Corporation) C:\Users\Erkut\Desktop\Malwarebytes Anti-Malware\mbam.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Dropbox, Inc.) C:\Users\Erkut\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_SRSSA] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2889072 2013-03-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-11-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-07] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-06-28] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3894098194-677086307-2034191709-1001\...\Run: [GoogleChromeAutoLaunch_20F6763770B7EAAD43619F195218A3DA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
Startup: C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Erkut\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: 1EldosIconOverlay -> {450D6ECA-9163-44AC-A5E5-3FE207A086D6} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: BitcasaIconOverlay -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc)
ShellIconOverlayIdentifiers: BitcasaProgressOverlay -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: 1EldosIconOverlay -> {450D6ECA-9163-44AC-A5E5-3FE207A086D6} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {CC9E055E-96DD-4295-8FBF-17538BB97C6F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {CC9E055E-96DD-4295-8FBF-17538BB97C6F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - {CC9E055E-96DD-4295-8FBF-17538BB97C6F} URL =
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-28]

Chrome:
=======
CHR HomePage: hxxp://tdintrade.emea.tdworldwide.com/Pages/Default.aspx
CHR StartupUrls: "hxxp://www.muenchenbiker.de/?open=for_suche&action=new", "hxxp://www.v-stromforum.de/search.php?search_id=unreadposts", "hxxp://de-de.facebook.com/", "hxxp://search.conduit.com/?ctid=CT2481020&SearchSource=48"
CHR DefaultSearchKeyword: google.de_
CHR DefaultSearchURL: hxxp://www.google.de/search?q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-25]
CHR Extension: (Google Drive) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-25]
CHR Extension: (YouTube) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-25]
CHR Extension: (Google Search) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-25]
CHR Extension: (Gutscheincode Melder (von shopclever.de)) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\donengfgiigdigljcljplglplekpiomg [2014-06-25]
CHR Extension: (AdBlock) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-25]
CHR Extension: (avast! Online Security) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-28]
CHR Extension: (Chrome to Mobile) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd [2014-06-25]
CHR Extension: (Dropbox) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-06-25]
CHR Extension: (Google Maps) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-06-25]
CHR Extension: (Google Wallet) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-25]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2014-06-25]
CHR Extension: (Picasa) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-06-25]
CHR Extension: (Gutscheinsammler Finder) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilobbegphefikcgjpajnneiiahhejam [2014-06-25]
CHR Extension: (Gmail) - C:\Users\Erkut\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-28]

