| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Nation Zoom :( ich weiß nicht weiterWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.12.2013, 21:06
| #1 |
 |  Nation Zoom :( ich weiß nicht weiter Guten Abend liebes Trojaner-Board Ich habe seit heute das Problem das sich Nation Zoom immer selbständigt öffnet. Bei der Suche im Internet bin ich immer auf dieses Forum hier gestoßen. Dabei habe ich schon einiges gelesen und auch das man auf eigene Faust besser nichts machen sollte. Ich kenne mich mit PCs nicht so super aus und hoffe auf eure Hilfe. mfg |
|
29.12.2013, 21:35
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Nation Zoom :( ich weiß nicht weiter Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
29.12.2013, 21:51
| #3 |
| | Nation Zoom :( ich weiß nicht weiter FRST Logfile:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01
Ran by Timo T (administrator) on TIMO on 29-12-2013 21:46:01
Running from C:\Users\Timo T\Downloads
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Updater) C:\ProgramData\Updater\updater.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(PC Utilities Pro) C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(PC Utilities Pro) C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
(WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
(WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
(Jump Flip) C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\livecomm.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [BakupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1644680 2013-03-10] (Ask)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [486264 2013-12-18] (Updater)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761024 2013-12-13] ()
HKLM-x32\...\Runonce: [Del4089953] - cmd.exe /Q /D /c del "C:\Users\TIMOT~1\AppData\Local\Temp\0.del" [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications))
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKCU\...\Run: [Facebook Update] - C:\Users\Timo T\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-10] (Facebook Inc.)
HKCU\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [134648 2013-10-28] ()
HKCU\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [486264 2013-12-18] (Updater)
HKCU\...\Run: [NextLive] - C:\WINDOWS\SysWOW64\rundll32.exe "C:\Users\Timo T\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKCU\...\Runonce: [Del4089953] - cmd.exe /Q /D /c del "C:\Users\TIMOT~1\AppData\Local\Temp\0.del"
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll c:\progra~2\optimi~1\optpro~1.dll [4279112 2013-10-29] ()
Startup: C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms}
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms}
SearchScopes: HKLM - {12086C10-E61B-4C87-8253-D990FA7080CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms}
SearchScopes: HKLM-x32 - {12086C10-E61B-4C87-8253-D990FA7080CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms}
SearchScopes: HKCU - {12086C10-E61B-4C87-8253-D990FA7080CB} URL =
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms}
SearchScopes: HKCU - {E45BDB2D-6143-413D-9FF7-1865745671DC} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=a4d03a85-bda5-450d-adb1-2b4d82f33cf8&apn_sauid=1250515E-8CA1-4AEB-9464-30C3704A7870
BHO: saavinugtoyyou - {3452EE4D-89B3-E1D4-FF71-706C2912BF03} - C:\ProgramData\saavinugtoyyou\OrmbLjH6I_.x64.dll ()
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: dOwwnnloadittkeep - {82E8CB70-1EDF-3579-F279-ABEA2CAE660B} - C:\ProgramData\dOwwnnloadittkeep\xKeUtMS2U.x64.dll ()
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Jump Flip - {6db9fdfe-b718-4962-be0c-0a5fce7f7f7b} - C:\Program Files (x86)\Jump Flip\JumpFlipBHO.dll (Jump Flip)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO-x32: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default
FF user.js: detected! => C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\user.js
FF NewTab: hxxp://www.nationzoom.com/newtab/?type=nt&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542
FF DefaultSearchEngine: nationzoom
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: nationzoom
FF Homepage: hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Timo T\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\nationzoom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: dOwwnnloadittkeep - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\d.u8vact@ocvzuyoytmw-.net
FF Extension: Ask Toolbar - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\toolbar@ask.com
FF Extension: saavinugtoyyou - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\vxavvpc@ptwb-rm.com
FF Extension: Foxtab Speed Dial - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}
FF Extension: Jump Flip - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\firefox@jumpflip.net.xpi
FF Extension: BonanzaDeals - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [ieadcoanfjloocmfafkebdnfefmohngj] - C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 70e6ca8c; C:\WINDOWS\system32\rundll32.exe [52736 2013-08-22] (Microsoft Corporation)
R2 70e6ca8c; C:\WINDOWS\SysWow64\rundll32.exe [49664 2013-08-22] (Microsoft Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-06] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-06] (BonanzaDeals)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-15] (Dritek System INC.)
R2 Update Jump Flip; C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe [65312 2013-12-27] (Jump Flip)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-15] (Dritek System Inc.)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-29 21:46 - 2013-12-29 21:46 - 00023240 _____ C:\Users\Timo T\Downloads\FRST.txt
2013-12-29 21:45 - 2013-12-29 21:45 - 00000000 ____D C:\FRST
2013-12-29 21:44 - 2013-12-29 21:44 - 01931302 _____ (Farbar) C:\Users\Timo T\Downloads\FRST64.exe
2013-12-29 21:40 - 2013-12-29 21:40 - 00000000 ____D C:\Program Files (x86)\Jump Flip
2013-12-29 21:39 - 2013-12-29 21:39 - 00003120 _____ C:\WINDOWS\System32\Tasks\Advanced System Protector_startup
2013-12-29 21:39 - 2013-12-29 21:39 - 00001217 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-12-29 21:39 - 2013-12-29 21:39 - 00001103 _____ C:\Users\Timo T\Desktop\MyPC Backup.lnk
2013-12-29 21:39 - 2013-12-29 21:39 - 00001035 _____ C:\Users\Timo T\Desktop\Mobogenie.lnk
2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\ProgramData\Systweak
2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-12-29 21:39 - 2012-07-25 12:03 - 00016896 _____ C:\WINDOWS\system32\sasnative64.exe
2013-12-29 21:38 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Systweak
2013-12-29 21:38 - 2013-12-29 21:39 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-29 21:38 - 2013-12-29 21:38 - 00003316 _____ C:\WINDOWS\System32\Tasks\Advanced System Protector
2013-12-29 21:38 - 2013-12-29 21:38 - 00003108 _____ C:\WINDOWS\System32\Tasks\RegClean Pro
2013-12-29 21:38 - 2013-12-29 21:38 - 00003012 _____ C:\WINDOWS\System32\Tasks\RegClean Pro_UPDATES
2013-12-29 21:38 - 2013-12-29 21:38 - 00002856 _____ C:\WINDOWS\System32\Tasks\RegClean Pro_DEFAULT
2013-12-29 21:38 - 2013-12-29 21:38 - 00002646 _____ C:\WINDOWS\System32\Tasks\Digital Sites
2013-12-29 21:38 - 2013-12-29 21:38 - 00001130 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-12-29 21:38 - 2013-12-29 21:38 - 00001066 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2013-12-29 21:38 - 2013-12-29 21:38 - 00000308 _____ C:\WINDOWS\Tasks\Digital Sites.job
2013-12-29 21:38 - 2013-12-29 21:38 - 00000296 _____ C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job
2013-12-29 21:38 - 2013-12-29 21:38 - 00000288 _____ C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job
2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\DigitalSites
2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-12-29 21:38 - 2013-11-22 15:42 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\WINDOWS\system32\roboot64.exe
2013-12-29 21:37 - 2013-12-29 21:37 - 00673568 _____ ( ) C:\Users\Timo T\Downloads\ZipOpenerSetup.exe
2013-12-29 20:31 - 2013-12-29 20:31 - 00000000 ____D C:\ProgramData\Websteroids
2013-12-29 19:44 - 2013-12-29 19:44 - 00000000 ____D C:\ProgramData\Oracle
2013-12-29 19:44 - 2013-12-29 19:43 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-12-29 19:44 - 2013-12-29 19:43 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-12-29 19:44 - 2013-12-29 19:43 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-12-29 19:44 - 2013-12-29 19:43 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2013-12-29 19:43 - 2013-12-29 19:43 - 00000000 ____D C:\Program Files\Java
2013-12-29 19:42 - 2013-12-29 19:42 - 30694824 _____ (Oracle Corporation) C:\Users\Timo T\Downloads\jre-7u45-windows-x64.exe
2013-12-29 19:39 - 2013-12-29 19:39 - 00470032 _____ C:\Users\Timo T\Downloads\Java.exe
2013-12-29 18:16 - 2013-12-29 21:45 - 00000000 ____D C:\Users\Timo T\AppData\Local\Mobogenie
2013-12-29 18:16 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Local\genienext
2013-12-29 18:16 - 2013-12-29 20:31 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\newnext.me
2013-12-29 18:16 - 2013-12-29 20:21 - 00000138 _____ C:\Users\Timo T\daemonprocess.txt
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\Documents\Mobogenie
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Local\cache
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\.android
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\Updater
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\RHelpers
2013-12-29 18:15 - 2013-12-29 20:25 - 00000000 ____D C:\ProgramData\WPM
2013-12-29 18:15 - 2013-12-29 20:24 - 00000000 ____D C:\Users\Timo T\AppData\Local\Lollipop
2013-12-29 18:14 - 2013-12-29 18:14 - 00002066 _____ C:\Users\Timo T\Desktop\Continue installation - FlashPlayer.lnk
2013-12-29 18:11 - 2013-12-29 18:11 - 00336936 _____ (Amônétízé Ltd) C:\Users\Timo T\Downloads\FlashPlayer__4003_i220968287_il14.exe
2013-12-29 10:33 - 2013-12-29 10:33 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Bonanza
2013-12-24 15:58 - 2013-12-24 16:01 - 00000000 ____D C:\ProgramData\dOwwnnloadittkeep
2013-12-24 15:58 - 2013-12-24 16:00 - 00000000 ____D C:\ProgramData\saavinugtoyyou
2013-12-24 15:58 - 2013-12-24 15:58 - 00000000 ____D C:\ProgramData\e8a480b429bfdc00
2013-12-23 21:18 - 2013-12-23 21:57 - 119282768 _____ (Black & Bloody Vengeance) C:\Users\Timo T\Downloads\[BV] Mod Collection Installer 8.10.4.exe
2013-12-21 20:07 - 2013-12-21 20:07 - 00002236 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-21 19:52 - 2013-12-21 19:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 21:03 - 2013-12-23 22:18 - 00001077 _____ C:\Users\Public\Desktop\ActiveDossierUploader.lnk
2013-12-20 21:03 - 2013-12-23 22:18 - 00001027 _____ C:\Users\Public\Desktop\Radial Menu Editor.lnk
2013-12-20 21:03 - 2013-12-23 22:18 - 00000942 _____ C:\Users\Public\Desktop\Setup WoT Stats.lnk
2013-12-20 21:03 - 2013-12-23 22:18 - 00000096 _____ C:\Users\Public\Desktop\[BV] Mod Collection Updates.url
2013-12-18 18:26 - 2013-12-18 18:26 - 00000030 _____ C:\Users\Timo T\AppData\Roaming\WB.CFG
2013-12-14 17:53 - 2013-11-12 00:41 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-14 17:53 - 2013-11-12 00:40 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-14 17:53 - 2013-11-12 00:27 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-12-14 17:53 - 2013-11-12 00:24 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-12-14 17:53 - 2013-11-11 03:48 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2013-12-14 17:53 - 2013-11-09 12:55 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-12-14 17:53 - 2013-11-09 07:37 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2013-12-14 17:53 - 2013-11-09 06:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2013-12-14 17:53 - 2013-11-08 11:26 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2013-12-14 17:53 - 2013-11-08 05:43 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2013-12-14 17:53 - 2013-11-08 05:28 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-12-14 17:53 - 2013-11-08 05:26 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-12-14 17:53 - 2013-11-08 05:16 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2013-12-14 17:53 - 2013-11-08 05:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2013-12-14 17:53 - 2013-11-08 05:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2013-12-14 17:53 - 2013-11-08 04:41 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-12-14 17:53 - 2013-11-08 04:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-12-14 17:53 - 2013-11-05 15:19 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2013-12-14 17:53 - 2013-11-05 15:03 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2013-12-14 17:53 - 2013-11-05 14:57 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2013-12-14 17:53 - 2013-11-05 14:33 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2013-12-14 17:53 - 2013-11-05 14:32 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2013-12-14 17:53 - 2013-11-04 18:13 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-12-14 17:53 - 2013-11-04 18:13 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-12-14 17:53 - 2013-11-04 14:07 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2013-12-14 17:53 - 2013-11-04 12:50 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-12-14 17:53 - 2013-11-04 11:32 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2013-12-14 17:53 - 2013-11-04 03:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2013-12-14 17:53 - 2013-11-04 02:30 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-12-14 17:53 - 2013-11-01 12:39 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2013-12-14 17:53 - 2013-11-01 07:08 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2013-12-14 17:53 - 2013-11-01 06:57 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2013-12-14 17:53 - 2013-10-31 01:58 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-12-14 17:53 - 2013-10-31 01:42 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-12-14 17:53 - 2013-10-31 01:33 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-12-14 17:53 - 2013-10-31 01:33 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-12-14 17:53 - 2013-10-31 01:33 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-12-14 17:53 - 2013-10-31 01:33 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-12-14 17:53 - 2013-10-26 02:54 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2013-12-14 17:53 - 2013-10-24 10:31 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2013-12-14 17:53 - 2013-10-24 10:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2013-12-14 17:53 - 2013-10-17 12:21 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-12-14 17:53 - 2013-10-17 11:36 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2013-12-14 17:53 - 2013-10-05 15:21 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-12-14 17:53 - 2013-10-05 15:21 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-12-14 17:53 - 2013-10-05 13:05 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-12-14 17:53 - 2013-10-05 13:05 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2013-12-12 19:56 - 2013-12-12 21:13 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\TS3Client
2013-12-12 19:52 - 2013-11-23 05:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2013-12-12 19:52 - 2013-11-23 05:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2013-12-12 19:52 - 2013-11-23 04:32 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-12-12 19:52 - 2013-11-23 04:10 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2013-12-12 19:52 - 2013-11-09 07:34 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2013-12-12 19:52 - 2013-11-09 07:34 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2013-12-12 19:52 - 2013-11-09 06:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2013-12-12 19:51 - 2013-12-12 19:51 - 00001222 _____ C:\Users\Timo T\Desktop\TeamSpeak 3 Client.lnk
2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Local\TeamSpeak 3 Client
2013-12-12 19:31 - 2013-12-12 19:33 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\Timo T\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe
