|
Plagegeister aller Art und deren Bekämpfung: Nation Zoom :( ich weiß nicht weiterWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.12.2013, 21:06 | #1 |
| Nation Zoom :( ich weiß nicht weiter Guten Abend liebes Trojaner-Board Ich habe seit heute das Problem das sich Nation Zoom immer selbständigt öffnet. Bei der Suche im Internet bin ich immer auf dieses Forum hier gestoßen. Dabei habe ich schon einiges gelesen und auch das man auf eigene Faust besser nichts machen sollte. Ich kenne mich mit PCs nicht so super aus und hoffe auf eure Hilfe. mfg |
29.12.2013, 21:35 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Nation Zoom :( ich weiß nicht weiter Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
29.12.2013, 21:51 | #3 |
| Nation Zoom :( ich weiß nicht weiter FRST Logfile:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01 Ran by Timo T (administrator) on TIMO on 29-12-2013 21:46:01 Running from C:\Users\Timo T\Downloads Windows 8.1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Updater) C:\ProgramData\Updater\updater.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (PC Utilities Pro) C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (PC Utilities Pro) C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe (Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe () C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (Jump Flip) C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\livecomm.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-25] (ELAN Microelectronics Corp.) HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] () HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM-x32\...\Run: [BakupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation) HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1644680 2013-03-10] (Ask) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [486264 2013-12-18] (Updater) HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761024 2013-12-13] () HKLM-x32\...\Runonce: [Del4089953] - cmd.exe /Q /D /c del "C:\Users\TIMOT~1\AppData\Local\Temp\0.del" [x] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications)) HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung) HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung) HKCU\...\Run: [Facebook Update] - C:\Users\Timo T\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-10] (Facebook Inc.) HKCU\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [134648 2013-10-28] () HKCU\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [486264 2013-12-18] (Updater) HKCU\...\Run: [NextLive] - C:\WINDOWS\SysWOW64\rundll32.exe "C:\Users\Timo T\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l HKCU\...\Runonce: [Del4089953] - cmd.exe /Q /D /c del "C:\Users\TIMOT~1\AppData\Local\Temp\0.del" AppInit_DLLs: C:\Windows\System32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll c:\progra~2\optimi~1\optpro~1.dll [4279112 2013-10-29] () Startup: C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms} URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms} SearchScopes: HKLM - {12086C10-E61B-4C87-8253-D990FA7080CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms} SearchScopes: HKLM-x32 - {12086C10-E61B-4C87-8253-D990FA7080CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms} SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms} SearchScopes: HKCU - {12086C10-E61B-4C87-8253-D990FA7080CB} URL = SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms} SearchScopes: HKCU - {E45BDB2D-6143-413D-9FF7-1865745671DC} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=a4d03a85-bda5-450d-adb1-2b4d82f33cf8&apn_sauid=1250515E-8CA1-4AEB-9464-30C3704A7870 BHO: saavinugtoyyou - {3452EE4D-89B3-E1D4-FF71-706C2912BF03} - C:\ProgramData\saavinugtoyyou\OrmbLjH6I_.x64.dll () BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: dOwwnnloadittkeep - {82E8CB70-1EDF-3579-F279-ABEA2CAE660B} - C:\ProgramData\dOwwnnloadittkeep\xKeUtMS2U.x64.dll () BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Jump Flip - {6db9fdfe-b718-4962-be0c-0a5fce7f7f7b} - C:\Program Files (x86)\Jump Flip\JumpFlipBHO.dll (Jump Flip) BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) BHO-x32: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals) Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default FF user.js: detected! => C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\user.js FF NewTab: hxxp://www.nationzoom.com/newtab/?type=nt&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542 FF DefaultSearchEngine: nationzoom FF SearchEngineOrder.1: Ask.com FF SelectedSearchEngine: nationzoom FF Homepage: hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Timo T\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF SearchPlugin: C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\searchplugins\askcom.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\nationzoom.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: dOwwnnloadittkeep - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\d.u8vact@ocvzuyoytmw-.net FF Extension: Ask Toolbar - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\toolbar@ask.com FF Extension: saavinugtoyyou - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\vxavvpc@ptwb-rm.com FF Extension: Foxtab Speed Dial - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab} FF Extension: Jump Flip - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\firefox@jumpflip.net.xpi FF Extension: BonanzaDeals - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542 Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [ieadcoanfjloocmfafkebdnfefmohngj] - C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 70e6ca8c; C:\WINDOWS\system32\rundll32.exe [52736 2013-08-22] (Microsoft Corporation) R2 70e6ca8c; C:\WINDOWS\SysWow64\rundll32.exe [49664 2013-08-22] (Microsoft Corporation) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It) S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-06] (BonanzaDeals) S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-06] (BonanzaDeals) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation) S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation) R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-15] (Dritek System INC.) R2 Update Jump Flip; C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe [65312 2013-12-27] (Jump Flip) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-15] (Dritek System Inc.) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-29 21:46 - 2013-12-29 21:46 - 00023240 _____ C:\Users\Timo T\Downloads\FRST.txt 2013-12-29 21:45 - 2013-12-29 21:45 - 00000000 ____D C:\FRST 2013-12-29 21:44 - 2013-12-29 21:44 - 01931302 _____ (Farbar) C:\Users\Timo T\Downloads\FRST64.exe 2013-12-29 21:40 - 2013-12-29 21:40 - 00000000 ____D C:\Program Files (x86)\Jump Flip 2013-12-29 21:39 - 2013-12-29 21:39 - 00003120 _____ C:\WINDOWS\System32\Tasks\Advanced System Protector_startup 2013-12-29 21:39 - 2013-12-29 21:39 - 00001217 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk 2013-12-29 21:39 - 2013-12-29 21:39 - 00001103 _____ C:\Users\Timo T\Desktop\MyPC Backup.lnk 2013-12-29 21:39 - 2013-12-29 21:39 - 00001035 _____ C:\Users\Timo T\Desktop\Mobogenie.lnk 2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup 2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie 2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\ProgramData\Systweak 2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Program Files (x86)\MyPC Backup 2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector 2013-12-29 21:39 - 2012-07-25 12:03 - 00016896 _____ C:\WINDOWS\system32\sasnative64.exe 2013-12-29 21:38 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Systweak 2013-12-29 21:38 - 2013-12-29 21:39 - 00000000 ____D C:\Program Files (x86)\Mobogenie 2013-12-29 21:38 - 2013-12-29 21:38 - 00003316 _____ C:\WINDOWS\System32\Tasks\Advanced System Protector 2013-12-29 21:38 - 2013-12-29 21:38 - 00003108 _____ C:\WINDOWS\System32\Tasks\RegClean Pro 2013-12-29 21:38 - 2013-12-29 21:38 - 00003012 _____ C:\WINDOWS\System32\Tasks\RegClean Pro_UPDATES 2013-12-29 21:38 - 2013-12-29 21:38 - 00002856 _____ C:\WINDOWS\System32\Tasks\RegClean Pro_DEFAULT 2013-12-29 21:38 - 2013-12-29 21:38 - 00002646 _____ C:\WINDOWS\System32\Tasks\Digital Sites 2013-12-29 21:38 - 2013-12-29 21:38 - 00001130 _____ C:\Users\Public\Desktop\Open It!.lnk 2013-12-29 21:38 - 2013-12-29 21:38 - 00001066 _____ C:\Users\Public\Desktop\RegClean Pro.lnk 2013-12-29 21:38 - 2013-12-29 21:38 - 00000308 _____ C:\WINDOWS\Tasks\Digital Sites.job 2013-12-29 21:38 - 2013-12-29 21:38 - 00000296 _____ C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job 2013-12-29 21:38 - 2013-12-29 21:38 - 00000288 _____ C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job 2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\DigitalSites 2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Program Files (x86)\RegClean Pro 2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Program Files (x86)\OpenIt 2013-12-29 21:38 - 2013-11-22 15:42 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\WINDOWS\system32\roboot64.exe 2013-12-29 21:37 - 2013-12-29 21:37 - 00673568 _____ ( ) C:\Users\Timo T\Downloads\ZipOpenerSetup.exe 2013-12-29 20:31 - 2013-12-29 20:31 - 00000000 ____D C:\ProgramData\Websteroids 2013-12-29 19:44 - 2013-12-29 19:44 - 00000000 ____D C:\ProgramData\Oracle 2013-12-29 19:44 - 2013-12-29 19:43 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-12-29 19:44 - 2013-12-29 19:43 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-12-29 19:44 - 2013-12-29 19:43 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-12-29 19:44 - 2013-12-29 19:43 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2013-12-29 19:43 - 2013-12-29 19:43 - 00000000 ____D C:\Program Files\Java 2013-12-29 19:42 - 2013-12-29 19:42 - 30694824 _____ (Oracle Corporation) C:\Users\Timo T\Downloads\jre-7u45-windows-x64.exe 2013-12-29 19:39 - 2013-12-29 19:39 - 00470032 _____ C:\Users\Timo T\Downloads\Java.exe 2013-12-29 18:16 - 2013-12-29 21:45 - 00000000 ____D C:\Users\Timo T\AppData\Local\Mobogenie 2013-12-29 18:16 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Local\genienext 2013-12-29 18:16 - 2013-12-29 20:31 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\newnext.me 2013-12-29 18:16 - 2013-12-29 20:21 - 00000138 _____ C:\Users\Timo T\daemonprocess.txt 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\Documents\Mobogenie 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Local\cache 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\.android 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\Updater 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\RHelpers 2013-12-29 18:15 - 2013-12-29 20:25 - 00000000 ____D C:\ProgramData\WPM 2013-12-29 18:15 - 2013-12-29 20:24 - 00000000 ____D C:\Users\Timo T\AppData\Local\Lollipop 2013-12-29 18:14 - 2013-12-29 18:14 - 00002066 _____ C:\Users\Timo T\Desktop\Continue installation - FlashPlayer.lnk 2013-12-29 18:11 - 2013-12-29 18:11 - 00336936 _____ (Amônétízé Ltd) C:\Users\Timo T\Downloads\FlashPlayer__4003_i220968287_il14.exe 2013-12-29 10:33 - 2013-12-29 10:33 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Bonanza 2013-12-24 15:58 - 2013-12-24 16:01 - 00000000 ____D C:\ProgramData\dOwwnnloadittkeep 2013-12-24 15:58 - 2013-12-24 16:00 - 00000000 ____D C:\ProgramData\saavinugtoyyou 2013-12-24 15:58 - 2013-12-24 15:58 - 00000000 ____D C:\ProgramData\e8a480b429bfdc00 2013-12-23 21:18 - 2013-12-23 21:57 - 119282768 _____ (Black & Bloody Vengeance) C:\Users\Timo T\Downloads\[BV] Mod Collection Installer 8.10.4.exe 2013-12-21 20:07 - 2013-12-21 20:07 - 00002236 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-12-21 19:52 - 2013-12-21 19:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-20 21:03 - 2013-12-23 22:18 - 00001077 _____ C:\Users\Public\Desktop\ActiveDossierUploader.lnk 2013-12-20 21:03 - 2013-12-23 22:18 - 00001027 _____ C:\Users\Public\Desktop\Radial Menu Editor.lnk 2013-12-20 21:03 - 2013-12-23 22:18 - 00000942 _____ C:\Users\Public\Desktop\Setup WoT Stats.lnk 2013-12-20 21:03 - 2013-12-23 22:18 - 00000096 _____ C:\Users\Public\Desktop\[BV] Mod Collection Updates.url 2013-12-18 18:26 - 2013-12-18 18:26 - 00000030 _____ C:\Users\Timo T\AppData\Roaming\WB.CFG 2013-12-14 17:53 - 2013-11-12 00:41 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2013-12-14 17:53 - 2013-11-12 00:40 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2013-12-14 17:53 - 2013-11-12 00:27 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2013-12-14 17:53 - 2013-11-12 00:24 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2013-12-14 17:53 - 2013-11-11 03:48 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2013-12-14 17:53 - 2013-11-09 12:55 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2013-12-14 17:53 - 2013-11-09 07:37 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe 2013-12-14 17:53 - 2013-11-09 06:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe 2013-12-14 17:53 - 2013-11-08 11:26 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2013-12-14 17:53 - 2013-11-08 05:43 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2013-12-14 17:53 - 2013-11-08 05:28 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2013-12-14 17:53 - 2013-11-08 05:26 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2013-12-14 17:53 - 2013-11-08 05:16 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2013-12-14 17:53 - 2013-11-08 05:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2013-12-14 17:53 - 2013-11-08 05:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll 2013-12-14 17:53 - 2013-11-08 04:41 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2013-12-14 17:53 - 2013-11-08 04:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2013-12-14 17:53 - 2013-11-05 15:19 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2013-12-14 17:53 - 2013-11-05 15:03 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2013-12-14 17:53 - 2013-11-05 14:57 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2013-12-14 17:53 - 2013-11-05 14:33 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2013-12-14 17:53 - 2013-11-05 14:32 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2013-12-14 17:53 - 2013-11-04 18:13 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2013-12-14 17:53 - 2013-11-04 18:13 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2013-12-14 17:53 - 2013-11-04 14:07 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll 2013-12-14 17:53 - 2013-11-04 12:50 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2013-12-14 17:53 - 2013-11-04 11:32 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2013-12-14 17:53 - 2013-11-04 03:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll 2013-12-14 17:53 - 2013-11-04 02:30 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2013-12-14 17:53 - 2013-11-01 12:39 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2013-12-14 17:53 - 2013-11-01 07:08 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll 2013-12-14 17:53 - 2013-11-01 06:57 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll 2013-12-14 17:53 - 2013-10-31 01:58 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2013-12-14 17:53 - 2013-10-31 01:42 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2013-12-14 17:53 - 2013-10-31 01:33 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2013-12-14 17:53 - 2013-10-31 01:33 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2013-12-14 17:53 - 2013-10-31 01:33 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2013-12-14 17:53 - 2013-10-31 01:33 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2013-12-14 17:53 - 2013-10-26 02:54 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys 2013-12-14 17:53 - 2013-10-24 10:31 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll 2013-12-14 17:53 - 2013-10-24 10:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll 2013-12-14 17:53 - 2013-10-17 12:21 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2013-12-14 17:53 - 2013-10-17 11:36 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2013-12-14 17:53 - 2013-10-05 15:21 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2013-12-14 17:53 - 2013-10-05 15:21 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2013-12-14 17:53 - 2013-10-05 13:05 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2013-12-14 17:53 - 2013-10-05 13:05 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2013-12-12 19:56 - 2013-12-12 21:13 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\TS3Client 2013-12-12 19:52 - 2013-11-23 05:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll 2013-12-12 19:52 - 2013-11-23 05:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll 2013-12-12 19:52 - 2013-11-23 04:32 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2013-12-12 19:52 - 2013-11-23 04:10 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2013-12-12 19:52 - 2013-11-09 07:34 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2013-12-12 19:52 - 2013-11-09 07:34 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2013-12-12 19:52 - 2013-11-09 06:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2013-12-12 19:51 - 2013-12-12 19:51 - 00001222 _____ C:\Users\Timo T\Desktop\TeamSpeak 3 Client.lnk 2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Local\TeamSpeak 3 Client 2013-12-12 19:31 - 2013-12-12 19:33 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\Timo T\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe 2013-12-12 18:38 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2013-12-12 18:38 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2013-12-12 18:38 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2013-12-12 18:38 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2013-12-12 18:38 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2013-12-12 18:38 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2013-12-12 18:38 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2013-12-12 18:38 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2013-12-12 18:38 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2013-12-12 18:38 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2013-12-12 18:38 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2013-12-12 18:38 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2013-12-12 18:38 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2013-12-12 18:38 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2013-12-12 18:38 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2013-12-12 18:38 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2013-12-12 18:38 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2013-12-12 18:38 - 2013-11-08 08:21 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2013-12-12 18:38 - 2013-10-19 09:53 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll 2013-12-12 18:38 - 2013-10-19 08:14 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll 2013-12-12 18:38 - 2013-10-15 09:54 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll 2013-12-12 18:38 - 2013-10-15 09:03 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll 2013-11-30 12:18 - 2013-12-29 21:40 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A1E9E32D-55A8-4BAF-90D6-784E9A0B66BE} ==================== One Month Modified Files and Folders ======= 2013-12-29 21:46 - 2013-12-29 21:46 - 00023240 _____ C:\Users\Timo T\Downloads\FRST.txt 2013-12-29 21:46 - 2013-10-18 22:09 - 01243131 _____ C:\WINDOWS\WindowsUpdate.log 2013-12-29 21:45 - 2013-12-29 21:45 - 00000000 ____D C:\FRST 2013-12-29 21:45 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Local\Mobogenie 2013-12-29 21:44 - 2013-12-29 21:44 - 01931302 _____ (Farbar) C:\Users\Timo T\Downloads\FRST64.exe 2013-12-29 21:44 - 2012-11-18 01:01 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1946761082-257476130-358862400-1002 2013-12-29 21:40 - 2013-12-29 21:40 - 00000000 ____D C:\Program Files (x86)\Jump Flip 2013-12-29 21:40 - 2013-11-30 12:18 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A1E9E32D-55A8-4BAF-90D6-784E9A0B66BE} 2013-12-29 21:39 - 2013-12-29 21:39 - 00003120 _____ C:\WINDOWS\System32\Tasks\Advanced System Protector_startup 2013-12-29 21:39 - 2013-12-29 21:39 - 00001217 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk 2013-12-29 21:39 - 2013-12-29 21:39 - 00001103 _____ C:\Users\Timo T\Desktop\MyPC Backup.lnk 2013-12-29 21:39 - 2013-12-29 21:39 - 00001035 _____ C:\Users\Timo T\Desktop\Mobogenie.lnk 2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup 2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie 2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\ProgramData\Systweak 2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Program Files (x86)\MyPC Backup 2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector 2013-12-29 21:39 - 2013-12-29 21:38 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Systweak 2013-12-29 21:39 - 2013-12-29 21:38 - 00000000 ____D C:\Program Files (x86)\Mobogenie 2013-12-29 21:39 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Local\genienext 2013-12-29 21:39 - 2012-11-18 00:51 - 00000000 ___RD C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-12-29 21:38 - 2013-12-29 21:38 - 00003316 _____ C:\WINDOWS\System32\Tasks\Advanced System Protector 2013-12-29 21:38 - 2013-12-29 21:38 - 00003108 _____ C:\WINDOWS\System32\Tasks\RegClean Pro 2013-12-29 21:38 - 2013-12-29 21:38 - 00003012 _____ C:\WINDOWS\System32\Tasks\RegClean Pro_UPDATES 2013-12-29 21:38 - 2013-12-29 21:38 - 00002856 _____ C:\WINDOWS\System32\Tasks\RegClean Pro_DEFAULT 2013-12-29 21:38 - 2013-12-29 21:38 - 00002646 _____ C:\WINDOWS\System32\Tasks\Digital Sites 2013-12-29 21:38 - 2013-12-29 21:38 - 00001130 _____ C:\Users\Public\Desktop\Open It!.lnk 2013-12-29 21:38 - 2013-12-29 21:38 - 00001066 _____ C:\Users\Public\Desktop\RegClean Pro.lnk 2013-12-29 21:38 - 2013-12-29 21:38 - 00000308 _____ C:\WINDOWS\Tasks\Digital Sites.job 2013-12-29 21:38 - 2013-12-29 21:38 - 00000296 _____ C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job 2013-12-29 21:38 - 2013-12-29 21:38 - 00000288 _____ C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job 2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\DigitalSites 2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Program Files (x86)\RegClean Pro 2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Program Files (x86)\OpenIt 2013-12-29 21:37 - 2013-12-29 21:37 - 00673568 _____ ( ) C:\Users\Timo T\Downloads\ZipOpenerSetup.exe 2013-12-29 21:31 - 2013-11-06 20:26 - 00000936 _____ C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job 2013-12-29 21:28 - 2013-02-03 13:41 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-12-29 21:27 - 2013-11-06 20:27 - 00000308 _____ C:\WINDOWS\Tasks\UpdaterEX.job 2013-12-29 21:26 - 2013-11-06 20:26 - 00000304 _____ C:\WINDOWS\Tasks\FoxTab.job 2013-12-29 21:05 - 2013-07-25 21:49 - 00001120 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-29 21:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru 2013-12-29 20:31 - 2013-12-29 20:31 - 00000000 ____D C:\ProgramData\Websteroids 2013-12-29 20:31 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\newnext.me 2013-12-29 20:31 - 2013-11-06 20:26 - 00000932 _____ C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job 2013-12-29 20:31 - 2013-10-18 22:20 - 00000000 __RDO C:\Users\Timo T\SkyDrive 2013-12-29 20:30 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-12-29 20:30 - 2013-07-25 21:49 - 00001116 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-29 20:29 - 2013-09-29 20:04 - 00003230 _____ C:\WINDOWS\PFRO.log 2013-12-29 20:29 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2013-12-29 20:26 - 2013-11-06 20:26 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals 2013-12-29 20:25 - 2013-12-29 18:15 - 00000000 ____D C:\ProgramData\WPM 2013-12-29 20:24 - 2013-12-29 18:15 - 00000000 ____D C:\Users\Timo T\AppData\Local\Lollipop 2013-12-29 20:21 - 2013-12-29 18:16 - 00000138 _____ C:\Users\Timo T\daemonprocess.txt 2013-12-29 19:44 - 2013-12-29 19:44 - 00000000 ____D C:\ProgramData\Oracle 2013-12-29 19:43 - 2013-12-29 19:44 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-12-29 19:43 - 2013-12-29 19:44 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-12-29 19:43 - 2013-12-29 19:44 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-12-29 19:43 - 2013-12-29 19:44 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2013-12-29 19:43 - 2013-12-29 19:43 - 00000000 ____D C:\Program Files\Java 2013-12-29 19:42 - 2013-12-29 19:42 - 30694824 _____ (Oracle Corporation) C:\Users\Timo T\Downloads\jre-7u45-windows-x64.exe 2013-12-29 19:39 - 2013-12-29 19:39 - 00470032 _____ C:\Users\Timo T\Downloads\Java.exe 2013-12-29 19:16 - 2013-03-10 13:11 - 00000942 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002UA.job 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\Documents\Mobogenie 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Local\cache 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\.android 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\Updater 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\RHelpers 2013-12-29 18:16 - 2013-10-18 21:52 - 00000000 ____D C:\Users\Timo T 2013-12-29 18:15 - 2013-10-18 22:16 - 00001678 _____ C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-29 18:15 - 2012-11-18 01:37 - 00001363 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-12-29 18:14 - 2013-12-29 18:14 - 00002066 _____ C:\Users\Timo T\Desktop\Continue installation - FlashPlayer.lnk 2013-12-29 18:11 - 2013-12-29 18:11 - 00336936 _____ (Amônétízé Ltd) C:\Users\Timo T\Downloads\FlashPlayer__4003_i220968287_il14.exe 2013-12-29 13:16 - 2013-03-10 13:11 - 00000920 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002Core.job 2013-12-29 10:33 - 2013-12-29 10:33 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Bonanza 2013-12-24 16:01 - 2013-12-24 15:58 - 00000000 ____D C:\ProgramData\dOwwnnloadittkeep 2013-12-24 16:00 - 2013-12-24 15:58 - 00000000 ____D C:\ProgramData\saavinugtoyyou 2013-12-24 15:58 - 2013-12-24 15:58 - 00000000 ____D C:\ProgramData\e8a480b429bfdc00 2013-12-24 11:39 - 2013-11-06 20:27 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro 2013-12-23 22:19 - 2013-11-04 18:21 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Black & Bloody Vengeance 2013-12-23 22:18 - 2013-12-20 21:03 - 00001077 _____ C:\Users\Public\Desktop\ActiveDossierUploader.lnk 2013-12-23 22:18 - 2013-12-20 21:03 - 00001027 _____ C:\Users\Public\Desktop\Radial Menu Editor.lnk 2013-12-23 22:18 - 2013-12-20 21:03 - 00000942 _____ C:\Users\Public\Desktop\Setup WoT Stats.lnk 2013-12-23 22:18 - 2013-12-20 21:03 - 00000096 _____ C:\Users\Public\Desktop\[BV] Mod Collection Updates.url 2013-12-23 21:57 - 2013-12-23 21:18 - 119282768 _____ (Black & Bloody Vengeance) C:\Users\Timo T\Downloads\[BV] Mod Collection Installer 8.10.4.exe 2013-12-22 15:38 - 2013-08-17 19:11 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-12-22 15:36 - 2013-01-01 03:07 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-12-22 15:00 - 2012-11-18 01:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-21 20:22 - 2013-11-15 20:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak 2013-12-21 20:07 - 2013-12-21 20:07 - 00002236 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-12-21 20:07 - 2013-07-25 21:49 - 00000000 ____D C:\Program Files (x86)\Google 2013-12-21 19:52 - 2013-12-21 19:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-20 20:43 - 2013-09-30 05:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-12-20 20:43 - 2013-09-30 04:56 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat 2013-12-20 20:43 - 2013-09-30 04:56 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat 2013-12-18 18:30 - 2013-05-07 18:32 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2013-12-18 18:30 - 2013-03-30 20:34 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2013-12-18 18:30 - 2013-03-30 20:34 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2013-12-18 18:26 - 2013-12-18 18:26 - 00000030 _____ C:\Users\Timo T\AppData\Roaming\WB.CFG 2013-12-16 21:29 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache 2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData 2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore 2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer 2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager 2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera 2013-12-14 17:45 - 2013-08-22 15:44 - 00335992 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-12-12 21:13 - 2013-12-12 19:56 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\TS3Client 2013-12-12 19:51 - 2013-12-12 19:51 - 00001222 _____ C:\Users\Timo T\Desktop\TeamSpeak 3 Client.lnk 2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Local\TeamSpeak 3 Client 2013-12-12 19:33 - 2013-12-12 19:31 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\Timo T\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe 2013-12-12 19:00 - 2013-07-25 21:49 - 00004092 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2013-12-12 19:00 - 2013-07-25 21:49 - 00003856 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2013-12-10 20:28 - 2013-02-03 13:41 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2013-12-04 01:05 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2013-12-04 01:05 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-03 19:42 - 2013-01-19 11:27 - 00003812 _____ C:\WINDOWS\System32\Tasks\Scheduled Update for Ask Toolbar 2013-12-03 19:42 - 2013-01-19 11:27 - 00000000 ____D C:\Program Files (x86)\Ask.com 2013-12-03 19:39 - 2013-08-22 15:46 - 00333628 _____ C:\WINDOWS\setupact.log 2013-12-02 21:17 - 2013-05-09 12:45 - 00000000 ____D C:\Users\Timo T\AppData\Local\DoNotTrackPlus Some content of TEMP: ==================== C:\Users\Timo T\AppData\Local\Temp\avgnt.exe C:\Users\Timo T\AppData\Local\Temp\BackupSetup.exe C:\Users\Timo T\AppData\Local\Temp\FlashPlayer__4003_i220968287_il14.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-29 20:16 ==================== End Of Log ============================ --- --- --- --- --- --- FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01 Ran by Timo T (administrator) on TIMO on 29-12-2013 21:46:01 Running from C:\Users\Timo T\Downloads Windows 8.1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Updater) C:\ProgramData\Updater\updater.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (PC Utilities Pro) C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (PC Utilities Pro) C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe (Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe () C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (Jump Flip) C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\livecomm.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-25] (ELAN Microelectronics Corp.) HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] () HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM-x32\...\Run: [BakupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation) HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1644680 2013-03-10] (Ask) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [486264 2013-12-18] (Updater) HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761024 2013-12-13] () HKLM-x32\...\Runonce: [Del4089953] - cmd.exe /Q /D /c del "C:\Users\TIMOT~1\AppData\Local\Temp\0.del" [x] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications)) HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung) HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung) HKCU\...\Run: [Facebook Update] - C:\Users\Timo T\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-10] (Facebook Inc.) HKCU\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [134648 2013-10-28] () HKCU\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [486264 2013-12-18] (Updater) HKCU\...\Run: [NextLive] - C:\WINDOWS\SysWOW64\rundll32.exe "C:\Users\Timo T\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l HKCU\...\Runonce: [Del4089953] - cmd.exe /Q /D /c del "C:\Users\TIMOT~1\AppData\Local\Temp\0.del" AppInit_DLLs: C:\Windows\System32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll c:\progra~2\optimi~1\optpro~1.dll [4279112 2013-10-29] () Startup: C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms} URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms} SearchScopes: HKLM - {12086C10-E61B-4C87-8253-D990FA7080CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms} SearchScopes: HKLM-x32 - {12086C10-E61B-4C87-8253-D990FA7080CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms} SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms} SearchScopes: HKCU - {12086C10-E61B-4C87-8253-D990FA7080CB} URL = SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms} SearchScopes: HKCU - {E45BDB2D-6143-413D-9FF7-1865745671DC} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=a4d03a85-bda5-450d-adb1-2b4d82f33cf8&apn_sauid=1250515E-8CA1-4AEB-9464-30C3704A7870 BHO: saavinugtoyyou - {3452EE4D-89B3-E1D4-FF71-706C2912BF03} - C:\ProgramData\saavinugtoyyou\OrmbLjH6I_.x64.dll () BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: dOwwnnloadittkeep - {82E8CB70-1EDF-3579-F279-ABEA2CAE660B} - C:\ProgramData\dOwwnnloadittkeep\xKeUtMS2U.x64.dll () BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Jump Flip - {6db9fdfe-b718-4962-be0c-0a5fce7f7f7b} - C:\Program Files (x86)\Jump Flip\JumpFlipBHO.dll (Jump Flip) BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) BHO-x32: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals) Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default FF user.js: detected! => C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\user.js FF NewTab: hxxp://www.nationzoom.com/newtab/?type=nt&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542 FF DefaultSearchEngine: nationzoom FF SearchEngineOrder.1: Ask.com FF SelectedSearchEngine: nationzoom FF Homepage: hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Timo T\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF SearchPlugin: C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\searchplugins\askcom.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\nationzoom.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: dOwwnnloadittkeep - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\d.u8vact@ocvzuyoytmw-.net FF Extension: Ask Toolbar - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\toolbar@ask.com FF Extension: saavinugtoyyou - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\vxavvpc@ptwb-rm.com FF Extension: Foxtab Speed Dial - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab} FF Extension: Jump Flip - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\firefox@jumpflip.net.xpi FF Extension: BonanzaDeals - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542 Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR HKLM-x32\...\Chrome\Extension: [ieadcoanfjloocmfafkebdnfefmohngj] - C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 70e6ca8c; C:\WINDOWS\system32\rundll32.exe [52736 2013-08-22] (Microsoft Corporation) R2 70e6ca8c; C:\WINDOWS\SysWow64\rundll32.exe [49664 2013-08-22] (Microsoft Corporation) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It) S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-06] (BonanzaDeals) S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-06] (BonanzaDeals) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation) S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation) R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-15] (Dritek System INC.) R2 Update Jump Flip; C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe [65312 2013-12-27] (Jump Flip) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-15] (Dritek System Inc.) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-29 21:46 - 2013-12-29 21:46 - 00023240 _____ C:\Users\Timo T\Downloads\FRST.txt 2013-12-29 21:45 - 2013-12-29 21:45 - 00000000 ____D C:\FRST 2013-12-29 21:44 - 2013-12-29 21:44 - 01931302 _____ (Farbar) C:\Users\Timo T\Downloads\FRST64.exe 2013-12-29 21:40 - 2013-12-29 21:40 - 00000000 ____D C:\Program Files (x86)\Jump Flip 2013-12-29 21:39 - 2013-12-29 21:39 - 00003120 _____ C:\WINDOWS\System32\Tasks\Advanced System Protector_startup 2013-12-29 21:39 - 2013-12-29 21:39 - 00001217 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk 2013-12-29 21:39 - 2013-12-29 21:39 - 00001103 _____ C:\Users\Timo T\Desktop\MyPC Backup.lnk 2013-12-29 21:39 - 2013-12-29 21:39 - 00001035 _____ C:\Users\Timo T\Desktop\Mobogenie.lnk 2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup 2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie 2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\ProgramData\Systweak 2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Program Files (x86)\MyPC Backup 2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector 2013-12-29 21:39 - 2012-07-25 12:03 - 00016896 _____ C:\WINDOWS\system32\sasnative64.exe 2013-12-29 21:38 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Systweak 2013-12-29 21:38 - 2013-12-29 21:39 - 00000000 ____D C:\Program Files (x86)\Mobogenie 2013-12-29 21:38 - 2013-12-29 21:38 - 00003316 _____ C:\WINDOWS\System32\Tasks\Advanced System Protector 2013-12-29 21:38 - 2013-12-29 21:38 - 00003108 _____ C:\WINDOWS\System32\Tasks\RegClean Pro 2013-12-29 21:38 - 2013-12-29 21:38 - 00003012 _____ C:\WINDOWS\System32\Tasks\RegClean Pro_UPDATES 2013-12-29 21:38 - 2013-12-29 21:38 - 00002856 _____ C:\WINDOWS\System32\Tasks\RegClean Pro_DEFAULT 2013-12-29 21:38 - 2013-12-29 21:38 - 00002646 _____ C:\WINDOWS\System32\Tasks\Digital Sites 2013-12-29 21:38 - 2013-12-29 21:38 - 00001130 _____ C:\Users\Public\Desktop\Open It!.lnk 2013-12-29 21:38 - 2013-12-29 21:38 - 00001066 _____ C:\Users\Public\Desktop\RegClean Pro.lnk 2013-12-29 21:38 - 2013-12-29 21:38 - 00000308 _____ C:\WINDOWS\Tasks\Digital Sites.job 2013-12-29 21:38 - 2013-12-29 21:38 - 00000296 _____ C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job 2013-12-29 21:38 - 2013-12-29 21:38 - 00000288 _____ C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job 2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\DigitalSites 2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Program Files (x86)\RegClean Pro 2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Program Files (x86)\OpenIt 2013-12-29 21:38 - 2013-11-22 15:42 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\WINDOWS\system32\roboot64.exe 2013-12-29 21:37 - 2013-12-29 21:37 - 00673568 _____ ( ) C:\Users\Timo T\Downloads\ZipOpenerSetup.exe 2013-12-29 20:31 - 2013-12-29 20:31 - 00000000 ____D C:\ProgramData\Websteroids 2013-12-29 19:44 - 2013-12-29 19:44 - 00000000 ____D C:\ProgramData\Oracle 2013-12-29 19:44 - 2013-12-29 19:43 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-12-29 19:44 - 2013-12-29 19:43 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-12-29 19:44 - 2013-12-29 19:43 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-12-29 19:44 - 2013-12-29 19:43 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2013-12-29 19:43 - 2013-12-29 19:43 - 00000000 ____D C:\Program Files\Java 2013-12-29 19:42 - 2013-12-29 19:42 - 30694824 _____ (Oracle Corporation) C:\Users\Timo T\Downloads\jre-7u45-windows-x64.exe 2013-12-29 19:39 - 2013-12-29 19:39 - 00470032 _____ C:\Users\Timo T\Downloads\Java.exe 2013-12-29 18:16 - 2013-12-29 21:45 - 00000000 ____D C:\Users\Timo T\AppData\Local\Mobogenie 2013-12-29 18:16 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Local\genienext 2013-12-29 18:16 - 2013-12-29 20:31 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\newnext.me 2013-12-29 18:16 - 2013-12-29 20:21 - 00000138 _____ C:\Users\Timo T\daemonprocess.txt 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\Documents\Mobogenie 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Local\cache 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\.android 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\Updater 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\RHelpers 2013-12-29 18:15 - 2013-12-29 20:25 - 00000000 ____D C:\ProgramData\WPM 2013-12-29 18:15 - 2013-12-29 20:24 - 00000000 ____D C:\Users\Timo T\AppData\Local\Lollipop 2013-12-29 18:14 - 2013-12-29 18:14 - 00002066 _____ C:\Users\Timo T\Desktop\Continue installation - FlashPlayer.lnk 2013-12-29 18:11 - 2013-12-29 18:11 - 00336936 _____ (Amônétízé Ltd) C:\Users\Timo T\Downloads\FlashPlayer__4003_i220968287_il14.exe 2013-12-29 10:33 - 2013-12-29 10:33 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Bonanza 2013-12-24 15:58 - 2013-12-24 16:01 - 00000000 ____D C:\ProgramData\dOwwnnloadittkeep 2013-12-24 15:58 - 2013-12-24 16:00 - 00000000 ____D C:\ProgramData\saavinugtoyyou 2013-12-24 15:58 - 2013-12-24 15:58 - 00000000 ____D C:\ProgramData\e8a480b429bfdc00 2013-12-23 21:18 - 2013-12-23 21:57 - 119282768 _____ (Black & Bloody Vengeance) C:\Users\Timo T\Downloads\[BV] Mod Collection Installer 8.10.4.exe 2013-12-21 20:07 - 2013-12-21 20:07 - 00002236 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-12-21 19:52 - 2013-12-21 19:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-20 21:03 - 2013-12-23 22:18 - 00001077 _____ C:\Users\Public\Desktop\ActiveDossierUploader.lnk 2013-12-20 21:03 - 2013-12-23 22:18 - 00001027 _____ C:\Users\Public\Desktop\Radial Menu Editor.lnk 2013-12-20 21:03 - 2013-12-23 22:18 - 00000942 _____ C:\Users\Public\Desktop\Setup WoT Stats.lnk 2013-12-20 21:03 - 2013-12-23 22:18 - 00000096 _____ C:\Users\Public\Desktop\[BV] Mod Collection Updates.url 2013-12-18 18:26 - 2013-12-18 18:26 - 00000030 _____ C:\Users\Timo T\AppData\Roaming\WB.CFG 2013-12-14 17:53 - 2013-11-12 00:41 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2013-12-14 17:53 - 2013-11-12 00:40 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2013-12-14 17:53 - 2013-11-12 00:27 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2013-12-14 17:53 - 2013-11-12 00:24 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2013-12-14 17:53 - 2013-11-11 03:48 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2013-12-14 17:53 - 2013-11-09 12:55 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2013-12-14 17:53 - 2013-11-09 07:37 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe 2013-12-14 17:53 - 2013-11-09 06:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe 2013-12-14 17:53 - 2013-11-08 11:26 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2013-12-14 17:53 - 2013-11-08 05:43 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2013-12-14 17:53 - 2013-11-08 05:28 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2013-12-14 17:53 - 2013-11-08 05:26 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2013-12-14 17:53 - 2013-11-08 05:16 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2013-12-14 17:53 - 2013-11-08 05:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2013-12-14 17:53 - 2013-11-08 05:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll 2013-12-14 17:53 - 2013-11-08 04:41 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2013-12-14 17:53 - 2013-11-08 04:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2013-12-14 17:53 - 2013-11-05 15:19 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2013-12-14 17:53 - 2013-11-05 15:03 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2013-12-14 17:53 - 2013-11-05 14:57 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2013-12-14 17:53 - 2013-11-05 14:33 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2013-12-14 17:53 - 2013-11-05 14:32 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2013-12-14 17:53 - 2013-11-04 18:13 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2013-12-14 17:53 - 2013-11-04 18:13 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2013-12-14 17:53 - 2013-11-04 14:07 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll 2013-12-14 17:53 - 2013-11-04 12:50 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2013-12-14 17:53 - 2013-11-04 11:32 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2013-12-14 17:53 - 2013-11-04 03:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll 2013-12-14 17:53 - 2013-11-04 02:30 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2013-12-14 17:53 - 2013-11-01 12:39 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2013-12-14 17:53 - 2013-11-01 07:08 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll 2013-12-14 17:53 - 2013-11-01 06:57 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll 2013-12-14 17:53 - 2013-10-31 01:58 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2013-12-14 17:53 - 2013-10-31 01:42 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2013-12-14 17:53 - 2013-10-31 01:33 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2013-12-14 17:53 - 2013-10-31 01:33 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2013-12-14 17:53 - 2013-10-31 01:33 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2013-12-14 17:53 - 2013-10-31 01:33 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2013-12-14 17:53 - 2013-10-26 02:54 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys 2013-12-14 17:53 - 2013-10-24 10:31 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll 2013-12-14 17:53 - 2013-10-24 10:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll 2013-12-14 17:53 - 2013-10-17 12:21 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2013-12-14 17:53 - 2013-10-17 11:36 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2013-12-14 17:53 - 2013-10-05 15:21 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2013-12-14 17:53 - 2013-10-05 15:21 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2013-12-14 17:53 - 2013-10-05 13:05 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2013-12-14 17:53 - 2013-10-05 13:05 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2013-12-12 19:56 - 2013-12-12 21:13 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\TS3Client 2013-12-12 19:52 - 2013-11-23 05:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll 2013-12-12 19:52 - 2013-11-23 05:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll 2013-12-12 19:52 - 2013-11-23 04:32 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2013-12-12 19:52 - 2013-11-23 04:10 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2013-12-12 19:52 - 2013-11-09 07:34 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2013-12-12 19:52 - 2013-11-09 07:34 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2013-12-12 19:52 - 2013-11-09 06:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2013-12-12 19:51 - 2013-12-12 19:51 - 00001222 _____ C:\Users\Timo T\Desktop\TeamSpeak 3 Client.lnk 2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Local\TeamSpeak 3 Client 2013-12-12 19:31 - 2013-12-12 19:33 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\Timo T\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe 2013-12-12 18:38 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2013-12-12 18:38 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2013-12-12 18:38 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2013-12-12 18:38 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2013-12-12 18:38 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2013-12-12 18:38 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2013-12-12 18:38 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2013-12-12 18:38 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2013-12-12 18:38 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2013-12-12 18:38 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2013-12-12 18:38 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2013-12-12 18:38 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2013-12-12 18:38 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2013-12-12 18:38 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2013-12-12 18:38 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2013-12-12 18:38 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2013-12-12 18:38 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2013-12-12 18:38 - 2013-11-08 08:21 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2013-12-12 18:38 - 2013-10-19 09:53 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll 2013-12-12 18:38 - 2013-10-19 08:14 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll 2013-12-12 18:38 - 2013-10-15 09:54 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll 2013-12-12 18:38 - 2013-10-15 09:03 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll 2013-11-30 12:18 - 2013-12-29 21:40 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A1E9E32D-55A8-4BAF-90D6-784E9A0B66BE} ==================== One Month Modified Files and Folders ======= 2013-12-29 21:46 - 2013-12-29 21:46 - 00023240 _____ C:\Users\Timo T\Downloads\FRST.txt 2013-12-29 21:46 - 2013-10-18 22:09 - 01243131 _____ C:\WINDOWS\WindowsUpdate.log 2013-12-29 21:45 - 2013-12-29 21:45 - 00000000 ____D C:\FRST 2013-12-29 21:45 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Local\Mobogenie 2013-12-29 21:44 - 2013-12-29 21:44 - 01931302 _____ (Farbar) C:\Users\Timo T\Downloads\FRST64.exe 2013-12-29 21:44 - 2012-11-18 01:01 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1946761082-257476130-358862400-1002 2013-12-29 21:40 - 2013-12-29 21:40 - 00000000 ____D C:\Program Files (x86)\Jump Flip 2013-12-29 21:40 - 2013-11-30 12:18 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A1E9E32D-55A8-4BAF-90D6-784E9A0B66BE} 2013-12-29 21:39 - 2013-12-29 21:39 - 00003120 _____ C:\WINDOWS\System32\Tasks\Advanced System Protector_startup 2013-12-29 21:39 - 2013-12-29 21:39 - 00001217 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk 2013-12-29 21:39 - 2013-12-29 21:39 - 00001103 _____ C:\Users\Timo T\Desktop\MyPC Backup.lnk 2013-12-29 21:39 - 2013-12-29 21:39 - 00001035 _____ C:\Users\Timo T\Desktop\Mobogenie.lnk 2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup 2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie 2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\ProgramData\Systweak 2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Program Files (x86)\MyPC Backup 2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector 2013-12-29 21:39 - 2013-12-29 21:38 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Systweak 2013-12-29 21:39 - 2013-12-29 21:38 - 00000000 ____D C:\Program Files (x86)\Mobogenie 2013-12-29 21:39 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Local\genienext 2013-12-29 21:39 - 2012-11-18 00:51 - 00000000 ___RD C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-12-29 21:38 - 2013-12-29 21:38 - 00003316 _____ C:\WINDOWS\System32\Tasks\Advanced System Protector 2013-12-29 21:38 - 2013-12-29 21:38 - 00003108 _____ C:\WINDOWS\System32\Tasks\RegClean Pro 2013-12-29 21:38 - 2013-12-29 21:38 - 00003012 _____ C:\WINDOWS\System32\Tasks\RegClean Pro_UPDATES 2013-12-29 21:38 - 2013-12-29 21:38 - 00002856 _____ C:\WINDOWS\System32\Tasks\RegClean Pro_DEFAULT 2013-12-29 21:38 - 2013-12-29 21:38 - 00002646 _____ C:\WINDOWS\System32\Tasks\Digital Sites 2013-12-29 21:38 - 2013-12-29 21:38 - 00001130 _____ C:\Users\Public\Desktop\Open It!.lnk 2013-12-29 21:38 - 2013-12-29 21:38 - 00001066 _____ C:\Users\Public\Desktop\RegClean Pro.lnk 2013-12-29 21:38 - 2013-12-29 21:38 - 00000308 _____ C:\WINDOWS\Tasks\Digital Sites.job 2013-12-29 21:38 - 2013-12-29 21:38 - 00000296 _____ C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job 2013-12-29 21:38 - 2013-12-29 21:38 - 00000288 _____ C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job 2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\DigitalSites 2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Program Files (x86)\RegClean Pro 2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Program Files (x86)\OpenIt 2013-12-29 21:37 - 2013-12-29 21:37 - 00673568 _____ ( ) C:\Users\Timo T\Downloads\ZipOpenerSetup.exe 2013-12-29 21:31 - 2013-11-06 20:26 - 00000936 _____ C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job 2013-12-29 21:28 - 2013-02-03 13:41 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-12-29 21:27 - 2013-11-06 20:27 - 00000308 _____ C:\WINDOWS\Tasks\UpdaterEX.job 2013-12-29 21:26 - 2013-11-06 20:26 - 00000304 _____ C:\WINDOWS\Tasks\FoxTab.job 2013-12-29 21:05 - 2013-07-25 21:49 - 00001120 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-29 21:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru 2013-12-29 20:31 - 2013-12-29 20:31 - 00000000 ____D C:\ProgramData\Websteroids 2013-12-29 20:31 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\newnext.me 2013-12-29 20:31 - 2013-11-06 20:26 - 00000932 _____ C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job 2013-12-29 20:31 - 2013-10-18 22:20 - 00000000 __RDO C:\Users\Timo T\SkyDrive 2013-12-29 20:30 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-12-29 20:30 - 2013-07-25 21:49 - 00001116 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-29 20:29 - 2013-09-29 20:04 - 00003230 _____ C:\WINDOWS\PFRO.log 2013-12-29 20:29 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2013-12-29 20:26 - 2013-11-06 20:26 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals 2013-12-29 20:25 - 2013-12-29 18:15 - 00000000 ____D C:\ProgramData\WPM 2013-12-29 20:24 - 2013-12-29 18:15 - 00000000 ____D C:\Users\Timo T\AppData\Local\Lollipop 2013-12-29 20:21 - 2013-12-29 18:16 - 00000138 _____ C:\Users\Timo T\daemonprocess.txt 2013-12-29 19:44 - 2013-12-29 19:44 - 00000000 ____D C:\ProgramData\Oracle 2013-12-29 19:43 - 2013-12-29 19:44 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-12-29 19:43 - 2013-12-29 19:44 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-12-29 19:43 - 2013-12-29 19:44 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-12-29 19:43 - 2013-12-29 19:44 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2013-12-29 19:43 - 2013-12-29 19:43 - 00000000 ____D C:\Program Files\Java 2013-12-29 19:42 - 2013-12-29 19:42 - 30694824 _____ (Oracle Corporation) C:\Users\Timo T\Downloads\jre-7u45-windows-x64.exe 2013-12-29 19:39 - 2013-12-29 19:39 - 00470032 _____ C:\Users\Timo T\Downloads\Java.exe 2013-12-29 19:16 - 2013-03-10 13:11 - 00000942 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002UA.job 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\Documents\Mobogenie 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Local\cache 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\.android 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\Updater 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\RHelpers 2013-12-29 18:16 - 2013-10-18 21:52 - 00000000 ____D C:\Users\Timo T 2013-12-29 18:15 - 2013-10-18 22:16 - 00001678 _____ C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-29 18:15 - 2012-11-18 01:37 - 00001363 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-12-29 18:14 - 2013-12-29 18:14 - 00002066 _____ C:\Users\Timo T\Desktop\Continue installation - FlashPlayer.lnk 2013-12-29 18:11 - 2013-12-29 18:11 - 00336936 _____ (Amônétízé Ltd) C:\Users\Timo T\Downloads\FlashPlayer__4003_i220968287_il14.exe 2013-12-29 13:16 - 2013-03-10 13:11 - 00000920 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002Core.job 2013-12-29 10:33 - 2013-12-29 10:33 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Bonanza 2013-12-24 16:01 - 2013-12-24 15:58 - 00000000 ____D C:\ProgramData\dOwwnnloadittkeep 2013-12-24 16:00 - 2013-12-24 15:58 - 00000000 ____D C:\ProgramData\saavinugtoyyou 2013-12-24 15:58 - 2013-12-24 15:58 - 00000000 ____D C:\ProgramData\e8a480b429bfdc00 2013-12-24 11:39 - 2013-11-06 20:27 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro 2013-12-23 22:19 - 2013-11-04 18:21 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Black & Bloody Vengeance 2013-12-23 22:18 - 2013-12-20 21:03 - 00001077 _____ C:\Users\Public\Desktop\ActiveDossierUploader.lnk 2013-12-23 22:18 - 2013-12-20 21:03 - 00001027 _____ C:\Users\Public\Desktop\Radial Menu Editor.lnk 2013-12-23 22:18 - 2013-12-20 21:03 - 00000942 _____ C:\Users\Public\Desktop\Setup WoT Stats.lnk 2013-12-23 22:18 - 2013-12-20 21:03 - 00000096 _____ C:\Users\Public\Desktop\[BV] Mod Collection Updates.url 2013-12-23 21:57 - 2013-12-23 21:18 - 119282768 _____ (Black & Bloody Vengeance) C:\Users\Timo T\Downloads\[BV] Mod Collection Installer 8.10.4.exe 2013-12-22 15:38 - 2013-08-17 19:11 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-12-22 15:36 - 2013-01-01 03:07 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-12-22 15:00 - 2012-11-18 01:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-21 20:22 - 2013-11-15 20:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak 2013-12-21 20:07 - 2013-12-21 20:07 - 00002236 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-12-21 20:07 - 2013-07-25 21:49 - 00000000 ____D C:\Program Files (x86)\Google 2013-12-21 19:52 - 2013-12-21 19:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-20 20:43 - 2013-09-30 05:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-12-20 20:43 - 2013-09-30 04:56 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat 2013-12-20 20:43 - 2013-09-30 04:56 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat 2013-12-18 18:30 - 2013-05-07 18:32 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2013-12-18 18:30 - 2013-03-30 20:34 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2013-12-18 18:30 - 2013-03-30 20:34 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2013-12-18 18:26 - 2013-12-18 18:26 - 00000030 _____ C:\Users\Timo T\AppData\Roaming\WB.CFG 2013-12-16 21:29 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache 2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData 2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore 2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer 2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager 2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera 2013-12-14 17:45 - 2013-08-22 15:44 - 00335992 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-12-12 21:13 - 2013-12-12 19:56 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\TS3Client 2013-12-12 19:51 - 2013-12-12 19:51 - 00001222 _____ C:\Users\Timo T\Desktop\TeamSpeak 3 Client.lnk 2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Local\TeamSpeak 3 Client 2013-12-12 19:33 - 2013-12-12 19:31 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\Timo T\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe 2013-12-12 19:00 - 2013-07-25 21:49 - 00004092 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2013-12-12 19:00 - 2013-07-25 21:49 - 00003856 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2013-12-10 20:28 - 2013-02-03 13:41 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2013-12-04 01:05 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2013-12-04 01:05 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-03 19:42 - 2013-01-19 11:27 - 00003812 _____ C:\WINDOWS\System32\Tasks\Scheduled Update for Ask Toolbar 2013-12-03 19:42 - 2013-01-19 11:27 - 00000000 ____D C:\Program Files (x86)\Ask.com 2013-12-03 19:39 - 2013-08-22 15:46 - 00333628 _____ C:\WINDOWS\setupact.log 2013-12-02 21:17 - 2013-05-09 12:45 - 00000000 ____D C:\Users\Timo T\AppData\Local\DoNotTrackPlus Some content of TEMP: ==================== C:\Users\Timo T\AppData\Local\Temp\avgnt.exe C:\Users\Timo T\AppData\Local\Temp\BackupSetup.exe C:\Users\Timo T\AppData\Local\Temp\FlashPlayer__4003_i220968287_il14.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-29 20:16 ==================== End Of Log ============================ --- --- --- --- --- --- alles Richtig? ich habe noch nichts selber versucht oder irgendelche virenscanns gemacht. |