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-28] (AVAST Software)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99184 2013-03-25] (ELAN Microelectronics Corp.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
R2 IntelliMemory; C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [55720 2012-12-21] (Condusiv Technologies)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 MBAMScheduler; C:\Users\Erkut\Desktop\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Users\Erkut\Desktop\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-06-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [426848 2014-06-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-06-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-06-28] ()
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [21840 2013-03-25] (ELAN Microelectronic Corp.)
R1 intmfs; C:\Windows\System32\DRIVERS\intmfs.sys [29096 2012-12-21] (Condusiv Technologies)
R0 intmsd; C:\Windows\System32\DRIVERS\intmsd.sys [104872 2012-12-21] (Condusiv Technologies)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 SBIOSIO; \??\C:\Users\Erkut\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
S3 TVICPORT; \??\C:\windows\system32\DRIVERS\TVICPORT.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-04 16:24 - 2014-07-04 16:24 - 00000000 ____D () C:\Users\Erkut\Desktop\FRST-OlderVersion
2014-07-02 20:58 - 2014-07-02 20:58 - 00854367 _____ () C:\Users\Erkut\Desktop\SecurityCheck.exe
2014-07-02 20:52 - 2014-07-02 20:52 - 00004450 _____ () C:\Users\Erkut\Desktop\eset.txt
2014-07-02 18:06 - 2014-07-02 18:06 - 02347384 _____ (ESET) C:\Users\Erkut\Desktop\esetsmartinstaller_deu.exe
2014-07-02 18:02 - 2014-07-03 22:20 - 00002414 _____ () C:\Users\Erkut\Desktop\SystemLook.txt
2014-07-02 18:00 - 2014-07-02 18:00 - 00165376 _____ () C:\Users\Erkut\Desktop\SystemLook_x64.exe
2014-07-01 21:43 - 2014-07-01 21:43 - 00000000 ____D () C:\Users\Erkut\AppData\Local\MAGIX_AG
2014-07-01 18:16 - 2014-07-04 16:24 - 00019902 _____ () C:\Users\Erkut\Desktop\FRST.txt
2014-07-01 18:16 - 2014-07-01 18:17 - 00033216 _____ () C:\Users\Erkut\Desktop\Addition.txt
2014-07-01 18:14 - 2014-07-04 16:24 - 02083840 _____ (Farbar) C:\Users\Erkut\Desktop\FRST64.exe
2014-07-01 18:11 - 2014-07-01 18:12 - 00002523 _____ () C:\zoek-results.log
2014-07-01 18:10 - 2014-07-01 18:10 - 00000000 ____D () C:\zoek_backup
2014-07-01 18:08 - 2014-07-01 18:08 - 01285120 _____ () C:\Users\Erkut\Desktop\zoek.exe
2014-07-01 18:00 - 2014-07-01 18:00 - 00003473 _____ () C:\Users\Erkut\Desktop\mbam.txt
2014-07-01 17:48 - 2014-07-04 16:24 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-01 17:47 - 2014-07-01 17:47 - 00000781 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-01 17:47 - 2014-07-01 17:47 - 00000000 ____D () C:\Users\Erkut\Desktop\Malwarebytes Anti-Malware
2014-07-01 17:47 - 2014-07-01 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-01 17:47 - 2014-07-01 17:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-01 17:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-01 17:47 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-01 17:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-01 17:45 - 2014-07-01 17:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Erkut\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-01 17:33 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-07-01 17:32 - 2014-07-01 17:34 - 00000000 ____D () C:\AdwCleaner
2014-07-01 17:29 - 2014-07-01 17:29 - 01346519 _____ () C:\Users\Erkut\Desktop\adwcleaner_3.214.exe
2014-07-01 17:24 - 2014-07-01 17:24 - 00002628 _____ () C:\Users\Erkut\Desktop\Rkill.txt
2014-07-01 17:23 - 2014-07-01 17:23 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Erkut\Desktop\rkill.com
2014-07-01 17:20 - 2014-07-01 17:20 - 00030370 _____ () C:\ComboFix.txt
2014-06-30 19:24 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-06-30 19:24 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-06-30 19:24 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-06-30 19:24 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-06-30 19:24 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-06-30 19:24 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2014-06-30 19:24 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-06-30 19:24 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-06-30 19:24 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-06-30 19:23 - 2014-07-01 17:20 - 00000000 ____D () C:\Qoobox
2014-06-30 19:23 - 2014-06-30 19:35 - 00000000 ____D () C:\windows\erdnt
2014-06-30 19:23 - 2014-06-30 19:23 - 05212874 ____R (Swearware) C:\Users\Erkut\Desktop\ComboFix.exe
2014-06-30 19:17 - 2014-06-30 19:17 - 03550392 _____ () C:\windows\system32\FNTCACHE.DAT
2014-06-30 18:33 - 2014-06-30 18:44 - 19423027 _____ () C:\Users\Erkut\Downloads\BASW-83356A7O.ZIP
2014-06-30 18:28 - 2014-05-31 07:16 - 00703992 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-06-30 18:28 - 2014-05-31 07:16 - 00105464 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-29 20:31 - 2014-04-03 13:22 - 02233176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-29 20:31 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-06-29 20:31 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-06-29 17:37 - 2014-04-30 00:32 - 01301504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-06-29 17:37 - 2014-04-30 00:22 - 01023488 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-06-29 17:37 - 2014-04-19 11:39 - 00628024 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-06-29 17:37 - 2014-04-19 10:45 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-06-29 17:37 - 2014-04-19 10:45 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-06-29 17:37 - 2014-04-19 08:57 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-06-29 17:37 - 2014-04-19 08:57 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-06-29 17:37 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-06-29 17:37 - 2013-10-10 13:53 - 00096600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2014-06-29 17:37 - 2013-10-10 11:21 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2014-06-29 17:37 - 2013-10-10 11:20 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2014-06-29 17:36 - 2013-09-04 05:11 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-06-29 16:18 - 2014-06-29 16:18 - 00000000 ____D () C:\windows\pss
2014-06-29 16:10 - 2013-04-03 01:37 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll
2014-06-29 16:10 - 2013-04-03 01:12 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
2014-06-29 14:29 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2014-06-29 14:29 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\windows\explorer.exe
2014-06-29 14:29 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2014-06-29 14:29 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2014-06-29 14:29 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2014-06-29 14:29 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2014-06-29 14:29 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfasfsrcsnk.dll
2014-06-29 14:29 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll
2014-06-29 14:29 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2014-06-29 14:29 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\vds.exe
2014-06-29 14:29 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\vdsutil.dll
2014-06-29 14:29 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\MbaeParserTask.exe
2014-06-29 14:29 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2014-06-29 14:29 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2014-06-29 14:29 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2014-06-29 14:29 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2014-06-29 14:29 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\windows\system32\mfasfsrcsnk.dll
2014-06-29 14:29 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll
2014-06-29 14:29 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-06-29 14:29 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupManager.dll
2014-06-29 14:29 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthAvrcpTg.sys
2014-06-29 14:29 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-06-29 14:29 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-06-29 14:29 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2014-06-29 14:29 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2014-06-29 14:28 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-06-29 14:28 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-06-29 14:28 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
2014-06-29 14:28 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2014-06-29 14:28 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-06-29 14:28 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
2014-06-29 14:28 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-06-29 14:28 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-06-29 14:28 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2014-06-29 14:28 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2014-06-29 14:18 - 2014-04-03 13:19 - 00328024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2014-06-29 14:18 - 2014-04-03 05:44 - 00619008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-06-29 14:18 - 2014-04-01 00:08 - 00387268 _____ () C:\windows\system32\ApnDatabase.xml
2014-06-29 14:18 - 2014-03-25 01:42 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\wusa.exe
2014-06-29 14:18 - 2014-03-25 00:56 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\wusa.exe
2014-06-29 14:05 - 2013-10-09 03:33 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-06-29 14:05 - 2013-10-09 00:30 - 00628736 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-06-29 14:05 - 2013-10-09 00:30 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-06-29 14:05 - 2013-10-09 00:30 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-06-29 14:05 - 2013-10-09 00:30 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-06-29 14:05 - 2013-10-09 00:28 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-06-29 14:05 - 2013-10-09 00:27 - 03279872 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-06-29 14:05 - 2013-10-09 00:27 - 01622016 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-06-29 14:05 - 2013-10-09 00:27 - 00773120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-06-29 14:05 - 2013-10-09 00:27 - 00252928 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-06-29 14:05 - 2013-10-09 00:27 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-06-29 14:05 - 2013-10-09 00:27 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-06-29 14:05 - 2013-10-09 00:27 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-06-29 14:05 - 2013-10-05 08:10 - 00285016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2014-06-29 14:05 - 2013-10-02 04:50 - 00447320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2014-06-29 14:05 - 2013-09-28 07:48 - 00778752 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-06-29 14:05 - 2013-09-28 05:58 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-06-29 14:05 - 2013-09-19 09:32 - 01455448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-06-29 14:05 - 2013-08-30 07:19 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\resutils.dll
2014-06-29 14:05 - 2013-08-30 07:18 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\clusapi.dll
2014-06-29 14:05 - 2013-08-30 01:48 - 00488960 _____ (Microsoft Corporation) C:\windows\SysWOW64\resutils.dll
2014-06-29 14:05 - 2013-08-30 01:47 - 00302080 _____ (Microsoft Corporation) C:\windows\SysWOW64\clusapi.dll
2014-06-29 13:55 - 2013-09-14 00:36 - 00247296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2014-06-29 13:55 - 2013-09-14 00:33 - 00328192 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2014-06-29 13:55 - 2013-08-30 07:43 - 00061784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\crashdmp.sys
2014-06-29 13:55 - 2013-08-30 07:20 - 01173504 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2014-06-29 13:55 - 2013-08-30 01:48 - 00914432 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2014-06-29 13:55 - 2013-08-21 08:39 - 00465240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2014-06-29 13:55 - 2013-08-10 08:30 - 00151896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys
2014-06-29 13:55 - 2013-07-25 01:10 - 10799104 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2014-06-29 13:55 - 2013-07-25 01:07 - 13661696 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2014-06-29 13:44 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msgpioclx.sys
2014-06-29 13:44 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2014-06-29 13:44 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2014-06-29 13:44 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\windows\SysWOW64\LocationApi.dll
2014-06-29 13:44 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\windows\system32\wwanmm.dll
2014-06-29 13:44 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\wwanconn.dll
2014-06-29 13:44 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Wwanadvui.dll
2014-06-29 13:44 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\windows\system32\LocationApi.dll
2014-06-29 13:44 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-06-29 13:44 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.BackgroundTransfer.dll
2014-06-29 13:44 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2014-06-29 13:44 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2014-06-29 13:44 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2014-06-29 13:44 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\openfiles.exe
2014-06-29 13:44 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\openfiles.exe
2014-06-29 13:44 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
2014-06-29 13:44 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
2014-06-29 13:44 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys
2014-06-29 13:44 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\HdAudio.sys
2014-06-29 13:44 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-06-29 13:44 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\wcmsvc.dll
2014-06-29 13:44 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll
2014-06-29 13:44 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\windows\system32\winmmbase.dll
2014-06-29 13:44 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\winmm.dll
2014-06-29 13:44 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmmbase.dll
2014-06-29 13:44 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmm.dll
2014-06-29 13:44 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\WinSCard.dll
2014-06-29 13:44 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\windows\system32\WinSCard.dll
2014-06-29 13:44 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2014-06-29 13:44 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2014-06-29 13:44 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2014-06-29 13:44 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2014-06-29 13:44 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2014-06-29 13:44 - 2012-10-24 06:54 - 00396008 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2014-06-29 13:44 - 2012-10-12 08:13 - 00109568 _____ (Microsoft Corporation) C:\windows\system32\dskquota.dll