2013-12-12 18:38 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-12-12 18:38 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-12-12 18:38 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-12-12 18:38 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-12-12 18:38 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-12-12 18:38 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-12-12 18:38 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-12-12 18:38 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-12-12 18:38 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-12-12 18:38 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2013-12-12 18:38 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-12-12 18:38 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-12-12 18:38 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-12-12 18:38 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2013-12-12 18:38 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2013-12-12 18:38 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-12-12 18:38 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-12-12 18:38 - 2013-11-08 08:21 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-12-12 18:38 - 2013-10-19 09:53 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2013-12-12 18:38 - 2013-10-19 08:14 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2013-12-12 18:38 - 2013-10-15 09:54 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2013-12-12 18:38 - 2013-10-15 09:03 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2013-11-30 12:18 - 2013-12-29 21:40 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A1E9E32D-55A8-4BAF-90D6-784E9A0B66BE}
==================== One Month Modified Files and Folders =======
2013-12-29 21:46 - 2013-12-29 21:46 - 00023240 _____ C:\Users\Timo T\Downloads\FRST.txt
2013-12-29 21:46 - 2013-10-18 22:09 - 01243131 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-29 21:45 - 2013-12-29 21:45 - 00000000 ____D C:\FRST
2013-12-29 21:45 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Local\Mobogenie
2013-12-29 21:44 - 2013-12-29 21:44 - 01931302 _____ (Farbar) C:\Users\Timo T\Downloads\FRST64.exe
2013-12-29 21:44 - 2012-11-18 01:01 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1946761082-257476130-358862400-1002
2013-12-29 21:40 - 2013-12-29 21:40 - 00000000 ____D C:\Program Files (x86)\Jump Flip
2013-12-29 21:40 - 2013-11-30 12:18 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A1E9E32D-55A8-4BAF-90D6-784E9A0B66BE}
2013-12-29 21:39 - 2013-12-29 21:39 - 00003120 _____ C:\WINDOWS\System32\Tasks\Advanced System Protector_startup
2013-12-29 21:39 - 2013-12-29 21:39 - 00001217 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-12-29 21:39 - 2013-12-29 21:39 - 00001103 _____ C:\Users\Timo T\Desktop\MyPC Backup.lnk
2013-12-29 21:39 - 2013-12-29 21:39 - 00001035 _____ C:\Users\Timo T\Desktop\Mobogenie.lnk
2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\ProgramData\Systweak
2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-12-29 21:39 - 2013-12-29 21:38 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Systweak
2013-12-29 21:39 - 2013-12-29 21:38 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-29 21:39 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Local\genienext
2013-12-29 21:39 - 2012-11-18 00:51 - 00000000 ___RD C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-29 21:38 - 2013-12-29 21:38 - 00003316 _____ C:\WINDOWS\System32\Tasks\Advanced System Protector
2013-12-29 21:38 - 2013-12-29 21:38 - 00003108 _____ C:\WINDOWS\System32\Tasks\RegClean Pro
2013-12-29 21:38 - 2013-12-29 21:38 - 00003012 _____ C:\WINDOWS\System32\Tasks\RegClean Pro_UPDATES
2013-12-29 21:38 - 2013-12-29 21:38 - 00002856 _____ C:\WINDOWS\System32\Tasks\RegClean Pro_DEFAULT
2013-12-29 21:38 - 2013-12-29 21:38 - 00002646 _____ C:\WINDOWS\System32\Tasks\Digital Sites
2013-12-29 21:38 - 2013-12-29 21:38 - 00001130 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-12-29 21:38 - 2013-12-29 21:38 - 00001066 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2013-12-29 21:38 - 2013-12-29 21:38 - 00000308 _____ C:\WINDOWS\Tasks\Digital Sites.job
2013-12-29 21:38 - 2013-12-29 21:38 - 00000296 _____ C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job
2013-12-29 21:38 - 2013-12-29 21:38 - 00000288 _____ C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job
2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\DigitalSites
2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-12-29 21:37 - 2013-12-29 21:37 - 00673568 _____ ( ) C:\Users\Timo T\Downloads\ZipOpenerSetup.exe
2013-12-29 21:31 - 2013-11-06 20:26 - 00000936 _____ C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2013-12-29 21:28 - 2013-02-03 13:41 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-29 21:27 - 2013-11-06 20:27 - 00000308 _____ C:\WINDOWS\Tasks\UpdaterEX.job
2013-12-29 21:26 - 2013-11-06 20:26 - 00000304 _____ C:\WINDOWS\Tasks\FoxTab.job
2013-12-29 21:05 - 2013-07-25 21:49 - 00001120 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-29 21:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2013-12-29 20:31 - 2013-12-29 20:31 - 00000000 ____D C:\ProgramData\Websteroids
2013-12-29 20:31 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\newnext.me
2013-12-29 20:31 - 2013-11-06 20:26 - 00000932 _____ C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-12-29 20:31 - 2013-10-18 22:20 - 00000000 __RDO C:\Users\Timo T\SkyDrive
2013-12-29 20:30 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-29 20:30 - 2013-07-25 21:49 - 00001116 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-29 20:29 - 2013-09-29 20:04 - 00003230 _____ C:\WINDOWS\PFRO.log
2013-12-29 20:29 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-12-29 20:26 - 2013-11-06 20:26 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-12-29 20:25 - 2013-12-29 18:15 - 00000000 ____D C:\ProgramData\WPM
2013-12-29 20:24 - 2013-12-29 18:15 - 00000000 ____D C:\Users\Timo T\AppData\Local\Lollipop
2013-12-29 20:21 - 2013-12-29 18:16 - 00000138 _____ C:\Users\Timo T\daemonprocess.txt
2013-12-29 19:44 - 2013-12-29 19:44 - 00000000 ____D C:\ProgramData\Oracle
2013-12-29 19:43 - 2013-12-29 19:44 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-12-29 19:43 - 2013-12-29 19:44 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-12-29 19:43 - 2013-12-29 19:44 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-12-29 19:43 - 2013-12-29 19:44 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2013-12-29 19:43 - 2013-12-29 19:43 - 00000000 ____D C:\Program Files\Java
2013-12-29 19:42 - 2013-12-29 19:42 - 30694824 _____ (Oracle Corporation) C:\Users\Timo T\Downloads\jre-7u45-windows-x64.exe
2013-12-29 19:39 - 2013-12-29 19:39 - 00470032 _____ C:\Users\Timo T\Downloads\Java.exe
2013-12-29 19:16 - 2013-03-10 13:11 - 00000942 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002UA.job
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\Documents\Mobogenie
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Local\cache
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\.android
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\Updater
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\RHelpers
2013-12-29 18:16 - 2013-10-18 21:52 - 00000000 ____D C:\Users\Timo T
2013-12-29 18:15 - 2013-10-18 22:16 - 00001678 _____ C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-29 18:15 - 2012-11-18 01:37 - 00001363 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-29 18:14 - 2013-12-29 18:14 - 00002066 _____ C:\Users\Timo T\Desktop\Continue installation - FlashPlayer.lnk
2013-12-29 18:11 - 2013-12-29 18:11 - 00336936 _____ (Amônétízé Ltd) C:\Users\Timo T\Downloads\FlashPlayer__4003_i220968287_il14.exe
2013-12-29 13:16 - 2013-03-10 13:11 - 00000920 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002Core.job
2013-12-29 10:33 - 2013-12-29 10:33 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Bonanza
2013-12-24 16:01 - 2013-12-24 15:58 - 00000000 ____D C:\ProgramData\dOwwnnloadittkeep
2013-12-24 16:00 - 2013-12-24 15:58 - 00000000 ____D C:\ProgramData\saavinugtoyyou
2013-12-24 15:58 - 2013-12-24 15:58 - 00000000 ____D C:\ProgramData\e8a480b429bfdc00
2013-12-24 11:39 - 2013-11-06 20:27 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-12-23 22:19 - 2013-11-04 18:21 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Black & Bloody Vengeance
2013-12-23 22:18 - 2013-12-20 21:03 - 00001077 _____ C:\Users\Public\Desktop\ActiveDossierUploader.lnk
2013-12-23 22:18 - 2013-12-20 21:03 - 00001027 _____ C:\Users\Public\Desktop\Radial Menu Editor.lnk
2013-12-23 22:18 - 2013-12-20 21:03 - 00000942 _____ C:\Users\Public\Desktop\Setup WoT Stats.lnk
2013-12-23 22:18 - 2013-12-20 21:03 - 00000096 _____ C:\Users\Public\Desktop\[BV] Mod Collection Updates.url
2013-12-23 21:57 - 2013-12-23 21:18 - 119282768 _____ (Black & Bloody Vengeance) C:\Users\Timo T\Downloads\[BV] Mod Collection Installer 8.10.4.exe
2013-12-22 15:38 - 2013-08-17 19:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-22 15:36 - 2013-01-01 03:07 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-22 15:00 - 2012-11-18 01:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-21 20:22 - 2013-11-15 20:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-12-21 20:07 - 2013-12-21 20:07 - 00002236 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-21 20:07 - 2013-07-25 21:49 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-21 19:52 - 2013-12-21 19:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 20:43 - 2013-09-30 05:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-20 20:43 - 2013-09-30 04:56 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2013-12-20 20:43 - 2013-09-30 04:56 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2013-12-18 18:30 - 2013-05-07 18:32 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2013-12-18 18:30 - 2013-03-30 20:34 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-12-18 18:30 - 2013-03-30 20:34 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-12-18 18:26 - 2013-12-18 18:26 - 00000030 _____ C:\Users\Timo T\AppData\Roaming\WB.CFG
2013-12-16 21:29 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2013-12-14 17:45 - 2013-08-22 15:44 - 00335992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-12 21:13 - 2013-12-12 19:56 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\TS3Client
2013-12-12 19:51 - 2013-12-12 19:51 - 00001222 _____ C:\Users\Timo T\Desktop\TeamSpeak 3 Client.lnk
2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Local\TeamSpeak 3 Client
2013-12-12 19:33 - 2013-12-12 19:31 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\Timo T\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe
2013-12-12 19:00 - 2013-07-25 21:49 - 00004092 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-12 19:00 - 2013-07-25 21:49 - 00003856 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-10 20:28 - 2013-02-03 13:41 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2013-12-04 01:05 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-12-04 01:05 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-03 19:42 - 2013-01-19 11:27 - 00003812 _____ C:\WINDOWS\System32\Tasks\Scheduled Update for Ask Toolbar
2013-12-03 19:42 - 2013-01-19 11:27 - 00000000 ____D C:\Program Files (x86)\Ask.com
2013-12-03 19:39 - 2013-08-22 15:46 - 00333628 _____ C:\WINDOWS\setupact.log
2013-12-02 21:17 - 2013-05-09 12:45 - 00000000 ____D C:\Users\Timo T\AppData\Local\DoNotTrackPlus
Some content of TEMP:
====================
C:\Users\Timo T\AppData\Local\Temp\avgnt.exe
C:\Users\Timo T\AppData\Local\Temp\BackupSetup.exe
C:\Users\Timo T\AppData\Local\Temp\FlashPlayer__4003_i220968287_il14.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-29 20:16
==================== End Of Log ============================
--- --- --- --- --- --- FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01
Ran by Timo T (administrator) on TIMO on 29-12-2013 21:46:01
Running from C:\Users\Timo T\Downloads
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Updater) C:\ProgramData\Updater\updater.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(PC Utilities Pro) C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(PC Utilities Pro) C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
(WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
(WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
(Jump Flip) C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\livecomm.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [BakupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1644680 2013-03-10] (Ask)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [486264 2013-12-18] (Updater)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761024 2013-12-13] ()
HKLM-x32\...\Runonce: [Del4089953] - cmd.exe /Q /D /c del "C:\Users\TIMOT~1\AppData\Local\Temp\0.del" [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications))
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKCU\...\Run: [Facebook Update] - C:\Users\Timo T\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-10] (Facebook Inc.)
HKCU\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [134648 2013-10-28] ()
HKCU\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [486264 2013-12-18] (Updater)
HKCU\...\Run: [NextLive] - C:\WINDOWS\SysWOW64\rundll32.exe "C:\Users\Timo T\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKCU\...\Runonce: [Del4089953] - cmd.exe /Q /D /c del "C:\Users\TIMOT~1\AppData\Local\Temp\0.del"
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll c:\progra~2\optimi~1\optpro~1.dll [4279112 2013-10-29] ()
Startup: C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms}
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms}
SearchScopes: HKLM - {12086C10-E61B-4C87-8253-D990FA7080CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms}
SearchScopes: HKLM-x32 - {12086C10-E61B-4C87-8253-D990FA7080CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms}
SearchScopes: HKCU - {12086C10-E61B-4C87-8253-D990FA7080CB} URL =
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542&q={searchTerms}
SearchScopes: HKCU - {E45BDB2D-6143-413D-9FF7-1865745671DC} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=a4d03a85-bda5-450d-adb1-2b4d82f33cf8&apn_sauid=1250515E-8CA1-4AEB-9464-30C3704A7870
BHO: saavinugtoyyou - {3452EE4D-89B3-E1D4-FF71-706C2912BF03} - C:\ProgramData\saavinugtoyyou\OrmbLjH6I_.x64.dll ()
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: dOwwnnloadittkeep - {82E8CB70-1EDF-3579-F279-ABEA2CAE660B} - C:\ProgramData\dOwwnnloadittkeep\xKeUtMS2U.x64.dll ()
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Jump Flip - {6db9fdfe-b718-4962-be0c-0a5fce7f7f7b} - C:\Program Files (x86)\Jump Flip\JumpFlipBHO.dll (Jump Flip)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO-x32: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default
FF user.js: detected! => C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\user.js
FF NewTab: hxxp://www.nationzoom.com/newtab/?type=nt&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542
FF DefaultSearchEngine: nationzoom
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: nationzoom
FF Homepage: hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Timo T\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\nationzoom.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: dOwwnnloadittkeep - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\d.u8vact@ocvzuyoytmw-.net
FF Extension: Ask Toolbar - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\toolbar@ask.com
FF Extension: saavinugtoyyou - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\vxavvpc@ptwb-rm.com
FF Extension: Foxtab Speed Dial - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}
FF Extension: Jump Flip - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\firefox@jumpflip.net.xpi
FF Extension: BonanzaDeals - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nationzoom.com/?type=sc&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [ieadcoanfjloocmfafkebdnfefmohngj] - C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 70e6ca8c; C:\WINDOWS\system32\rundll32.exe [52736 2013-08-22] (Microsoft Corporation)
R2 70e6ca8c; C:\WINDOWS\SysWow64\rundll32.exe [49664 2013-08-22] (Microsoft Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-06] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-06] (BonanzaDeals)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-15] (Dritek System INC.)