29.12.2013, 22:00 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Nation Zoom :( ich weiß nicht weiter Ähm, du hast zweimal dasselbe Log gepostet...additions.txt bitte nachreichen
__________________ Logfiles bitte immer in CODE-Tags posten |
29.12.2013, 22:10 | #5 |
| Nation Zoom :( ich weiß nicht weiterCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-12-2013 01 Ran by Timo T at 2013-12-29 21:46:57 Running from C:\Users\Timo T\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== clear.fi SDK - Video 2 (x32 Version: 2.1.1910 - CyberLink Corp.) clear.fi SDK- Movie 2 (x32 Version: 2.1.1910 - CyberLink Corp.) [BV] Mod Collection (x32 Version: 1.08.96 - Black & Bloody Vengeance) [BV] Mod Collection (x32 Version: 8.10.4 - Black & Bloody Vengeance) [BV] Mod Collection Clanlogos (x32 Version: 1.0.1 - Black & Bloody Vengeance) Acer Backup Manager (x32 Version: 4.0.0.0053 - NTI Corporation) Acer Device Fast-lane (Version: 1.00.3003 - Acer Incorporated) Acer Power Management (Version: 7.00.3003 - Acer Incorporated) Acer Recovery Management (Version: 6.00.3006 - Acer Incorporated) AcerCloud (x32 Version: 2.01.3112 - Acer Incorporated) AcerCloud Docs (x32 Version: 1.00.3103 - Acer Incorporated) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated) Advanced System Protector (x32 Version: 2.1.1000.12580 - Systweak Software) <==== ATTENTION Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Ask Toolbar (x32 Version: 1.15.20.0 - Ask.com) <==== ATTENTION Ask Toolbar Updater (HKCU Version: 1.2.4.37949 - Ask.com) <==== ATTENTION Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira) Backup Manager v4 (x32 Version: 4.0.0.0053 - NTI Corporation) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Bonanza Deals (remove only) (x32 Version: 5.0.1.0 - Bonanza Deals) <==== ATTENTION Broadcom Card Reader Driver Installer (Version: 15.4.4.2 - Broadcom Corporation) clear.fi Media (x32 Version: 2.01.3107 - Acer Incorporated) clear.fi Photo (x32 Version: 2.01.3107 - Acer Incorporated) CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819 - CyberLink Corp.) Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Diablo III (x32 Version: 1.0.7.14633 - Blizzard Entertainment) dOwwnnloadittkeep (x32 Version: - dowwneloaDitkeep) eBay Worldwide (x32 Version: 2.3.0630 - OEM) ETDWare PS/2-X64 11.6.11.002_WHQL (Version: 11.6.11.002 - ELAN Microelectronic Corp.) Extended Update (HKCU Version: - ) Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287 - Skype Limited) Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Foxtab (x32 Version: - FoxTab) <==== ATTENTION Free YouTube to MP3 Converter version 3.12.2.430 (x32 Version: 3.12.2.430 - DVDVideoSoft Ltd.) Google Earth (x32 Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Identity Card (x32 Version: 2.00.3002 - Acer Incorporated) Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (x32 Version: 9.17.10.2932 - Intel Corporation) Intel(R) Rapid Storage Technology (x32 Version: 11.5.0.1207 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Jump Flip (Version: 2013.12.27.213125 - Jump Flip) Launch Manager (x32 Version: 7.0.3 - Acer Inc.) Live Updater (x32 Version: 2.00.3002 - Acer Incorporated) Magic Academy (x32 Version: 2.2.0.98 - WildTangent) McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.) Microsoft Office (x32 Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Mobogenie (x32 Version: - Mobogenie.com) Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla) Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla) MyFreeCodec (HKCU Version: - ) MyPC Backup (Version: - MyPC Backup) <==== ATTENTION MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Norton Online Backup (x32 Version: 2.2.3.45 - Symantec Corporation) Norton Online Backup ARA (x32 Version: 4.1.0.10 - Symantec Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) NVIDIA Grafiktreiber 327.02 (Version: 327.02 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.12.0613 (Version: 9.12.0613 - NVIDIA Corporation) NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) NVIDIA Update 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Office Addin (x32 Version: 2.01.3102 - Acer) Office Addin 2003 (x32 Version: 2.01.3102 - Acer) Open It! (x32 Version: 1.1.1 - OpenIt) Optimizer Pro v3.2 (x32 Version: - PC Utilities Software Limited) <==== ATTENTION PartyPoker (x32 Version: - PartyGaming) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) PokerStars.eu (x32 Version: - PokerStars.eu) Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.220 - Qualcomm Atheros Communications) Qualcomm Atheros WLAN and Bluetooth Client Installation Program (x32 Version: 11.41 - Qualcomm Atheros) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6657 - Realtek Semiconductor Corp.) RegClean Pro (x32 Version: 6.21 - Systweak Inc) <==== ATTENTION saavinugtoyyou (x32 Version: - saaviingteoyou) Samsung Kies (x32 Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.) Shared C Run-time for x64 (Version: 10.0.0 - McAfee) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Spotify (x32 Version: 0.8.4.99.ga249b5f1 - Spotify AB) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) TeamSpeak 3 Client (HKCU Version: 3.0.13 - TeamSpeak Systems GmbH) Update for Zip Opener (HKCU Version: - Update for Zip Opener) <==== ATTENTION Update Installer for WildTangent Games App (x32 Version: - WildTangent) Updater (x32 Version: 2.6.53 - Creative Island Media, LLC) Visual Studio 2005 Tools for Office Second Edition Runtime (x32 Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (x32 Version: 1 - Microsoft Corporation) WildTangent Games (x32 Version: 1.0.3.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) World of Tanks (x32 Version: - Wargaming.net) Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) ==================== Restore Points ========================= 12-12-2013 18:36:35 Windows Update 16-12-2013 19:49:25 Windows Update 20-12-2013 19:43:13 [BV] Mod Collection wird entfernt 22-12-2013 11:33:13 TuneUp Utilities 2013 wird entfernt 23-12-2013 21:03:01 [BV] Mod Collection Clanlogos wird installiert 29-12-2013 18:43:16 Installed Java 7 Update 45 (64-bit) ==================== Hosts content: ========================== 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {06ED8BF8-E717-42D3-BBC6-0D7C533292BB} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-11-22] (Systweak Inc) <==== ATTENTION Task: {0AACCEF9-366E-482B-8EEF-DED69FAD4A19} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-11-06] (BonanzaDeals) <==== ATTENTION Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {17E4CA9F-25FD-494E-BB74-B84A209FCA12} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] () Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {20C819B0-6EC1-4924-A3A2-EC3C2E43BA90} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002UA => C:\Users\Timo T\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-10] (Facebook Inc.) Task: {25726081-A397-417C-9053-4AB4590B4DFF} - System32\Tasks\startDestop => C:\Windows\explorer.exe [2013-10-22] (Microsoft Corporation) Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {2E49E5DC-0515-48BC-BA84-72D978DF82F3} - System32\Tasks\FoxTab => C:\Users\Timo T\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {397C436B-F8FA-42B2-BCA9-42956095EE40} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-11-22] (Systweak Inc) <==== ATTENTION Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\System32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {4B363602-9225-4197-A91E-C4CB0EBA9C5C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002Core => C:\Users\Timo T\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-10] (Facebook Inc.) Task: {5031E43D-8433-478B-ADEF-ED7A3609D51E} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-07-13] () Task: {54120B04-2360-471A-919C-8E64A9BD552A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\System32\MRT.exe [2013-12-22] (Microsoft Corporation) Task: {5CD2985A-9EBF-4D62-81C4-C9F0E9C4A34D} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\systweakasp.exe [2013-08-23] (Systweak Inc ) <==== ATTENTION Task: {5D43D661-4822-426F-BDB8-813F0B4979E4} - System32\Tasks\Digital Sites => C:\Users\Timo T\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION Task: {62E3DEE8-D473-4B91-8097-3DE4CD9E8D7A} - System32\Tasks\BonanzaDealsUpdate => C:\Program <==== ATTENTION Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6D47655D-9C1F-43FE-A7EA-A67391803538} - System32\Tasks\UpdaterEX => C:\Users\TIMOT~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {6FE4EDEE-395D-47B4-AB29-54DCF268FC22} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-11-22] (Systweak Inc) <==== ATTENTION Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {73D61466-1665-49A1-9E9F-2CCF086B20A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-25] (Google Inc.) Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {7C580FE3-B0E7-49F9-9B27-6FE125A6BAEF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {88E98346-BF35-457A-837D-FAE635483809} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {98CEFDC9-4187-453C-A3B4-C49FB9152592} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.) Task: {9D57FC2B-2F32-4DBC-BC3E-3AE7E332B6BB} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-11-06] (BonanzaDeals) <==== ATTENTION Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {B12311BC-1310-48DA-A4C1-3B7067D62D49} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-25] (Google Inc.) Task: {B1BDC97C-AC76-4ACD-9F77-74BCEAA1ED31} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2013-12-23] (Systweak) <==== ATTENTION Task: {B8C6B978-48DD-4BA9-A90C-39969592C3D8} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-07-31] (Acer Incorporated) Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {DB52C38A-7BED-4C11-8C09-4DA13108FB1A} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink) Task: {E185F0C3-1D25-4FA8-833E-103DADA0F652} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-03-10] () Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {F83191E3-E913-4DC2-BE22-C614E7BF5FB0} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PmmUpdate.exe [2012-07-12] (Egis Technology Inc.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\TIMOT~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002Core.job => C:\Users\Timo T\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002UA.job => C:\Users\Timo T\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\FoxTab.job => C:\Users\TIMOT~1\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\TIMOT~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE ==================== Loaded Modules (whitelisted) ============= 2013-01-28 13:45 - 2013-01-28 13:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-01-28 13:42 - 2013-01-28 13:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll 2012-12-14 01:42 - 2012-12-14 01:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-09-19 23:37 - 2013-09-19 23:37 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll 2013-09-19 23:32 - 2013-09-19 23:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll 2013-01-19 11:26 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2013-11-06 20:27 - 2013-11-06 20:27 - 00192664 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll 2013-11-06 20:27 - 2013-10-29 14:08 - 04279112 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll 2012-07-31 00:04 - 2012-07-31 00:04 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2012-08-15 20:44 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2013-12-21 19:52 - 2013-12-21 19:52 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:373E1720 AlternateDataStreams: C:\Users\Timo T\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/29/2013 08:19:54 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird. Error: (12/29/2013 08:19:54 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird. Error: (12/29/2013 08:19:54 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird. Error: (12/29/2013 07:04:43 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird. Error: (12/29/2013 07:04:43 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird. Error: (12/29/2013 07:04:43 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird. Error: (12/29/2013 07:02:39 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird. Error: (12/29/2013 07:02:39 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird. Error: (12/29/2013 07:02:39 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird. Error: (12/29/2013 01:53:34 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird. System errors: ============= Error: (12/29/2013 08:34:12 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/29/2013 08:30:05 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers nicht gestartet: %%1083 Error: (12/29/2013 08:22:38 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers nicht gestartet: %%1083 Error: (12/29/2013 08:09:37 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/29/2013 08:05:32 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers nicht gestartet: %%1083 Error: (12/29/2013 06:46:37 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers nicht gestartet: %%1083 Error: (12/29/2013 10:27:32 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/29/2013 10:21:24 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers nicht gestartet: %%1083 Error: (12/28/2013 03:29:11 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/28/2013 03:20:03 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers nicht gestartet: %%1083 Microsoft Office Sessions: ========================= Error: (12/29/2013 08:19:54 PM) (Source: SideBySide)(User: ) Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4 Error: (12/29/2013 08:19:54 PM) (Source: SideBySide)(User: ) Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4 Error: (12/29/2013 08:19:54 PM) (Source: SideBySide)(User: ) Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4 Error: (12/29/2013 07:04:43 PM) (Source: SideBySide)(User: ) Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4 Error: (12/29/2013 07:04:43 PM) (Source: SideBySide)(User: ) Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4 Error: (12/29/2013 07:04:43 PM) (Source: SideBySide)(User: ) Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4 Error: (12/29/2013 07:02:39 PM) (Source: SideBySide)(User: ) Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4 Error: (12/29/2013 07:02:39 PM) (Source: SideBySide)(User: ) Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4 Error: (12/29/2013 07:02:39 PM) (Source: SideBySide)(User: ) Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4 Error: (12/29/2013 01:53:34 PM) (Source: SideBySide)(User: ) Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4 ==================== Memory info =========================== Percentage of memory in use: 44% Total physical RAM: 3909.27 MB Available physical RAM: 2160.13 MB Total Pagefile: 4677.27 MB Available Pagefile: 2673.66 MB Total Virtual: 131072 MB Available Virtual: 131071.76 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:445.85 GB) (Free:300.28 GB) NTFS Drive d: (Canyon BA International MY2013) (CDROM) (Total:0.95 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 0FC5356F) Partition: GPT Partition Type ==================== End Of Log ============================ |
29.12.2013, 22:15 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Nation Zoom :( ich weiß nicht weiter Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Nation Zoom :( ich weiß nicht weiter |
31.12.2013, 15:31 | #7 |
| Nation Zoom :( ich weiß nicht weiterCode:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1008 www.malwarebytes.org Database version: v2013.12.31.03 Windows 8 x64 NTFS Internet Explorer 11.0.9600.16476 Timo T :: TIMO [administrator] 31.12.2013 14:14:58 mbar-log-2013-12-31 (14-14-58).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 271228 Time elapsed: 25 minute(s), 1 second(s) Memory Processes Detected: 1 C:\ProgramData\Updater\updater.exe (Trojan.Agent) -> 4360 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater (Trojan.Agent) -> Data: C:\ProgramData\Updater\updater.exe -> Delete on reboot. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Updater (Trojan.Agent) -> Data: C:\ProgramData\Updater\Updater.exe -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\ProgramData\Updater\updater.exe (Trojan.Agent) -> Delete on reboot. Physical Sectors Detected: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1008 www.malwarebytes.org Database version: v2013.12.31.04 Windows 8 x64 NTFS Internet Explorer 11.0.9600.16476 Timo T :: TIMO [administrator] 31.12.2013 15:03:01 mbar-log-2013-12-31 (15-03-01).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 271047 Time elapsed: 25 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) |
31.12.2013, 16:28 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Nation Zoom :( ich weiß nicht weiter Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Shortcut Cleaner Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.
4. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
01.01.2014, 14:07 | #9 |
| Nation Zoom :( ich weiß nicht weiterCode:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 01/01/2014 um 13:36:37 # Aktualisiert 23/12/2013 von Xplode # Betriebssystem : Windows 8.1 (64 bits) # Benutzername : Timo T - TIMO # Gestartet von : C:\Users\Timo T\Downloads\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** Dienst Gelöscht : 70e6ca8c [#] Dienst Gelöscht : BackupStack [#] Dienst Gelöscht : bonanzadealslive [#] Dienst Gelöscht : bonanzadealslivem ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive Ordner Gelöscht : C:\ProgramData\boost_interprocess Ordner Gelöscht : C:\ProgramData\Systweak Ordner Gelöscht : C:\ProgramData\WPM Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it! Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2 Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro Ordner Gelöscht : C:\Program Files (x86)\Advanced System Protector Ordner Gelöscht : C:\Program Files (x86)\Ask.com Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals Ordner Gelöscht : C:\Program Files (x86)\BonanzaDealsLive Ordner Gelöscht : C:\Program Files (x86)\FoxTab Ordner Gelöscht : C:\Program Files (x86)\Mobogenie Ordner Gelöscht : C:\Program Files (x86)\myfree codec Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup Ordner Gelöscht : C:\Program Files (x86)\openit Ordner Gelöscht : C:\Program Files (x86)\optimizer pro Ordner Gelöscht : C:\Program Files (x86)\RegClean Pro Ordner Gelöscht : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe} Ordner Gelöscht : C:\Users\TIMOT~1\AppData\Local\Temp\AskSearch Ordner Gelöscht : C:\Users\Timo T\AppData\Local\AskToolbar Ordner Gelöscht : C:\Users\Timo T\AppData\Local\BonanzaDealsLive Ordner Gelöscht : C:\Users\Timo T\AppData\Local\lollipop Ordner Gelöscht : C:\Users\Timo T\AppData\Local\Mobogenie Ordner Gelöscht : C:\Users\Timo T\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Users\Timo T\AppData\Roaming\dvdvideosoftiehelpers Ordner Gelöscht : C:\Users\Timo T\AppData\Roaming\FoxTab Ordner Gelöscht : C:\Users\Timo T\AppData\Roaming\OpenCandy Ordner Gelöscht : C:\Users\Timo T\AppData\Roaming\optimizer pro Ordner Gelöscht : C:\Users\Timo T\AppData\Roaming\Systweak Ordner Gelöscht : C:\Users\Timo T\AppData\Roaming\UpdaterEX Ordner Gelöscht : C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals Ordner Gelöscht : C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie Ordner Gelöscht : C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup Ordner Gelöscht : C:\Users\Timo T\Documents\Mobogenie Ordner Gelöscht : C:\Users\Timo T\Documents\optimizer pro Ordner Gelöscht : C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\{5EBDCA98-43B3-45BB-87E0-716029FB42AB} Ordner Gelöscht : C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\toolbar@ask.com Datei Gelöscht : C:\Users\Public\Desktop\Advanced System Protector.lnk Datei Gelöscht : C:\Users\Public\Desktop\Open It!.lnk Datei Gelöscht : C:\Users\Public\Desktop\RegClean Pro.lnk Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe Datei Gelöscht : C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk Datei Gelöscht : C:\Users\Timo T\Desktop\Mobogenie.lnk Datei Gelöscht : C:\Users\Timo T\Desktop\MyPC Backup.lnk Datei Gelöscht : C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\searchplugins\Askcom.xml Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\nationzoom.xml Datei Gelöscht : C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\user.js Datei Gelöscht : C:\WINDOWS\System32\Tasks\Advanced System Protector_startup Datei Gelöscht : C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job Datei Gelöscht : C:\WINDOWS\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore Datei Gelöscht : C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job Datei Gelöscht : C:\WINDOWS\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA Datei Gelöscht : C:\WINDOWS\System32\Tasks\BonanzaDealsUpdate Datei Gelöscht : C:\WINDOWS\Tasks\FoxTab.job Datei Gelöscht : C:\WINDOWS\System32\Tasks\FoxTab Datei Gelöscht : C:\WINDOWS\System32\Tasks\RegClean Pro Datei Gelöscht : C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job Datei Gelöscht : C:\WINDOWS\System32\Tasks\RegClean Pro_DEFAULT Datei Gelöscht : C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job Datei Gelöscht : C:\WINDOWS\System32\Tasks\RegClean Pro_UPDATES Datei Gelöscht : C:\WINDOWS\System32\Tasks\Scheduled Update for Ask Toolbar Datei Gelöscht : C:\WINDOWS\Tasks\UpdaterEX.job Datei Gelöscht : C:\WINDOWS\System32\Tasks\UpdaterEX ***** [ Verknüpfungen ] ***** Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk Verknüpfung Desinfiziert : C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk Verknüpfung Desinfiziert : C:\Users\Timo T\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Verknüpfung Desinfiziert : C:\Users\Timo T\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk Verknüpfung Desinfiziert : C:\Users\Timo T\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}] Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ieadcoanfjloocmfafkebdnfefmohngj Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive] Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AmiBs.Installer Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AmiBs.Installer.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BonanzaDealsLive.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickCtrl.9 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.Update3WebControl.3 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon] Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3 Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D34F391D-4CB7-467F-A543-F583857C63B0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6802463D-636F-41FE-9924-4CAD56906590} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE063412-BEA4-4D76-8ED3-183BE6220D17} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063412-BEA4-4D76-8ED3-183BE6220D17} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command Schlüssel Gelöscht : HKCU\Software\Ask.com Schlüssel Gelöscht : HKCU\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\BonanzaDealsLive Schlüssel Gelöscht : HKCU\Software\dsiteproducts Schlüssel Gelöscht : HKCU\Software\InstallCore Schlüssel Gelöscht : HKCU\Software\lollipop Schlüssel Gelöscht : HKCU\Software\Myfree Codec Schlüssel Gelöscht : HKCU\Software\Optimizer Pro Schlüssel Gelöscht : HKCU\Software\systweak Schlüssel Gelöscht : HKCU\Software\UpdaterEX Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Schlüssel Gelöscht : HKLM\Software\AskToolbar Schlüssel Gelöscht : HKLM\Software\BonanzaDealsLive Schlüssel Gelöscht : HKLM\Software\InstallCore Schlüssel Gelöscht : HKLM\Software\Myfree Codec Schlüssel Gelöscht : HKLM\Software\nationzoomSoftware Schlüssel Gelöscht : HKLM\Software\supWPM Schlüssel Gelöscht : HKLM\Software\systweak Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bonanza Deals Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It! Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16384 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] -\\ Mozilla Firefox v26.0 (de) [ Datei : C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\prefs.js ] Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.nationzoom.com/newtab/?type=nt&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542"); Zeile gelöscht : user_pref("browser.search.defaultenginename", "nationzoom"); Zeile gelöscht : user_pref("browser.search.selectedEngine", "nationzoom"); Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542"); Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", ""); Zeile gelöscht : user_pref("extensions.dynconff.cache.www.nationzoom.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1500_1520_1146_1169_1348_1482_1493_1521_1619_1717\">\r\n <content id=\"us810_commonScr[...] Zeile gelöscht : user_pref("extensions.dynconff.cache.www.nationzoom.com.expires", "1388348492975"); Zeile gelöscht : user_pref("extensions.mAe0CgbJXdH.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(3<b)return a(!1);v[...] Zeile gelöscht : user_pref("extensions.rKn1halXg8YZ.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(3<b)return a(!1);[...] ************************* AdwCleaner[R0].txt - [29252 octets] - [01/01/2014 13:35:36] AdwCleaner[S0].txt - [26437 octets] - [01/01/2014 13:36:37] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26498 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.9 (01.01.2014:1) OS: Windows 8.1 x64 Ran by Timo T on 01.01.2014 at 13:49:06,43 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [Service] update jump flip Successfully deleted: [Service] update jump flip ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bonanzadeals Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bonanzadeals Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E45BDB2D-6143-413D-9FF7-1865745671DC} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6db9fdfe-b718-4962-be0c-0a5fce7f7f7b} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6db9fdfe-b718-4962-be0c-0a5fce7f7f7b} ~~~ Files ~~~ Folders Failed to delete: [Folder] "C:\ProgramData\boost_interprocess" Failed to delete: [Folder] "C:\Program Files (x86)\jump flip" ~~~ FireFox Successfully deleted the following from C:\Users\Timo T\AppData\Roaming\mozilla\firefox\profiles\b5tnil6r.default\prefs.js user_pref("extensions.mAe0CgbJXdH.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b user_pref("extensions.rKn1halXg8YZ.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function( Emptied folder: C:\Users\Timo T\AppData\Roaming\mozilla\firefox\profiles\b5tnil6r.default\minidumps [100 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 01.01.2014 at 13:53:02,99 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Shortcut Cleaner 1.2.6 by Lawrence Abrams (Grinler) hxxp://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Shortcut Cleaner can be found at this link: hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/ Windows Version: Windows 8.1 Program started at: 01/01/2014 01:55:27 PM. Scanning for registry hijacks: * No issues found in the Registry. Searching for Hijacked Shortcuts: Searching C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\ Searching C:\ProgramData\Microsoft\Windows\Start Menu\ Searching C:\Users\Timo T\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ Searching C:\Users\Public\Desktop\ Searching C:\Users\Timo T\Desktop 0 bad shortcuts found. Program finished at: 01/01/2014 01:55:28 PM Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s) FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01 Ran by Timo T (administrator) on TIMO on 01-01-2014 13:58:12 Running from C:\Users\Timo T\Downloads Windows 8.1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (Jump Flip) C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Farbar) C:\Users\Timo T\Downloads\FRST64(1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-25] (ELAN Microelectronics Corp.) HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] () HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM-x32\...\Run: [BakupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation) HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications)) HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung) HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung) HKCU\...\Run: [Facebook Update] - C:\Users\Timo T\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-10] (Facebook Inc.) ==================== Internet (Whitelisted) ==================== URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM - {12086C10-E61B-4C87-8253-D990FA7080CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 - {12086C10-E61B-4C87-8253-D990FA7080CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKCU - {12086C10-E61B-4C87-8253-D990FA7080CB} URL = BHO: saavinugtoyyou - {3452EE4D-89B3-E1D4-FF71-706C2912BF03} - C:\ProgramData\saavinugtoyyou\OrmbLjH6I_.x64.dll () BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: dOwwnnloadittkeep - {82E8CB70-1EDF-3579-F279-ABEA2CAE660B} - C:\ProgramData\dOwwnnloadittkeep\xKeUtMS2U.x64.dll () BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default FF SearchEngineOrder.1: Ask.com FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Timo T\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: dOwwnnloadittkeep - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\d.u8vact@ocvzuyoytmw-.net FF Extension: saavinugtoyyou - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\vxavvpc@ptwb-rm.com FF Extension: Jump Flip - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\firefox@jumpflip.net.xpi FF Extension: BonanzaDeals - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation) S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation) R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-15] (Dritek System INC.) R2 Util Jump Flip; C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe [65312 2013-12-31] (Jump Flip) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-15] (Dritek System Inc.) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-01 13:57 - 2014-01-01 13:57 - 01931302 _____ (Farbar) C:\Users\Timo T\Downloads\FRST64(1).exe 2014-01-01 13:55 - 2014-01-01 13:55 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Timo T\Downloads\sc-cleaner.exe 2014-01-01 13:55 - 2014-01-01 13:55 - 00001752 _____ C:\sc-cleaner.txt 2014-01-01 13:53 - 2014-01-01 13:53 - 00002268 _____ C:\Users\Timo T\Desktop\JRT.txt 2014-01-01 13:49 - 2014-01-01 13:49 - 00000000 ____D C:\WINDOWS\ERUNT 2014-01-01 13:47 - 2014-01-01 13:47 - 01036305 _____ (Thisisu) C:\Users\Timo T\Downloads\JRT(1).exe 2014-01-01 13:43 - 2014-01-01 13:45 - 01036305 _____ (Thisisu) C:\Users\Timo T\Downloads\JRT.exe 2014-01-01 13:39 - 2014-01-01 13:39 - 00000000 ____D C:\ProgramData\boost_interprocess 2014-01-01 13:35 - 2014-01-01 13:37 - 00000000 ____D C:\AdwCleaner 2014-01-01 13:34 - 2014-01-01 13:34 - 01233962 _____ C:\Users\Timo T\Downloads\adwcleaner.exe 2013-12-31 14:38 - 2013-12-31 14:38 - 00000006 _____ C:\Users\Timo T\AppData\Roaming\WBPU-TTL.DAT 2013-12-31 14:14 - 2013-12-31 15:02 - 00117464 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2013-12-31 14:14 - 2013-12-31 14:14 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-31 14:11 - 2013-12-31 15:28 - 00000000 ____D C:\Users\Timo T\Desktop\mbar 2013-12-31 14:11 - 2013-12-31 15:02 - 00089304 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2013-12-31 14:10 - 2013-12-31 14:10 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Timo T\Downloads\mbar-1.07.0.1008.exe 2013-12-29 21:52 - 2013-12-29 21:53 - 00000000 ____D C:\Users\Timo T\Desktop\Neuer Ordner 2013-12-29 21:46 - 2014-01-01 13:58 - 00014615 _____ C:\Users\Timo T\Downloads\FRST.txt 2013-12-29 21:46 - 2013-12-29 21:47 - 00030673 _____ C:\Users\Timo T\Downloads\Addition.txt 2013-12-29 21:45 - 2013-12-29 21:45 - 00000000 ____D C:\FRST 2013-12-29 21:44 - 2013-12-29 21:44 - 01931302 _____ (Farbar) C:\Users\Timo T\Downloads\FRST64.exe 2013-12-29 21:40 - 2014-01-01 13:50 - 00000000 ____D C:\Program Files (x86)\Jump Flip 2013-12-29 21:39 - 2012-07-25 12:03 - 00016896 _____ C:\WINDOWS\system32\sasnative64.exe 2013-12-29 21:38 - 2014-01-01 13:38 - 00000308 _____ C:\WINDOWS\Tasks\Digital Sites.job 2013-12-29 21:38 - 2013-12-29 21:38 - 00002646 _____ C:\WINDOWS\System32\Tasks\Digital Sites 2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\DigitalSites 2013-12-29 21:37 - 2013-12-29 21:37 - 00673568 _____ ( ) C:\Users\Timo T\Downloads\ZipOpenerSetup.exe 2013-12-29 20:31 - 2013-12-29 20:31 - 00000000 ____D C:\ProgramData\Websteroids 2013-12-29 19:44 - 2013-12-29 19:44 - 00000000 ____D C:\ProgramData\Oracle 2013-12-29 19:44 - 2013-12-29 19:43 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-12-29 19:44 - 2013-12-29 19:43 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-12-29 19:44 - 2013-12-29 19:43 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-12-29 19:44 - 2013-12-29 19:43 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2013-12-29 19:43 - 2013-12-29 19:43 - 00000000 ____D C:\Program Files\Java 2013-12-29 19:42 - 2013-12-29 19:42 - 30694824 _____ (Oracle Corporation) C:\Users\Timo T\Downloads\jre-7u45-windows-x64.exe 2013-12-29 19:39 - 2013-12-29 19:39 - 00470032 _____ C:\Users\Timo T\Downloads\Java.exe 2013-12-29 18:16 - 2014-01-01 13:29 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\newnext.me 2013-12-29 18:16 - 2013-12-31 16:47 - 00000414 _____ C:\Users\Timo T\daemonprocess.txt 2013-12-29 18:16 - 2013-12-31 14:57 - 00000000 ____D C:\ProgramData\Updater 2013-12-29 18:16 - 2013-12-29 21:56 - 00000000 ____D C:\Users\Timo T\AppData\Local\cache 2013-12-29 18:16 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Local\genienext 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\.android 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\RHelpers 2013-12-29 18:14 - 2013-12-29 18:14 - 00002066 _____ C:\Users\Timo T\Desktop\Continue installation - FlashPlayer.lnk 2013-12-29 18:11 - 2013-12-29 18:11 - 00336936 _____ (Amônétízé Ltd) C:\Users\Timo T\Downloads\FlashPlayer__4003_i220968287_il14.exe 2013-12-29 10:33 - 2013-12-29 10:33 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Bonanza 2013-12-24 15:58 - 2013-12-24 16:01 - 00000000 ____D C:\ProgramData\dOwwnnloadittkeep 2013-12-24 15:58 - 2013-12-24 16:00 - 00000000 ____D C:\ProgramData\saavinugtoyyou 2013-12-24 15:58 - 2013-12-24 15:58 - 00000000 ____D C:\ProgramData\e8a480b429bfdc00 2013-12-23 21:18 - 2013-12-23 21:57 - 119282768 _____ (Black & Bloody Vengeance) C:\Users\Timo T\Downloads\[BV] Mod Collection Installer 8.10.4.exe 2013-12-21 20:07 - 2013-12-21 20:07 - 00002236 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-12-21 19:52 - 2013-12-21 19:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-20 21:03 - 2013-12-23 22:18 - 00001077 _____ C:\Users\Public\Desktop\ActiveDossierUploader.lnk 2013-12-20 21:03 - 2013-12-23 22:18 - 00001027 _____ C:\Users\Public\Desktop\Radial Menu Editor.lnk 2013-12-20 21:03 - 2013-12-23 22:18 - 00000942 _____ C:\Users\Public\Desktop\Setup WoT Stats.lnk 2013-12-20 21:03 - 2013-12-23 22:18 - 00000096 _____ C:\Users\Public\Desktop\[BV] Mod Collection Updates.url 2013-12-18 18:26 - 2013-12-31 14:38 - 00000109 _____ C:\Users\Timo T\AppData\Roaming\WB.CFG 2013-12-14 17:53 - 2013-11-12 00:41 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2013-12-14 17:53 - 2013-11-12 00:40 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2013-12-14 17:53 - 2013-11-12 00:27 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2013-12-14 17:53 - 2013-11-12 00:24 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2013-12-14 17:53 - 2013-11-11 03:48 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2013-12-14 17:53 - 2013-11-09 12:55 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2013-12-14 17:53 - 2013-11-09 07:37 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe 2013-12-14 17:53 - 2013-11-09 06:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe 2013-12-14 17:53 - 2013-11-08 11:26 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2013-12-14 17:53 - 2013-11-08 05:43 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2013-12-14 17:53 - 2013-11-08 05:28 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2013-12-14 17:53 - 2013-11-08 05:26 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2013-12-14 17:53 - 2013-11-08 05:16 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2013-12-14 17:53 - 2013-11-08 05:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2013-12-14 17:53 - 2013-11-08 05:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll 2013-12-14 17:53 - 2013-11-08 04:41 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2013-12-14 17:53 - 2013-11-08 04:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2013-12-14 17:53 - 2013-11-05 15:19 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2013-12-14 17:53 - 2013-11-05 15:03 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2013-12-14 17:53 - 2013-11-05 14:57 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2013-12-14 17:53 - 2013-11-05 14:33 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2013-12-14 17:53 - 2013-11-05 14:32 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2013-12-14 17:53 - 2013-11-04 18:13 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2013-12-14 17:53 - 2013-11-04 18:13 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2013-12-14 17:53 - 2013-11-04 14:07 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll 2013-12-14 17:53 - 2013-11-04 12:50 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2013-12-14 