2014-06-29 13:44 - 2012-10-12 07:39 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\dskquota.dll
2014-06-29 13:32 - 2013-10-31 07:56 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2014-06-29 13:32 - 2013-10-31 07:56 - 00758784 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll
2014-06-29 13:32 - 2013-10-31 06:01 - 00550400 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll
2014-06-29 13:32 - 2013-10-31 05:42 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys
2014-06-29 13:32 - 2013-10-13 22:49 - 00100696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2014-06-29 13:32 - 2013-08-27 07:21 - 00227840 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-06-29 13:32 - 2013-08-27 07:19 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2014-06-29 13:32 - 2013-08-27 00:29 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-06-29 13:32 - 2013-08-27 00:28 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2014-06-29 13:15 - 2013-08-10 07:21 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2014-06-29 13:15 - 2013-08-10 07:21 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncInfo.dll
2014-06-29 13:15 - 2013-08-10 05:58 - 00356352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2014-06-29 13:15 - 2013-08-03 08:40 - 01374208 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll
2014-06-29 13:15 - 2013-08-03 08:40 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wvc.dll
2014-06-29 13:15 - 2013-08-03 08:40 - 00462336 _____ (Microsoft Corporation) C:\windows\system32\sysmon.ocx
2014-06-29 13:15 - 2013-08-03 07:14 - 00399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysmon.ocx
2014-06-29 13:15 - 2013-08-03 07:13 - 01245696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll
2014-06-29 13:15 - 2013-08-03 07:13 - 00437248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wvc.dll
2014-06-29 13:15 - 2013-08-02 08:28 - 10116608 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-06-29 13:15 - 2013-08-02 08:28 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2014-06-29 13:15 - 2013-08-02 08:26 - 02304512 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-06-29 13:15 - 2013-08-02 07:08 - 08858112 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-06-29 13:15 - 2013-08-02 07:08 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2014-06-29 13:15 - 2013-08-02 07:06 - 02035712 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-06-29 13:15 - 2013-07-25 01:10 - 00158208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mbsmsapi.dll
2014-06-29 13:15 - 2013-07-25 01:06 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\mbsmsapi.dll
2014-06-29 13:15 - 2013-04-10 01:17 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2014-06-29 13:15 - 2013-04-10 00:29 - 00893952 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2014-06-29 13:15 - 2012-11-20 07:24 - 01164800 _____ (Microsoft Corporation) C:\windows\SysWOW64\Display.dll
2014-06-29 13:15 - 2012-11-20 07:17 - 01184256 _____ (Microsoft Corporation) C:\windows\system32\Display.dll
2014-06-29 13:15 - 2012-11-20 07:02 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDKURD.DLL
2014-06-29 13:15 - 2012-11-20 06:59 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDKURD.DLL
2014-06-29 13:09 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-06-29 13:09 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll
2014-06-29 13:09 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll
2014-06-29 13:09 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-06-29 13:09 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2014-06-29 13:09 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2014-06-29 13:09 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-06-29 13:09 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys
2014-06-29 13:09 - 2013-11-26 01:17 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2014-06-29 12:34 - 2014-06-29 12:34 - 00001022 _____ () C:\Users\Erkut\Desktop\Dropbox.lnk
2014-06-29 11:27 - 2014-07-01 17:27 - 00000000 ____D () C:\Users\Erkut\AppData\Local\CrashDumps
2014-06-29 10:52 - 2014-06-29 10:53 - 00032413 _____ () C:\Users\Erkut\Downloads\Addition.txt
2014-06-29 10:51 - 2014-06-29 10:53 - 00055670 _____ () C:\Users\Erkut\Downloads\FRST.txt
2014-06-29 10:50 - 2014-07-04 16:24 - 00000000 ____D () C:\FRST
2014-06-29 10:31 - 2014-01-31 02:48 - 01339392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-06-29 10:31 - 2014-01-31 02:06 - 01628160 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-06-29 09:26 - 2014-06-29 09:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 15
2014-06-29 09:24 - 2014-06-29 09:24 - 02947139 _____ () C:\Users\Erkut\Downloads\O15CTRRemove (1).diagcab
2014-06-29 09:20 - 2013-09-28 05:35 - 00288768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2014-06-28 22:20 - 2014-06-28 22:28 - 02936043 _____ () C:\Users\Erkut\Downloads\O15CTRRemove.diagcab
2014-06-28 22:13 - 2014-06-28 22:13 - 01351872 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x64.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_ (1).exe
2014-06-28 22:07 - 2014-06-28 22:07 - 00000000 ____D () C:\Users\Erkut\Documents\OneNote-Notizbücher
2014-06-28 21:45 - 2014-06-28 21:45 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-06-28 21:36 - 2013-08-07 07:15 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\tssdisai.dll
2014-06-28 21:36 - 2012-11-10 06:23 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2014-06-28 21:36 - 2012-11-10 06:23 - 00132608 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2014-06-28 21:36 - 2012-11-10 06:22 - 00126976 _____ (Microsoft Corporation) C:\windows\system32\RDWebAI.dll
2014-06-28 21:36 - 2012-11-10 06:22 - 00122880 _____ (Microsoft Corporation) C:\windows\system32\VmHostAI.dll
2014-06-28 21:36 - 2012-11-10 06:20 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\appserverai.dll
2014-06-28 21:25 - 2014-03-07 02:47 - 01419264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-28 21:25 - 2014-03-07 02:08 - 01845760 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-28 21:25 - 2013-07-06 00:02 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2014-06-28 21:25 - 2013-07-06 00:01 - 00210560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2014-06-28 21:25 - 2013-07-02 03:41 - 00337752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2014-06-28 21:25 - 2013-07-02 03:41 - 00213336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS
2014-06-28 21:25 - 2013-07-01 03:42 - 00623448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-06-28 21:25 - 2013-07-01 03:42 - 00498008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-06-28 21:25 - 2013-07-01 03:42 - 00079192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-06-28 21:25 - 2013-07-01 03:42 - 00021848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-06-28 21:25 - 2013-06-29 05:07 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-06-28 21:25 - 2013-06-29 05:06 - 00120832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-06-28 21:25 - 2013-06-22 07:45 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2014-06-28 21:25 - 2013-06-22 07:45 - 00054488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys
2014-06-28 21:25 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-06-28 21:24 - 2013-07-06 02:15 - 00652288 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2014-06-28 21:24 - 2013-07-04 04:13 - 00541696 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2014-06-28 21:24 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-06-28 21:23 - 2013-04-12 00:30 - 01421312 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2014-06-28 21:23 - 2013-04-12 00:22 - 01838080 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2014-06-28 21:22 - 2013-04-09 07:33 - 00489576 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-06-28 21:22 - 2013-04-09 07:33 - 00446792 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-06-28 21:22 - 2013-04-09 07:33 - 00253544 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2014-06-28 21:22 - 2013-04-09 07:20 - 00306952 _____ (Microsoft Corporation) C:\windows\system32\kd_02_10ec.dll
2014-06-28 21:22 - 2013-04-09 07:20 - 00086280 _____ (Microsoft Corporation) C:\windows\system32\kdnet.dll
2014-06-28 21:22 - 2013-04-09 07:18 - 00077960 _____ (Microsoft Corporation) C:\windows\system32\kdvm.dll
2014-06-28 21:22 - 2013-04-09 07:17 - 01829408 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-06-28 21:22 - 2013-04-09 06:52 - 00816128 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2014-06-28 21:22 - 2013-04-09 06:52 - 00804352 _____ (Microsoft Corporation) C:\windows\system32\RecoveryDrive.exe
2014-06-28 21:22 - 2013-04-09 06:52 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2014-06-28 21:22 - 2013-04-09 06:52 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
2014-06-28 21:22 - 2013-04-09 06:52 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\Robocopy.exe
2014-06-28 21:22 - 2013-04-09 06:51 - 14267904 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2014-06-28 21:22 - 2013-04-09 06:51 - 03552768 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2014-06-28 21:22 - 2013-04-09 06:51 - 00595456 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.dll
2014-06-28 21:22 - 2013-04-09 06:51 - 00456704 _____ (Microsoft Corporation) C:\windows\system32\wpncore.dll
2014-06-28 21:22 - 2013-04-09 06:51 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2014-06-28 21:22 - 2013-04-09 06:51 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\wscsvc.dll
2014-06-28 21:22 - 2013-04-09 06:50 - 02107904 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2014-06-28 21:22 - 2013-04-09 06:50 - 00745984 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2014-06-28 21:22 - 2013-04-09 06:50 - 00435200 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2014-06-28 21:22 - 2013-04-09 06:50 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\GenuineCenter.dll
2014-06-28 21:22 - 2013-04-09 06:50 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\mssprxy.dll
2014-06-28 21:22 - 2013-04-09 06:50 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll
2014-06-28 21:22 - 2013-04-09 06:50 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\msshooks.dll
2014-06-28 21:22 - 2013-04-09 06:49 - 01444864 _____ (Microsoft Corporation) C:\windows\system32\MSAudDecMFT.dll
2014-06-28 21:22 - 2013-04-09 06:49 - 00468992 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll
2014-06-28 21:22 - 2013-04-09 06:49 - 00281088 _____ (Microsoft Corporation) C:\windows\system32\mfreadwrite.dll
2014-06-28 21:22 - 2013-04-09 06:49 - 00231936 _____ (Microsoft Corporation) C:\windows\system32\fhengine.dll
2014-06-28 21:22 - 2013-04-09 06:49 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\iuilp.dll
2014-06-28 21:22 - 2013-04-09 06:49 - 00196096 _____ (Microsoft Corporation) C:\windows\system32\dmvdsitf.dll
2014-06-28 21:22 - 2013-04-09 06:49 - 00172544 _____ (Microsoft Corporation) C:\windows\system32\dwmredir.dll
2014-06-28 21:22 - 2013-04-09 06:49 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\fmifs.dll
2014-06-28 21:22 - 2013-04-09 06:48 - 00169472 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2014-06-28 21:22 - 2013-04-09 04:34 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidbth.sys
2014-06-28 21:22 - 2013-04-09 04:33 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndproxy.sys
2014-06-28 21:22 - 2013-04-09 04:32 - 00805376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2014-06-28 21:22 - 2013-04-09 04:31 - 00083456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wanarp.sys
2014-06-28 21:22 - 2013-04-09 01:44 - 00123880 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscapi.dll
2014-06-28 21:22 - 2013-04-09 01:39 - 01408896 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-06-28 21:22 - 2013-04-09 01:37 - 00426024 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-06-28 21:22 - 2013-04-09 01:37 - 00324368 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-06-28 21:22 - 2013-04-08 23:52 - 11878912 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2014-06-28 21:22 - 2013-04-08 23:52 - 00670208 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2014-06-28 21:22 - 2013-04-08 23:52 - 00302592 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2014-06-28 21:22 - 2013-04-08 23:52 - 00171008 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFilterHost.exe
2014-06-28 21:22 - 2013-04-08 23:52 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Robocopy.exe
2014-06-28 21:22 - 2013-04-08 23:51 - 02767360 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2014-06-28 21:22 - 2013-04-08 23:51 - 01593344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2014-06-28 21:22 - 2013-04-08 23:51 - 01113600 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSAudDecMFT.dll
2014-06-28 21:22 - 2013-04-08 23:51 - 00659456 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2014-06-28 21:22 - 2013-04-08 23:51 - 00411136 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.dll
2014-06-28 21:22 - 2013-04-08 23:51 - 00403968 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2014-06-28 21:22 - 2013-04-08 23:51 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll
2014-06-28 21:22 - 2013-04-08 23:51 - 00214528 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfreadwrite.dll
2014-06-28 21:22 - 2013-04-08 23:51 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssphtb.dll
2014-06-28 21:22 - 2013-04-08 23:51 - 00155648 _____ (Microsoft Corporation) C:\windows\SysWOW64\dmvdsitf.dll
2014-06-28 21:22 - 2013-04-08 23:51 - 00041984 _____ (Microsoft Corporation) C:\windows\SysWOW64\fmifs.dll
2014-06-28 21:22 - 2013-04-08 23:51 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssprxy.dll
2014-06-28 21:22 - 2013-04-08 23:51 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msshooks.dll
2014-06-28 21:22 - 2013-04-05 01:30 - 00503080 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2014-06-28 21:22 - 2013-03-16 00:05 - 00298456 _____ (Microsoft Corporation) C:\windows\system32\rsaenh.dll
2014-06-28 21:22 - 2013-03-16 00:05 - 00252928 _____ (Microsoft Corporation) C:\windows\SysWOW64\rsaenh.dll
2014-06-28 21:17 - 2014-05-03 07:47 - 03246592 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-06-28 21:17 - 2014-05-03 05:34 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-06-28 21:16 - 2014-01-13 01:30 - 02238976 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-06-28 21:16 - 2014-01-13 01:30 - 02032640 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-06-28 21:16 - 2013-11-20 02:15 - 03842560 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-06-28 21:16 - 2013-11-20 01:57 - 03288576 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-06-28 21:16 - 2013-10-19 07:45 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2014-06-28 21:16 - 2013-10-19 06:04 - 00059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2014-06-28 21:16 - 2013-07-20 00:13 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-06-28 21:16 - 2013-07-20 00:13 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-06-28 21:16 - 2013-07-02 00:14 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbprint.sys