R2 Update Jump Flip; C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe [65312 2013-12-27] (Jump Flip)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-15] (Dritek System Inc.)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-29 21:46 - 2013-12-29 21:46 - 00023240 _____ C:\Users\Timo T\Downloads\FRST.txt
2013-12-29 21:45 - 2013-12-29 21:45 - 00000000 ____D C:\FRST
2013-12-29 21:44 - 2013-12-29 21:44 - 01931302 _____ (Farbar) C:\Users\Timo T\Downloads\FRST64.exe
2013-12-29 21:40 - 2013-12-29 21:40 - 00000000 ____D C:\Program Files (x86)\Jump Flip
2013-12-29 21:39 - 2013-12-29 21:39 - 00003120 _____ C:\WINDOWS\System32\Tasks\Advanced System Protector_startup
2013-12-29 21:39 - 2013-12-29 21:39 - 00001217 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-12-29 21:39 - 2013-12-29 21:39 - 00001103 _____ C:\Users\Timo T\Desktop\MyPC Backup.lnk
2013-12-29 21:39 - 2013-12-29 21:39 - 00001035 _____ C:\Users\Timo T\Desktop\Mobogenie.lnk
2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\ProgramData\Systweak
2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-12-29 21:39 - 2012-07-25 12:03 - 00016896 _____ C:\WINDOWS\system32\sasnative64.exe
2013-12-29 21:38 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Systweak
2013-12-29 21:38 - 2013-12-29 21:39 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-29 21:38 - 2013-12-29 21:38 - 00003316 _____ C:\WINDOWS\System32\Tasks\Advanced System Protector
2013-12-29 21:38 - 2013-12-29 21:38 - 00003108 _____ C:\WINDOWS\System32\Tasks\RegClean Pro
2013-12-29 21:38 - 2013-12-29 21:38 - 00003012 _____ C:\WINDOWS\System32\Tasks\RegClean Pro_UPDATES
2013-12-29 21:38 - 2013-12-29 21:38 - 00002856 _____ C:\WINDOWS\System32\Tasks\RegClean Pro_DEFAULT
2013-12-29 21:38 - 2013-12-29 21:38 - 00002646 _____ C:\WINDOWS\System32\Tasks\Digital Sites
2013-12-29 21:38 - 2013-12-29 21:38 - 00001130 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-12-29 21:38 - 2013-12-29 21:38 - 00001066 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2013-12-29 21:38 - 2013-12-29 21:38 - 00000308 _____ C:\WINDOWS\Tasks\Digital Sites.job
2013-12-29 21:38 - 2013-12-29 21:38 - 00000296 _____ C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job
2013-12-29 21:38 - 2013-12-29 21:38 - 00000288 _____ C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job
2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\DigitalSites
2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-12-29 21:38 - 2013-11-22 15:42 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\WINDOWS\system32\roboot64.exe
2013-12-29 21:37 - 2013-12-29 21:37 - 00673568 _____ ( ) C:\Users\Timo T\Downloads\ZipOpenerSetup.exe
2013-12-29 20:31 - 2013-12-29 20:31 - 00000000 ____D C:\ProgramData\Websteroids
2013-12-29 19:44 - 2013-12-29 19:44 - 00000000 ____D C:\ProgramData\Oracle
2013-12-29 19:44 - 2013-12-29 19:43 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-12-29 19:44 - 2013-12-29 19:43 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-12-29 19:44 - 2013-12-29 19:43 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-12-29 19:44 - 2013-12-29 19:43 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2013-12-29 19:43 - 2013-12-29 19:43 - 00000000 ____D C:\Program Files\Java
2013-12-29 19:42 - 2013-12-29 19:42 - 30694824 _____ (Oracle Corporation) C:\Users\Timo T\Downloads\jre-7u45-windows-x64.exe
2013-12-29 19:39 - 2013-12-29 19:39 - 00470032 _____ C:\Users\Timo T\Downloads\Java.exe
2013-12-29 18:16 - 2013-12-29 21:45 - 00000000 ____D C:\Users\Timo T\AppData\Local\Mobogenie
2013-12-29 18:16 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Local\genienext
2013-12-29 18:16 - 2013-12-29 20:31 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\newnext.me
2013-12-29 18:16 - 2013-12-29 20:21 - 00000138 _____ C:\Users\Timo T\daemonprocess.txt
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\Documents\Mobogenie
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Local\cache
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\.android
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\Updater
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\RHelpers
2013-12-29 18:15 - 2013-12-29 20:25 - 00000000 ____D C:\ProgramData\WPM
2013-12-29 18:15 - 2013-12-29 20:24 - 00000000 ____D C:\Users\Timo T\AppData\Local\Lollipop
2013-12-29 18:14 - 2013-12-29 18:14 - 00002066 _____ C:\Users\Timo T\Desktop\Continue installation - FlashPlayer.lnk
2013-12-29 18:11 - 2013-12-29 18:11 - 00336936 _____ (Amônétízé Ltd) C:\Users\Timo T\Downloads\FlashPlayer__4003_i220968287_il14.exe
2013-12-29 10:33 - 2013-12-29 10:33 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Bonanza
2013-12-24 15:58 - 2013-12-24 16:01 - 00000000 ____D C:\ProgramData\dOwwnnloadittkeep
2013-12-24 15:58 - 2013-12-24 16:00 - 00000000 ____D C:\ProgramData\saavinugtoyyou
2013-12-24 15:58 - 2013-12-24 15:58 - 00000000 ____D C:\ProgramData\e8a480b429bfdc00
2013-12-23 21:18 - 2013-12-23 21:57 - 119282768 _____ (Black & Bloody Vengeance) C:\Users\Timo T\Downloads\[BV] Mod Collection Installer 8.10.4.exe
2013-12-21 20:07 - 2013-12-21 20:07 - 00002236 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-21 19:52 - 2013-12-21 19:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 21:03 - 2013-12-23 22:18 - 00001077 _____ C:\Users\Public\Desktop\ActiveDossierUploader.lnk
2013-12-20 21:03 - 2013-12-23 22:18 - 00001027 _____ C:\Users\Public\Desktop\Radial Menu Editor.lnk
2013-12-20 21:03 - 2013-12-23 22:18 - 00000942 _____ C:\Users\Public\Desktop\Setup WoT Stats.lnk
2013-12-20 21:03 - 2013-12-23 22:18 - 00000096 _____ C:\Users\Public\Desktop\[BV] Mod Collection Updates.url
2013-12-18 18:26 - 2013-12-18 18:26 - 00000030 _____ C:\Users\Timo T\AppData\Roaming\WB.CFG
2013-12-14 17:53 - 2013-11-12 00:41 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-14 17:53 - 2013-11-12 00:40 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-14 17:53 - 2013-11-12 00:27 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-12-14 17:53 - 2013-11-12 00:24 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-12-14 17:53 - 2013-11-11 03:48 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2013-12-14 17:53 - 2013-11-09 12:55 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-12-14 17:53 - 2013-11-09 07:37 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2013-12-14 17:53 - 2013-11-09 06:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2013-12-14 17:53 - 2013-11-08 11:26 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2013-12-14 17:53 - 2013-11-08 05:43 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2013-12-14 17:53 - 2013-11-08 05:28 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-12-14 17:53 - 2013-11-08 05:26 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-12-14 17:53 - 2013-11-08 05:16 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2013-12-14 17:53 - 2013-11-08 05:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2013-12-14 17:53 - 2013-11-08 05:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2013-12-14 17:53 - 2013-11-08 04:41 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-12-14 17:53 - 2013-11-08 04:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-12-14 17:53 - 2013-11-05 15:19 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2013-12-14 17:53 - 2013-11-05 15:03 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2013-12-14 17:53 - 2013-11-05 14:57 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2013-12-14 17:53 - 2013-11-05 14:33 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2013-12-14 17:53 - 2013-11-05 14:32 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2013-12-14 17:53 - 2013-11-04 18:13 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-12-14 17:53 - 2013-11-04 18:13 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-12-14 17:53 - 2013-11-04 14:07 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2013-12-14 17:53 - 2013-11-04 12:50 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-12-14 17:53 - 2013-11-04 11:32 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2013-12-14 17:53 - 2013-11-04 03:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2013-12-14 17:53 - 2013-11-04 02:30 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-12-14 17:53 - 2013-11-01 12:39 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2013-12-14 17:53 - 2013-11-01 07:08 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2013-12-14 17:53 - 2013-11-01 06:57 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2013-12-14 17:53 - 2013-10-31 01:58 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-12-14 17:53 - 2013-10-31 01:42 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-12-14 17:53 - 2013-10-31 01:33 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-12-14 17:53 - 2013-10-31 01:33 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-12-14 17:53 - 2013-10-31 01:33 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-12-14 17:53 - 2013-10-31 01:33 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-12-14 17:53 - 2013-10-26 02:54 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2013-12-14 17:53 - 2013-10-24 10:31 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2013-12-14 17:53 - 2013-10-24 10:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2013-12-14 17:53 - 2013-10-17 12:21 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-12-14 17:53 - 2013-10-17 11:36 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2013-12-14 17:53 - 2013-10-05 15:21 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-12-14 17:53 - 2013-10-05 15:21 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-12-14 17:53 - 2013-10-05 13:05 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-12-14 17:53 - 2013-10-05 13:05 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2013-12-12 19:56 - 2013-12-12 21:13 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\TS3Client
2013-12-12 19:52 - 2013-11-23 05:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2013-12-12 19:52 - 2013-11-23 05:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2013-12-12 19:52 - 2013-11-23 04:32 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-12-12 19:52 - 2013-11-23 04:10 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2013-12-12 19:52 - 2013-11-09 07:34 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2013-12-12 19:52 - 2013-11-09 07:34 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2013-12-12 19:52 - 2013-11-09 06:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2013-12-12 19:51 - 2013-12-12 19:51 - 00001222 _____ C:\Users\Timo T\Desktop\TeamSpeak 3 Client.lnk
2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Local\TeamSpeak 3 Client
2013-12-12 19:31 - 2013-12-12 19:33 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\Timo T\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe
2013-12-12 18:38 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-12-12 18:38 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-12-12 18:38 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-12-12 18:38 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-12-12 18:38 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-12-12 18:38 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-12-12 18:38 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-12-12 18:38 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-12-12 18:38 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-12-12 18:38 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2013-12-12 18:38 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-12-12 18:38 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-12-12 18:38 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-12-12 18:38 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2013-12-12 18:38 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2013-12-12 18:38 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-12-12 18:38 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-12-12 18:38 - 2013-11-08 08:21 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-12-12 18:38 - 2013-10-19 09:53 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2013-12-12 18:38 - 2013-10-19 08:14 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2013-12-12 18:38 - 2013-10-15 09:54 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2013-12-12 18:38 - 2013-10-15 09:03 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2013-11-30 12:18 - 2013-12-29 21:40 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A1E9E32D-55A8-4BAF-90D6-784E9A0B66BE}
==================== One Month Modified Files and Folders =======
2013-12-29 21:46 - 2013-12-29 21:46 - 00023240 _____ C:\Users\Timo T\Downloads\FRST.txt
2013-12-29 21:46 - 2013-10-18 22:09 - 01243131 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-29 21:45 - 2013-12-29 21:45 - 00000000 ____D C:\FRST
2013-12-29 21:45 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Local\Mobogenie
2013-12-29 21:44 - 2013-12-29 21:44 - 01931302 _____ (Farbar) C:\Users\Timo T\Downloads\FRST64.exe
2013-12-29 21:44 - 2012-11-18 01:01 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1946761082-257476130-358862400-1002
2013-12-29 21:40 - 2013-12-29 21:40 - 00000000 ____D C:\Program Files (x86)\Jump Flip
2013-12-29 21:40 - 2013-11-30 12:18 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A1E9E32D-55A8-4BAF-90D6-784E9A0B66BE}
2013-12-29 21:39 - 2013-12-29 21:39 - 00003120 _____ C:\WINDOWS\System32\Tasks\Advanced System Protector_startup
2013-12-29 21:39 - 2013-12-29 21:39 - 00001217 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-12-29 21:39 - 2013-12-29 21:39 - 00001103 _____ C:\Users\Timo T\Desktop\MyPC Backup.lnk
2013-12-29 21:39 - 2013-12-29 21:39 - 00001035 _____ C:\Users\Timo T\Desktop\Mobogenie.lnk
2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\ProgramData\Systweak
2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-12-29 21:39 - 2013-12-29 21:39 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-12-29 21:39 - 2013-12-29 21:38 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Systweak
2013-12-29 21:39 - 2013-12-29 21:38 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2013-12-29 21:39 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Local\genienext
2013-12-29 21:39 - 2012-11-18 00:51 - 00000000 ___RD C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-29 21:38 - 2013-12-29 21:38 - 00003316 _____ C:\WINDOWS\System32\Tasks\Advanced System Protector
2013-12-29 21:38 - 2013-12-29 21:38 - 00003108 _____ C:\WINDOWS\System32\Tasks\RegClean Pro
2013-12-29 21:38 - 2013-12-29 21:38 - 00003012 _____ C:\WINDOWS\System32\Tasks\RegClean Pro_UPDATES
2013-12-29 21:38 - 2013-12-29 21:38 - 00002856 _____ C:\WINDOWS\System32\Tasks\RegClean Pro_DEFAULT
2013-12-29 21:38 - 2013-12-29 21:38 - 00002646 _____ C:\WINDOWS\System32\Tasks\Digital Sites
2013-12-29 21:38 - 2013-12-29 21:38 - 00001130 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-12-29 21:38 - 2013-12-29 21:38 - 00001066 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2013-12-29 21:38 - 2013-12-29 21:38 - 00000308 _____ C:\WINDOWS\Tasks\Digital Sites.job
2013-12-29 21:38 - 2013-12-29 21:38 - 00000296 _____ C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job
2013-12-29 21:38 - 2013-12-29 21:38 - 00000288 _____ C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job
2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\DigitalSites
2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-12-29 21:37 - 2013-12-29 21:37 - 00673568 _____ ( ) C:\Users\Timo T\Downloads\ZipOpenerSetup.exe
2013-12-29 21:31 - 2013-11-06 20:26 - 00000936 _____ C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2013-12-29 21:28 - 2013-02-03 13:41 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-29 21:27 - 2013-11-06 20:27 - 00000308 _____ C:\WINDOWS\Tasks\UpdaterEX.job
2013-12-29 21:26 - 2013-11-06 20:26 - 00000304 _____ C:\WINDOWS\Tasks\FoxTab.job
2013-12-29 21:05 - 2013-07-25 21:49 - 00001120 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-29 21:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2013-12-29 20:31 - 2013-12-29 20:31 - 00000000 ____D C:\ProgramData\Websteroids
2013-12-29 20:31 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\newnext.me
2013-12-29 20:31 - 2013-11-06 20:26 - 00000932 _____ C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-12-29 20:31 - 2013-10-18 22:20 - 00000000 __RDO C:\Users\Timo T\SkyDrive
2013-12-29 20:30 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-29 20:30 - 2013-07-25 21:49 - 00001116 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-29 20:29 - 2013-09-29 20:04 - 00003230 _____ C:\WINDOWS\PFRO.log
2013-12-29 20:29 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-12-29 20:26 - 2013-11-06 20:26 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-12-29 20:25 - 2013-12-29 18:15 - 00000000 ____D C:\ProgramData\WPM
2013-12-29 20:24 - 2013-12-29 18:15 - 00000000 ____D C:\Users\Timo T\AppData\Local\Lollipop
2013-12-29 20:21 - 2013-12-29 18:16 - 00000138 _____ C:\Users\Timo T\daemonprocess.txt
2013-12-29 19:44 - 2013-12-29 19:44 - 00000000 ____D C:\ProgramData\Oracle
2013-12-29 19:43 - 2013-12-29 19:44 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-12-29 19:43 - 2013-12-29 19:44 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-12-29 19:43 - 2013-12-29 19:44 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-12-29 19:43 - 2013-12-29 19:44 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2013-12-29 19:43 - 2013-12-29 19:43 - 00000000 ____D C:\Program Files\Java
2013-12-29 19:42 - 2013-12-29 19:42 - 30694824 _____ (Oracle Corporation) C:\Users\Timo T\Downloads\jre-7u45-windows-x64.exe
2013-12-29 19:39 - 2013-12-29 19:39 - 00470032 _____ C:\Users\Timo T\Downloads\Java.exe
2013-12-29 19:16 - 2013-03-10 13:11 - 00000942 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002UA.job
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\Documents\Mobogenie
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Local\cache
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\.android
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\Updater
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\RHelpers
2013-12-29 18:16 - 2013-10-18 21:52 - 00000000 ____D C:\Users\Timo T
2013-12-29 18:15 - 2013-10-18 22:16 - 00001678 _____ C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-29 18:15 - 2012-11-18 01:37 - 00001363 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-29 18:14 - 2013-12-29 18:14 - 00002066 _____ C:\Users\Timo T\Desktop\Continue installation - FlashPlayer.lnk
2013-12-29 18:11 - 2013-12-29 18:11 - 00336936 _____ (Amônétízé Ltd) C:\Users\Timo T\Downloads\FlashPlayer__4003_i220968287_il14.exe
2013-12-29 13:16 - 2013-03-10 13:11 - 00000920 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002Core.job
2013-12-29 10:33 - 2013-12-29 10:33 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Bonanza
2013-12-24 16:01 - 2013-12-24 15:58 - 00000000 ____D C:\ProgramData\dOwwnnloadittkeep
2013-12-24 16:00 - 2013-12-24 15:58 - 00000000 ____D C:\ProgramData\saavinugtoyyou
2013-12-24 15:58 - 2013-12-24 15:58 - 00000000 ____D C:\ProgramData\e8a480b429bfdc00
2013-12-24 11:39 - 2013-11-06 20:27 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-12-23 22:19 - 2013-11-04 18:21 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Black & Bloody Vengeance
2013-12-23 22:18 - 2013-12-20 21:03 - 00001077 _____ C:\Users\Public\Desktop\ActiveDossierUploader.lnk
2013-12-23 22:18 - 2013-12-20 21:03 - 00001027 _____ C:\Users\Public\Desktop\Radial Menu Editor.lnk
2013-12-23 22:18 - 2013-12-20 21:03 - 00000942 _____ C:\Users\Public\Desktop\Setup WoT Stats.lnk
2013-12-23 22:18 - 2013-12-20 21:03 - 00000096 _____ C:\Users\Public\Desktop\[BV] Mod Collection Updates.url
2013-12-23 21:57 - 2013-12-23 21:18 - 119282768 _____ (Black & Bloody Vengeance) C:\Users\Timo T\Downloads\[BV] Mod Collection Installer 8.10.4.exe
2013-12-22 15:38 - 2013-08-17 19:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-22 15:36 - 2013-01-01 03:07 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-22 15:00 - 2012-11-18 01:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-21 20:22 - 2013-11-15 20:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-12-21 20:07 - 2013-12-21 20:07 - 00002236 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-21 20:07 - 2013-07-25 21:49 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-21 19:52 - 2013-12-21 19:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 20:43 - 2013-09-30 05:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-20 20:43 - 2013-09-30 04:56 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2013-12-20 20:43 - 2013-09-30 04:56 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2013-12-18 18:30 - 2013-05-07 18:32 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2013-12-18 18:30 - 2013-03-30 20:34 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-12-18 18:30 - 2013-03-30 20:34 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-12-18 18:26 - 2013-12-18 18:26 - 00000030 _____ C:\Users\Timo T\AppData\Roaming\WB.CFG
2013-12-16 21:29 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2013-12-14 17:45 - 2013-08-22 15:44 - 00335992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-12 21:13 - 2013-12-12 19:56 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\TS3Client
2013-12-12 19:51 - 2013-12-12 19:51 - 00001222 _____ C:\Users\Timo T\Desktop\TeamSpeak 3 Client.lnk
2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Local\TeamSpeak 3 Client
2013-12-12 19:33 - 2013-12-12 19:31 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\Timo T\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe
2013-12-12 19:00 - 2013-07-25 21:49 - 00004092 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-12 19:00 - 2013-07-25 21:49 - 00003856 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-10 20:28 - 2013-02-03 13:41 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2013-12-04 01:05 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-12-04 01:05 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-03 19:42 - 2013-01-19 11:27 - 00003812 _____ C:\WINDOWS\System32\Tasks\Scheduled Update for Ask Toolbar
2013-12-03 19:42 - 2013-01-19 11:27 - 00000000 ____D C:\Program Files (x86)\Ask.com
2013-12-03 19:39 - 2013-08-22 15:46 - 00333628 _____ C:\WINDOWS\setupact.log
2013-12-02 21:17 - 2013-05-09 12:45 - 00000000 ____D C:\Users\Timo T\AppData\Local\DoNotTrackPlus
Some content of TEMP:
====================
C:\Users\Timo T\AppData\Local\Temp\avgnt.exe
C:\Users\Timo T\AppData\Local\Temp\BackupSetup.exe
C:\Users\Timo T\AppData\Local\Temp\FlashPlayer__4003_i220968287_il14.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-29 20:16
==================== End Of Log ============================
--- --- --- --- --- --- alles Richtig? ich habe noch nichts selber versucht oder irgendelche virenscanns gemacht. |
|
29.12.2013, 22:00
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nation Zoom :( ich weiß nicht weiter Ähm, du hast zweimal dasselbe Log gepostet...additions.txt bitte nachreichen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.12.2013, 22:10
| #5 |
| | Nation Zoom :( ich weiß nicht weiterCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-12-2013 01
Ran by Timo T at 2013-12-29 21:46:57
Running from C:\Users\Timo T\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
clear.fi SDK - Video 2 (x32 Version: 2.1.1910 - CyberLink Corp.)
clear.fi SDK- Movie 2 (x32 Version: 2.1.1910 - CyberLink Corp.)