17:53 - 2013-11-04 11:32 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2013-12-14 17:53 - 2013-11-04 03:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll 2013-12-14 17:53 - 2013-11-04 02:30 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2013-12-14 17:53 - 2013-11-01 12:39 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2013-12-14 17:53 - 2013-11-01 07:08 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll 2013-12-14 17:53 - 2013-11-01 06:57 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll 2013-12-14 17:53 - 2013-10-31 01:58 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2013-12-14 17:53 - 2013-10-31 01:42 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2013-12-14 17:53 - 2013-10-31 01:33 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2013-12-14 17:53 - 2013-10-31 01:33 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2013-12-14 17:53 - 2013-10-31 01:33 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2013-12-14 17:53 - 2013-10-31 01:33 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2013-12-14 17:53 - 2013-10-26 02:54 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys 2013-12-14 17:53 - 2013-10-24 10:31 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll 2013-12-14 17:53 - 2013-10-24 10:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll 2013-12-14 17:53 - 2013-10-17 12:21 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2013-12-14 17:53 - 2013-10-17 11:36 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2013-12-14 17:53 - 2013-10-05 15:21 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2013-12-14 17:53 - 2013-10-05 15:21 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2013-12-14 17:53 - 2013-10-05 13:05 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2013-12-14 17:53 - 2013-10-05 13:05 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2013-12-12 19:56 - 2013-12-12 21:13 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\TS3Client 2013-12-12 19:52 - 2013-11-23 05:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll 2013-12-12 19:52 - 2013-11-23 05:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll 2013-12-12 19:52 - 2013-11-23 04:32 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2013-12-12 19:52 - 2013-11-23 04:10 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2013-12-12 19:52 - 2013-11-09 07:34 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2013-12-12 19:52 - 2013-11-09 07:34 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2013-12-12 19:52 - 2013-11-09 06:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2013-12-12 19:51 - 2013-12-12 19:51 - 00001222 _____ C:\Users\Timo T\Desktop\TeamSpeak 3 Client.lnk 2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Local\TeamSpeak 3 Client 2013-12-12 19:31 - 2013-12-12 19:33 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\Timo T\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe 2013-12-12 18:38 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2013-12-12 18:38 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2013-12-12 18:38 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2013-12-12 18:38 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2013-12-12 18:38 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2013-12-12 18:38 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2013-12-12 18:38 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2013-12-12 18:38 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2013-12-12 18:38 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2013-12-12 18:38 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2013-12-12 18:38 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2013-12-12 18:38 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2013-12-12 18:38 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2013-12-12 18:38 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2013-12-12 18:38 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2013-12-12 18:38 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2013-12-12 18:38 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2013-12-12 18:38 - 2013-11-08 08:21 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2013-12-12 18:38 - 2013-10-19 09:53 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll 2013-12-12 18:38 - 2013-10-19 08:14 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll 2013-12-12 18:38 - 2013-10-15 09:54 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll 2013-12-12 18:38 - 2013-10-15 09:03 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll ==================== One Month Modified Files and Folders ======= 2014-01-01 13:58 - 2013-12-29 21:46 - 00014615 _____ C:\Users\Timo T\Downloads\FRST.txt 2014-01-01 13:57 - 2014-01-01 13:57 - 01931302 _____ (Farbar) C:\Users\Timo T\Downloads\FRST64(1).exe 2014-01-01 13:55 - 2014-01-01 13:55 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Timo T\Downloads\sc-cleaner.exe 2014-01-01 13:55 - 2014-01-01 13:55 - 00001752 _____ C:\sc-cleaner.txt 2014-01-01 13:55 - 2012-11-18 01:01 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1946761082-257476130-358862400-1002 2014-01-01 13:53 - 2014-01-01 13:53 - 00002268 _____ C:\Users\Timo T\Desktop\JRT.txt 2014-01-01 13:51 - 2013-11-30 12:18 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A1E9E32D-55A8-4BAF-90D6-784E9A0B66BE} 2014-01-01 13:50 - 2013-12-29 21:40 - 00000000 ____D C:\Program Files (x86)\Jump Flip 2014-01-01 13:49 - 2014-01-01 13:49 - 00000000 ____D C:\WINDOWS\ERUNT 2014-01-01 13:47 - 2014-01-01 13:47 - 01036305 _____ (Thisisu) C:\Users\Timo T\Downloads\JRT(1).exe 2014-01-01 13:45 - 2014-01-01 13:43 - 01036305 _____ (Thisisu) C:\Users\Timo T\Downloads\JRT.exe 2014-01-01 13:42 - 2013-10-18 22:09 - 01489102 _____ C:\WINDOWS\WindowsUpdate.log 2014-01-01 13:40 - 2013-10-18 22:20 - 00000000 __RDO C:\Users\Timo T\SkyDrive 2014-01-01 13:39 - 2014-01-01 13:39 - 00000000 ____D C:\ProgramData\boost_interprocess 2014-01-01 13:39 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2014-01-01 13:39 - 2013-07-25 21:49 - 00001116 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-01 13:38 - 2013-12-29 21:38 - 00000308 _____ C:\WINDOWS\Tasks\Digital Sites.job 2014-01-01 13:38 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2014-01-01 13:37 - 2014-01-01 13:35 - 00000000 ____D C:\AdwCleaner 2014-01-01 13:37 - 2013-10-18 22:16 - 00001013 _____ C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-01 13:37 - 2012-11-18 01:37 - 00001065 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-01-01 13:37 - 2012-11-18 00:51 - 00000000 ___RD C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-01 13:34 - 2014-01-01 13:34 - 01233962 _____ C:\Users\Timo T\Downloads\adwcleaner.exe 2014-01-01 13:29 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\newnext.me 2014-01-01 13:28 - 2013-02-03 13:41 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-12-31 19:16 - 2013-03-10 13:11 - 00000942 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002UA.job 2013-12-31 16:47 - 2013-12-29 18:16 - 00000414 _____ C:\Users\Timo T\daemonprocess.txt 2013-12-31 16:06 - 2013-07-25 21:49 - 00001120 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-31 16:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru 2013-12-31 15:28 - 2013-12-31 14:11 - 00000000 ____D C:\Users\Timo T\Desktop\mbar 2013-12-31 15:02 - 2013-12-31 14:14 - 00117464 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2013-12-31 15:02 - 2013-12-31 14:11 - 00089304 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2013-12-31 14:57 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\Updater 2013-12-31 14:57 - 2013-09-29 20:04 - 00003550 _____ C:\WINDOWS\PFRO.log 2013-12-31 14:52 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\DesktopTileResources 2013-12-31 14:38 - 2013-12-31 14:38 - 00000006 _____ C:\Users\Timo T\AppData\Roaming\WBPU-TTL.DAT 2013-12-31 14:38 - 2013-12-18 18:26 - 00000109 _____ C:\Users\Timo T\AppData\Roaming\WB.CFG 2013-12-31 14:14 - 2013-12-31 14:14 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-31 14:10 - 2013-12-31 14:10 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Timo T\Downloads\mbar-1.07.0.1008.exe 2013-12-29 21:56 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Local\cache 2013-12-29 21:53 - 2013-12-29 21:52 - 00000000 ____D C:\Users\Timo T\Desktop\Neuer Ordner 2013-12-29 21:47 - 2013-12-29 21:46 - 00030673 _____ C:\Users\Timo T\Downloads\Addition.txt 2013-12-29 21:45 - 2013-12-29 21:45 - 00000000 ____D C:\FRST 2013-12-29 21:44 - 2013-12-29 21:44 - 01931302 _____ (Farbar) C:\Users\Timo T\Downloads\FRST64.exe 2013-12-29 21:39 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Local\genienext 2013-12-29 21:38 - 2013-12-29 21:38 - 00002646 _____ C:\WINDOWS\System32\Tasks\Digital Sites 2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\DigitalSites 2013-12-29 21:37 - 2013-12-29 21:37 - 00673568 _____ ( ) C:\Users\Timo T\Downloads\ZipOpenerSetup.exe 2013-12-29 20:31 - 2013-12-29 20:31 - 00000000 ____D C:\ProgramData\Websteroids 2013-12-29 19:44 - 2013-12-29 19:44 - 00000000 ____D C:\ProgramData\Oracle 2013-12-29 19:43 - 2013-12-29 19:44 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-12-29 19:43 - 2013-12-29 19:44 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-12-29 19:43 - 2013-12-29 19:44 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-12-29 19:43 - 2013-12-29 19:44 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2013-12-29 19:43 - 2013-12-29 19:43 - 00000000 ____D C:\Program Files\Java 2013-12-29 19:42 - 2013-12-29 19:42 - 30694824 _____ (Oracle Corporation) C:\Users\Timo T\Downloads\jre-7u45-windows-x64.exe 2013-12-29 19:39 - 2013-12-29 19:39 - 00470032 _____ C:\Users\Timo T\Downloads\Java.exe 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\.android 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\RHelpers 2013-12-29 18:16 - 2013-10-18 21:52 - 00000000 ____D C:\Users\Timo T 2013-12-29 18:14 - 2013-12-29 18:14 - 00002066 _____ C:\Users\Timo T\Desktop\Continue installation - FlashPlayer.lnk 2013-12-29 18:11 - 2013-12-29 18:11 - 00336936 _____ (Amônétízé Ltd) C:\Users\Timo T\Downloads\FlashPlayer__4003_i220968287_il14.exe 2013-12-29 13:16 - 2013-03-10 13:11 - 00000920 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002Core.job 2013-12-29 10:33 - 2013-12-29 10:33 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Bonanza 2013-12-24 16:01 - 2013-12-24 15:58 - 00000000 ____D C:\ProgramData\dOwwnnloadittkeep 2013-12-24 16:00 - 2013-12-24 15:58 - 00000000 ____D C:\ProgramData\saavinugtoyyou 2013-12-24 15:58 - 2013-12-24 15:58 - 00000000 ____D C:\ProgramData\e8a480b429bfdc00 2013-12-23 22:19 - 2013-11-04 18:21 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Black & Bloody Vengeance 2013-12-23 22:18 - 2013-12-20 21:03 - 00001077 _____ C:\Users\Public\Desktop\ActiveDossierUploader.lnk 2013-12-23 22:18 - 2013-12-20 21:03 - 00001027 _____ C:\Users\Public\Desktop\Radial Menu Editor.lnk 2013-12-23 22:18 - 2013-12-20 21:03 - 00000942 _____ C:\Users\Public\Desktop\Setup WoT Stats.lnk 2013-12-23 22:18 - 2013-12-20 21:03 - 00000096 _____ C:\Users\Public\Desktop\[BV] Mod Collection Updates.url 2013-12-23 21:57 - 2013-12-23 21:18 - 119282768 _____ (Black & Bloody Vengeance) C:\Users\Timo T\Downloads\[BV] Mod Collection Installer 8.10.4.exe 2013-12-22 15:38 - 2013-08-17 19:11 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-12-22 15:36 - 2013-01-01 03:07 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-12-22 15:00 - 2012-11-18 01:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-21 20:22 - 2013-11-15 20:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak 2013-12-21 20:07 - 2013-12-21 20:07 - 00002236 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-12-21 20:07 - 2013-07-25 21:49 - 00000000 ____D C:\Program Files (x86)\Google 2013-12-21 19:52 - 2013-12-21 19:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-20 20:43 - 2013-09-30 05:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-12-20 20:43 - 2013-09-30 04:56 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat 2013-12-20 20:43 - 2013-09-30 04:56 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat 2013-12-18 18:30 - 2013-05-07 18:32 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2013-12-18 18:30 - 2013-03-30 20:34 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2013-12-18 18:30 - 2013-03-30 20:34 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2013-12-16 21:29 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache 2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData 2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore 2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer 2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager 2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera 2013-12-14 17:45 - 2013-08-22 15:44 - 00335992 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-12-12 21:13 - 2013-12-12 19:56 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\TS3Client 2013-12-12 19:51 - 2013-12-12 19:51 - 00001222 _____ C:\Users\Timo T\Desktop\TeamSpeak 3 Client.lnk 2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Local\TeamSpeak 3 Client 2013-12-12 19:33 - 2013-12-12 19:31 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\Timo T\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe 2013-12-12 19:00 - 2013-07-25 21:49 - 00004092 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2013-12-12 19:00 - 2013-07-25 21:49 - 00003856 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2013-12-10 20:28 - 2013-02-03 13:41 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2013-12-04 01:05 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2013-12-04 01:05 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-03 19:39 - 2013-08-22 15:46 - 00333628 _____ C:\WINDOWS\setupact.log 2013-12-02 21:17 - 2013-05-09 12:45 - 00000000 ____D C:\Users\Timo T\AppData\Local\DoNotTrackPlus Some content of TEMP: ==================== C:\Users\Timo T\AppData\Local\Temp\avgnt.exe C:\Users\Timo T\AppData\Local\Temp\BackupSetup.exe C:\Users\Timo T\AppData\Local\Temp\FlashPlayer__4003_i220968287_il14.exe C:\Users\Timo T\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-31 16:00 ==================== End Of Log ============================ --- --- --- --- --- --- erst ma ein frohes neues jahr und vielen dank für die super hilfe. habe jetzt alle 4 punkte durchgearbeitet leider finde ich keine addition.txt von heute |
01.01.2014, 19:34 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Nation Zoom :( ich weiß nicht weiter Bei FRST muss ein Haken bei additions.txt gesetzt sein, sonst wird keine erstellt Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter FF Extension: dOwwnnloadittkeep - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\d.u8vact@ocvzuyoytmw-.net FF Extension: saavinugtoyyou - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\vxavvpc@ptwb-rm.com FF Extension: Jump Flip - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\firefox@jumpflip.net.xpi FF Extension: BonanzaDeals - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi R2 Util Jump Flip; C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe [65312 2013-12-31] (Jump Flip) C:\Program Files (x86)\Jump Flip C:\Users\Timo T\AppData\Roaming\Bonanza C:\ProgramData\dOwwnnloadittkeep C:\ProgramData\saavinugtoyyou C:\ProgramData\e8a480b429bfdc00 Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
01.01.2014, 20:02 | #11 |
| Nation Zoom :( ich weiß nicht weiter ich glaub ich mache irgendwas falsch ich hänge mal ein bild mit an villeicht kannst du damit was anfangen |
01.01.2014, 20:51 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Nation Zoom :( ich weiß nicht weiter Wieso hälst du dich auch nicht an die Anleitung? FRST und das Fixlog sollte beides auf dem Desktop liegen
__________________ Logfiles bitte immer in CODE-Tags posten |
02.01.2014, 18:13 | #13 |
| Nation Zoom :( ich weiß nicht weiter sorry. ich hab nochmal alles ab beitrag 8 punkt 4 wiederholt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2014 01 Ran by Timo T (administrator) on TIMO on 02-01-2014 18:06:09 Running from C:\Users\Timo T\Desktop Windows 8.1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe () C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Windows\WinStore\WSHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-25] (ELAN Microelectronics Corp.) HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM-x32\...\Run: [BakupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation) HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications)) HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung) HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung) HKCU\...\Run: [Facebook Update] - C:\Users\Timo T\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-10] (Facebook Inc.) ==================== Internet (Whitelisted) ==================== URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM - {12086C10-E61B-4C87-8253-D990FA7080CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 - {12086C10-E61B-4C87-8253-D990FA7080CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKCU - {12086C10-E61B-4C87-8253-D990FA7080CB} URL = BHO: saavinugtoyyou - {3452EE4D-89B3-E1D4-FF71-706C2912BF03} - C:\ProgramData\saavinugtoyyou\OrmbLjH6I_.x64.dll No File BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: dOwwnnloadittkeep - {82E8CB70-1EDF-3579-F279-ABEA2CAE660B} - C:\ProgramData\dOwwnnloadittkeep\xKeUtMS2U.x64.dll No File BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Jump Flip - {6db9fdfe-b718-4962-be0c-0a5fce7f7f7b} - C:\Program Files (x86)\Jump Flip\JumpFlipBHO.dll No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default FF SearchEngineOrder.1: Ask.com FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Timo T\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation) S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation) R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-15] (Dritek System INC.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) R2 Update Jump Flip; "C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe" [x] ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-15] (Dritek System Inc.) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-02 18:06 - 2014-01-02 18:06 - 00013731 _____ C:\Users\Timo T\Desktop\FRST.txt 2014-01-02 18:04 - 2014-01-02 18:04 - 01931426 _____ (Farbar) C:\Users\Timo T\Desktop\FRST64.exe 2014-01-02 18:04 - 2014-01-02 18:04 - 00000000 ____D C:\Users\Timo T\Desktop\FRST-OlderVersion 2014-01-02 18:03 - 2014-01-02 18:04 - 00000000 ____D C:\FRST 2014-01-01 19:49 - 2014-01-01 19:49 - 01931396 _____ (Farbar) C:\Users\Timo T\Downloads\FRST64(1).exe 2014-01-01 19:46 - 2014-01-01 19:46 - 00000000 ____D C:\Users\Timo T\Downloads\FRST-OlderVersion 2014-01-01 15:35 - 2014-01-01 15:35 - 00000005 _____ C:\Users\Timo T\AppData\Roaming\WBPU-Q5-TTL.DAT 2014-01-01 13:55 - 2014-01-01 13:55 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Timo T\Downloads\sc-cleaner.exe 2014-01-01 13:55 - 2014-01-01 13:55 - 00001752 _____ C:\sc-cleaner.txt 2014-01-01 13:53 - 2014-01-01 13:53 - 00002268 _____ C:\Users\Timo T\Desktop\JRT.txt 2014-01-01 13:49 - 2014-01-01 13:49 - 00000000 ____D C:\WINDOWS\ERUNT 2014-01-01 13:47 - 2014-01-01 13:47 - 01036305 _____ (Thisisu) C:\Users\Timo T\Downloads\JRT(1).exe 2014-01-01 13:43 - 2014-01-01 13:45 - 01036305 _____ (Thisisu) C:\Users\Timo T\Downloads\JRT.exe 2014-01-01 13:39 - 2014-01-01 13:39 - 00000000 ____D C:\ProgramData\boost_interprocess 2014-01-01 13:35 - 2014-01-01 13:37 - 00000000 ____D C:\AdwCleaner 2014-01-01 13:34 - 2014-01-01 13:34 - 01233962 _____ C:\Users\Timo T\Downloads\adwcleaner.exe 2013-12-31 14:38 - 2014-01-01 15:35 - 00000005 _____ C:\Users\Timo T\AppData\Roaming\WBPU-TTL.DAT 2013-12-31 14:14 - 2013-12-31 15:02 - 00117464 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2013-12-31 14:14 - 2013-12-31 14:14 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-31 14:11 - 2013-12-31 15:28 - 00000000 ____D C:\Users\Timo T\Desktop\mbar 2013-12-31 14:11 - 2013-12-31 15:02 - 00089304 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2013-12-31 14:10 - 2013-12-31 14:10 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Timo T\Downloads\mbar-1.07.0.1008.exe 2013-12-29 21:52 - 2013-12-29 21:53 - 00000000 ____D C:\Users\Timo T\Desktop\Neuer Ordner 2013-12-29 21:46 - 2014-01-01 13:58 - 00041000 _____ C:\Users\Timo T\Downloads\FRST.txt 2013-12-29 21:46 - 2013-12-29 21:47 - 00030673 _____ C:\Users\Timo T\Downloads\Addition.txt 2013-12-29 21:45 - 2014-01-01 19:56 - 00000000 ____D C:\Users\Timo T\Desktop\FRST 2013-12-29 21:44 - 2014-01-01 19:46 - 01931396 _____ (Farbar) C:\Users\Timo T\Downloads\FRST64.exe 2013-12-29 21:39 - 2012-07-25 12:03 - 00016896 _____ C:\WINDOWS\system32\sasnative64.exe 2013-12-29 21:38 - 2014-01-01 20:38 - 00000308 _____ C:\WINDOWS\Tasks\Digital Sites.job 2013-12-29 21:38 - 2013-12-29 21:38 - 00002646 _____ C:\WINDOWS\System32\Tasks\Digital Sites 2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\DigitalSites 2013-12-29 21:37 - 2013-12-29 21:37 - 00673568 _____ ( ) C:\Users\Timo T\Downloads\ZipOpenerSetup.exe 2013-12-29 20:31 - 2013-12-29 20:31 - 00000000 ____D C:\ProgramData\Websteroids 2013-12-29 19:44 - 2013-12-29 19:44 - 00000000 ____D C:\ProgramData\Oracle 2013-12-29 19:44 - 2013-12-29 19:43 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-12-29 19:44 - 2013-12-29 19:43 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-12-29 19:44 - 2013-12-29 19:43 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-12-29 19:44 - 2013-12-29 19:43 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2013-12-29 19:43 - 2013-12-29 19:43 - 00000000 ____D C:\Program Files\Java 2013-12-29 19:42 - 2013-12-29 19:42 - 30694824 _____ (Oracle Corporation) C:\Users\Timo T\Downloads\jre-7u45-windows-x64.exe 2013-12-29 19:39 - 2013-12-29 19:39 - 00470032 _____ C:\Users\Timo T\Downloads\Java.exe 2013-12-29 18:16 - 2014-01-01 13:29 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\newnext.me 2013-12-29 18:16 - 2013-12-31 16:47 - 00000414 _____ C:\Users\Timo T\daemonprocess.txt 2013-12-29 18:16 - 2013-12-31 14:57 - 00000000 ____D C:\ProgramData\Updater 2013-12-29 18:16 - 2013-12-29 21:56 - 00000000 ____D C:\Users\Timo T\AppData\Local\cache 2013-12-29 18:16 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Local\genienext 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\.android 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\RHelpers 2013-12-29 18:14 - 2013-12-29 18:14 - 00002066 _____ C:\Users\Timo T\Desktop\Continue installation - FlashPlayer.lnk 2013-12-29 18:11 - 2013-12-29 18:11 - 00336936 _____ (Amônétízé Ltd) C:\Users\Timo T\Downloads\FlashPlayer__4003_i220968287_il14.exe 2013-12-23 21:18 - 2013-12-23 21:57 - 119282768 _____ (Black & Bloody Vengeance) C:\Users\Timo T\Downloads\[BV] Mod Collection Installer 8.10.4.exe 2013-12-21 20:07 - 2013-12-21 20:07 - 00002236 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-12-21 19:52 - 2013-12-21 19:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-20 21:03 - 2013-12-23 22:18 - 00001077 _____ C:\Users\Public\Desktop\ActiveDossierUploader.lnk 2013-12-20 21:03 - 2013-12-23 22:18 - 00001027 _____ C:\Users\Public\Desktop\Radial Menu Editor.lnk 2013-12-20 21:03 - 2013-12-23 22:18 - 00000942 _____ C:\Users\Public\Desktop\Setup WoT Stats.lnk 2013-12-20 21:03 - 2013-12-23 22:18 - 00000096 _____ C:\Users\Public\Desktop\[BV] Mod Collection Updates.url 2013-12-18 18:26 - 2014-01-01 15:35 - 00000106 _____ C:\Users\Timo T\AppData\Roaming\WB.CFG 2013-12-14 17:53 - 2013-11-12 00:41 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2013-12-14 17:53 - 2013-11-12 00:40 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2013-12-14 17:53 - 2013-11-12 00:27 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2013-12-14 17:53 - 2013-11-12 00:24 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2013-12-14 17:53 - 2013-11-11 03:48 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2013-12-14 17:53 - 2013-11-09 12:55 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2013-12-14 17:53 - 2013-11-09 07:37 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe 2013-12-14 17:53 - 2013-11-09 06:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe 2013-12-14 17:53 - 2013-11-08 11:26 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2013-12-14 17:53 - 2013-11-08 05:43 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2013-12-14 17:53 - 2013-11-08 05:28 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2013-12-14 17:53 - 2013-11-08 05:26 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2013-12-14 17:53 - 2013-11-08 05:16 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2013-12-14 17:53 - 2013-11-08 05:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2013-12-14 17:53 - 2013-11-08 05:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll 2013-12-14 17:53 - 2013-11-08 04:41 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2013-12-14 17:53 - 2013-11-08 04:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2013-12-14 17:53 - 2013-11-05 15:19 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2013-12-14 17:53 - 2013-11-05 15:03 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2013-12-14 17:53 - 2013-11-05 14:57 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2013-12-14 17:53 - 2013-11-05 14:33 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2013-12-14 17:53 - 2013-11-05 14:32 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2013-12-14 17:53 - 2013-11-04 18:13 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2013-12-14 17:53 - 2013-11-04 18:13 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2013-12-14 17:53 - 2013-11-04 14:07 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll 2013-12-14 17:53 - 2013-11-04 12:50 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2013-12-14 17:53 - 2013-11-04 11:32 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2013-12-14 17:53 - 2013-11-04 03:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll 2013-12-14 17:53 - 2013-11-04 02:30 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2013-12-14 17:53 - 2013-11-01 12:39 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2013-12-14 17:53 - 2013-11-01 07:08 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll 2013-12-14 17:53 - 2013-11-01 06:57 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll 2013-12-14 17:53 - 2013-10-31 01:58 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2013-12-14 17:53 - 2013-10-31 01:42 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2013-12-14 17:53 - 2013-10-31 01:33 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2013-12-14 17:53 - 2013-10-31 01:33 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2013-12-14 17:53 - 2013-10-31 01:33 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2013-12-14 17:53 - 2013-10-31 01:33 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2013-12-14 17:53 - 2013-10-26 02:54 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys 2013-12-14 17:53 - 2013-10-24 10:31 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll 2013-12-14 17:53 - 2013-10-24 10:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll 2013-12-14 17:53 - 2013-10-17 12:21 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2013-12-14 17:53 - 2013-10-17 11:36 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2013-12-14 17:53 - 2013-10-05 15:21 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2013-12-14 17:53 - 2013-10-05 15:21 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2013-12-14 17:53 - 2013-10-05 13:05 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2013-12-14 17:53 - 2013-10-05 13:05 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2013-12-12 19:56 - 2013-12-12 21:13 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\TS3Client 2013-12-12 19:52 - 2013-11-23 05:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll 2013-12-12 19:52 - 2013-11-23 05:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll 2013-12-12 19:52 - 2013-11-23 04:32 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2013-12-12 19:52 - 2013-11-23 04:10 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2013-12-12 19:52 - 2013-11-09 07:34 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2013-12-12 19:52 - 2013-11-09 07:34 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2013-12-12 19:52 - 2013-11-09 06:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2013-12-12 19:51 - 2013-12-12 19:51 - 00001222 _____ C:\Users\Timo T\Desktop\TeamSpeak 3 Client.lnk 2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Local\TeamSpeak 3 Client 2013-12-12 19:31 - 2013-12-12 19:33 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\Timo T\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe 2013-12-12 18:38 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2013-12-12 18:38 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2013-12-12 18:38 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2013-12-12 18:38 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2013-12-12 18:38 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2013-12-12 18:38 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2013-12-12 18:38 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2013-12-12 18:38 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2013-12-12 18:38 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2013-12-12 18:38 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2013-12-12 18:38 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2013-12-12 18:38 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2013-12-12 18:38 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2013-12-12 18:38 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2013-12-12 18:38 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2013-12-12 18:38 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2013-12-12 18:38 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2013-12-12 18:38 - 2013-11-08 08:21 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2013-12-12 18:38 - 2013-10-19 09:53 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll 2013-12-12 18:38 - 2013-10-19 08:14 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll 2013-12-12 18:38 - 2013-10-15 09:54 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll 2013-12-12 18:38 - 2013-10-15 09:03 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll ==================== One Month Modified Files and Folders ======= 2014-01-02 18:06 - 2014-01-02 18:06 - 00013731 _____ C:\Users\Timo T\Desktop\FRST.txt 2014-01-02 18:05 - 2013-07-25 21:49 - 00001120 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-02 18:04 - 2014-01-02 18:04 - 01931426 _____ (Farbar) C:\Users\Timo T\Desktop\FRST64.exe 2014-01-02 18:04 - 2014-01-02 18:04 - 00000000 ____D C:\Users\Timo T\Desktop\FRST-OlderVersion 2014-01-02 18:04 - 2014-01-02 18:03 - 00000000 ____D C:\FRST 2014-01-02 18:02 - 2013-11-30 12:18 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A1E9E32D-55A8-4BAF-90D6-784E9A0B66BE} 2014-01-02 18:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru 2014-01-02 18:01 - 2013-10-18 22:09 - 01683813 _____ C:\WINDOWS\WindowsUpdate.log 2014-01-02 18:00 - 2013-10-18 22:20 - 00000000 __RDO C:\Users\Timo T\SkyDrive 2014-01-02 17:59 - 2013-07-25 21:49 - 00001116 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-02 17:58 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2014-01-01 20:39 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2014-01-01 20:38 - 2013-12-29 21:38 - 00000308 _____ C:\WINDOWS\Tasks\Digital Sites.job 2014-01-01 20:28 - 2013-02-03 13:41 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-01-01 19:56 - 2013-12-29 21:45 - 00000000 ____D C:\Users\Timo T\Desktop\FRST 2014-01-01 19:49 - 2014-01-01 19:49 - 01931396 _____ (Farbar) C:\Users\Timo T\Downloads\FRST64(1).exe 2014-01-01 19:46 - 2014-01-01 19:46 - 00000000 ____D C:\Users\Timo T\Downloads\FRST-OlderVersion 2014-01-01 19:46 - 2013-12-29 21:44 - 01931396 _____ (Farbar) C:\Users\Timo T\Downloads\FRST64.exe 2014-01-01 19:16 - 2013-03-10 13:11 - 00000942 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002UA.job 2014-01-01 15:35 - 2014-01-01 15:35 - 00000005 _____ C:\Users\Timo T\AppData\Roaming\WBPU-Q5-TTL.DAT 2014-01-01 15:35 - 2013-12-31 14:38 - 00000005 _____ C:\Users\Timo T\AppData\Roaming\WBPU-TTL.DAT 2014-01-01 15:35 - 2013-12-18 18:26 - 00000106 _____ C:\Users\Timo T\AppData\Roaming\WB.CFG 2014-01-01 14:18 - 2012-11-18 01:01 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1946761082-257476130-358862400-1002 2014-01-01 13:58 - 2013-12-29 21:46 - 00041000 _____ C:\Users\Timo T\Downloads\FRST.txt 2014-01-01 13:55 - 2014-01-01 13:55 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Timo T\Downloads\sc-cleaner.exe 2014-01-01 13:55 - 2014-01-01 13:55 - 00001752 _____ C:\sc-cleaner.txt 2014-01-01 13:53 - 2014-01-01 13:53 - 00002268 _____ C:\Users\Timo T\Desktop\JRT.txt 2014-01-01 13:49 - 2014-01-01 13:49 - 00000000 ____D C:\WINDOWS\ERUNT 2014-01-01 13:47 - 2014-01-01 13:47 - 01036305 _____ (Thisisu) C:\Users\Timo T\Downloads\JRT(1).exe 2014-01-01 13:45 - 2014-01-01 13:43 - 01036305 _____ (Thisisu) C:\Users\Timo T\Downloads\JRT.exe 2014-01-01 13:39 - 2014-01-01 13:39 - 00000000 ____D C:\ProgramData\boost_interprocess 2014-01-01 13:37 - 2014-01-01 13:35 - 00000000 ____D C:\AdwCleaner 2014-01-01 13:37 - 2013-10-18 22:16 - 00001013 _____ C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-01 13:37 - 2012-11-18 01:37 - 00001065 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-01-01 13:37 - 2012-11-18 00:51 - 00000000 ___RD C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-01 13:34 - 2014-01-01 13:34 - 01233962 _____ C:\Users\Timo T\Downloads\adwcleaner.exe 2014-01-01 13:29 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\newnext.me 2013-12-31 16:47 - 2013-12-29 18:16 - 00000414 _____ C:\Users\Timo T\daemonprocess.txt 2013-12-31 15:28 - 2013-12-31 14:11 - 00000000 ____D C:\Users\Timo T\Desktop\mbar 2013-12-31 15:02 - 2013-12-31 14:14 - 00117464 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2013-12-31 15:02 - 2013-12-31 14:11 - 00089304 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2013-12-31 14:57 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\Updater 2013-12-31 14:57 - 2013-09-29 20:04 - 00003550 _____ C:\WINDOWS\PFRO.log 2013-12-31 14:57 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\DesktopTileResources 2013-12-31 14:14 - 2013-12-31 14:14 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-31 14:10 - 2013-12-31 14:10 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Timo T\Downloads\mbar-1.07.0.1008.exe 2013-12-29 21:56 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Local\cache 2013-12-29 21:53 - 2013-12-29 21:52 - 00000000 ____D C:\Users\Timo T\Desktop\Neuer Ordner 2013-12-29 21:47 - 2013-12-29 21:46 - 00030673 _____ C:\Users\Timo T\Downloads\Addition.txt 2013-12-29 21:39 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Local\genienext 2013-12-29 21:38 - 2013-12-29 21:38 - 00002646 _____ C:\WINDOWS\System32\Tasks\Digital Sites 2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\DigitalSites 2013-12-29 21:37 - 2013-12-29 21:37 - 00673568 _____ ( ) C:\Users\Timo T\Downloads\ZipOpenerSetup.exe 2013-12-29 20:31 - 2013-12-29 20:31 - 00000000 ____D C:\ProgramData\Websteroids 2013-12-29 19:44 - 2013-12-29 19:44 - 00000000 ____D C:\ProgramData\Oracle 2013-12-29 19:43 - 2013-12-29 19:44 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-12-29 19:43 - 2013-12-29 19:44 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-12-29 19:43 - 2013-12-29 19:44 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-12-29 19:43 - 2013-12-29 19:44 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2013-12-29 19:43 - 2013-12-29 19:43 - 00000000 ____D C:\Program Files\Java 2013-12-29 19:42 - 2013-12-29 19:42 - 30694824 _____ (Oracle Corporation) C:\Users\Timo T\Downloads\jre-7u45-windows-x64.exe 2013-12-29 19:39 - 2013-12-29 19:39 - 00470032 _____ C:\Users\Timo T\Downloads\Java.exe 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\.android 2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\RHelpers 2013-12-29 18:16 - 2013-10-18 21:52 - 00000000 ____D C:\Users\Timo T 2013-12-29 18:14 - 2013-12-29 18:14 - 00002066 _____ C:\Users\Timo T\Desktop\Continue installation - FlashPlayer.lnk 2013-12-29 18:11 - 2013-12-29 18:11 - 00336936 _____ (Amônétízé Ltd) C:\Users\Timo T\Downloads\FlashPlayer__4003_i220968287_il14.exe 2013-12-29 13:16 - 2013-03-10 13:11 - 00000920 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002Core.job 2013-12-23 22:19 - 2013-11-04 18:21 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Black & Bloody Vengeance 2013-12-23 22:18 - 2013-12-20 21:03 - 00001077 _____ C:\Users\Public\Desktop\ActiveDossierUploader.lnk 2013-12-23 22:18 - 2013-12-20 21:03 - 00001027 _____ C:\Users\Public\Desktop\Radial Menu Editor.lnk 2013-12-23 22:18 - 2013-12-20 21:03 - 00000942 _____ C:\Users\Public\Desktop\Setup WoT Stats.lnk 2013-12-23 22:18 - 2013-12-20 21:03 - 00000096 _____ C:\Users\Public\Desktop\[BV] Mod Collection Updates.url 2013-12-23 21:57 - 2013-12-23 21:18 - 119282768 _____ (Black & Bloody Vengeance) C:\Users\Timo T\Downloads\[BV] Mod Collection Installer 8.10.4.exe 2013-12-22 15:38 - 2013-08-17 19:11 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-12-22 15:36 - 2013-01-01 03:07 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-12-22 15:00 - 2012-11-18 01:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-21 20:22 - 2013-11-15 20:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak 2013-12-21 20:07 - 2013-12-21 20:07 - 00002236 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-12-21 20:07 - 2013-07-25 21:49 - 00000000 ____D C:\Program Files (x86)\Google 2013-12-21 19:52 - 2013-12-21 19:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-20 20:43 - 2013-09-30 05:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-12-20 20:43 - 2013-09-30 04:56 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat 2013-12-20 20:43 - 2013-09-30 04:56 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat 2013-12-18 18:30 - 2013-05-07 18:32 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2013-12-18 18:30 - 2013-03-30 20:34 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2013-12-18 18:30 - 2013-03-30 20:34 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2013-12-16 21:29 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache 2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData 2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore 2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer 2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager 2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera 2013-12-14 17:45 - 2013-08-22 15:44 - 00335992 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-12-12 21:13 - 2013-12-12 19:56 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\TS3Client 2013-12-12 19:51 - 2013-12-12 19:51 - 00001222 _____ C:\Users\Timo T\Desktop\TeamSpeak 3 Client.lnk 2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Local\TeamSpeak 3 Client 2013-12-12 19:33 - 2013-12-12 19:31 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\Timo T\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe 2013-12-12 19:00 - 2013-07-25 21:49 - 00004092 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2013-12-12 19:00 - 2013-07-25 21:49 - 00003856 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2013-12-10 20:28 - 2013-02-03 13:41 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2013-12-04 01:05 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2013-12-04 01:05 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-03 19:39 - 2013-08-22 15:46 - 00333628 _____ C:\WINDOWS\setupact.log Some content of TEMP: ==================== C:\Users\Timo T\AppData\Local\Temp\avgnt.exe C:\Users\Timo T\AppData\Local\Temp\BackupSetup.exe C:\Users\Timo T\AppData\Local\Temp\FlashPlayer__4003_i220968287_il14.exe C:\Users\Timo T\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-01 14:18 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2014 01 Ran by Timo T at 2014-01-02 18:06:57 Running from C:\Users\Timo T\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== clear.fi SDK - Video 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden [BV] Mod Collection (x32 Version: 1.08.96 - Black & Bloody Vengeance) [BV] Mod Collection (x32 Version: 1.08.96 - Black & Bloody Vengeance) Hidden [BV] Mod Collection (x32 Version: 8.10.4 - Black & Bloody Vengeance) [BV] Mod Collection (x32 Version: 8.10.4 - Black & Bloody Vengeance) Hidden [BV] Mod Collection Clanlogos (x32 Version: 1.0.1 - Black & Bloody Vengeance) Acer Backup Manager (x32 Version: 4.0.0.0053 - NTI Corporation) Acer Device Fast-lane (Version: 1.00.3003 - Acer Incorporated) Acer Power Management (Version: 7.00.3003 - Acer Incorporated) Acer Recovery Management (Version: 6.00.3006 - Acer Incorporated) AcerCloud (x32 Version: 2.01.3112 - Acer Incorporated) AcerCloud Docs (x32 Version: 1.00.3103 - Acer Incorporated) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira) Backup Manager v4 (x32 Version: 4.0.0.0053 - NTI Corporation) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Broadcom Card Reader Driver Installer (Version: 15.4.4.2 - Broadcom Corporation) clear.fi Media (x32 Version: 2.01.3107 - Acer Incorporated) clear.fi Photo (x32 Version: 2.01.3107 - Acer Incorporated) CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819 - CyberLink Corp.) CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819 - CyberLink Corp.) Hidden Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden Diablo III (x32 Version: 1.0.7.14633 - Blizzard Entertainment) dOwwnnloadittkeep (x32 Version: - dowwneloaDitkeep) eBay Worldwide (x32 Version: 2.3.0630 - OEM) ETDWare PS/2-X64 11.6.11.002_WHQL (Version: 11.6.11.002 - ELAN Microelectronic Corp.) Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287 - Skype Limited) Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden Foxtab (x32 Version: - FoxTab) <==== ATTENTION Free YouTube to MP3 Converter version 3.12.2.430 (x32 Version: 3.12.2.430 - DVDVideoSoft Ltd.) Google Earth (x32 Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Identity Card (x32 Version: 2.00.3002 - Acer Incorporated) Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (x32 Version: 9.17.10.2932 - Intel Corporation) Intel(R) Rapid Storage Technology (x32 Version: 11.5.0.1207 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Jump Flip (Version: 2013.12.27.213125 - Jump Flip) Launch Manager (x32 Version: 7.0.3 - Acer Inc.) Live Updater (x32 Version: 2.00.3002 - Acer Incorporated) Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.) Microsoft Office (x32 Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla) Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla) MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden Norton Online Backup (x32 Version: 2.2.3.45 - Symantec Corporation) Norton Online Backup ARA (x32 Version: 4.1.0.10 - Symantec Corporation) Hidden NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden NVIDIA Grafiktreiber 327.02 (Version: 327.02 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.12.0613 (Version: 9.12.0613 - NVIDIA Corporation) NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden NVIDIA Update 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden Office Addin (x32 Version: 2.01.3102 - Acer) Office Addin 2003 (x32 Version: 2.01.3102 - Acer) PartyPoker (x32 Version: - PartyGaming) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PokerStars.eu (x32 Version: - PokerStars.eu) Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.220 - Qualcomm Atheros Communications) Qualcomm Atheros WLAN and Bluetooth Client Installation Program (x32 Version: 11.41 - Qualcomm Atheros) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6657 - Realtek Semiconductor Corp.) saavinugtoyyou (x32 Version: - saaviingteoyou) Samsung Kies (x32 Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Hidden Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.) Shared C Run-time for x64 (Version: 10.0.0 - McAfee) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Spotify (x32 Version: 0.8.4.99.ga249b5f1 - Spotify AB) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden TeamSpeak 3 Client (HKCU Version: 3.0.13 - TeamSpeak Systems GmbH) Update for Zip Opener (HKCU Version: - Update for Zip Opener) <==== ATTENTION Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Updater (x32 Version: 2.6.53 - Creative Island Media, LLC) Visual Studio 2005 Tools for Office Second Edition Runtime (x32 Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (x32 Version: 1 - Microsoft Corporation) WildTangent Games (x32 Version: 1.0.3.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden World of Tanks (x32 Version: - Wargaming.net) Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Restore Points ========================= 16-12-2013 19:49:25 Windows Update 20-12-2013 19:43:13 [BV] Mod Collection wird entfernt 22-12-2013 11:33:13 TuneUp Utilities 2013 wird entfernt 23-12-2013 21:03:01 [BV] Mod Collection Clanlogos wird installiert 29-12-2013 18:43:16 Installed Java 7 Update 45 (64-bit) 31-12-2013 13:51:47 Malwarebytes Anti-Rootkit Restore Point ==================== Hosts content: ========================== 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0AACCEF9-366E-482B-8EEF-DED69FAD4A19} - \BonanzaDealsLiveUpdateTaskMachineCore No Task File Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {17E4CA9F-25FD-494E-BB74-B84A209FCA12} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] () Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {20C819B0-6EC1-4924-A3A2-EC3C2E43BA90} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002UA => C:\Users\Timo T\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-10] (Facebook Inc.) Task: {25726081-A397-417C-9053-4AB4590B4DFF} - System32\Tasks\startDestop => C:\Windows\explorer.exe [2013-10-22] (Microsoft Corporation) Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {2E49E5DC-0515-48BC-BA84-72D978DF82F3} - \FoxTab No Task File Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {397C436B-F8FA-42B2-BCA9-42956095EE40} - \RegClean Pro_UPDATES No Task File Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\System32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {4B363602-9225-4197-A91E-C4CB0EBA9C5C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002Core => C:\Users\Timo T\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-10] (Facebook Inc.) Task: {5031E43D-8433-478B-ADEF-ED7A3609D51E} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-07-13] () Task: {5D43D661-4822-426F-BDB8-813F0B4979E4} - System32\Tasks\Digital Sites => C:\Users\Timo T\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION Task: {62E3DEE8-D473-4B91-8097-3DE4CD9E8D7A} - \BonanzaDealsUpdate No Task File Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6D47655D-9C1F-43FE-A7EA-A67391803538} - \UpdaterEX No Task File Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {6FE4EDEE-395D-47B4-AB29-54DCF268FC22} - \RegClean Pro_DEFAULT No Task File Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {73D61466-1665-49A1-9E9F-2CCF086B20A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-25] (Google Inc.) Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {79E3ABDD-2399-4F4F-995C-4EA378BEC8D9} - \RegClean Pro No Task File Task: {7C580FE3-B0E7-49F9-9B27-6FE125A6BAEF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {88E98346-BF35-457A-837D-FAE635483809} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {98CEFDC9-4187-453C-A3B4-C49FB9152592} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.) Task: {9D57FC2B-2F32-4DBC-BC3E-3AE7E332B6BB} - \BonanzaDealsLiveUpdateTaskMachineUA No Task File Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {B12311BC-1310-48DA-A4C1-3B7067D62D49} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-25] (Google Inc.) Task: {B1BDC97C-AC76-4ACD-9F77-74BCEAA1ED31} - \Advanced System Protector_startup No Task File Task: {B8C6B978-48DD-4BA9-A90C-39969592C3D8} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-07-31] (Acer Incorporated) Task: {C07621CF-83DB-409B-BA85-05C6F8B8EE1A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\System32\MRT.exe [2013-12-22] (Microsoft Corporation) Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {DB52C38A-7BED-4C11-8C09-4DA13108FB1A} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink) Task: {E185F0C3-1D25-4FA8-833E-103DADA0F652} - \Scheduled Update for Ask Toolbar No Task File Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {F83191E3-E913-4DC2-BE22-C614E7BF5FB0} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PmmUpdate.exe [2012-07-12] (Egis Technology Inc.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\TIMOT~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002Core.job => C:\Users\Timo T\AppData\Local\Facebook\Update\FacebookUpdate.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002UA.job => C:\Users\Timo T\AppData\Local\Facebook\Update\FacebookUpdate.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2013-01-28 13:45 - 2013-01-28 13:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-01-28 13:42 - 2013-01-28 13:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll 2012-12-14 01:42 - 2012-12-14 01:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-01-19 11:26 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2012-07-31 00:04 - 2012-07-31 00:04 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2012-08-15 20:44 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2013-12-21 19:52 - 2013-12-21 19:52 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:373E1720 AlternateDataStreams: C:\Users\Timo T\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/01/2014 03:20:42 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80070005 Error: (01/01/2014 02:21:00 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird. Error: (01/01/2014 02:21:00 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird. Error: (01/01/2014 02:21:00 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird. Error: (01/01/2014 02:09:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: TIMO) Description: Bei der Aktivierung der App „FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager“ ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. System errors: ============= Error: (01/02/2014 06:01:46 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (01/02/2014 05:58:26 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers nicht gestartet: %%1083 Error: (01/01/2014 06:58:14 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (01/01/2014 06:55:08 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers nicht gestartet: %%1083 Error: (01/01/2014 02:27:12 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (01/01/2014 02:25:00 PM) (Source: DCOM) (User: TIMO) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}TimoTimo TS-1-5-21-1946761082-257476130-358862400-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (01/01/2014 02:24:04 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers nicht gestartet: %%1083 Error: (01/01/2014 02:06:29 PM) (Source: DCOM) (User: TIMO) Description: {9AA46009-3CE0-458A-A354-715610A075E6} Error: (01/01/2014 02:05:59 PM) (Source: DCOM) (User: TIMO) Description: {9AA46009-3CE0-458A-A354-715610A075E6} Error: (01/01/2014 02:05:29 PM) (Source: DCOM) (User: TIMO) Description: {9AA46009-3CE0-458A-A354-715610A075E6} Microsoft Office Sessions: ========================= Error: (01/01/2014 03:20:42 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80070005 Error: (01/01/2014 02:21:00 PM) (Source: SideBySide)(User: ) Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4 Error: (01/01/2014 02:21:00 PM) (Source: SideBySide)(User: ) Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4 Error: (01/01/2014 02:21:00 PM) (Source: SideBySide)(User: ) Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4 Error: (01/01/2014 02:09:26 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: TIMO) Description: FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager-2144927151 ==================== Memory info =========================== Percentage of memory in use: 34% Total physical RAM: 3909.27 MB Available physical RAM: 2543.47 MB Total Pagefile: 4613.27 MB Available Pagefile: 3050.66 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:445.85 GB) (Free:300.61 GB) NTFS Drive d: (Canyon BA International MY2013) (CDROM) (Total:0.95 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 0FC5356F) Partition: GPT Partition Type ==================== End Of Log ============================ Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-01-2014 01 Ran by Timo T at 2014-01-02 18:09:40 Run:2 Running from C:\Users\Timo T\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** FF Extension: dOwwnnloadittkeep - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\d.u8vact@ocvzuyoytmw-.net FF Extension: saavinugtoyyou - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\vxavvpc@ptwb-rm.com FF Extension: Jump Flip - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\firefox@jumpflip.net.xpi FF Extension: BonanzaDeals - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi R2 Util Jump Flip; C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe [65312 2013-12-31] (Jump Flip) C:\Program Files (x86)\Jump Flip C:\Users\Timo T\AppData\Roaming\Bonanza C:\ProgramData\dOwwnnloadittkeep C:\ProgramData\saavinugtoyyou C:\ProgramData\e8a480b429bfdc00 ***************** C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\d.u8vact@ocvzuyoytmw-.net not found. C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\vxavvpc@ptwb-rm.com not found. C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\firefox@jumpflip.net.xpi not found. C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi not found. Util Jump Flip => Service not found. "C:\Program Files (x86)\Jump Flip" => File/Directory not found. "C:\Users\Timo T\AppData\Roaming\Bonanza" => File/Directory not found. "C:\ProgramData\dOwwnnloadittkeep" => File/Directory not found. "C:\ProgramData\saavinugtoyyou" => File/Directory not found. "C:\ProgramData\e8a480b429bfdc00" => File/Directory not found. ==== End of Fixlog ==== |
03.01.2014, 11:41 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Nation Zoom :( ich weiß nicht weiter Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
03.01.2014, 17:41 | #15 |
| Nation Zoom :( ich weiß nicht weiterCode:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.03.02 Windows 8 x64 NTFS Internet Explorer 11.0.9600.16476 Timo T :: TIMO [Administrator] Schutz: Aktiviert 03.01.2014 13:37:15 mbam-log-2014-01-03 (13-37-15).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 421544 Laufzeit: 1 Stunde(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 8 HKCR\CLSID\{6db9fdfe-b718-4962-be0c-0a5fce7f7f7b} (PUP.Optional.JumpFlip) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{f325945d-dafe-4312-95d8-1913aeb1d810} (PUP.Optional.JumpFlip) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{4318395F-DFF1-48AF-B5F0-958E93D16D56} (PUP.Optional.JumpFlip) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6DB9FDFE-B718-4962-BE0C-0A5FCE7F7F7B} (PUP.Optional.JumpFlip) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Jump Flip (PUP.Optional.JumpFlip.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\Update Jump Flip (PUP.Optional.JumpFlip.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\Software\Jump Flip (PUP.Optional.JumpFlip.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 6 C:\Users\Timo T\AppData\Roaming\DigitalSites\UpdateProc (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\RHelpers\ChromeHelper (PUP.Optional.Searchagent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\RHelpers\FirefoxHelper (PUP.Optional.Searchagent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\RHelpers\IeHelper (PUP.Optional.Searchagent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 47 C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll.vir (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe.vir (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLive.exe.vir (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveBroker.exe.vir (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveHandler.exe.vir (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveOnDemand.exe.vir (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\goopdate.dll.vir (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\psmachine.dll.vir (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\psuser.dll.vir (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptimizerPro.exe.vir (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProGuard.exe.vir (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProReminder.exe.vir (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProSchedule.exe.vir (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProSmartScan.exe.vir (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProStart.exe.vir (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\dOwwnnloadittkeep\xKeUtMS2U.exe (PUP.Optional.CRXDrop.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\dOwwnnloadittkeep\xKeUtMS2U.x64.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\Jump Flip\JumpFlipBHO.dll (PUP.Optional.JumpFlip.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\Jump Flip\updateJumpFlip.exe (PUP.Optional.JumpFlip.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\Jump Flip\bin\utilJumpFlip.exe (PUP.Optional.JumpFlip.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\saavinugtoyyou\OrmbLjH6I_.exe (PUP.Optional.CRXDrop.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\saavinugtoyyou\OrmbLjH6I_.x64.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (PUP.Optional.SearchDonkey.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (PUP.Optional.SearchDonkey.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (PUP.Optional.SearchDonkey.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Local\Microsoft\Windows\INetCache\IE\T7OXVSZ4\Setup[1].exe (PUP.Optional.InternetUpdater.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Local\Microsoft\Windows\INetCache\IE\T7OXVSZ4\Setup[2].exe (PUP.Optional.JumpFlip.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Local\Temp\awhF18A.tmp (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Local\Temp\FlashPlayer__4003_i220968287_il14.exe (PUP.Optional.InstallMonetizer) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Local\Temp\fullpackage_temp1388337325\Baofeng.exe (PUP.Optional.NationZoom.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Local\Temp\fullpackage_temp1388337325\tmp\NewGdp.exe (PUP.Optional.WpManager.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Local\Temp\is1275519350\16190757_stp.EXE (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Local\Temp\is1275519350\16190777_stp\bd.exe (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Local\Temp\is357113909\4068061_stp\JumpFlipSetup.exe (PUP.Optional.JumpFlip.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\Downloads\FlashPlayer_V.84230528b.exe (Adware.DomaIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\Downloads\FlashPlayer__4003_i220968287_il14.exe (PUP.Optional.InstallMonetizer) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\Downloads\Java.exe (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\Downloads\ZipOpenerSetup.exe (PUP.Optional.JumpyApps) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Roaming\DigitalSites\UpdateProc\config.dat (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Roaming\DigitalSites\UpdateProc\prod.dat (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=74e1ffae7602d545985e2e28a64e71d8 # engine=16502 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-01-03 04:37:37 # local_time=2014-01-03 05:37:37 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.2.9200 NT # compatibility_mode=1799 16775165 100 96 20884 254190347 13644 0 # compatibility_mode=5893 16776574 100 94 8252455 13648350 0 0 # scanned=200158 # found=6 # cleaned=0 # scan_time=8332 sh=C5828B700B9EF61FA1534D5D18482BF12F591CBF ft=1 fh=0404da55e35b3671 vn="a variant of Win32/AdWare.SpeedingUpMyPC.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProLauncher.exe.vir" sh=67B68DB23C76F83A193C0AD7A83684711DD12DDC ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\FRST\Quarantine\d.u8vact@ocvzuyoytmw-.net\content\bg.js" sh=A723FC98C645E1142C38BD9C68D33BEB7754328A ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\FRST\Quarantine\vxavvpc@ptwb-rm.com\content\bg.js" sh=CBB049AED59050C3DCA369754B9DBFE0949713F6 ft=0 fh=0000000000000000 vn="a variant of Android/Adware.AirPush.G application" ac=I fn="C:\Users\Timo T\Desktop\Handy\600 Android Application Mega Pack 2012\Top Paid Android Apps September 2012 Part 4\WikiMobile 2 Pro Encyclopedia v2.75 Final By bobiras2009.apk" sh=5B044861B5B31103763ABB53A6FFF21C642E2D4B ft=0 fh=0000000000000000 vn="a variant of Android/Adware.AirPush.G application" ac=I fn="C:\Users\Timo T\Desktop\Handy\600 Android Application Mega Pack 2012\Top Paid Android Apps September 2012 Part 6\Fake iPhone 5 v1.2 Final By bobiras2009.apk" sh=2634612D69A78A5D366C75EADD1989052B41A7AE ft=0 fh=0000000000000000 vn="a variant of Android/Adware.Waps.E application" ac=I fn="C:\Users\Timo T\Desktop\Handy\Android.Games.Collection.Juni.2012.v2\Soldiers of Glory World War 2 v1.1.6\Soldiers_of_Glory_WW2_1.1.6.apk" |
Themen zu Nation Zoom :( ich weiß nicht weiter |
abend, besser, faust, forum, guten, heute, hoffe, inter, interne, internet, mobogenie, mobogenie entfernen, nation zoom, nation zoom entfernen, nationzoom, nationzoom entfernen, nichts, pcs, problem, selbständig, suche, super, troja, trojan.agent |