2014-06-28 21:16 - 2013-06-29 05:08 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2014-06-28 21:16 - 2013-05-04 08:59 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2014-06-28 21:16 - 2013-05-04 06:57 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2014-06-28 21:15 - 2013-05-04 09:58 - 00120736 _____ (Microsoft Corporation) C:\windows\system32\AuthHost.exe
2014-06-28 21:15 - 2013-05-04 08:59 - 01483776 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2014-06-28 21:15 - 2013-05-04 08:59 - 00812544 _____ (Microsoft Corporation) C:\windows\system32\Magnify.exe
2014-06-28 21:15 - 2013-05-04 08:58 - 01332736 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2014-06-28 21:15 - 2013-05-04 08:58 - 00470528 _____ (Microsoft Corporation) C:\windows\system32\netprofmsvc.dll
2014-06-28 21:15 - 2013-05-04 08:58 - 00330240 _____ (Microsoft Corporation) C:\windows\system32\stobject.dll
2014-06-28 21:15 - 2013-05-04 08:58 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\netplwiz.dll
2014-06-28 21:15 - 2013-05-04 08:58 - 00151552 _____ (Microsoft Corporation) C:\windows\system32\netprofm.dll
2014-06-28 21:15 - 2013-05-04 08:58 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\psmsrv.dll
2014-06-28 21:15 - 2013-05-04 08:57 - 01131520 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentServer.dll
2014-06-28 21:15 - 2013-05-04 08:57 - 00708096 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.dll
2014-06-28 21:15 - 2013-05-04 08:57 - 00560640 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
2014-06-28 21:15 - 2013-05-04 08:57 - 00501760 _____ (Microsoft Corporation) C:\windows\system32\DevicePairing.dll
2014-06-28 21:15 - 2013-05-04 08:57 - 00389120 _____ (Microsoft Corporation) C:\windows\system32\BCP47Langs.dll
2014-06-28 21:15 - 2013-05-04 08:57 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\bisrv.dll
2014-06-28 21:15 - 2013-05-04 08:57 - 00122368 _____ (Microsoft Corporation) C:\windows\system32\biwinrt.dll
2014-06-28 21:15 - 2013-05-04 08:57 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\muifontsetup.dll
2014-06-28 21:15 - 2013-05-04 08:56 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\intl.cpl
2014-06-28 21:15 - 2013-05-04 06:58 - 00758784 _____ (Microsoft Corporation) C:\windows\SysWOW64\Magnify.exe
2014-06-28 21:15 - 2013-05-04 06:57 - 00303616 _____ (Microsoft Corporation) C:\windows\SysWOW64\stobject.dll
2014-06-28 21:15 - 2013-05-04 06:57 - 00151040 _____ (Microsoft Corporation) C:\windows\SysWOW64\netplwiz.dll
2014-06-28 21:15 - 2013-05-04 06:57 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\netprofm.dll
2014-06-28 21:15 - 2013-05-04 06:57 - 00018432 _____ (Microsoft Corporation) C:\windows\SysWOW64\npmproxy.dll
2014-06-28 21:15 - 2013-05-04 06:57 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\muifontsetup.dll
2014-06-28 21:15 - 2013-05-04 06:56 - 00449536 _____ (Microsoft Corporation) C:\windows\SysWOW64\DevicePairing.dll
2014-06-28 21:15 - 2013-05-04 06:56 - 00411136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
2014-06-28 21:15 - 2013-05-04 06:56 - 00309760 _____ (Microsoft Corporation) C:\windows\SysWOW64\BCP47Langs.dll
2014-06-28 21:15 - 2013-05-04 06:56 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\biwinrt.dll
2014-06-28 21:15 - 2013-05-04 06:55 - 00389632 _____ (Microsoft Corporation) C:\windows\SysWOW64\intl.cpl
2014-06-28 21:15 - 2013-05-04 06:51 - 00014848 _____ (Microsoft) C:\windows\system32\rars.rs
2014-06-28 21:15 - 2013-05-04 06:48 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidusb.sys
2014-06-28 21:15 - 2013-05-04 06:47 - 00427520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys
2014-06-28 21:15 - 2013-05-04 06:10 - 00014848 _____ (Microsoft) C:\windows\SysWOW64\rars.rs
2014-06-28 21:15 - 2013-03-02 04:45 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\taskhost.exe
2014-06-28 21:15 - 2013-03-02 04:45 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\taskhostex.exe
2014-06-28 18:23 - 2014-05-24 04:46 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-28 18:23 - 2014-05-24 03:26 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-28 18:23 - 2014-05-24 03:26 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-28 18:23 - 2014-05-24 03:25 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-06-28 18:23 - 2014-05-24 03:25 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-28 18:23 - 2014-05-24 03:25 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-28 18:23 - 2014-05-24 03:09 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-28 18:22 - 2014-07-04 16:24 - 00000000 ___RD () C:\Users\Erkut\Dropbox
2014-06-28 18:22 - 2014-05-24 04:48 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-28 18:22 - 2014-05-24 04:47 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-28 18:22 - 2014-05-24 04:47 - 01366016 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-28 18:22 - 2014-05-24 04:47 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-06-28 18:22 - 2014-05-24 04:47 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-06-28 18:22 - 2014-05-24 04:46 - 19290112 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-28 18:22 - 2014-05-24 04:46 - 15368704 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-28 18:22 - 2014-05-24 04:46 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-28 18:22 - 2014-05-24 04:46 - 02650112 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-28 18:22 - 2014-05-24 04:46 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-06-28 18:22 - 2014-05-24 04:46 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-28 18:22 - 2014-05-24 04:46 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-28 18:22 - 2014-05-24 04:46 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-06-28 18:22 - 2014-05-24 04:46 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-28 18:22 - 2014-05-24 04:46 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-28 18:22 - 2014-05-24 04:46 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-28 18:22 - 2014-05-24 04:45 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-28 18:22 - 2014-05-24 04:45 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-28 18:22 - 2014-05-24 04:45 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-28 18:22 - 2014-05-24 03:26 - 14365696 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-28 18:22 - 2014-05-24 03:26 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-28 18:22 - 2014-05-24 03:26 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-28 18:22 - 2014-05-24 03:26 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-28 18:22 - 2014-05-24 03:26 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-06-28 18:22 - 2014-05-24 03:25 - 13731328 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-28 18:22 - 2014-05-24 03:25 - 02862080 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-28 18:22 - 2014-05-24 03:25 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-28 18:22 - 2014-05-24 03:25 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-28 18:22 - 2014-05-24 03:25 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-06-28 18:22 - 2014-05-24 03:25 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-28 18:22 - 2014-05-24 03:25 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-28 18:22 - 2014-05-24 03:25 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-28 18:22 - 2014-05-24 03:03 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-28 18:22 - 2014-05-24 00:37 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-06-28 18:21 - 2013-05-15 04:25 - 00888320 _____ (Microsoft Corporation) C:\windows\system32\autochk.exe
2014-06-28 18:21 - 2013-05-15 04:25 - 00542208 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
2014-06-28 18:21 - 2013-05-15 04:24 - 00793088 _____ (Microsoft Corporation) C:\windows\SysWOW64\autochk.exe
2014-06-28 18:21 - 2013-05-15 04:24 - 00482816 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
2014-06-28 18:21 - 2013-04-24 01:13 - 01013248 _____ (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
2014-06-28 18:21 - 2013-04-24 01:12 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2014-06-28 18:21 - 2013-04-24 00:56 - 01255936 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
2014-06-28 18:21 - 2013-04-24 00:55 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2014-06-28 18:20 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-06-28 18:19 - 2013-03-02 10:23 - 00893952 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmde.dll
2014-06-28 18:19 - 2013-03-02 10:23 - 00601088 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll
2014-06-28 18:19 - 2013-03-02 10:23 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2014-06-28 18:19 - 2013-03-02 10:23 - 00100864 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncInfo.dll
2014-06-28 18:19 - 2013-03-02 10:22 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcfgx.dll
2014-06-28 18:19 - 2013-03-02 10:21 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\drvstore.dll
2014-06-28 18:19 - 2013-03-02 10:21 - 00145408 _____ (Microsoft Corporation) C:\windows\SysWOW64\powercfg.cpl
2014-06-28 18:19 - 2013-03-02 10:21 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\DevDispItemProvider.dll
2014-06-28 18:18 - 2013-03-02 12:57 - 00077544 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storahci.sys
2014-06-28 18:18 - 2013-03-02 12:39 - 00495336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vhdmp.sys
2014-06-28 18:18 - 2013-03-02 11:59 - 00411880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-06-28 18:18 - 2013-03-02 04:45 - 01149952 _____ (Microsoft Corporation) C:\windows\system32\winmde.dll
2014-06-28 18:18 - 2013-03-02 04:45 - 01101824 _____ (Microsoft Corporation) C:\windows\system32\wmpmde.dll
2014-06-28 18:18 - 2013-03-02 04:45 - 00171008 _____ (Microsoft Corporation) C:\windows\system32\TimeBrokerServer.dll
2014-06-28 18:18 - 2013-03-02 04:45 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\wpdbusenum.dll
2014-06-28 18:18 - 2013-03-02 04:15 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mouhid.sys
2014-06-28 18:18 - 2013-03-01 06:56 - 00156672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rfcomm.sys
2014-06-28 18:18 - 2013-03-01 06:56 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\monitor.sys
2014-06-28 18:17 - 2014-03-28 08:18 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-06-28 18:17 - 2013-03-02 12:39 - 00069864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pdc.sys
2014-06-28 18:17 - 2013-03-02 04:45 - 00951808 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll
2014-06-28 18:17 - 2013-03-02 04:45 - 00645120 _____ (Microsoft Corporation) C:\windows\system32\Windows.Security.Authentication.OnlineId.dll
2014-06-28 18:17 - 2013-03-02 04:45 - 00245248 _____ (Microsoft Corporation) C:\windows\system32\usbmon.dll
2014-06-28 18:17 - 2013-03-02 04:45 - 00240640 _____ (Microsoft Corporation) C:\windows\system32\fsquirt.exe
2014-06-28 18:17 - 2013-03-02 04:45 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\SystemEventsBrokerServer.dll
2014-06-28 18:17 - 2013-03-02 04:45 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\WSDPrintProxy.DLL
2014-06-28 18:17 - 2013-03-02 04:44 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\drvstore.dll
2014-06-28 18:17 - 2013-03-02 04:44 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\netcfgx.dll
2014-06-28 18:17 - 2013-03-02 04:44 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\discan.dll
2014-06-28 18:17 - 2013-03-02 04:44 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\NdisImPlatform.dll
2014-06-28 18:17 - 2013-03-02 04:44 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\DevDispItemProvider.dll
2014-06-28 18:17 - 2013-03-02 04:43 - 02146304 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2014-06-28 18:17 - 2013-03-02 04:43 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\powercfg.cpl
2014-06-28 18:17 - 2013-03-01 06:55 - 01175040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys
2014-06-28 18:16 - 2014-03-28 10:23 - 19759104 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-06-28 18:15 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSClient.dll
2014-06-28 18:15 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSSync.dll
2014-06-28 18:15 - 2013-08-16 00:43 - 00083968 _____ () C:\windows\SysWOW64\OEMLicense.dll
2014-06-28 18:15 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-06-28 18:15 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\windows\SysWOW64\sppc.dll
2014-06-28 18:15 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\setupcln.dll
2014-06-28 18:14 - 2013-08-16 07:41 - 00058200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dam.sys
2014-06-28 18:14 - 2013-08-16 07:39 - 02371728 _____ (Microsoft Corporation) C:\windows\system32\WSService.dll
2014-06-28 18:14 - 2013-08-16 07:22 - 04917760 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2014-06-28 18:14 - 2013-08-16 07:21 - 01164288 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
2014-06-28 18:14 - 2013-08-16 07:21 - 00368640 _____ (Microsoft Corporation) C:\windows\system32\sppwinob.dll
2014-06-28 18:14 - 2013-08-16 07:21 - 00204800 _____ (Microsoft Corporation) C:\windows\system32\WSClient.dll
2014-06-28 18:14 - 2013-08-16 07:21 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
2014-06-28 18:14 - 2013-08-16 07:21 - 00183808 _____ (Microsoft Corporation) C:\windows\system32\WSSync.dll
2014-06-28 18:14 - 2013-08-16 07:21 - 00120320 _____ (Microsoft Corporation) C:\windows\system32\sppc.dll
2014-06-28 18:14 - 2013-08-16 07:21 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\setupcln.dll
2014-06-28 18:14 - 2013-08-16 07:21 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-06-28 18:14 - 2013-08-16 07:21 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-06-28 18:14 - 2013-08-16 07:20 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2014-06-28 18:13 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2014-06-28 18:13 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepapi.dll
2014-06-28 18:13 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepsync.dll
2014-06-28 18:12 - 2013-12-09 02:45 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-28 18:12 - 2013-12-09 01:59 - 00600064 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-28 18:12 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2014-06-28 18:12 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2014-06-28 18:12 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\apprepapi.dll
2014-06-28 18:12 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\apprepsync.dll
2014-06-28 18:12 - 2013-05-27 01:17 - 00035328 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2014-06-28 18:12 - 2013-05-27 00:59 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2014-06-28 18:12 - 2013-05-25 05:15 - 00362496 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2014-06-28 18:12 - 2013-05-25 04:32 - 00300032 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2014-06-28 18:12 - 2013-04-27 07:20 - 00733184 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2014-06-28 18:11 - 2013-10-02 01:37 - 01569280 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-06-28 18:11 - 2013-10-02 01:26 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-06-28 18:10 - 2014-07-04 16:24 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\DropboxMaster