[BV] Mod Collection (x32 Version: 1.08.96 - Black & Bloody Vengeance)
[BV] Mod Collection (x32 Version: 8.10.4 - Black & Bloody Vengeance)
[BV] Mod Collection Clanlogos (x32 Version: 1.0.1 - Black & Bloody Vengeance)
Acer Backup Manager (x32 Version: 4.0.0.0053 - NTI Corporation)
Acer Device Fast-lane (Version: 1.00.3003 - Acer Incorporated)
Acer Power Management (Version: 7.00.3003 - Acer Incorporated)
Acer Recovery Management (Version: 6.00.3006 - Acer Incorporated)
AcerCloud (x32 Version: 2.01.3112 - Acer Incorporated)
AcerCloud Docs (x32 Version: 1.00.3103 - Acer Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Advanced System Protector (x32 Version: 2.1.1000.12580 - Systweak Software) <==== ATTENTION
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent)
Ask Toolbar (x32 Version: 1.15.20.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKCU Version: 1.2.4.37949 - Ask.com) <==== ATTENTION
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Backup Manager v4 (x32 Version: 4.0.0.0053 - NTI Corporation)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent)
Bonanza Deals (remove only) (x32 Version: 5.0.1.0 - Bonanza Deals) <==== ATTENTION
Broadcom Card Reader Driver Installer (Version: 15.4.4.2 - Broadcom Corporation)
clear.fi Media (x32 Version: 2.01.3107 - Acer Incorporated)
clear.fi Photo (x32 Version: 2.01.3107 - Acer Incorporated)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819 - CyberLink Corp.)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent)
Diablo III (x32 Version: 1.0.7.14633 - Blizzard Entertainment)
dOwwnnloadittkeep (x32 Version: - dowwneloaDitkeep)
eBay Worldwide (x32 Version: 2.3.0630 - OEM)
ETDWare PS/2-X64 11.6.11.002_WHQL (Version: 11.6.11.002 - ELAN Microelectronic Corp.)
Extended Update (HKCU Version: - )
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287 - Skype Limited)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent)
Foxtab (x32 Version: - FoxTab) <==== ATTENTION
Free YouTube to MP3 Converter version 3.12.2.430 (x32 Version: 3.12.2.430 - DVDVideoSoft Ltd.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent)
Identity Card (x32 Version: 2.00.3002 - Acer Incorporated)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent)
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent)
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent)
Jump Flip (Version: 2013.12.27.213125 - Jump Flip)
Launch Manager (x32 Version: 7.0.3 - Acer Inc.)
Live Updater (x32 Version: 2.00.3002 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent)
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft Office (x32 Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation)
Mobogenie (x32 Version: - Mobogenie.com)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MyFreeCodec (HKCU Version: - )
MyPC Backup (Version: - MyPC Backup) <==== ATTENTION
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.)
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.)
Norton Online Backup (x32 Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.10 - Symantec Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation)
NVIDIA Grafiktreiber 327.02 (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation)
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.0613 (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation)
Office Addin (x32 Version: 2.01.3102 - Acer)
Office Addin 2003 (x32 Version: 2.01.3102 - Acer)
Open It! (x32 Version: 1.1.1 - OpenIt)
Optimizer Pro v3.2 (x32 Version: - PC Utilities Software Limited) <==== ATTENTION
PartyPoker (x32 Version: - PartyGaming)
Penguins! (x32 Version: 2.2.0.98 - WildTangent)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent)
PokerStars.eu (x32 Version: - PokerStars.eu)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (x32 Version: 11.41 - Qualcomm Atheros)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
RegClean Pro (x32 Version: 6.21 - Systweak Inc) <==== ATTENTION
saavinugtoyyou (x32 Version: - saaviingteoyou)
Samsung Kies (x32 Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.)
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.)
Spotify (x32 Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent)
TeamSpeak 3 Client (HKCU Version: 3.0.13 - TeamSpeak Systems GmbH)
Update for Zip Opener (HKCU Version: - Update for Zip Opener) <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version: - WildTangent)
Updater (x32 Version: 2.6.53 - Creative Island Media, LLC)
Visual Studio 2005 Tools for Office Second Edition Runtime (x32 Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (x32 Version: 1 - Microsoft Corporation)
WildTangent Games (x32 Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent)
World of Tanks (x32 Version: - Wargaming.net)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent)
==================== Restore Points =========================
12-12-2013 18:36:35 Windows Update
16-12-2013 19:49:25 Windows Update
20-12-2013 19:43:13 [BV] Mod Collection wird entfernt
22-12-2013 11:33:13 TuneUp Utilities 2013 wird entfernt
23-12-2013 21:03:01 [BV] Mod Collection Clanlogos wird installiert
29-12-2013 18:43:16 Installed Java 7 Update 45 (64-bit)
==================== Hosts content: ==========================
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {06ED8BF8-E717-42D3-BBC6-0D7C533292BB} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-11-22] (Systweak Inc) <==== ATTENTION
Task: {0AACCEF9-366E-482B-8EEF-DED69FAD4A19} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-11-06] (BonanzaDeals) <==== ATTENTION
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {17E4CA9F-25FD-494E-BB74-B84A209FCA12} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {20C819B0-6EC1-4924-A3A2-EC3C2E43BA90} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002UA => C:\Users\Timo T\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-10] (Facebook Inc.)
Task: {25726081-A397-417C-9053-4AB4590B4DFF} - System32\Tasks\startDestop => C:\Windows\explorer.exe [2013-10-22] (Microsoft Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2E49E5DC-0515-48BC-BA84-72D978DF82F3} - System32\Tasks\FoxTab => C:\Users\Timo T\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {397C436B-F8FA-42B2-BCA9-42956095EE40} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-11-22] (Systweak Inc) <==== ATTENTION
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\System32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4B363602-9225-4197-A91E-C4CB0EBA9C5C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002Core => C:\Users\Timo T\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-10] (Facebook Inc.)
Task: {5031E43D-8433-478B-ADEF-ED7A3609D51E} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-07-13] ()
Task: {54120B04-2360-471A-919C-8E64A9BD552A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\System32\MRT.exe [2013-12-22] (Microsoft Corporation)
Task: {5CD2985A-9EBF-4D62-81C4-C9F0E9C4A34D} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\systweakasp.exe [2013-08-23] (Systweak Inc ) <==== ATTENTION
Task: {5D43D661-4822-426F-BDB8-813F0B4979E4} - System32\Tasks\Digital Sites => C:\Users\Timo T\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {62E3DEE8-D473-4B91-8097-3DE4CD9E8D7A} - System32\Tasks\BonanzaDealsUpdate => C:\Program <==== ATTENTION
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6D47655D-9C1F-43FE-A7EA-A67391803538} - System32\Tasks\UpdaterEX => C:\Users\TIMOT~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6FE4EDEE-395D-47B4-AB29-54DCF268FC22} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [2013-11-22] (Systweak Inc) <==== ATTENTION
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {73D61466-1665-49A1-9E9F-2CCF086B20A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-25] (Google Inc.)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7C580FE3-B0E7-49F9-9B27-6FE125A6BAEF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {88E98346-BF35-457A-837D-FAE635483809} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {98CEFDC9-4187-453C-A3B4-C49FB9152592} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {9D57FC2B-2F32-4DBC-BC3E-3AE7E332B6BB} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-11-06] (BonanzaDeals) <==== ATTENTION
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B12311BC-1310-48DA-A4C1-3B7067D62D49} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-25] (Google Inc.)
Task: {B1BDC97C-AC76-4ACD-9F77-74BCEAA1ED31} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2013-12-23] (Systweak) <==== ATTENTION
Task: {B8C6B978-48DD-4BA9-A90C-39969592C3D8} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-07-31] (Acer Incorporated)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DB52C38A-7BED-4C11-8C09-4DA13108FB1A} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {E185F0C3-1D25-4FA8-833E-103DADA0F652} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2013-03-10] ()
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F83191E3-E913-4DC2-BE22-C614E7BF5FB0} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PmmUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\TIMOT~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002Core.job => C:\Users\Timo T\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002UA.job => C:\Users\Timo T\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FoxTab.job => C:\Users\TIMOT~1\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\UpdaterEX.job => C:\Users\TIMOT~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE
==================== Loaded Modules (whitelisted) =============
2013-01-28 13:45 - 2013-01-28 13:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-28 13:42 - 2013-01-28 13:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2012-12-14 01:42 - 2012-12-14 01:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-19 23:37 - 2013-09-19 23:37 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2013-09-19 23:32 - 2013-09-19 23:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2013-01-19 11:26 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-11-06 20:27 - 2013-11-06 20:27 - 00192664 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll
2013-11-06 20:27 - 2013-10-29 14:08 - 04279112 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
2012-07-31 00:04 - 2012-07-31 00:04 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-15 20:44 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-12-21 19:52 - 2013-12-21 19:52 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Timo T\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/29/2013 08:19:54 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (12/29/2013 08:19:54 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (12/29/2013 08:19:54 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (12/29/2013 07:04:43 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (12/29/2013 07:04:43 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (12/29/2013 07:04:43 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (12/29/2013 07:02:39 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (12/29/2013 07:02:39 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (12/29/2013 07:02:39 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (12/29/2013 01:53:34 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
System errors:
=============
Error: (12/29/2013 08:34:12 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (12/29/2013 08:30:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1083
Error: (12/29/2013 08:22:38 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1083
Error: (12/29/2013 08:09:37 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (12/29/2013 08:05:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1083
Error: (12/29/2013 06:46:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1083
Error: (12/29/2013 10:27:32 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (12/29/2013 10:21:24 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1083
Error: (12/28/2013 03:29:11 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (12/28/2013 03:20:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1083
Microsoft Office Sessions:
=========================
Error: (12/29/2013 08:19:54 PM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4
Error: (12/29/2013 08:19:54 PM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4
Error: (12/29/2013 08:19:54 PM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4
Error: (12/29/2013 07:04:43 PM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4
Error: (12/29/2013 07:04:43 PM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4
Error: (12/29/2013 07:04:43 PM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4
Error: (12/29/2013 07:02:39 PM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4
Error: (12/29/2013 07:02:39 PM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4
Error: (12/29/2013 07:02:39 PM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4
Error: (12/29/2013 01:53:34 PM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4
==================== Memory info ===========================
Percentage of memory in use: 44%
Total physical RAM: 3909.27 MB
Available physical RAM: 2160.13 MB
Total Pagefile: 4677.27 MB
Available Pagefile: 2673.66 MB
Total Virtual: 131072 MB
Available Virtual: 131071.76 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:445.85 GB) (Free:300.28 GB) NTFS
Drive d: (Canyon BA International MY2013) (CDROM) (Total:0.95 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 0FC5356F)
Partition: GPT Partition Type
==================== End Of Log ============================
|
|
29.12.2013, 22:15
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nation Zoom :( ich weiß nicht weiter Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Nation Zoom :( ich weiß nicht weiter |
|
31.12.2013, 15:31
| #7 |
| | Nation Zoom :( ich weiß nicht weiterCode:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
Database version: v2013.12.31.03
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
Timo T :: TIMO [administrator]
31.12.2013 14:14:58
mbar-log-2013-12-31 (14-14-58).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 271228
Time elapsed: 25 minute(s), 1 second(s)
Memory Processes Detected: 1
C:\ProgramData\Updater\updater.exe (Trojan.Agent) -> 4360 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 2
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Updater (Trojan.Agent) -> Data: C:\ProgramData\Updater\updater.exe -> Delete on reboot.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|Updater (Trojan.Agent) -> Data: C:\ProgramData\Updater\Updater.exe -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\ProgramData\Updater\updater.exe (Trojan.Agent) -> Delete on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org
Database version: v2013.12.31.04
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
Timo T :: TIMO [administrator]
31.12.2013 15:03:01
mbar-log-2013-12-31 (15-03-01).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 271047
Time elapsed: 25 minute(s), 20 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
31.12.2013, 16:28
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nation Zoom :( ich weiß nicht weiter Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Shortcut Cleaner Downloade dir bitte
4. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.01.2014, 14:07
| #9 |
| | Nation Zoom :( ich weiß nicht weiterCode:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 01/01/2014 um 13:36:37
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : Timo T - TIMO
# Gestartet von : C:\Users\Timo T\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : 70e6ca8c
[#] Dienst Gelöscht : BackupStack
[#] Dienst Gelöscht : bonanzadealslive
[#] Dienst Gelöscht : bonanzadealslivem
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Ordner Gelöscht : C:\Program Files (x86)\Advanced System Protector
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDealsLive
Ordner Gelöscht : C:\Program Files (x86)\FoxTab
Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Program Files (x86)\myfree codec
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\openit
Ordner Gelöscht : C:\Program Files (x86)\optimizer pro
Ordner Gelöscht : C:\Program Files (x86)\RegClean Pro
Ordner Gelöscht : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\TIMOT~1\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Timo T\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Timo T\AppData\Local\BonanzaDealsLive
Ordner Gelöscht : C:\Users\Timo T\AppData\Local\lollipop
Ordner Gelöscht : C:\Users\Timo T\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Timo T\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Timo T\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Timo T\AppData\Roaming\FoxTab
Ordner Gelöscht : C:\Users\Timo T\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Timo T\AppData\Roaming\optimizer pro
Ordner Gelöscht : C:\Users\Timo T\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Timo T\AppData\Roaming\UpdaterEX
Ordner Gelöscht : C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
Ordner Gelöscht : C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Ordner Gelöscht : C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Ordner Gelöscht : C:\Users\Timo T\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Timo T\Documents\optimizer pro
Ordner Gelöscht : C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\{5EBDCA98-43B3-45BB-87E0-716029FB42AB}
Ordner Gelöscht : C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\toolbar@ask.com
Datei Gelöscht : C:\Users\Public\Desktop\Advanced System Protector.lnk
Datei Gelöscht : C:\Users\Public\Desktop\Open It!.lnk
Datei Gelöscht : C:\Users\Public\Desktop\RegClean Pro.lnk
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
Datei Gelöscht : C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Datei Gelöscht : C:\Users\Timo T\Desktop\Mobogenie.lnk
Datei Gelöscht : C:\Users\Timo T\Desktop\MyPC Backup.lnk
Datei Gelöscht : C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\nationzoom.xml
Datei Gelöscht : C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\user.js
Datei Gelöscht : C:\WINDOWS\System32\Tasks\Advanced System Protector_startup
Datei Gelöscht : C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
Datei Gelöscht : C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
Datei Gelöscht : C:\WINDOWS\System32\Tasks\BonanzaDealsUpdate
Datei Gelöscht : C:\WINDOWS\Tasks\FoxTab.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\FoxTab
Datei Gelöscht : C:\WINDOWS\System32\Tasks\RegClean Pro
Datei Gelöscht : C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\RegClean Pro_DEFAULT
Datei Gelöscht : C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\RegClean Pro_UPDATES
Datei Gelöscht : C:\WINDOWS\System32\Tasks\Scheduled Update for Ask Toolbar
Datei Gelöscht : C:\WINDOWS\Tasks\UpdaterEX.job
Datei Gelöscht : C:\WINDOWS\System32\Tasks\UpdaterEX
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Timo T\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Timo T\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Timo T\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AmiBs.Installer
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AmiBs.Installer.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BonanzaDealsLive.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickCtrl.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLive.Update3WebControl.3
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6802463D-636F-41FE-9924-4CAD56906590}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\UpdaterEX
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\nationzoomSoftware
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bonanza Deals
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16384
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\prefs.js ]
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.nationzoom.com/newtab/?type=nt&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "nationzoom");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "nationzoom");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.nationzoom.com/?type=hp&ts=1388337346&from=amt&uid=WDCXWD5000LPVT-22G33T0_WD-WX71C32N0542N0542");
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Zeile gelöscht : user_pref("extensions.dynconff.cache.www.nationzoom.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1500_1520_1146_1169_1348_1482_1493_1521_1619_1717\">\r\n <content id=\"us810_commonScr[...]
Zeile gelöscht : user_pref("extensions.dynconff.cache.www.nationzoom.com.expires", "1388348492975");
Zeile gelöscht : user_pref("extensions.mAe0CgbJXdH.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(3<b)return a(!1);v[...]
Zeile gelöscht : user_pref("extensions.rKn1halXg8YZ.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(3<b)return a(!1);[...]
*************************
AdwCleaner[R0].txt - [29252 octets] - [01/01/2014 13:35:36]
AdwCleaner[S0].txt - [26437 octets] - [01/01/2014 13:36:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26498 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 8.1 x64
Ran by Timo T on 01.01.2014 at 13:49:06,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] update jump flip
Successfully deleted: [Service] update jump flip
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bonanzadeals
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bonanzadeals
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E45BDB2D-6143-413D-9FF7-1865745671DC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6db9fdfe-b718-4962-be0c-0a5fce7f7f7b}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6db9fdfe-b718-4962-be0c-0a5fce7f7f7b}
~~~ Files
~~~ Folders
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Failed to delete: [Folder] "C:\Program Files (x86)\jump flip"
~~~ FireFox
Successfully deleted the following from C:\Users\Timo T\AppData\Roaming\mozilla\firefox\profiles\b5tnil6r.default\prefs.js
user_pref("extensions.mAe0CgbJXdH.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b
user_pref("extensions.rKn1halXg8YZ.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(
Emptied folder: C:\Users\Timo T\AppData\Roaming\mozilla\firefox\profiles\b5tnil6r.default\minidumps [100 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.01.2014 at 13:53:02,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Shortcut Cleaner 1.2.6 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/
Windows Version: Windows 8.1
Program started at: 01/01/2014 01:55:27 PM.
Scanning for registry hijacks:
* No issues found in the Registry.
Searching for Hijacked Shortcuts:
Searching C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\
Searching C:\ProgramData\Microsoft\Windows\Start Menu\
Searching C:\Users\Timo T\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
Searching C:\Users\Public\Desktop\
Searching C:\Users\Timo T\Desktop
0 bad shortcuts found.
Program finished at: 01/01/2014 01:55:28 PM
Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s)
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01
Ran by Timo T (administrator) on TIMO on 01-01-2014 13:58:12
Running from C:\Users\Timo T\Downloads
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Jump Flip) C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Farbar) C:\Users\Timo T\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [BakupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications))
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKCU\...\Run: [Facebook Update] - C:\Users\Timo T\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-10] (Facebook Inc.)
==================== Internet (Whitelisted) ====================
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {12086C10-E61B-4C87-8253-D990FA7080CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {12086C10-E61B-4C87-8253-D990FA7080CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {12086C10-E61B-4C87-8253-D990FA7080CB} URL =
BHO: saavinugtoyyou - {3452EE4D-89B3-E1D4-FF71-706C2912BF03} - C:\ProgramData\saavinugtoyyou\OrmbLjH6I_.x64.dll ()
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: dOwwnnloadittkeep - {82E8CB70-1EDF-3579-F279-ABEA2CAE660B} - C:\ProgramData\dOwwnnloadittkeep\xKeUtMS2U.x64.dll ()
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default
FF SearchEngineOrder.1: Ask.com
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Timo T\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: dOwwnnloadittkeep - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\d.u8vact@ocvzuyoytmw-.net
FF Extension: saavinugtoyyou - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\vxavvpc@ptwb-rm.com
FF Extension: Jump Flip - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\firefox@jumpflip.net.xpi
FF Extension: BonanzaDeals - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-15] (Dritek System INC.)
R2 Util Jump Flip; C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe [65312 2013-12-31] (Jump Flip)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-15] (Dritek System Inc.)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-01 13:57 - 2014-01-01 13:57 - 01931302 _____ (Farbar) C:\Users\Timo T\Downloads\FRST64(1).exe
2014-01-01 13:55 - 2014-01-01 13:55 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Timo T\Downloads\sc-cleaner.exe
2014-01-01 13:55 - 2014-01-01 13:55 - 00001752 _____ C:\sc-cleaner.txt
2014-01-01 13:53 - 2014-01-01 13:53 - 00002268 _____ C:\Users\Timo T\Desktop\JRT.txt
2014-01-01 13:49 - 2014-01-01 13:49 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-01 13:47 - 2014-01-01 13:47 - 01036305 _____ (Thisisu) C:\Users\Timo T\Downloads\JRT(1).exe
2014-01-01 13:43 - 2014-01-01 13:45 - 01036305 _____ (Thisisu) C:\Users\Timo T\Downloads\JRT.exe
2014-01-01 13:39 - 2014-01-01 13:39 - 00000000 ____D C:\ProgramData\boost_interprocess
2014-01-01 13:35 - 2014-01-01 13:37 - 00000000 ____D C:\AdwCleaner
2014-01-01 13:34 - 2014-01-01 13:34 - 01233962 _____ C:\Users\Timo T\Downloads\adwcleaner.exe
2013-12-31 14:38 - 2013-12-31 14:38 - 00000006 _____ C:\Users\Timo T\AppData\Roaming\WBPU-TTL.DAT
2013-12-31 14:14 - 2013-12-31 15:02 - 00117464 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2013-12-31 14:14 - 2013-12-31 14:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-31 14:11 - 2013-12-31 15:28 - 00000000 ____D C:\Users\Timo T\Desktop\mbar
2013-12-31 14:11 - 2013-12-31 15:02 - 00089304 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-12-31 14:10 - 2013-12-31 14:10 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Timo T\Downloads\mbar-1.07.0.1008.exe
2013-12-29 21:52 - 2013-12-29 21:53 - 00000000 ____D C:\Users\Timo T\Desktop\Neuer Ordner
2013-12-29 21:46 - 2014-01-01 13:58 - 00014615 _____ C:\Users\Timo T\Downloads\FRST.txt
2013-12-29 21:46 - 2013-12-29 21:47 - 00030673 _____ C:\Users\Timo T\Downloads\Addition.txt
2013-12-29 21:45 - 2013-12-29 21:45 - 00000000 ____D C:\FRST
2013-12-29 21:44 - 2013-12-29 21:44 - 01931302 _____ (Farbar) C:\Users\Timo T\Downloads\FRST64.exe
2013-12-29 21:40 - 2014-01-01 13:50 - 00000000 ____D C:\Program Files (x86)\Jump Flip
2013-12-29 21:39 - 2012-07-25 12:03 - 00016896 _____ C:\WINDOWS\system32\sasnative64.exe
2013-12-29 21:38 - 2014-01-01 13:38 - 00000308 _____ C:\WINDOWS\Tasks\Digital Sites.job
2013-12-29 21:38 - 2013-12-29 21:38 - 00002646 _____ C:\WINDOWS\System32\Tasks\Digital Sites
2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\DigitalSites
2013-12-29 21:37 - 2013-12-29 21:37 - 00673568 _____ ( ) C:\Users\Timo T\Downloads\ZipOpenerSetup.exe
2013-12-29 20:31 - 2013-12-29 20:31 - 00000000 ____D C:\ProgramData\Websteroids
2013-12-29 19:44 - 2013-12-29 19:44 - 00000000 ____D C:\ProgramData\Oracle
2013-12-29 19:44 - 2013-12-29 19:43 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-12-29 19:44 - 2013-12-29 19:43 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-12-29 19:44 - 2013-12-29 19:43 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-12-29 19:44 - 2013-12-29 19:43 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2013-12-29 19:43 - 2013-12-29 19:43 - 00000000 ____D C:\Program Files\Java
2013-12-29 19:42 - 2013-12-29 19:42 - 30694824 _____ (Oracle Corporation) C:\Users\Timo T\Downloads\jre-7u45-windows-x64.exe
2013-12-29 19:39 - 2013-12-29 19:39 - 00470032 _____ C:\Users\Timo T\Downloads\Java.exe
2013-12-29 18:16 - 2014-01-01 13:29 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\newnext.me
2013-12-29 18:16 - 2013-12-31 16:47 - 00000414 _____ C:\Users\Timo T\daemonprocess.txt
2013-12-29 18:16 - 2013-12-31 14:57 - 00000000 ____D C:\ProgramData\Updater
2013-12-29 18:16 - 2013-12-29 21:56 - 00000000 ____D C:\Users\Timo T\AppData\Local\cache
2013-12-29 18:16 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Local\genienext
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\.android
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\RHelpers
2013-12-29 18:14 - 2013-12-29 18:14 - 00002066 _____ C:\Users\Timo T\Desktop\Continue installation - FlashPlayer.lnk
2013-12-29 18:11 - 2013-12-29 18:11 - 00336936 _____ (Amônétízé Ltd) C:\Users\Timo T\Downloads\FlashPlayer__4003_i220968287_il14.exe
2013-12-29 10:33 - 2013-12-29 10:33 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Bonanza
2013-12-24 15:58 - 2013-12-24 16:01 - 00000000 ____D C:\ProgramData\dOwwnnloadittkeep
2013-12-24 15:58 - 2013-12-24 16:00 - 00000000 ____D C:\ProgramData\saavinugtoyyou
2013-12-24 15:58 - 2013-12-24 15:58 - 00000000 ____D C:\ProgramData\e8a480b429bfdc00
2013-12-23 21:18 - 2013-12-23 21:57 - 119282768 _____ (Black & Bloody Vengeance) C:\Users\Timo T\Downloads\[BV] Mod Collection Installer 8.10.4.exe
2013-12-21 20:07 - 2013-12-21 20:07 - 00002236 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-21 19:52 - 2013-12-21 19:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 21:03 - 2013-12-23 22:18 - 00001077 _____ C:\Users\Public\Desktop\ActiveDossierUploader.lnk
2013-12-20 21:03 - 2013-12-23 22:18 - 00001027 _____ C:\Users\Public\Desktop\Radial Menu Editor.lnk
2013-12-20 21:03 - 2013-12-23 22:18 - 00000942 _____ C:\Users\Public\Desktop\Setup WoT Stats.lnk
2013-12-20 21:03 - 2013-12-23 22:18 - 00000096 _____ C:\Users\Public\Desktop\[BV] Mod Collection Updates.url
2013-12-18 18:26 - 2013-12-31 14:38 - 00000109 _____ C:\Users\Timo T\AppData\Roaming\WB.CFG
2013-12-14 17:53 - 2013-11-12 00:41 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-14 17:53 - 2013-11-12 00:40 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-14 17:53 - 2013-11-12 00:27 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-12-14 17:53 - 2013-11-12 00:24 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-12-14 17:53 - 2013-11-11 03:48 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2013-12-14 17:53 - 2013-11-09 12:55 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-12-14 17:53 - 2013-11-09 07:37 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2013-12-14 17:53 - 2013-11-09 06:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2013-12-14 17:53 - 2013-11-08 11:26 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2013-12-14 17:53 - 2013-11-08 05:43 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2013-12-14 17:53 - 2013-11-08 05:28 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-12-14 17:53 - 2013-11-08 05:26 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-12-14 17:53 - 2013-11-08 05:16 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2013-12-14 17:53 - 2013-11-08 05:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2013-12-14 17:53 - 2013-11-08 05:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2013-12-14 17:53 - 2013-11-08 04:41 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-12-14 17:53 - 2013-11-08 04:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-12-14 17:53 - 2013-11-05 15:19 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2013-12-14 17:53 - 2013-11-05 15:03 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2013-12-14 17:53 - 2013-11-05 14:57 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2013-12-14 17:53 - 2013-11-05 14:33 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2013-12-14 17:53 - 2013-11-05 14:32 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2013-12-14 17:53 - 2013-11-04 18:13 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-12-14 17:53 - 2013-11-04 18:13 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-12-14 17:53 - 2013-11-04 14:07 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2013-12-14 17:53 - 2013-11-04 12:50 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-12-14 17:53 - 2013-11-04 11:32 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2013-12-14 17:53 - 2013-11-04 03:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2013-12-14 17:53 - 2013-11-04 02:30 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-12-14 17:53 - 2013-11-01 12:39 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2013-12-14 17:53 - 2013-11-01 07:08 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2013-12-14 17:53 - 2013-11-01 06:57 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2013-12-14 17:53 - 2013-10-31 01:58 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-12-14 17:53 - 2013-10-31 01:42 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-12-14 17:53 - 2013-10-31 01:33 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-12-14 17:53 - 2013-10-31 01:33 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-12-14 17:53 - 2013-10-31 01:33 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-12-14 17:53 - 2013-10-31 01:33 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-12-14 17:53 - 2013-10-26 02:54 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2013-12-14 17:53 - 2013-10-24 10:31 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2013-12-14 17:53 - 2013-10-24 10:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2013-12-14 17:53 - 2013-10-17 12:21 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-12-14 17:53 - 2013-10-17 11:36 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2013-12-14 17:53 - 2013-10-05 15:21 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-12-14 17:53 - 2013-10-05 15:21 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-12-14 17:53 - 2013-10-05 13:05 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-12-14 17:53 - 2013-10-05 13:05 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2013-12-12 19:56 - 2013-12-12 21:13 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\TS3Client
2013-12-12 19:52 - 2013-11-23 05:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2013-12-12 19:52 - 2013-11-23 05:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2013-12-12 19:52 - 2013-11-23 04:32 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-12-12 19:52 - 2013-11-23 04:10 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2013-12-12 19:52 - 2013-11-09 07:34 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2013-12-12 19:52 - 2013-11-09 07:34 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2013-12-12 19:52 - 2013-11-09 06:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2013-12-12 19:51 - 2013-12-12 19:51 - 00001222 _____ C:\Users\Timo T\Desktop\TeamSpeak 3 Client.lnk
2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Local\TeamSpeak 3 Client
2013-12-12 19:31 - 2013-12-12 19:33 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\Timo T\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe
2013-12-12 18:38 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-12-12 18:38 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-12-12 18:38 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-12-12 18:38 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-12-12 18:38 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-12-12 18:38 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-12-12 18:38 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-12-12 18:38 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-12-12 18:38 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-12-12 18:38 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2013-12-12 18:38 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-12-12 18:38 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-12-12 18:38 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-12-12 18:38 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2013-12-12 18:38 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2013-12-12 18:38 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-12-12 18:38 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-12-12 18:38 - 2013-11-08 08:21 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-12-12 18:38 - 2013-10-19 09:53 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2013-12-12 18:38 - 2013-10-19 08:14 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2013-12-12 18:38 - 2013-10-15 09:54 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2013-12-12 18:38 - 2013-10-15 09:03 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
==================== One Month Modified Files and Folders =======
2014-01-01 13:58 - 2013-12-29 21:46 - 00014615 _____ C:\Users\Timo T\Downloads\FRST.txt
2014-01-01 13:57 - 2014-01-01 13:57 - 01931302 _____ (Farbar) C:\Users\Timo T\Downloads\FRST64(1).exe
2014-01-01 13:55 - 2014-01-01 13:55 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Timo T\Downloads\sc-cleaner.exe
2014-01-01 13:55 - 2014-01-01 13:55 - 00001752 _____ C:\sc-cleaner.txt
2014-01-01 13:55 - 2012-11-18 01:01 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1946761082-257476130-358862400-1002
2014-01-01 13:53 - 2014-01-01 13:53 - 00002268 _____ C:\Users\Timo T\Desktop\JRT.txt
2014-01-01 13:51 - 2013-11-30 12:18 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A1E9E32D-55A8-4BAF-90D6-784E9A0B66BE}
2014-01-01 13:50 - 2013-12-29 21:40 - 00000000 ____D C:\Program Files (x86)\Jump Flip
2014-01-01 13:49 - 2014-01-01 13:49 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-01 13:47 - 2014-01-01 13:47 - 01036305 _____ (Thisisu) C:\Users\Timo T\Downloads\JRT(1).exe
2014-01-01 13:45 - 2014-01-01 13:43 - 01036305 _____ (Thisisu) C:\Users\Timo T\Downloads\JRT.exe
2014-01-01 13:42 - 2013-10-18 22:09 - 01489102 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-01 13:40 - 2013-10-18 22:20 - 00000000 __RDO C:\Users\Timo T\SkyDrive