2014-06-28 18:10 - 2014-06-29 12:34 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-28 18:09 - 2013-02-02 07:41 - 01437184 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2014-06-28 18:09 - 2013-02-02 07:31 - 01690624 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2014-06-28 18:07 - 2014-07-04 16:24 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Dropbox
2014-06-28 18:06 - 2014-06-28 18:06 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\AVAST Software
2014-06-28 18:05 - 2014-07-01 17:39 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-06-28 18:05 - 2014-06-28 18:05 - 00001976 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-28 18:05 - 2014-06-28 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-28 18:04 - 2014-06-28 18:04 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00426848 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00307344 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-06-28 18:04 - 2014-06-28 18:04 - 00224896 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-06-28 18:04 - 2014-06-28 18:04 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-06-28 18:03 - 2014-06-28 18:03 - 91906368 _____ (AVAST Software) C:\Users\Erkut\Downloads\avast_free_antivirus_setup_9.0.2021.exe
2014-06-28 18:03 - 2014-06-28 18:03 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-28 18:03 - 2014-06-28 18:03 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-28 18:01 - 2013-10-10 11:32 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2014-06-28 18:01 - 2013-10-10 11:30 - 00162304 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrobj.dll
2014-06-28 18:01 - 2013-10-10 11:30 - 00156160 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2014-06-28 18:01 - 2013-10-10 11:24 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2014-06-28 18:01 - 2013-10-10 11:23 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2014-06-28 18:01 - 2013-10-10 11:22 - 00222720 _____ (Microsoft Corporation) C:\windows\system32\scrobj.dll
2014-06-28 18:01 - 2013-10-10 11:22 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2014-06-28 18:01 - 2013-03-15 02:17 - 00861184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2014-06-28 17:59 - 2013-08-23 09:22 - 02062848 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
2014-06-28 17:59 - 2013-08-23 03:44 - 01711616 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2014-06-28 17:59 - 2013-03-06 09:10 - 00112872 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-06-28 17:59 - 2013-03-06 08:29 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2014-06-28 17:58 - 2014-03-28 21:19 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2014-06-28 17:58 - 2014-03-24 00:11 - 00269592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2014-06-28 17:56 - 2014-04-12 09:23 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll
2014-06-28 17:56 - 2014-04-12 09:23 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-06-28 17:56 - 2014-04-12 09:23 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-06-28 17:56 - 2014-04-12 09:23 - 00178688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-06-28 17:56 - 2014-04-12 09:23 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-06-28 17:56 - 2014-04-12 09:22 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-06-28 17:56 - 2014-04-12 09:22 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-06-28 17:56 - 2014-03-11 02:41 - 00559104 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-06-28 17:56 - 2014-03-11 02:41 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-06-28 17:56 - 2014-03-11 02:41 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-06-28 17:56 - 2014-03-10 05:05 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-06-28 17:56 - 2014-03-10 03:27 - 00099840 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-06-28 17:55 - 2014-04-12 11:27 - 00172888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-06-28 17:55 - 2014-04-12 11:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-06-28 17:55 - 2014-04-12 11:09 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll
2014-06-28 17:55 - 2014-04-12 11:09 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-06-28 17:55 - 2014-04-12 11:09 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-06-28 17:55 - 2014-04-12 11:09 - 00094720 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-06-28 17:55 - 2014-04-12 11:08 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-06-28 17:55 - 2014-04-12 11:08 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-06-28 17:55 - 2014-04-12 11:08 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
2014-06-28 17:55 - 2014-04-12 11:08 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-06-28 17:55 - 2014-04-12 11:07 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-06-28 17:55 - 2014-04-12 08:58 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\workerdd.dll
2014-06-28 17:55 - 2014-03-11 05:32 - 06987096 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-06-28 17:55 - 2014-03-11 05:25 - 00100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-06-28 17:55 - 2014-03-11 02:39 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-06-28 17:55 - 2014-03-11 02:38 - 00982016 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-06-28 17:55 - 2014-03-11 02:38 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-06-28 17:55 - 2014-03-11 02:38 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-06-28 17:55 - 2014-03-11 02:38 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2014-06-28 17:55 - 2014-03-11 02:38 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-06-28 17:55 - 2014-03-11 02:38 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-06-28 17:55 - 2014-03-11 02:38 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-06-28 17:55 - 2014-03-04 01:07 - 00570216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2014-06-28 17:55 - 2013-12-05 01:37 - 00451072 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-06-28 17:55 - 2013-11-23 08:43 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2014-06-28 17:55 - 2013-11-23 07:05 - 00368640 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2014-06-28 17:54 - 2013-12-05 01:43 - 00583680 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-06-28 17:53 - 2014-03-28 10:23 - 01287168 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2014-06-28 17:53 - 2013-03-02 10:23 - 00375808 _____ (Microsoft Corporation) C:\windows\SysWOW64\ReAgent.dll
2014-06-28 17:53 - 2013-03-02 04:44 - 01011200 _____ (Microsoft Corporation) C:\windows\system32\reseteng.dll
2014-06-28 17:51 - 2013-03-22 05:49 - 02382336 _____ (Microsoft Corporation) C:\windows\SysWOW64\esent.dll
2014-06-28 17:51 - 2013-03-22 00:47 - 02851840 _____ (Microsoft Corporation) C:\windows\system32\esent.dll
2014-06-28 17:35 - 2014-06-28 17:35 - 00870672 _____ () C:\Users\Erkut\Downloads\Norton_Removal_Tool.exe
2014-06-28 13:10 - 2014-06-28 13:10 - 00000000 ____D () C:\NPE
2014-06-28 13:08 - 2014-06-28 13:14 - 00000000 ____D () C:\Users\Erkut\AppData\Local\NPE
2014-06-28 13:07 - 2014-06-28 13:07 - 03081712 ____N (Symantec Corporation) C:\Users\Erkut\Downloads\NPE.exe
2014-06-28 13:04 - 2014-06-28 13:04 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-06-28 12:39 - 2014-06-28 12:44 - 00000000 ___RD () C:\windows\BrowserChoice
2014-06-28 12:37 - 2014-06-01 17:17 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-06-28 12:35 - 2013-11-01 07:38 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2014-06-28 12:35 - 2013-11-01 05:49 - 00273408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2014-06-28 12:29 - 2014-06-29 09:25 - 00000000 ____D () C:\Users\Erkut\Documents\Outlook-Dateien
2014-06-28 11:51 - 2014-06-28 11:51 - 01351872 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x64.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_.exe
2014-06-28 11:47 - 2014-06-28 11:48 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\setupproplusretail.x86.de-de_act_1_ (1).exe
2014-06-28 11:35 - 2014-06-28 11:35 - 00002033 _____ () C:\Users\Public\Desktop\SideSync.lnk
2014-06-28 11:27 - 2014-06-28 11:27 - 00002050 _____ () C:\Users\Public\Desktop\Support Center.lnk
2014-06-28 11:23 - 2014-06-28 11:23 - 00001992 _____ () C:\Users\Public\Desktop\Help Desk.lnk
2014-06-28 11:19 - 2014-06-28 11:19 - 00003434 _____ () C:\windows\System32\Tasks\Settings
2014-06-28 11:18 - 2014-06-28 11:18 - 00002038 _____ () C:\Users\Public\Desktop\Settings.lnk
2014-06-28 11:05 - 2014-06-28 11:05 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\setupproplusretail.x86.de-de_act_1_.exe
2014-06-28 11:03 - 2014-06-28 11:03 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x86.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_.exe
2014-06-28 11:03 - 2014-06-28 11:03 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x86.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_ (1).exe
2014-06-27 21:52 - 2014-06-28 12:39 - 00000000 ____D () C:\windows\system32\MRT
2014-06-26 20:48 - 2014-06-28 12:37 - 00265050 _____ () C:\windows\msxml4-KB2758694-enu.LOG
2014-06-25 21:21 - 2014-06-25 21:21 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\ATI
2014-06-25 21:21 - 2014-06-25 21:21 - 00000000 ____D () C:\Users\Erkut\AppData\Local\ATI
2014-06-25 21:21 - 2014-06-25 21:21 - 00000000 ____D () C:\ProgramData\ATI
2014-06-25 18:28 - 2014-06-25 18:28 - 00288496 _____ () C:\windows\Minidump\062514-27171-01.dmp
2014-06-25 18:17 - 2014-06-25 18:28 - 00000000 ____D () C:\windows\Minidump
2014-06-25 18:16 - 2014-06-25 18:27 - 4051723278 _____ () C:\windows\MEMORY.DMP
2014-06-25 17:53 - 2014-06-25 17:53 - 00001182 _____ () C:\Users\Public\Desktop\MAGIX Video deluxe 2014 Plus.lnk
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Erkut\Documents\MAGIX_MusicEditor
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Xara
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Magix
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-06-25 17:52 - 2014-06-28 10:47 - 00000000 ___RD () C:\Users\Erkut\Documents\MAGIX
2014-06-25 17:52 - 2014-06-25 17:52 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-06-25 17:51 - 2014-06-25 17:58 - 00000000 ____D () C:\ProgramData\MAGIX
2014-06-25 17:51 - 2014-06-25 17:51 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-06-25 17:44 - 2014-07-01 21:42 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\MAGIX
2014-06-25 17:44 - 2014-06-25 17:44 - 02849256 _____ (MAGIX AG) C:\Users\Erkut\Downloads\videodeluxe2014plus_dlm.exe
2014-06-25 17:41 - 2014-06-25 17:41 - 00000000 _____ () C:\Users\Erkut\agent.log
2014-06-25 17:40 - 2014-06-25 17:40 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-25 17:40 - 2014-06-25 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-25 17:39 - 2014-07-04 16:24 - 00001132 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-25 17:39 - 2014-07-02 21:49 - 00001136 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-25 17:39 - 2014-06-25 17:44 - 00004108 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-25 17:39 - 2014-06-25 17:44 - 00003872 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-25 17:39 - 2014-06-25 17:40 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Google
2014-06-25 17:39 - 2014-06-25 17:40 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-25 17:38 - 2014-07-01 17:34 - 00000000 ____D () C:\Program Files (x86)\NetCrawl
2014-06-25 17:36 - 2014-06-25 17:35 - 00784840 _____ (Google Inc.) C:\Users\Erkut\Downloads\google-chrome.exe
2014-06-25 17:34 - 2014-06-25 17:34 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Macromedia
2014-06-25 17:33 - 2014-06-25 17:33 - 00000000 ____D () C:\Users\Erkut\AppData\Local\bitcasa
2014-06-25 17:28 - 2014-06-29 10:32 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3894098194-677086307-2034191709-1001
2014-06-25 17:22 - 2014-06-28 11:35 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Samsung
2014-06-25 17:21 - 2014-06-25 21:18 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Adobe
2014-06-25 17:21 - 2014-06-25 17:21 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-06-25 17:19 - 2014-06-28 21:45 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Adobe
2014-06-25 17:19 - 2014-06-25 17:19 - 00001450 _____ () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-25 17:19 - 2014-06-25 17:19 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Samsung
2014-06-25 17:19 - 2014-06-25 17:19 - 00000000 ____D () C:\Users\Erkut\.android
2014-06-25 17:18 - 2014-06-25 17:18 - 00001202 _____ () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk
2014-06-25 17:18 - 2014-06-25 17:18 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Absolute_Software
2014-06-25 17:18 - 2014-06-25 17:18 - 00000000 _____ () C:\windows\system32\Drivers\144D_SAMSUNG_na_670Z5E_P03A.mrk
2014-06-25 17:18 - 2013-02-25 18:04 - 121849162 _____ () C:\windows\[0407]SamsungStory01_ger.scr
2014-06-25 17:17 - 2014-06-28 11:04 - 00003059 _____ () C:\Users\Erkut\AppData\Roaming\AbsoluteReminder.xml
2014-06-25 17:17 - 2014-06-28 10:47 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-06-25 17:17 - 2014-06-25 17:17 - 00000000 ____D () C:\Users\Erkut\AppData\Local\VirtualStore
2014-06-25 17:16 - 2014-06-28 12:44 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Packages
2014-06-25 17:16 - 2014-06-25 17:16 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Intel
2014-06-25 17:15 - 2014-06-28 18:22 - 00000000 ____D () C:\Users\Erkut
2014-06-25 17:15 - 2014-06-25 17:15 - 00000020 ___SH () C:\Users\Erkut\ntuser.ini
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Vorlagen
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Startmenü
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Netzwerkumgebung
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Lokale Einstellungen
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Eigene Dateien
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Druckumgebung
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Documents\Eigene Musik
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Documents\Eigene Bilder
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\AppData\Local\Verlauf
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\AppData\Local\Anwendungsdaten
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Anwendungsdaten
2014-06-25 17:15 - 2013-05-24 18:49 - 00000000 ___RD () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-06-25 17:15 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-25 17:15 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-06-25 17:15 - 2012-07-26 10:13 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-11 18:55 - 2014-06-11 18:55 - 04446152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc110u.dll
2014-06-11 18:55 - 2014-06-11 18:55 - 04411848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc110.dll
2014-06-11 18:55 - 2014-06-11 18:55 - 00082888 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcm110u.dll
2014-06-11 18:55 - 2014-06-11 18:55 - 00082888 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcm110.dll