2014-01-01 13:39 - 2014-01-01 13:39 - 00000000 ____D C:\ProgramData\boost_interprocess
2014-01-01 13:39 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-01 13:39 - 2013-07-25 21:49 - 00001116 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-01 13:38 - 2013-12-29 21:38 - 00000308 _____ C:\WINDOWS\Tasks\Digital Sites.job
2014-01-01 13:38 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-01 13:37 - 2014-01-01 13:35 - 00000000 ____D C:\AdwCleaner
2014-01-01 13:37 - 2013-10-18 22:16 - 00001013 _____ C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-01 13:37 - 2012-11-18 01:37 - 00001065 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-01 13:37 - 2012-11-18 00:51 - 00000000 ___RD C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-01 13:34 - 2014-01-01 13:34 - 01233962 _____ C:\Users\Timo T\Downloads\adwcleaner.exe
2014-01-01 13:29 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\newnext.me
2014-01-01 13:28 - 2013-02-03 13:41 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-31 19:16 - 2013-03-10 13:11 - 00000942 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002UA.job
2013-12-31 16:47 - 2013-12-29 18:16 - 00000414 _____ C:\Users\Timo T\daemonprocess.txt
2013-12-31 16:06 - 2013-07-25 21:49 - 00001120 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-31 16:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2013-12-31 15:28 - 2013-12-31 14:11 - 00000000 ____D C:\Users\Timo T\Desktop\mbar
2013-12-31 15:02 - 2013-12-31 14:14 - 00117464 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2013-12-31 15:02 - 2013-12-31 14:11 - 00089304 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-12-31 14:57 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\Updater
2013-12-31 14:57 - 2013-09-29 20:04 - 00003550 _____ C:\WINDOWS\PFRO.log
2013-12-31 14:52 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2013-12-31 14:38 - 2013-12-31 14:38 - 00000006 _____ C:\Users\Timo T\AppData\Roaming\WBPU-TTL.DAT
2013-12-31 14:38 - 2013-12-18 18:26 - 00000109 _____ C:\Users\Timo T\AppData\Roaming\WB.CFG
2013-12-31 14:14 - 2013-12-31 14:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-31 14:10 - 2013-12-31 14:10 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Timo T\Downloads\mbar-1.07.0.1008.exe
2013-12-29 21:56 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Local\cache
2013-12-29 21:53 - 2013-12-29 21:52 - 00000000 ____D C:\Users\Timo T\Desktop\Neuer Ordner
2013-12-29 21:47 - 2013-12-29 21:46 - 00030673 _____ C:\Users\Timo T\Downloads\Addition.txt
2013-12-29 21:45 - 2013-12-29 21:45 - 00000000 ____D C:\FRST
2013-12-29 21:44 - 2013-12-29 21:44 - 01931302 _____ (Farbar) C:\Users\Timo T\Downloads\FRST64.exe
2013-12-29 21:39 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Local\genienext
2013-12-29 21:38 - 2013-12-29 21:38 - 00002646 _____ C:\WINDOWS\System32\Tasks\Digital Sites
2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\DigitalSites
2013-12-29 21:37 - 2013-12-29 21:37 - 00673568 _____ ( ) C:\Users\Timo T\Downloads\ZipOpenerSetup.exe
2013-12-29 20:31 - 2013-12-29 20:31 - 00000000 ____D C:\ProgramData\Websteroids
2013-12-29 19:44 - 2013-12-29 19:44 - 00000000 ____D C:\ProgramData\Oracle
2013-12-29 19:43 - 2013-12-29 19:44 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-12-29 19:43 - 2013-12-29 19:44 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-12-29 19:43 - 2013-12-29 19:44 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-12-29 19:43 - 2013-12-29 19:44 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2013-12-29 19:43 - 2013-12-29 19:43 - 00000000 ____D C:\Program Files\Java
2013-12-29 19:42 - 2013-12-29 19:42 - 30694824 _____ (Oracle Corporation) C:\Users\Timo T\Downloads\jre-7u45-windows-x64.exe
2013-12-29 19:39 - 2013-12-29 19:39 - 00470032 _____ C:\Users\Timo T\Downloads\Java.exe
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\.android
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\RHelpers
2013-12-29 18:16 - 2013-10-18 21:52 - 00000000 ____D C:\Users\Timo T
2013-12-29 18:14 - 2013-12-29 18:14 - 00002066 _____ C:\Users\Timo T\Desktop\Continue installation - FlashPlayer.lnk
2013-12-29 18:11 - 2013-12-29 18:11 - 00336936 _____ (Amônétízé Ltd) C:\Users\Timo T\Downloads\FlashPlayer__4003_i220968287_il14.exe
2013-12-29 13:16 - 2013-03-10 13:11 - 00000920 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002Core.job
2013-12-29 10:33 - 2013-12-29 10:33 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Bonanza
2013-12-24 16:01 - 2013-12-24 15:58 - 00000000 ____D C:\ProgramData\dOwwnnloadittkeep
2013-12-24 16:00 - 2013-12-24 15:58 - 00000000 ____D C:\ProgramData\saavinugtoyyou
2013-12-24 15:58 - 2013-12-24 15:58 - 00000000 ____D C:\ProgramData\e8a480b429bfdc00
2013-12-23 22:19 - 2013-11-04 18:21 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Black & Bloody Vengeance
2013-12-23 22:18 - 2013-12-20 21:03 - 00001077 _____ C:\Users\Public\Desktop\ActiveDossierUploader.lnk
2013-12-23 22:18 - 2013-12-20 21:03 - 00001027 _____ C:\Users\Public\Desktop\Radial Menu Editor.lnk
2013-12-23 22:18 - 2013-12-20 21:03 - 00000942 _____ C:\Users\Public\Desktop\Setup WoT Stats.lnk
2013-12-23 22:18 - 2013-12-20 21:03 - 00000096 _____ C:\Users\Public\Desktop\[BV] Mod Collection Updates.url
2013-12-23 21:57 - 2013-12-23 21:18 - 119282768 _____ (Black & Bloody Vengeance) C:\Users\Timo T\Downloads\[BV] Mod Collection Installer 8.10.4.exe
2013-12-22 15:38 - 2013-08-17 19:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-22 15:36 - 2013-01-01 03:07 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-22 15:00 - 2012-11-18 01:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-21 20:22 - 2013-11-15 20:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-12-21 20:07 - 2013-12-21 20:07 - 00002236 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-21 20:07 - 2013-07-25 21:49 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-21 19:52 - 2013-12-21 19:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 20:43 - 2013-09-30 05:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-20 20:43 - 2013-09-30 04:56 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2013-12-20 20:43 - 2013-09-30 04:56 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2013-12-18 18:30 - 2013-05-07 18:32 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2013-12-18 18:30 - 2013-03-30 20:34 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-12-18 18:30 - 2013-03-30 20:34 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-12-16 21:29 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2013-12-14 17:45 - 2013-08-22 15:44 - 00335992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-12 21:13 - 2013-12-12 19:56 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\TS3Client
2013-12-12 19:51 - 2013-12-12 19:51 - 00001222 _____ C:\Users\Timo T\Desktop\TeamSpeak 3 Client.lnk
2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Local\TeamSpeak 3 Client
2013-12-12 19:33 - 2013-12-12 19:31 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\Timo T\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe
2013-12-12 19:00 - 2013-07-25 21:49 - 00004092 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-12 19:00 - 2013-07-25 21:49 - 00003856 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-10 20:28 - 2013-02-03 13:41 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2013-12-04 01:05 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-12-04 01:05 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-03 19:39 - 2013-08-22 15:46 - 00333628 _____ C:\WINDOWS\setupact.log
2013-12-02 21:17 - 2013-05-09 12:45 - 00000000 ____D C:\Users\Timo T\AppData\Local\DoNotTrackPlus
Some content of TEMP:
====================
C:\Users\Timo T\AppData\Local\Temp\avgnt.exe
C:\Users\Timo T\AppData\Local\Temp\BackupSetup.exe
C:\Users\Timo T\AppData\Local\Temp\FlashPlayer__4003_i220968287_il14.exe
C:\Users\Timo T\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-31 16:00
==================== End Of Log ============================
--- --- --- --- --- --- erst ma ein frohes neues jahr und vielen dank für die super hilfe. habe jetzt alle 4 punkte durchgearbeitet leider finde ich keine addition.txt von heute  |
|
01.01.2014, 19:34
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nation Zoom :( ich weiß nicht weiter Bei FRST muss ein Haken bei additions.txt gesetzt sein, sonst wird keine erstellt Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter FF Extension: dOwwnnloadittkeep - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\d.u8vact@ocvzuyoytmw-.net
FF Extension: saavinugtoyyou - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\vxavvpc@ptwb-rm.com
FF Extension: Jump Flip - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\firefox@jumpflip.net.xpi
FF Extension: BonanzaDeals - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi
R2 Util Jump Flip; C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe [65312 2013-12-31] (Jump Flip)
C:\Program Files (x86)\Jump Flip
C:\Users\Timo T\AppData\Roaming\Bonanza
C:\ProgramData\dOwwnnloadittkeep
C:\ProgramData\saavinugtoyyou
C:\ProgramData\e8a480b429bfdc00
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.01.2014, 20:02
| #11 |
| | Nation Zoom :( ich weiß nicht weiter ich glaub ich mache irgendwas falsch ich hänge mal ein bild mit an villeicht kannst du damit was anfangen |
|
01.01.2014, 20:51
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nation Zoom :( ich weiß nicht weiter Wieso hälst du dich auch nicht an die Anleitung? FRST und das Fixlog sollte beides auf dem Desktop liegen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.01.2014, 18:13
| #13 |
| | Nation Zoom :( ich weiß nicht weiter sorry. ich hab nochmal alles ab beitrag 8 punkt 4 wiederholt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2014 01
Ran by Timo T (administrator) on TIMO on 02-01-2014 18:06:09
Running from C:\Users\Timo T\Desktop
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
() C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [BakupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications))
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-09-04] (Samsung)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-09-04] (Samsung)
HKCU\...\Run: [Facebook Update] - C:\Users\Timo T\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-10] (Facebook Inc.)
==================== Internet (Whitelisted) ====================
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {12086C10-E61B-4C87-8253-D990FA7080CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {12086C10-E61B-4C87-8253-D990FA7080CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {12086C10-E61B-4C87-8253-D990FA7080CB} URL =
BHO: saavinugtoyyou - {3452EE4D-89B3-E1D4-FF71-706C2912BF03} - C:\ProgramData\saavinugtoyyou\OrmbLjH6I_.x64.dll No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: dOwwnnloadittkeep - {82E8CB70-1EDF-3579-F279-ABEA2CAE660B} - C:\ProgramData\dOwwnnloadittkeep\xKeUtMS2U.x64.dll No File
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Jump Flip - {6db9fdfe-b718-4962-be0c-0a5fce7f7f7b} - C:\Program Files (x86)\Jump Flip\JumpFlipBHO.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default
FF SearchEngineOrder.1: Ask.com
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Timo T\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-15] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 Update Jump Flip; "C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe" [x]
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-15] (Dritek System Inc.)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-02 18:06 - 2014-01-02 18:06 - 00013731 _____ C:\Users\Timo T\Desktop\FRST.txt
2014-01-02 18:04 - 2014-01-02 18:04 - 01931426 _____ (Farbar) C:\Users\Timo T\Desktop\FRST64.exe
2014-01-02 18:04 - 2014-01-02 18:04 - 00000000 ____D C:\Users\Timo T\Desktop\FRST-OlderVersion
2014-01-02 18:03 - 2014-01-02 18:04 - 00000000 ____D C:\FRST
2014-01-01 19:49 - 2014-01-01 19:49 - 01931396 _____ (Farbar) C:\Users\Timo T\Downloads\FRST64(1).exe
2014-01-01 19:46 - 2014-01-01 19:46 - 00000000 ____D C:\Users\Timo T\Downloads\FRST-OlderVersion
2014-01-01 15:35 - 2014-01-01 15:35 - 00000005 _____ C:\Users\Timo T\AppData\Roaming\WBPU-Q5-TTL.DAT
2014-01-01 13:55 - 2014-01-01 13:55 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Timo T\Downloads\sc-cleaner.exe
2014-01-01 13:55 - 2014-01-01 13:55 - 00001752 _____ C:\sc-cleaner.txt
2014-01-01 13:53 - 2014-01-01 13:53 - 00002268 _____ C:\Users\Timo T\Desktop\JRT.txt
2014-01-01 13:49 - 2014-01-01 13:49 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-01 13:47 - 2014-01-01 13:47 - 01036305 _____ (Thisisu) C:\Users\Timo T\Downloads\JRT(1).exe
2014-01-01 13:43 - 2014-01-01 13:45 - 01036305 _____ (Thisisu) C:\Users\Timo T\Downloads\JRT.exe
2014-01-01 13:39 - 2014-01-01 13:39 - 00000000 ____D C:\ProgramData\boost_interprocess
2014-01-01 13:35 - 2014-01-01 13:37 - 00000000 ____D C:\AdwCleaner
2014-01-01 13:34 - 2014-01-01 13:34 - 01233962 _____ C:\Users\Timo T\Downloads\adwcleaner.exe
2013-12-31 14:38 - 2014-01-01 15:35 - 00000005 _____ C:\Users\Timo T\AppData\Roaming\WBPU-TTL.DAT
2013-12-31 14:14 - 2013-12-31 15:02 - 00117464 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2013-12-31 14:14 - 2013-12-31 14:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-31 14:11 - 2013-12-31 15:28 - 00000000 ____D C:\Users\Timo T\Desktop\mbar
2013-12-31 14:11 - 2013-12-31 15:02 - 00089304 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-12-31 14:10 - 2013-12-31 14:10 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Timo T\Downloads\mbar-1.07.0.1008.exe
2013-12-29 21:52 - 2013-12-29 21:53 - 00000000 ____D C:\Users\Timo T\Desktop\Neuer Ordner
2013-12-29 21:46 - 2014-01-01 13:58 - 00041000 _____ C:\Users\Timo T\Downloads\FRST.txt
2013-12-29 21:46 - 2013-12-29 21:47 - 00030673 _____ C:\Users\Timo T\Downloads\Addition.txt
2013-12-29 21:45 - 2014-01-01 19:56 - 00000000 ____D C:\Users\Timo T\Desktop\FRST
2013-12-29 21:44 - 2014-01-01 19:46 - 01931396 _____ (Farbar) C:\Users\Timo T\Downloads\FRST64.exe
2013-12-29 21:39 - 2012-07-25 12:03 - 00016896 _____ C:\WINDOWS\system32\sasnative64.exe
2013-12-29 21:38 - 2014-01-01 20:38 - 00000308 _____ C:\WINDOWS\Tasks\Digital Sites.job
2013-12-29 21:38 - 2013-12-29 21:38 - 00002646 _____ C:\WINDOWS\System32\Tasks\Digital Sites
2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\DigitalSites
2013-12-29 21:37 - 2013-12-29 21:37 - 00673568 _____ ( ) C:\Users\Timo T\Downloads\ZipOpenerSetup.exe
2013-12-29 20:31 - 2013-12-29 20:31 - 00000000 ____D C:\ProgramData\Websteroids
2013-12-29 19:44 - 2013-12-29 19:44 - 00000000 ____D C:\ProgramData\Oracle
2013-12-29 19:44 - 2013-12-29 19:43 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-12-29 19:44 - 2013-12-29 19:43 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-12-29 19:44 - 2013-12-29 19:43 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-12-29 19:44 - 2013-12-29 19:43 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2013-12-29 19:43 - 2013-12-29 19:43 - 00000000 ____D C:\Program Files\Java
2013-12-29 19:42 - 2013-12-29 19:42 - 30694824 _____ (Oracle Corporation) C:\Users\Timo T\Downloads\jre-7u45-windows-x64.exe
2013-12-29 19:39 - 2013-12-29 19:39 - 00470032 _____ C:\Users\Timo T\Downloads\Java.exe
2013-12-29 18:16 - 2014-01-01 13:29 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\newnext.me
2013-12-29 18:16 - 2013-12-31 16:47 - 00000414 _____ C:\Users\Timo T\daemonprocess.txt
2013-12-29 18:16 - 2013-12-31 14:57 - 00000000 ____D C:\ProgramData\Updater
2013-12-29 18:16 - 2013-12-29 21:56 - 00000000 ____D C:\Users\Timo T\AppData\Local\cache
2013-12-29 18:16 - 2013-12-29 21:39 - 00000000 ____D C:\Users\Timo T\AppData\Local\genienext
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\.android
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\RHelpers
2013-12-29 18:14 - 2013-12-29 18:14 - 00002066 _____ C:\Users\Timo T\Desktop\Continue installation - FlashPlayer.lnk
2013-12-29 18:11 - 2013-12-29 18:11 - 00336936 _____ (Amônétízé Ltd) C:\Users\Timo T\Downloads\FlashPlayer__4003_i220968287_il14.exe
2013-12-23 21:18 - 2013-12-23 21:57 - 119282768 _____ (Black & Bloody Vengeance) C:\Users\Timo T\Downloads\[BV] Mod Collection Installer 8.10.4.exe
2013-12-21 20:07 - 2013-12-21 20:07 - 00002236 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-21 19:52 - 2013-12-21 19:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 21:03 - 2013-12-23 22:18 - 00001077 _____ C:\Users\Public\Desktop\ActiveDossierUploader.lnk
2013-12-20 21:03 - 2013-12-23 22:18 - 00001027 _____ C:\Users\Public\Desktop\Radial Menu Editor.lnk
2013-12-20 21:03 - 2013-12-23 22:18 - 00000942 _____ C:\Users\Public\Desktop\Setup WoT Stats.lnk
2013-12-20 21:03 - 2013-12-23 22:18 - 00000096 _____ C:\Users\Public\Desktop\[BV] Mod Collection Updates.url
2013-12-18 18:26 - 2014-01-01 15:35 - 00000106 _____ C:\Users\Timo T\AppData\Roaming\WB.CFG
2013-12-14 17:53 - 2013-11-12 00:41 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-14 17:53 - 2013-11-12 00:40 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-14 17:53 - 2013-11-12 00:27 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-12-14 17:53 - 2013-11-12 00:24 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-12-14 17:53 - 2013-11-11 03:48 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2013-12-14 17:53 - 2013-11-09 12:55 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-12-14 17:53 - 2013-11-09 07:37 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2013-12-14 17:53 - 2013-11-09 06:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2013-12-14 17:53 - 2013-11-08 11:26 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2013-12-14 17:53 - 2013-11-08 05:43 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2013-12-14 17:53 - 2013-11-08 05:28 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-12-14 17:53 - 2013-11-08 05:26 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-12-14 17:53 - 2013-11-08 05:16 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2013-12-14 17:53 - 2013-11-08 05:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2013-12-14 17:53 - 2013-11-08 05:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2013-12-14 17:53 - 2013-11-08 04:41 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-12-14 17:53 - 2013-11-08 04:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-12-14 17:53 - 2013-11-05 15:19 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2013-12-14 17:53 - 2013-11-05 15:03 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2013-12-14 17:53 - 2013-11-05 14:57 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2013-12-14 17:53 - 2013-11-05 14:33 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2013-12-14 17:53 - 2013-11-05 14:32 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2013-12-14 17:53 - 2013-11-04 18:13 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-12-14 17:53 - 2013-11-04 18:13 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-12-14 17:53 - 2013-11-04 14:07 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2013-12-14 17:53 - 2013-11-04 12:50 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-12-14 17:53 - 2013-11-04 11:32 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2013-12-14 17:53 - 2013-11-04 03:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2013-12-14 17:53 - 2013-11-04 02:30 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-12-14 17:53 - 2013-11-01 12:39 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2013-12-14 17:53 - 2013-11-01 07:08 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2013-12-14 17:53 - 2013-11-01 06:57 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2013-12-14 17:53 - 2013-10-31 01:58 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-12-14 17:53 - 2013-10-31 01:42 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-12-14 17:53 - 2013-10-31 01:33 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-12-14 17:53 - 2013-10-31 01:33 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-12-14 17:53 - 2013-10-31 01:33 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-12-14 17:53 - 2013-10-31 01:33 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-12-14 17:53 - 2013-10-26 02:54 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2013-12-14 17:53 - 2013-10-24 10:31 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2013-12-14 17:53 - 2013-10-24 10:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2013-12-14 17:53 - 2013-10-17 12:21 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-12-14 17:53 - 2013-10-17 11:36 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2013-12-14 17:53 - 2013-10-05 15:21 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-12-14 17:53 - 2013-10-05 15:21 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-12-14 17:53 - 2013-10-05 13:05 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-12-14 17:53 - 2013-10-05 13:05 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2013-12-12 19:56 - 2013-12-12 21:13 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\TS3Client
2013-12-12 19:52 - 2013-11-23 05:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2013-12-12 19:52 - 2013-11-23 05:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2013-12-12 19:52 - 2013-11-23 04:32 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-12-12 19:52 - 2013-11-23 04:10 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2013-12-12 19:52 - 2013-11-09 07:34 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2013-12-12 19:52 - 2013-11-09 07:34 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2013-12-12 19:52 - 2013-11-09 06:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2013-12-12 19:51 - 2013-12-12 19:51 - 00001222 _____ C:\Users\Timo T\Desktop\TeamSpeak 3 Client.lnk
2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Local\TeamSpeak 3 Client
2013-12-12 19:31 - 2013-12-12 19:33 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\Timo T\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe
2013-12-12 18:38 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-12-12 18:38 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-12-12 18:38 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-12-12 18:38 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-12-12 18:38 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-12-12 18:38 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-12-12 18:38 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-12-12 18:38 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-12-12 18:38 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-12-12 18:38 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2013-12-12 18:38 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-12-12 18:38 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-12-12 18:38 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-12-12 18:38 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2013-12-12 18:38 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2013-12-12 18:38 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-12-12 18:38 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-12-12 18:38 - 2013-11-08 08:21 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-12-12 18:38 - 2013-10-19 09:53 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2013-12-12 18:38 - 2013-10-19 08:14 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2013-12-12 18:38 - 2013-10-15 09:54 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2013-12-12 18:38 - 2013-10-15 09:03 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
==================== One Month Modified Files and Folders =======
2014-01-02 18:06 - 2014-01-02 18:06 - 00013731 _____ C:\Users\Timo T\Desktop\FRST.txt
2014-01-02 18:05 - 2013-07-25 21:49 - 00001120 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-02 18:04 - 2014-01-02 18:04 - 01931426 _____ (Farbar) C:\Users\Timo T\Desktop\FRST64.exe
2014-01-02 18:04 - 2014-01-02 18:04 - 00000000 ____D C:\Users\Timo T\Desktop\FRST-OlderVersion
2014-01-02 18:04 - 2014-01-02 18:03 - 00000000 ____D C:\FRST
2014-01-02 18:02 - 2013-11-30 12:18 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A1E9E32D-55A8-4BAF-90D6-784E9A0B66BE}
2014-01-02 18:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-02 18:01 - 2013-10-18 22:09 - 01683813 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-02 18:00 - 2013-10-18 22:20 - 00000000 __RDO C:\Users\Timo T\SkyDrive
2014-01-02 17:59 - 2013-07-25 21:49 - 00001116 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-02 17:58 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-01 20:39 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-01 20:38 - 2013-12-29 21:38 - 00000308 _____ C:\WINDOWS\Tasks\Digital Sites.job
2014-01-01 20:28 - 2013-02-03 13:41 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-01 19:56 - 2013-12-29 21:45 - 00000000 ____D C:\Users\Timo T\Desktop\FRST
2014-01-01 19:49 - 2014-01-01 19:49 - 01931396 _____ (Farbar) C:\Users\Timo T\Downloads\FRST64(1).exe
2014-01-01 19:46 - 2014-01-01 19:46 - 00000000 ____D C:\Users\Timo T\Downloads\FRST-OlderVersion
2014-01-01 19:46 - 2013-12-29 21:44 - 01931396 _____ (Farbar) C:\Users\Timo T\Downloads\FRST64.exe
2014-01-01 19:16 - 2013-03-10 13:11 - 00000942 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002UA.job
2014-01-01 15:35 - 2014-01-01 15:35 - 00000005 _____ C:\Users\Timo T\AppData\Roaming\WBPU-Q5-TTL.DAT
2014-01-01 15:35 - 2013-12-31 14:38 - 00000005 _____ C:\Users\Timo T\AppData\Roaming\WBPU-TTL.DAT
2014-01-01 15:35 - 2013-12-18 18:26 - 00000106 _____ C:\Users\Timo T\AppData\Roaming\WB.CFG
2014-01-01 14:18 - 2012-11-18 01:01 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1946761082-257476130-358862400-1002
2014-01-01 13:58 - 2013-12-29 21:46 - 00041000 _____ C:\Users\Timo T\Downloads\FRST.txt
2014-01-01 13:55 - 2014-01-01 13:55 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Timo T\Downloads\sc-cleaner.exe
2014-01-01 13:55 - 2014-01-01 13:55 - 00001752 _____ C:\sc-cleaner.txt
2014-01-01 13:53 - 2014-01-01 13:53 - 00002268 _____ C:\Users\Timo T\Desktop\JRT.txt
2014-01-01 13:49 - 2014-01-01 13:49 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-01 13:47 - 2014-01-01 13:47 - 01036305 _____ (Thisisu) C:\Users\Timo T\Downloads\JRT(1).exe
2014-01-01 13:45 - 2014-01-01 13:43 - 01036305 _____ (Thisisu) C:\Users\Timo T\Downloads\JRT.exe
2014-01-01 13:39 - 2014-01-01 13:39 - 00000000 ____D C:\ProgramData\boost_interprocess
2014-01-01 13:37 - 2014-01-01 13:35 - 00000000 ____D C:\AdwCleaner
2014-01-01 13:37 - 2013-10-18 22:16 - 00001013 _____ C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-01 13:37 - 2012-11-18 01:37 - 00001065 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-01 13:37 - 2012-11-18 00:51 - 00000000 ___RD C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-01 13:34 - 2014-01-01 13:34 - 01233962 _____ C:\Users\Timo T\Downloads\adwcleaner.exe
2014-01-01 13:29 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\newnext.me
2013-12-31 16:47 - 2013-12-29 18:16 - 00000414 _____ C:\Users\Timo T\daemonprocess.txt
2013-12-31 15:28 - 2013-12-31 14:11 - 00000000 ____D C:\Users\Timo T\Desktop\mbar
2013-12-31 15:02 - 2013-12-31 14:14 - 00117464 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2013-12-31 15:02 - 2013-12-31 14:11 - 00089304 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-12-31 14:57 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\Updater
2013-12-31 14:57 - 2013-09-29 20:04 - 00003550 _____ C:\WINDOWS\PFRO.log
2013-12-31 14:57 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2013-12-31 14:14 - 2013-12-31 14:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-31 14:10 - 2013-12-31 14:10 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Timo T\Downloads\mbar-1.07.0.1008.exe
2013-12-29 21:56 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Local\cache
2013-12-29 21:53 - 2013-12-29 21:52 - 00000000 ____D C:\Users\Timo T\Desktop\Neuer Ordner
2013-12-29 21:47 - 2013-12-29 21:46 - 00030673 _____ C:\Users\Timo T\Downloads\Addition.txt
2013-12-29 21:39 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\AppData\Local\genienext
2013-12-29 21:38 - 2013-12-29 21:38 - 00002646 _____ C:\WINDOWS\System32\Tasks\Digital Sites
2013-12-29 21:38 - 2013-12-29 21:38 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\DigitalSites
2013-12-29 21:37 - 2013-12-29 21:37 - 00673568 _____ ( ) C:\Users\Timo T\Downloads\ZipOpenerSetup.exe
2013-12-29 20:31 - 2013-12-29 20:31 - 00000000 ____D C:\ProgramData\Websteroids
2013-12-29 19:44 - 2013-12-29 19:44 - 00000000 ____D C:\ProgramData\Oracle
2013-12-29 19:43 - 2013-12-29 19:44 - 00312744 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-12-29 19:43 - 2013-12-29 19:44 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-12-29 19:43 - 2013-12-29 19:44 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-12-29 19:43 - 2013-12-29 19:44 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2013-12-29 19:43 - 2013-12-29 19:43 - 00000000 ____D C:\Program Files\Java
2013-12-29 19:42 - 2013-12-29 19:42 - 30694824 _____ (Oracle Corporation) C:\Users\Timo T\Downloads\jre-7u45-windows-x64.exe
2013-12-29 19:39 - 2013-12-29 19:39 - 00470032 _____ C:\Users\Timo T\Downloads\Java.exe
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\Users\Timo T\.android
2013-12-29 18:16 - 2013-12-29 18:16 - 00000000 ____D C:\ProgramData\RHelpers
2013-12-29 18:16 - 2013-10-18 21:52 - 00000000 ____D C:\Users\Timo T
2013-12-29 18:14 - 2013-12-29 18:14 - 00002066 _____ C:\Users\Timo T\Desktop\Continue installation - FlashPlayer.lnk
2013-12-29 18:11 - 2013-12-29 18:11 - 00336936 _____ (Amônétízé Ltd) C:\Users\Timo T\Downloads\FlashPlayer__4003_i220968287_il14.exe
2013-12-29 13:16 - 2013-03-10 13:11 - 00000920 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002Core.job
2013-12-23 22:19 - 2013-11-04 18:21 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Black & Bloody Vengeance
2013-12-23 22:18 - 2013-12-20 21:03 - 00001077 _____ C:\Users\Public\Desktop\ActiveDossierUploader.lnk
2013-12-23 22:18 - 2013-12-20 21:03 - 00001027 _____ C:\Users\Public\Desktop\Radial Menu Editor.lnk
2013-12-23 22:18 - 2013-12-20 21:03 - 00000942 _____ C:\Users\Public\Desktop\Setup WoT Stats.lnk
2013-12-23 22:18 - 2013-12-20 21:03 - 00000096 _____ C:\Users\Public\Desktop\[BV] Mod Collection Updates.url
2013-12-23 21:57 - 2013-12-23 21:18 - 119282768 _____ (Black & Bloody Vengeance) C:\Users\Timo T\Downloads\[BV] Mod Collection Installer 8.10.4.exe
2013-12-22 15:38 - 2013-08-17 19:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-22 15:36 - 2013-01-01 03:07 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-22 15:00 - 2012-11-18 01:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-21 20:22 - 2013-11-15 20:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-12-21 20:07 - 2013-12-21 20:07 - 00002236 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-21 20:07 - 2013-07-25 21:49 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-21 19:52 - 2013-12-21 19:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 20:43 - 2013-09-30 05:14 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-20 20:43 - 2013-09-30 04:56 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2013-12-20 20:43 - 2013-09-30 04:56 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2013-12-18 18:30 - 2013-05-07 18:32 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2013-12-18 18:30 - 2013-03-30 20:34 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-12-18 18:30 - 2013-03-30 20:34 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-12-16 21:29 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\FileManager
2013-12-14 21:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Camera
2013-12-14 17:45 - 2013-08-22 15:44 - 00335992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-12 21:13 - 2013-12-12 19:56 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\TS3Client
2013-12-12 19:51 - 2013-12-12 19:51 - 00001222 _____ C:\Users\Timo T\Desktop\TeamSpeak 3 Client.lnk
2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2013-12-12 19:51 - 2013-12-12 19:51 - 00000000 ____D C:\Users\Timo T\AppData\Local\TeamSpeak 3 Client
2013-12-12 19:33 - 2013-12-12 19:31 - 30095736 _____ (TeamSpeak Systems GmbH) C:\Users\Timo T\Downloads\TeamSpeak3-Client-win32-3.0.13.1.exe
2013-12-12 19:00 - 2013-07-25 21:49 - 00004092 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-12 19:00 - 2013-07-25 21:49 - 00003856 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-10 20:28 - 2013-02-03 13:41 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2013-12-04 01:05 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-12-04 01:05 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-03 19:39 - 2013-08-22 15:46 - 00333628 _____ C:\WINDOWS\setupact.log
Some content of TEMP:
====================
C:\Users\Timo T\AppData\Local\Temp\avgnt.exe
C:\Users\Timo T\AppData\Local\Temp\BackupSetup.exe
C:\Users\Timo T\AppData\Local\Temp\FlashPlayer__4003_i220968287_il14.exe
C:\Users\Timo T\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-01 14:18
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2014 01
Ran by Timo T at 2014-01-02 18:06:57
Running from C:\Users\Timo T\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
clear.fi SDK - Video 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.1910 - CyberLink Corp.) Hidden
[BV] Mod Collection (x32 Version: 1.08.96 - Black & Bloody Vengeance)
[BV] Mod Collection (x32 Version: 1.08.96 - Black & Bloody Vengeance) Hidden
[BV] Mod Collection (x32 Version: 8.10.4 - Black & Bloody Vengeance)
[BV] Mod Collection (x32 Version: 8.10.4 - Black & Bloody Vengeance) Hidden
[BV] Mod Collection Clanlogos (x32 Version: 1.0.1 - Black & Bloody Vengeance)
Acer Backup Manager (x32 Version: 4.0.0.0053 - NTI Corporation)
Acer Device Fast-lane (Version: 1.00.3003 - Acer Incorporated)
Acer Power Management (Version: 7.00.3003 - Acer Incorporated)
Acer Recovery Management (Version: 6.00.3006 - Acer Incorporated)
AcerCloud (x32 Version: 2.01.3112 - Acer Incorporated)
AcerCloud Docs (x32 Version: 1.00.3103 - Acer Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Backup Manager v4 (x32 Version: 4.0.0.0053 - NTI Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Broadcom Card Reader Driver Installer (Version: 15.4.4.2 - Broadcom Corporation)
clear.fi Media (x32 Version: 2.01.3107 - Acer Incorporated)
clear.fi Photo (x32 Version: 2.01.3107 - Acer Incorporated)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819 - CyberLink Corp.) Hidden
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Diablo III (x32 Version: 1.0.7.14633 - Blizzard Entertainment)
dOwwnnloadittkeep (x32 Version: - dowwneloaDitkeep)
eBay Worldwide (x32 Version: 2.3.0630 - OEM)
ETDWare PS/2-X64 11.6.11.002_WHQL (Version: 11.6.11.002 - ELAN Microelectronic Corp.)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287 - Skype Limited)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Foxtab (x32 Version: - FoxTab) <==== ATTENTION
Free YouTube to MP3 Converter version 3.12.2.430 (x32 Version: 3.12.2.430 - DVDVideoSoft Ltd.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (x32 Version: 2.00.3002 - Acer Incorporated)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jump Flip (Version: 2013.12.27.213125 - Jump Flip)
Launch Manager (x32 Version: 7.0.3 - Acer Inc.)