==================== One Month Modified Files and Folders =======

2014-07-04 16:24 - 2014-07-04 16:24 - 00000000 ____D () C:\Users\Erkut\Desktop\FRST-OlderVersion
2014-07-04 16:24 - 2014-07-01 18:16 - 00019902 _____ () C:\Users\Erkut\Desktop\FRST.txt
2014-07-04 16:24 - 2014-07-01 18:14 - 02083840 _____ (Farbar) C:\Users\Erkut\Desktop\FRST64.exe
2014-07-04 16:24 - 2014-07-01 17:48 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-04 16:24 - 2014-06-29 10:50 - 00000000 ____D () C:\FRST
2014-07-04 16:24 - 2014-06-28 18:22 - 00000000 ___RD () C:\Users\Erkut\Dropbox
2014-07-04 16:24 - 2014-06-28 18:10 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\DropboxMaster
2014-07-04 16:24 - 2014-06-28 18:07 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Dropbox
2014-07-04 16:24 - 2014-06-25 17:39 - 00001132 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-04 16:23 - 2013-05-24 17:49 - 01688847 _____ () C:\windows\WindowsUpdate.log
2014-07-04 16:23 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-07-03 22:20 - 2014-07-02 18:02 - 00002414 _____ () C:\Users\Erkut\Desktop\SystemLook.txt
2014-07-03 22:16 - 2013-05-24 19:37 - 00000000 ____D () C:\ProgramData\WinClon
2014-07-02 22:12 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-07-02 21:49 - 2014-06-25 17:39 - 00001136 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-02 21:26 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-02 20:58 - 2014-07-02 20:58 - 00854367 _____ () C:\Users\Erkut\Desktop\SecurityCheck.exe
2014-07-02 20:52 - 2014-07-02 20:52 - 00004450 _____ () C:\Users\Erkut\Desktop\eset.txt
2014-07-02 18:08 - 2012-07-26 09:59 - 00000000 ____D () C:\windows\CbsTemp
2014-07-02 18:06 - 2014-07-02 18:06 - 02347384 _____ (ESET) C:\Users\Erkut\Desktop\esetsmartinstaller_deu.exe
2014-07-02 18:00 - 2014-07-02 18:00 - 00165376 _____ () C:\Users\Erkut\Desktop\SystemLook_x64.exe
2014-07-01 21:43 - 2014-07-01 21:43 - 00000000 ____D () C:\Users\Erkut\AppData\Local\MAGIX_AG
2014-07-01 21:42 - 2014-06-25 17:44 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\MAGIX
2014-07-01 20:41 - 2013-05-25 03:20 - 00753134 _____ () C:\windows\system32\perfh007.dat
2014-07-01 20:41 - 2013-05-25 03:20 - 00155826 _____ () C:\windows\system32\perfc007.dat
2014-07-01 20:41 - 2012-07-26 09:28 - 01745416 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-01 20:40 - 2012-07-26 09:21 - 00027763 _____ () C:\windows\setupact.log
2014-07-01 18:17 - 2014-07-01 18:16 - 00033216 _____ () C:\Users\Erkut\Desktop\Addition.txt
2014-07-01 18:12 - 2014-07-01 18:11 - 00002523 _____ () C:\zoek-results.log
2014-07-01 18:10 - 2014-07-01 18:10 - 00000000 ____D () C:\zoek_backup
2014-07-01 18:08 - 2014-07-01 18:08 - 01285120 _____ () C:\Users\Erkut\Desktop\zoek.exe
2014-07-01 18:03 - 2012-08-05 23:07 - 00036118 _____ () C:\windows\PFRO.log
2014-07-01 18:02 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\Help
2014-07-01 18:02 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-07-01 18:00 - 2014-07-01 18:00 - 00003473 _____ () C:\Users\Erkut\Desktop\mbam.txt
2014-07-01 17:47 - 2014-07-01 17:47 - 00000781 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-01 17:47 - 2014-07-01 17:47 - 00000000 ____D () C:\Users\Erkut\Desktop\Malwarebytes Anti-Malware
2014-07-01 17:47 - 2014-07-01 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-01 17:47 - 2014-07-01 17:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-01 17:45 - 2014-07-01 17:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Erkut\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-01 17:39 - 2014-06-28 18:05 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-07-01 17:34 - 2014-07-01 17:32 - 00000000 ____D () C:\AdwCleaner
2014-07-01 17:34 - 2014-06-25 17:38 - 00000000 ____D () C:\Program Files (x86)\NetCrawl
2014-07-01 17:34 - 2012-07-26 07:26 - 00000194 _____ () C:\windows\win.ini
2014-07-01 17:29 - 2014-07-01 17:29 - 01346519 _____ () C:\Users\Erkut\Desktop\adwcleaner_3.214.exe
2014-07-01 17:27 - 2014-06-29 11:27 - 00000000 ____D () C:\Users\Erkut\AppData\Local\CrashDumps
2014-07-01 17:24 - 2014-07-01 17:24 - 00002628 _____ () C:\Users\Erkut\Desktop\Rkill.txt
2014-07-01 17:23 - 2014-07-01 17:23 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Erkut\Desktop\rkill.com
2014-07-01 17:20 - 2014-07-01 17:20 - 00030370 _____ () C:\ComboFix.txt
2014-07-01 17:20 - 2014-06-30 19:23 - 00000000 ____D () C:\Qoobox
2014-07-01 17:18 - 2012-07-26 07:26 - 00000215 _____ () C:\windows\system.ini
2014-06-30 19:36 - 2013-05-24 19:39 - 00000000 ____D () C:\Users\EasySurvey
2014-06-30 19:36 - 2012-07-26 07:37 - 00000000 __RHD () C:\Users\Default
2014-06-30 19:35 - 2014-06-30 19:23 - 00000000 ____D () C:\windows\erdnt
2014-06-30 19:23 - 2014-06-30 19:23 - 05212874 ____R (Swearware) C:\Users\Erkut\Desktop\ComboFix.exe
2014-06-30 19:17 - 2014-06-30 19:17 - 03550392 _____ () C:\windows\system32\FNTCACHE.DAT
2014-06-30 18:44 - 2014-06-30 18:33 - 19423027 _____ () C:\Users\Erkut\Downloads\BASW-83356A7O.ZIP
2014-06-30 18:25 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\WinStore
2014-06-30 18:25 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-06-30 18:24 - 2012-07-26 10:12 - 00000000 ___RD () C:\windows\ToastData
2014-06-30 18:24 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-06-30 18:24 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-06-30 18:24 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-06-30 18:24 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-06-30 18:24 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-06-30 18:24 - 2012-07-26 07:38 - 00000000 ____D () C:\windows\system32\oobe
2014-06-29 16:18 - 2014-06-29 16:18 - 00000000 ____D () C:\windows\pss
2014-06-29 15:46 - 2012-07-26 10:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-29 15:46 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\SecureBootUpdates
2014-06-29 15:45 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-06-29 15:45 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-06-29 15:45 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-06-29 15:45 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-06-29 15:45 - 2012-07-26 07:38 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-06-29 15:45 - 2012-07-26 07:38 - 00000000 ____D () C:\windows\system32\Dism
2014-06-29 15:43 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\migwiz
2014-06-29 15:43 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\SysWOW64\winrm
2014-06-29 15:43 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\SysWOW64\slmgr
2014-06-29 15:43 - 2012-07-26 07:38 - 00000000 ____D () C:\windows\SysWOW64\oobe
2014-06-29 15:43 - 2012-07-26 07:37 - 00000000 ____D () C:\windows\servicing
2014-06-29 15:42 - 2013-05-25 03:13 - 00000000 ____D () C:\windows\SysWOW64\XPSViewer
2014-06-29 15:42 - 2012-07-26 10:12 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
2014-06-29 15:42 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\MUI
2014-06-29 15:42 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\Com
2014-06-29 15:42 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\migwiz
2014-06-29 15:42 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\SysWOW64\WCN
2014-06-29 15:42 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\SysWOW64\sysprep
2014-06-29 15:42 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\SysWOW64\Printing_Admin_Scripts
2014-06-29 15:42 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\system32\winrm
2014-06-29 15:37 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\system32\WCN
2014-06-29 15:37 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\system32\slmgr
2014-06-29 15:37 - 2012-07-26 07:38 - 00000000 ____D () C:\windows\system32\Sysprep
2014-06-29 15:36 - 2012-07-26 09:51 - 00000000 ____D () C:\windows\system32\Printing_Admin_Scripts
2014-06-29 15:35 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\SystemResetPlatform
2014-06-29 15:35 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\Com
2014-06-29 15:28 - 2013-05-25 03:30 - 00000000 ____D () C:\windows\en-GB
2014-06-29 15:28 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\en-GB
2014-06-29 15:28 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\System
2014-06-29 15:27 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\en-GB
2014-06-29 15:25 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\MUI
2014-06-29 13:17 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\rescache
2014-06-29 12:34 - 2014-06-29 12:34 - 00001022 _____ () C:\Users\Erkut\Desktop\Dropbox.lnk
2014-06-29 12:34 - 2014-06-28 18:10 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-29 10:53 - 2014-06-29 10:52 - 00032413 _____ () C:\Users\Erkut\Downloads\Addition.txt
2014-06-29 10:53 - 2014-06-29 10:51 - 00055670 _____ () C:\Users\Erkut\Downloads\FRST.txt
2014-06-29 10:32 - 2014-06-25 17:28 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3894098194-677086307-2034191709-1001
2014-06-29 09:32 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-06-29 09:26 - 2014-06-29 09:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 15
2014-06-29 09:25 - 2014-06-28 12:29 - 00000000 ____D () C:\Users\Erkut\Documents\Outlook-Dateien
2014-06-29 09:24 - 2014-06-29 09:24 - 02947139 _____ () C:\Users\Erkut\Downloads\O15CTRRemove (1).diagcab
2014-06-28 22:28 - 2014-06-28 22:20 - 02936043 _____ () C:\Users\Erkut\Downloads\O15CTRRemove.diagcab
2014-06-28 22:13 - 2014-06-28 22:13 - 01351872 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x64.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_ (1).exe
2014-06-28 22:07 - 2014-06-28 22:07 - 00000000 ____D () C:\Users\Erkut\Documents\OneNote-Notizbücher
2014-06-28 21:45 - 2014-06-28 21:45 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-06-28 21:45 - 2014-06-25 17:19 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Adobe
2014-06-28 21:35 - 2013-05-24 19:39 - 00000000 ____D () C:\ProgramData\Temp
2014-06-28 18:22 - 2014-06-25 17:15 - 00000000 ____D () C:\Users\Erkut
2014-06-28 18:06 - 2014-06-28 18:06 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\AVAST Software
2014-06-28 18:05 - 2014-06-28 18:05 - 00001976 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-28 18:05 - 2014-06-28 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-06-28 18:04 - 2014-06-28 18:04 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00426848 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00307344 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-06-28 18:04 - 2014-06-28 18:04 - 00224896 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-06-28 18:04 - 2014-06-28 18:04 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-06-28 18:04 - 2014-06-28 18:04 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-06-28 18:03 - 2014-06-28 18:03 - 91906368 _____ (AVAST Software) C:\Users\Erkut\Downloads\avast_free_antivirus_setup_9.0.2021.exe
2014-06-28 18:03 - 2014-06-28 18:03 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-28 18:03 - 2014-06-28 18:03 - 00000000 ____D () C:\Program Files\AVAST Software
2014-06-28 17:36 - 2013-05-24 19:33 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-06-28 17:36 - 2013-05-24 19:32 - 00000000 ____D () C:\ProgramData\Norton
2014-06-28 17:35 - 2014-06-28 17:35 - 00870672 _____ () C:\Users\Erkut\Downloads\Norton_Removal_Tool.exe
2014-06-28 13:14 - 2014-06-28 13:08 - 00000000 ____D () C:\Users\Erkut\AppData\Local\NPE
2014-06-28 13:10 - 2014-06-28 13:10 - 00000000 ____D () C:\NPE
2014-06-28 13:07 - 2014-06-28 13:07 - 03081712 ____N (Symantec Corporation) C:\Users\Erkut\Downloads\NPE.exe
2014-06-28 13:04 - 2014-06-28 13:04 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-06-28 12:50 - 2013-05-24 19:34 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-06-28 12:44 - 2014-06-28 12:39 - 00000000 ___RD () C:\windows\BrowserChoice
2014-06-28 12:44 - 2014-06-25 17:16 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Packages
2014-06-28 12:44 - 2012-08-05 23:11 - 00000000 ____D () C:\ProgramData\PRICache
2014-06-28 12:39 - 2014-06-27 21:52 - 00000000 ____D () C:\windows\system32\MRT
2014-06-28 12:37 - 2014-06-26 20:48 - 00265050 _____ () C:\windows\msxml4-KB2758694-enu.LOG
2014-06-28 11:51 - 2014-06-28 11:51 - 01351872 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x64.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_.exe
2014-06-28 11:48 - 2014-06-28 11:47 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\setupproplusretail.x86.de-de_act_1_ (1).exe
2014-06-28 11:35 - 2014-06-28 11:35 - 00002033 _____ () C:\Users\Public\Desktop\SideSync.lnk
2014-06-28 11:35 - 2014-06-25 17:22 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Samsung
2014-06-28 11:35 - 2013-05-24 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-06-28 11:35 - 2013-05-24 17:51 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-06-28 11:27 - 2014-06-28 11:27 - 00002050 _____ () C:\Users\Public\Desktop\Support Center.lnk
2014-06-28 11:23 - 2014-06-28 11:23 - 00001992 _____ () C:\Users\Public\Desktop\Help Desk.lnk
2014-06-28 11:19 - 2014-06-28 11:19 - 00003434 _____ () C:\windows\System32\Tasks\Settings
2014-06-28 11:18 - 2014-06-28 11:18 - 00002038 _____ () C:\Users\Public\Desktop\Settings.lnk
2014-06-28 11:09 - 2013-05-24 19:34 - 00000000 ____D () C:\ProgramData\Samsung
2014-06-28 11:05 - 2014-06-28 11:05 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\setupproplusretail.x86.de-de_act_1_.exe
2014-06-28 11:04 - 2014-06-25 17:17 - 00003059 _____ () C:\Users\Erkut\AppData\Roaming\AbsoluteReminder.xml
2014-06-28 11:03 - 2014-06-28 11:03 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x86.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_.exe
2014-06-28 11:03 - 2014-06-28 11:03 - 00989376 _____ (Microsoft Corporation) C:\Users\Erkut\Downloads\Setup.x86.de-DE_ProPlusRetail_WYJNH-7K67T-KBXHF-VR9F2-FX6XQ_act_1_ (1).exe
2014-06-28 10:47 - 2014-06-25 17:52 - 00000000 ___RD () C:\Users\Erkut\Documents\MAGIX
2014-06-28 10:47 - 2014-06-25 17:17 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-06-28 10:47 - 2013-05-24 19:32 - 00000000 ____D () C:\windows\system32\Drivers\NISx64
2014-06-28 10:47 - 2013-05-24 17:50 - 00000000 ____D () C:\ProgramData\Intel.sav
2014-06-28 10:47 - 2013-05-24 17:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-28 10:47 - 2013-05-24 17:47 - 00000000 ____D () C:\Program Files\Intel
2014-06-28 10:47 - 2013-05-24 17:46 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-06-28 10:47 - 2012-07-26 10:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-06-28 10:47 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-06-28 10:47 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\WinMetadata
2014-06-28 10:47 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\WinMetadata
2014-06-28 10:47 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\Macromed
2014-06-28 10:46 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\registration
2014-06-28 10:44 - 2013-05-24 19:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-06-28 10:44 - 2013-05-24 17:50 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-06-28 10:44 - 2013-05-24 17:47 - 00000000 ____D () C:\ProgramData\Intel
2014-06-28 10:43 - 2013-05-24 17:50 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-06-27 21:52 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-06-25 21:21 - 2014-06-25 21:21 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\ATI
2014-06-25 21:21 - 2014-06-25 21:21 - 00000000 ____D () C:\Users\Erkut\AppData\Local\ATI
2014-06-25 21:21 - 2014-06-25 21:21 - 00000000 ____D () C:\ProgramData\ATI
2014-06-25 21:18 - 2014-06-25 17:21 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Adobe
2014-06-25 19:54 - 2013-05-24 17:46 - 00000000 ____D () C:\Intel
2014-06-25 18:28 - 2014-06-25 18:28 - 00288496 _____ () C:\windows\Minidump\062514-27171-01.dmp
2014-06-25 18:28 - 2014-06-25 18:17 - 00000000 ____D () C:\windows\Minidump
2014-06-25 18:27 - 2014-06-25 18:16 - 4051723278 _____ () C:\windows\MEMORY.DMP
2014-06-25 18:16 - 2013-05-25 09:36 - 00165742 ____N () C:\windows\Minidump\062514-53515-01.dmp
2014-06-25 17:58 - 2014-06-25 17:51 - 00000000 ____D () C:\ProgramData\MAGIX
2014-06-25 17:53 - 2014-06-25 17:53 - 00001182 _____ () C:\Users\Public\Desktop\MAGIX Video deluxe 2014 Plus.lnk
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Erkut\Documents\MAGIX_MusicEditor
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Xara
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Magix
2014-06-25 17:53 - 2014-06-25 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-06-25 17:52 - 2014-06-25 17:52 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-06-25 17:51 - 2014-06-25 17:51 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-06-25 17:44 - 2014-06-25 17:44 - 02849256 _____ (MAGIX AG) C:\Users\Erkut\Downloads\videodeluxe2014plus_dlm.exe
2014-06-25 17:44 - 2014-06-25 17:39 - 00004108 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-25 17:44 - 2014-06-25 17:39 - 00003872 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-25 17:41 - 2014-06-25 17:41 - 00000000 _____ () C:\Users\Erkut\agent.log
2014-06-25 17:40 - 2014-06-25 17:40 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-25 17:40 - 2014-06-25 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-25 17:40 - 2014-06-25 17:39 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Google
2014-06-25 17:40 - 2014-06-25 17:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-25 17:35 - 2014-06-25 17:36 - 00784840 _____ (Google Inc.) C:\Users\Erkut\Downloads\google-chrome.exe
2014-06-25 17:34 - 2014-06-25 17:34 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Macromedia
2014-06-25 17:33 - 2014-06-25 17:33 - 00000000 ____D () C:\Users\Erkut\AppData\Local\bitcasa
2014-06-25 17:21 - 2014-06-25 17:21 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-06-25 17:19 - 2014-06-25 17:19 - 00001450 _____ () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-25 17:19 - 2014-06-25 17:19 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Samsung
2014-06-25 17:19 - 2014-06-25 17:19 - 00000000 ____D () C:\Users\Erkut\.android
2014-06-25 17:18 - 2014-06-25 17:18 - 00001202 _____ () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk
2014-06-25 17:18 - 2014-06-25 17:18 - 00000000 ____D () C:\Users\Erkut\AppData\Local\Absolute_Software
2014-06-25 17:18 - 2014-06-25 17:18 - 00000000 _____ () C:\windows\system32\Drivers\144D_SAMSUNG_na_670Z5E_P03A.mrk
2014-06-25 17:17 - 2014-06-25 17:17 - 00000000 ____D () C:\Users\Erkut\AppData\Local\VirtualStore
2014-06-25 17:16 - 2014-06-25 17:16 - 00000000 ____D () C:\Users\Erkut\AppData\Roaming\Intel
2014-06-25 17:15 - 2014-06-25 17:15 - 00000020 ___SH () C:\Users\Erkut\ntuser.ini
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Vorlagen
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Startmenü
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Netzwerkumgebung
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Lokale Einstellungen
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Eigene Dateien
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Druckumgebung
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Documents\Eigene Musik
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Documents\Eigene Bilder
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\AppData\Local\Verlauf
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\AppData\Local\Anwendungsdaten
2014-06-25 17:15 - 2014-06-25 17:15 - 00000000 _SHDL () C:\Users\Erkut\Anwendungsdaten
2014-06-11 18:55 - 2014-06-11 18:55 - 04446152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc110u.dll
2014-06-11 18:55 - 2014-06-11 18:55 - 04411848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc110.dll
2014-06-11 18:55 - 2014-06-11 18:55 - 00082888 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcm110u.dll
2014-06-11 18:55 - 2014-06-11 18:55 - 00082888 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcm110.dll

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


Some content of TEMP:
====================
C:\Users\Erkut\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd1sruu.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2012-08-05 23:07