Live Updater (x32 Version: 2.00.3002 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft Office (x32 Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
Norton Online Backup (x32 Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.10 - Symantec Corporation) Hidden
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
NVIDIA Grafiktreiber 327.02 (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0613 (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
Office Addin (x32 Version: 2.01.3102 - Acer)
Office Addin 2003 (x32 Version: 2.01.3102 - Acer)
PartyPoker (x32 Version: - PartyGaming)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PokerStars.eu (x32 Version: - PokerStars.eu)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (x32 Version: 11.41 - Qualcomm Atheros)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
saavinugtoyyou (x32 Version: - saaviingteoyou)
Samsung Kies (x32 Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Spotify (x32 Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TeamSpeak 3 Client (HKCU Version: 3.0.13 - TeamSpeak Systems GmbH)
Update for Zip Opener (HKCU Version: - Update for Zip Opener) <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Updater (x32 Version: 2.6.53 - Creative Island Media, LLC)
Visual Studio 2005 Tools for Office Second Edition Runtime (x32 Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (x32 Version: 1 - Microsoft Corporation)
WildTangent Games (x32 Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
World of Tanks (x32 Version: - Wargaming.net)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Restore Points =========================
16-12-2013 19:49:25 Windows Update
20-12-2013 19:43:13 [BV] Mod Collection wird entfernt
22-12-2013 11:33:13 TuneUp Utilities 2013 wird entfernt
23-12-2013 21:03:01 [BV] Mod Collection Clanlogos wird installiert
29-12-2013 18:43:16 Installed Java 7 Update 45 (64-bit)
31-12-2013 13:51:47 Malwarebytes Anti-Rootkit Restore Point
==================== Hosts content: ==========================
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0AACCEF9-366E-482B-8EEF-DED69FAD4A19} - \BonanzaDealsLiveUpdateTaskMachineCore No Task File
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {17E4CA9F-25FD-494E-BB74-B84A209FCA12} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {20C819B0-6EC1-4924-A3A2-EC3C2E43BA90} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002UA => C:\Users\Timo T\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-10] (Facebook Inc.)
Task: {25726081-A397-417C-9053-4AB4590B4DFF} - System32\Tasks\startDestop => C:\Windows\explorer.exe [2013-10-22] (Microsoft Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2E49E5DC-0515-48BC-BA84-72D978DF82F3} - \FoxTab No Task File
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {397C436B-F8FA-42B2-BCA9-42956095EE40} - \RegClean Pro_UPDATES No Task File
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\System32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4B363602-9225-4197-A91E-C4CB0EBA9C5C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002Core => C:\Users\Timo T\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-10] (Facebook Inc.)
Task: {5031E43D-8433-478B-ADEF-ED7A3609D51E} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-07-13] ()
Task: {5D43D661-4822-426F-BDB8-813F0B4979E4} - System32\Tasks\Digital Sites => C:\Users\Timo T\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {62E3DEE8-D473-4B91-8097-3DE4CD9E8D7A} - \BonanzaDealsUpdate No Task File
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6D47655D-9C1F-43FE-A7EA-A67391803538} - \UpdaterEX No Task File
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6FE4EDEE-395D-47B4-AB29-54DCF268FC22} - \RegClean Pro_DEFAULT No Task File
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {73D61466-1665-49A1-9E9F-2CCF086B20A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-25] (Google Inc.)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {79E3ABDD-2399-4F4F-995C-4EA378BEC8D9} - \RegClean Pro No Task File
Task: {7C580FE3-B0E7-49F9-9B27-6FE125A6BAEF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {88E98346-BF35-457A-837D-FAE635483809} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {98CEFDC9-4187-453C-A3B4-C49FB9152592} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {9D57FC2B-2F32-4DBC-BC3E-3AE7E332B6BB} - \BonanzaDealsLiveUpdateTaskMachineUA No Task File
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B12311BC-1310-48DA-A4C1-3B7067D62D49} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-25] (Google Inc.)
Task: {B1BDC97C-AC76-4ACD-9F77-74BCEAA1ED31} - \Advanced System Protector_startup No Task File
Task: {B8C6B978-48DD-4BA9-A90C-39969592C3D8} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-07-31] (Acer Incorporated)
Task: {C07621CF-83DB-409B-BA85-05C6F8B8EE1A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\System32\MRT.exe [2013-12-22] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DB52C38A-7BED-4C11-8C09-4DA13108FB1A} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {E185F0C3-1D25-4FA8-833E-103DADA0F652} - \Scheduled Update for Ask Toolbar No Task File
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F83191E3-E913-4DC2-BE22-C614E7BF5FB0} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PmmUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\TIMOT~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002Core.job => C:\Users\Timo T\AppData\Local\Facebook\Update\FacebookUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1946761082-257476130-358862400-1002UA.job => C:\Users\Timo T\AppData\Local\Facebook\Update\FacebookUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-01-28 13:45 - 2013-01-28 13:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-28 13:42 - 2013-01-28 13:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2012-12-14 01:42 - 2012-12-14 01:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-19 11:26 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-07-31 00:04 - 2012-07-31 00:04 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-15 20:44 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-12-21 19:52 - 2013-12-21 19:52 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Timo T\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/01/2014 03:20:42 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (01/01/2014 02:21:00 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/01/2014 02:21:00 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/01/2014 02:21:00 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "asmv2:clrClassInvocation1". Fehler in Manifest- oder Richtliniendatei "asmv2:clrClassInvocation2" in Zeile asmv2:clrClassInvocation3.
Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error: (01/01/2014 02:09:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: TIMO)
Description: Bei der Aktivierung der App „FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager“ ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
System errors:
=============
Error: (01/02/2014 06:01:46 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (01/02/2014 05:58:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1083
Error: (01/01/2014 06:58:14 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (01/01/2014 06:55:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1083
Error: (01/01/2014 02:27:12 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (01/01/2014 02:25:00 PM) (Source: DCOM) (User: TIMO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}TimoTimo TS-1-5-21-1946761082-257476130-358862400-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (01/01/2014 02:24:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1083
Error: (01/01/2014 02:06:29 PM) (Source: DCOM) (User: TIMO)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (01/01/2014 02:05:59 PM) (Source: DCOM) (User: TIMO)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (01/01/2014 02:05:29 PM) (Source: DCOM) (User: TIMO)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Microsoft Office Sessions:
=========================
Error: (01/01/2014 03:20:42 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (01/01/2014 02:21:00 PM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4
Error: (01/01/2014 02:21:00 PM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4
Error: (01/01/2014 02:21:00 PM) (Source: SideBySide)(User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4
Error: (01/01/2014 02:09:26 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: TIMO)
Description: FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager-2144927151
==================== Memory info ===========================
Percentage of memory in use: 34%
Total physical RAM: 3909.27 MB
Available physical RAM: 2543.47 MB
Total Pagefile: 4613.27 MB
Available Pagefile: 3050.66 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:445.85 GB) (Free:300.61 GB) NTFS
Drive d: (Canyon BA International MY2013) (CDROM) (Total:0.95 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 0FC5356F)
Partition: GPT Partition Type
==================== End Of Log ============================
Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-01-2014 01
Ran by Timo T at 2014-01-02 18:09:40 Run:2
Running from C:\Users\Timo T\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
FF Extension: dOwwnnloadittkeep - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\d.u8vact@ocvzuyoytmw-.net
FF Extension: saavinugtoyyou - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\vxavvpc@ptwb-rm.com
FF Extension: Jump Flip - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\firefox@jumpflip.net.xpi
FF Extension: BonanzaDeals - C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi
R2 Util Jump Flip; C:\Program Files (x86)\Jump Flip\bin\utilJumpFlip.exe [65312 2013-12-31] (Jump Flip)
C:\Program Files (x86)\Jump Flip
C:\Users\Timo T\AppData\Roaming\Bonanza
C:\ProgramData\dOwwnnloadittkeep
C:\ProgramData\saavinugtoyyou
C:\ProgramData\e8a480b429bfdc00
*****************
C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\d.u8vact@ocvzuyoytmw-.net not found.
C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\vxavvpc@ptwb-rm.com not found.
C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\firefox@jumpflip.net.xpi not found.
C:\Users\Timo T\AppData\Roaming\Mozilla\Firefox\Profiles\b5tnil6r.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi not found.
Util Jump Flip => Service not found.
"C:\Program Files (x86)\Jump Flip" => File/Directory not found.
"C:\Users\Timo T\AppData\Roaming\Bonanza" => File/Directory not found.
"C:\ProgramData\dOwwnnloadittkeep" => File/Directory not found.
"C:\ProgramData\saavinugtoyyou" => File/Directory not found.
"C:\ProgramData\e8a480b429bfdc00" => File/Directory not found.
==== End of Fixlog ====
|
|
03.01.2014, 11:41
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nation Zoom :( ich weiß nicht weiter Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.01.2014, 17:41
| #15 |
| | Nation Zoom :( ich weiß nicht weiterCode:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.03.02 Windows 8 x64 NTFS Internet Explorer 11.0.9600.16476 Timo T :: TIMO [Administrator] Schutz: Aktiviert 03.01.2014 13:37:15 mbam-log-2014-01-03 (13-37-15).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 421544 Laufzeit: 1 Stunde(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 8 HKCR\CLSID\{6db9fdfe-b718-4962-be0c-0a5fce7f7f7b} (PUP.Optional.JumpFlip) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{f325945d-dafe-4312-95d8-1913aeb1d810} (PUP.Optional.JumpFlip) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{4318395F-DFF1-48AF-B5F0-958E93D16D56} (PUP.Optional.JumpFlip) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6DB9FDFE-B718-4962-BE0C-0A5FCE7F7F7B} (PUP.Optional.JumpFlip) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Jump Flip (PUP.Optional.JumpFlip.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\Update Jump Flip (PUP.Optional.JumpFlip.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\Software\Jump Flip (PUP.Optional.JumpFlip.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 6 C:\Users\Timo T\AppData\Roaming\DigitalSites\UpdateProc (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\RHelpers\ChromeHelper (PUP.Optional.Searchagent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\RHelpers\FirefoxHelper (PUP.Optional.Searchagent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\RHelpers\IeHelper (PUP.Optional.Searchagent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 47 C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll.vir (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe.vir (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLive.exe.vir (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveBroker.exe.vir (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveHandler.exe.vir (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveOnDemand.exe.vir (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\goopdate.dll.vir (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\psmachine.dll.vir (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\psuser.dll.vir (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptimizerPro.exe.vir (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProGuard.exe.vir (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProReminder.exe.vir (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProSchedule.exe.vir (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProSmartScan.exe.vir (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProStart.exe.vir (PUP.Optional.OptimizerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\dOwwnnloadittkeep\xKeUtMS2U.exe (PUP.Optional.CRXDrop.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\dOwwnnloadittkeep\xKeUtMS2U.x64.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\Jump Flip\JumpFlipBHO.dll (PUP.Optional.JumpFlip.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\Jump Flip\updateJumpFlip.exe (PUP.Optional.JumpFlip.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\Jump Flip\bin\utilJumpFlip.exe (PUP.Optional.JumpFlip.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\saavinugtoyyou\OrmbLjH6I_.exe (PUP.Optional.CRXDrop.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\FRST\Quarantine\saavinugtoyyou\OrmbLjH6I_.x64.dll (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (PUP.Optional.SearchDonkey.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (PUP.Optional.SearchDonkey.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (PUP.Optional.SearchDonkey.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Local\Microsoft\Windows\INetCache\IE\T7OXVSZ4\Setup[1].exe (PUP.Optional.InternetUpdater.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Local\Microsoft\Windows\INetCache\IE\T7OXVSZ4\Setup[2].exe (PUP.Optional.JumpFlip.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Local\Temp\awhF18A.tmp (PUP.Optional.Amonetize.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Local\Temp\FlashPlayer__4003_i220968287_il14.exe (PUP.Optional.InstallMonetizer) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Local\Temp\fullpackage_temp1388337325\Baofeng.exe (PUP.Optional.NationZoom.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Local\Temp\fullpackage_temp1388337325\tmp\NewGdp.exe (PUP.Optional.WpManager.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Local\Temp\is1275519350\16190757_stp.EXE (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Local\Temp\is1275519350\16190777_stp\bd.exe (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Local\Temp\is357113909\4068061_stp\JumpFlipSetup.exe (PUP.Optional.JumpFlip.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\Downloads\FlashPlayer_V.84230528b.exe (Adware.DomaIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\Downloads\FlashPlayer__4003_i220968287_il14.exe (PUP.Optional.InstallMonetizer) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\Downloads\Java.exe (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\Downloads\ZipOpenerSetup.exe (PUP.Optional.JumpyApps) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Roaming\DigitalSites\UpdateProc\config.dat (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Roaming\DigitalSites\UpdateProc\prod.dat (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo T\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=74e1ffae7602d545985e2e28a64e71d8
# engine=16502
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-03 04:37:37
# local_time=2014-01-03 05:37:37 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=1799 16775165 100 96 20884 254190347 13644 0
# compatibility_mode=5893 16776574 100 94 8252455 13648350 0 0
# scanned=200158
# found=6
# cleaned=0
# scan_time=8332
sh=C5828B700B9EF61FA1534D5D18482BF12F591CBF ft=1 fh=0404da55e35b3671 vn="a variant of Win32/AdWare.SpeedingUpMyPC.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProLauncher.exe.vir"
sh=67B68DB23C76F83A193C0AD7A83684711DD12DDC ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\FRST\Quarantine\d.u8vact@ocvzuyoytmw-.net\content\bg.js"
sh=A723FC98C645E1142C38BD9C68D33BEB7754328A ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\FRST\Quarantine\vxavvpc@ptwb-rm.com\content\bg.js"
sh=CBB049AED59050C3DCA369754B9DBFE0949713F6 ft=0 fh=0000000000000000 vn="a variant of Android/Adware.AirPush.G application" ac=I fn="C:\Users\Timo T\Desktop\Handy\600 Android Application Mega Pack 2012\Top Paid Android Apps September 2012 Part 4\WikiMobile 2 Pro Encyclopedia v2.75 Final By bobiras2009.apk"
sh=5B044861B5B31103763ABB53A6FFF21C642E2D4B ft=0 fh=0000000000000000 vn="a variant of Android/Adware.AirPush.G application" ac=I fn="C:\Users\Timo T\Desktop\Handy\600 Android Application Mega Pack 2012\Top Paid Android Apps September 2012 Part 6\Fake iPhone 5 v1.2 Final By bobiras2009.apk"
sh=2634612D69A78A5D366C75EADD1989052B41A7AE ft=0 fh=0000000000000000 vn="a variant of Android/Adware.Waps.E application" ac=I fn="C:\Users\Timo T\Desktop\Handy\Android.Games.Collection.Juni.2012.v2\Soldiers of Glory World War 2 v1.1.6\Soldiers_of_Glory_WW2_1.1.6.apk"
|
|
| Themen zu Nation Zoom :( ich weiß nicht weiter |
| abend, besser, faust, forum, guten, heute, hoffe, inter, interne, internet, mobogenie, mobogenie entfernen, nation zoom, nation zoom entfernen, nationzoom, nationzoom entfernen, nichts, pcs, problem, selbständig, suche, super, troja, trojan.agent |
Linear-Darstellung