==================== End Of Log ============================
--- --- ---

der-kurti 04.07.2014 15:36
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2014
Ran by Erkut at 2014-07-04 16:26:34
Running from C:\Users\Erkut\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.2.0.26 - Absolute Software)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.21127 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{77A7CE43-5A1E-8282-931B-E0CC4C075793}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bitcasa version 0.9.20.4135 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4135 - Bitcasa Inc.)
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version:  - Alactro LLC)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1127.15.314 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1127.15.314 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1127.15.314 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.1127.15.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1127.0014.314 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1127.15.314 - Advanced Micro Devices, Inc.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
ETDWare X64 11.7.10.4_WHQL (HKLM\...\Elantech) (Version: 11.7.10.4 - ELAN Microelectronic Corp.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36843 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.6.1.0536 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software Driver (Version: 15.06.1000.0199 - Intel Corporation) Hidden
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{87d45b7e-19da-4dd5-9214-5e0d587c312f}) (Version: 15.6.1 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 15.06.1000.0142 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
IntelliMemory (HKLM\...\{40320F22-7D70-49DB-9D66-B6FAE5F36B47}) (Version: 1.0.32.0 - Condusiv Technologies)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{49209082-E4F9-410D-B74D-E6506977F30B}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 Plus (HKLM-x32\...\MX.{85061988-E889-4A37-9CB7-4F695AC35544}) (Version: 13.0.2.8 - MAGIX AG)
MAGIX Video deluxe 2014 Plus (Version: 13.0.2.8 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{EE55B368-EBDF-98F3-CFE7-7CE4ADBC4553}) (Version: 1.00.0004 - Advanced Micro Devices, Inc.)
Phone Screen Sharing (HKLM-x32\...\{DF02C515-40B5-45AC-A601-5DC69D03885C}) (Version: 2.0.0.21 - RSUPPORT)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.9.1212.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6818 - Realtek Semiconductor Corp.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39036 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.7 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
SideSync (HKLM-x32\...\{59687468-8CE9-4ABF-9C6A-5C31F0E09F8B}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
SRS Premium Sound (HKLM-x32\...\{E44F8A34-529E-4318-A0E1-1893C337A47F}) (Version: 1.00.2600 - DTS, Inc.)
Support Center (HKLM\...\{AB0DEFBB-1A16-47B5-86D2-39F0A2B24AE4}) (Version: 2.1.1210 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.14 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
sweet-page uninstall (HKLM-x32\...\sweet-page uninstall) (Version:  - sweet-page) <==== ATTENTION
User Guide (HKLM-x32\...\{C7343D0D-E05B-4561-AAF1-8EDF0FEA1EAE}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

25-06-2014 17:55:23 Intel® PROSet/Wireless Software
28-06-2014 08:40:25 Wiederherstellungsvorgang
29-06-2014 10:55:21 Sprachpaketdeinstallation
01-07-2014 15:09:52 ComboFix created restore point

==================== Hosts content: ==========================

2012-07-26 07:26 - 2014-06-30 19:34 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {03A70337-00BA-4B18-8888-7FB3BF4444E4} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-13] (Intel Corporation)
Task: {072A0C1E-9D0B-4A5A-8E94-89BE06D1F513} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-06-01] (Microsoft Corporation)
Task: {0EFABB3C-98CC-4CF7-839E-1C6E9662DFBD} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {129BFEBC-FC51-47FA-A67D-FB068A7B2B57} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2014-01-29] (Samsung Electronics CO., LTD.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {40254841-9AA3-442B-934D-BE1BCD6A39ED} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-13] (Intel Corporation)
Task: {43D4FDAA-4606-4A46-831F-DEC7419338C5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\WSCStub.exe
Task: {779A1234-9901-4668-827A-4CB7A6C4D817} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-04-30] (SEC)
Task: {7CACB453-74E4-4097-B0A4-21624104B2C3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-28] (AVAST Software)
Task: {9D8A24F5-BE19-44C2-B301-82191EB33F73} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\SymErr.exe
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B591987F-6924-4519-B933-58E7291EC981} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\SymErr.exe
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {DD4AC9A6-1819-47F1-89EE-F6EC68EEEDC0} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-03-19] (Samsung Electronics CO., LTD.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EE6722B4-1A9B-4008-9EBB-90351FB18C81} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-25] (Google Inc.)
Task: {F4FED40C-6C6C-4101-8A4E-2E19DFE6446D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-25] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-29 13:20 - 2014-01-29 13:20 - 00084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2013-02-05 06:50 - 2013-01-16 05:27 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-06-28 18:04 - 2014-06-28 18:04 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-01 17:38 - 2014-07-01 17:38 - 02789376 _____ () C:\Program Files\AVAST Software\Avast\defs\14063001\algo.dll
2014-07-02 18:03 - 2014-07-02 18:03 - 02789888 _____ () C:\Program Files\AVAST Software\Avast\defs\14070200\algo.dll
2013-05-24 17:47 - 2013-01-14 20:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 01141056 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00059712 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00102720 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2014-06-25 17:40 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-25 17:40 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-07-04 16:24 - 2014-07-04 16:24 - 00043008 _____ () c:\users\erkut\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd1sruu.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Erkut\AppData\Roaming\Dropbox\bin\libcef.dll
2014-06-25 17:40 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-25 17:40 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-25 17:40 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-06-28 18:04 - 2014-06-28 18:04 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2014 04:23:59 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/03/2014 10:13:25 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (6296) Versuch, Datei "C:\Users\Erkut\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (07/03/2014 10:12:52 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.

Error: (07/02/2014 09:25:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.2.9200.16420, Zeitstempel: 0x505a9a4e
Name des fehlerhaften Moduls: AppXDeploymentClient.dll, Version: 6.2.9200.16384, Zeitstempel: 0x501086e3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001644f
ID des fehlerhaften Prozesses: 0x48c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Vollständiger Name des fehlerhaften Pakets: svchost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5

Error: (07/02/2014 06:44:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/02/2014 06:07:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/02/2014 06:07:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/02/2014 06:07:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/02/2014 06:07:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (07/02/2014 06:06:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.


System errors:
=============
Error: (07/02/2014 09:27:27 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (07/02/2014 09:27:27 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Computerbrowser" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (07/02/2014 09:25:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/02/2014 09:25:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/02/2014 09:25:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Systemereignissebroker" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/02/2014 09:25:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/02/2014 09:25:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/02/2014 09:25:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Aufgabenplanung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/02/2014 09:25:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/02/2014 09:25:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerprofildienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (07/04/2014 04:23:59 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/03/2014 10:13:25 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex6296C:\Users\Erkut\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (07/03/2014 10:12:52 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d

Error: (07/02/2014 09:25:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.2.9200.16420505a9a4eAppXDeploymentClient.dll6.2.9200.16384501086e3c0000005000000000001644f48c01cf9545ffed74c9C:\windows\system32\svchost.exeC:\Windows\System32\AppXDeploymentClient.dll935aaeb1-021e-11e4-be8b-c4d987011e08

Error: (07/02/2014 06:44:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (07/02/2014 06:07:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Erkut\Desktop\esetsmartinstaller_deu.exe

Error: (07/02/2014 06:07:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Erkut\Desktop\esetsmartinstaller_deu.exe

Error: (07/02/2014 06:07:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Erkut\Desktop\esetsmartinstaller_deu.exe

Error: (07/02/2014 06:07:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Erkut\Desktop\esetsmartinstaller_deu.exe

Error: (07/02/2014 06:06:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Erkut\Desktop\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2014-06-30 19:33:21.289
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 8076.76 MB
Available physical RAM: 5644.18 MB
Total Pagefile: 16268.77 MB
Available Pagefile: 13796.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:906.82 GB) (Free:825.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 68918664)

Partition: GPT Partition Type.

==================== End Of Log ============================

M-K-D-B 05.07.2014 11:51
Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
start
SearchScopes: HKCU - {CC9E055E-96DD-4295-8FBF-17538BB97C6F} URL =
C:\Program Files (x86)\NetCrawl
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstall
Reboot:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.









Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.




Schritt 1
Du verwendest veraltete Software auf deinem Rechner, was ein Sicherheitsrisiko darstellt. Daher solltest du veraltete Software deinstallieren und anschließend die aktuellste Version installieren.
Folge dem Pfad Start > Systemsteuerung > Sofware / Programme deinstallieren.
Deinstalliere die folgenden Programme von deinem Rechner:
  • Adobe Reader 10
Starte deinen Rechner nach der Deinstallation neu auf.
Downloade und installiere dir bitte nun:
  • Adobe Reader (Entferne vor dem Download den Haken bei McAfee Security Scan)
Starte deinen Rechner nach der Installation neu auf.





Schritt 2
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.







Schritt 3
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist! Ein kostenloses Anti-Viren Programm, das wir empfehlen, wäre z. B. Avast! Free Antivirus oder Microsoft Security Essentials.
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt. Du kannst es zusätzlich zu deinem Anti-Viren Programm verwenden.
    Update das Tool und lasse es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt von der Herstellerseite auf den Desktop herunterladen. Auch dieses Programm kann parallel zu deinem Anti-Viren Programm verwendet werden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..).
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

der-kurti 05.07.2014 11:59
Servus,

anbei die Fixlog.txt Datei
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014
Ran by Erkut at 2014-07-05 12:54:53 Run:1
Running from C:\Users\Erkut\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
SearchScopes: HKCU - {CC9E055E-96DD-4295-8FBF-17538BB97C6F} URL =
C:\Program Files (x86)\NetCrawl
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstall
Reboot:
end
       
*****************

'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC9E055E-96DD-4295-8FBF-17538BB97C6F}' => Key deleted successfully.
'HKCR\CLSID\{CC9E055E-96DD-4295-8FBF-17538BB97C6F}'=> Key not found.
C:\Program Files (x86)\NetCrawl => Moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstall => key deleted successfully.


The system needed a reboot.

==== End of Fixlog ====

M-K-D-B 05.07.2014 12:01
ok.


Gib mir Bescheid, wenn alles erledigt ist. :)

der-kurti 05.07.2014 13:30
Alles klar, mache gerade die nächsten Schritte und melde mich dann wieder

Hallo Matthias,

ich danke Dir sehr für Deine professionelle Unterstützung. Ich habe nun alle Schritte erledigt und habe da noch eine abschließende Frage.

Ich habe bisher fast ausschließlich meine Software von Chip.de heruntergeladen in der Meinung, dass hier alles sicher ist.

Kannst Du mir eine andere Plattform empfehlen, wo ich zukünftig die Software sicher herunterladen kann ?

Vielen Dank
Kurti

M-K-D-B 05.07.2014 14:10
Zitat:
Zitat von der-kurti (Beitrag 1326112)
Kannst Du mir eine andere Plattform empfehlen, wo ich zukünftig die Software sicher herunterladen kann ?
Direkt beim jeweiligen Hersteller/Entwickler. :)

Heise.de geht zur Not auch.



Ich bin froh, dass wir helfen konnten :abklatsch:

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! :)

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:20 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131