| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Internetverbindung schlecht, langsamer Computer und einfrieren des PC'sWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.04.2014, 20:43
| #10 |
 |  Internetverbindung schlecht, langsamer Computer und einfrieren des PC's FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-04-2014 02 Ran by Botan (administrator) on XEBAT-PC on 16-04-2014 21:29:45 Running from C:\Users\Botan\Downloads Windows 7 Ultimate (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Spotify Ltd) C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe (Realtek) C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\LevelOne\WUA-0605\RtWlan.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Spotify Ltd) C:\Users\Schule\AppData\Roaming\Spotify\spotify.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-15] (AVAST Software) HKU\S-1-5-21-1789832465-2975819574-3199883490-1007\...\Run: [Spotify Web Helper] => C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-11] (Spotify Ltd) Startup: C:\Users\Bekir&Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://cn.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBCE002826F4BCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-CN StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-15] Chrome: ======= CHR DefaultSearchKeyword: mysearchdial.com CHR DefaultSearchProvider: Mysearchdial CHR DefaultSearchURL: hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= CHR DefaultNewTabURL: &a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= CHR Extension: (Google Docs) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-14] CHR Extension: (Google Drive) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-14] CHR Extension: (YouTube) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-14] CHR Extension: (Google Search) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-14] CHR Extension: (Google Wallet) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-15] CHR Extension: (Gmail) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-14] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-15] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-15] (AVAST Software) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-06-01] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2013-06-01] () R2 Realtek11nSU; C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe [45056 2010-01-21] (Realtek) S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe" [X] ==================== Drivers (Whitelisted) ==================== S3 AODDriver; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-15] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-15] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-15] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-15] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-15] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-15] () R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [14760 2011-12-06] () R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [14760 2011-12-06] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-26] (DT Soft Ltd) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-05-04] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) S1 dgztwemx; \??\C:\Windows\system32\drivers\dgztwemx.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S1 opuaoowl; \??\C:\Windows\system32\drivers\opuaoowl.sys [X] S3 TesSafe; \??\C:\Windows\system32\TesSafe.sys [X] S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X] S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-16 14:56 - 2014-04-16 14:56 - 00000000 ____D () C:\Users\Botan\Downloads\break-party-flyer-graphics-vibe 2014-04-16 14:56 - 2014-04-16 14:56 - 00000000 ____D () C:\Users\Botan\Desktop\break-party-flyer-graphics-vibe 2014-04-16 14:55 - 2014-04-16 14:55 - 09622872 _____ () C:\Users\Botan\Downloads\p1714cn4h31m5h1qu0eg87cbou9b.zip 2014-04-15 22:57 - 2014-04-15 22:57 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\DropboxMaster 2014-04-15 22:56 - 2014-04-15 22:56 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-04-15 22:53 - 2014-04-15 22:57 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Dropbox 2014-04-15 22:53 - 2014-04-15 22:53 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-15 22:53 - 2014-04-15 22:53 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\AVAST Software 2014-04-15 22:52 - 2014-04-15 22:53 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-15 22:51 - 2014-04-15 22:51 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-15 22:51 - 2014-04-15 22:51 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-15 22:50 - 2014-04-15 22:50 - 00000000 ____D () C:\Program Files\AVAST Software 2014-04-15 22:49 - 2014-04-15 22:49 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-04-15 22:29 - 2014-04-15 22:29 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-04-15 22:28 - 2014-04-15 22:29 - 88551496 _____ (AVAST Software) C:\Users\Botan\Downloads\avast_free_antivirus_setup_9.0.2016.exe 2014-04-15 22:28 - 2014-04-15 22:28 - 02347384 _____ (ESET) C:\Users\Botan\Downloads\esetsmartinstaller_enu.exe 2014-04-15 14:11 - 2014-04-15 14:11 - 00052958 _____ () C:\Users\Botan\Documents\FRST.txt 2014-04-15 14:11 - 2014-04-15 14:11 - 00037638 _____ () C:\Users\Botan\Documents\Addition.txt 2014-04-15 14:09 - 2014-04-16 21:28 - 00000000 ____D () C:\Users\Botan\Downloads\FRST-OlderVersion 2014-04-15 13:14 - 2014-04-16 21:22 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-15 13:13 - 2014-04-15 13:13 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-15 13:13 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-15 13:13 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-15 13:13 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-15 13:12 - 2014-04-15 13:12 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Botan\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-15 13:11 - 2014-04-15 13:11 - 00030649 _____ () C:\Users\Botan\Desktop\AdwCleaner[S0].txt 2014-04-15 13:07 - 2014-04-15 13:09 - 00000000 ____D () C:\AdwCleaner 2014-04-15 13:06 - 2014-04-15 13:06 - 01426178 _____ () C:\Users\Botan\Downloads\adwcleaner.exe 2014-04-14 12:32 - 2014-04-14 12:32 - 00059941 _____ () C:\Users\Botan\Desktop\FRST.txt 2014-04-14 12:32 - 2014-04-14 12:32 - 00044435 _____ () C:\Users\Botan\Desktop\Addition.txt 2014-04-14 12:31 - 2014-04-15 14:11 - 00037638 _____ () C:\Users\Botan\Downloads\Addition.txt 2014-04-14 12:30 - 2014-04-16 21:29 - 00012859 _____ () C:\Users\Botan\Downloads\FRST.txt 2014-04-14 12:30 - 2014-04-16 21:29 - 00000000 ____D () C:\FRST 2014-04-14 12:29 - 2014-04-16 21:28 - 02158592 _____ (Farbar) C:\Users\Botan\Downloads\FRST64.exe 2014-04-14 12:13 - 2014-04-14 12:13 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\VSRevoGroup 2014-04-14 12:10 - 2014-04-14 12:10 - 00000045 _____ () C:\Users\Botan\AppData\Roaming\WB.CFG 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Opera Software 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Local\Opera Software 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D7 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D6 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D5 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D4 2014-04-14 12:06 - 2014-04-14 12:06 - 00001268 _____ () C:\Users\Botan\Desktop\Revo Uninstaller.lnk 2014-04-14 12:06 - 2014-04-14 12:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D3 2014-04-14 12:05 - 2014-04-14 12:05 - 00001133 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-04-14 12:05 - 2014-04-14 12:05 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-14 12:04 - 2014-04-14 12:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Botan\Downloads\revosetup.exe 2014-04-14 12:04 - 2014-04-14 12:04 - 00710848 _____ ( ) C:\Users\Botan\Downloads\COMPUTER_BILD-Download-Manager_fuer_revosetup.exe 2014-04-14 12:02 - 2014-04-14 12:02 - 00000000 ____D () C:\Users\Botan\Desktop\Alte Firefox-Daten 2014-04-14 11:48 - 2014-04-14 11:48 - 00001103 _____ () C:\Users\Bekir&Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:19 - 2014-04-14 11:19 - 00001426 _____ () C:\Users\Bekir&Botan\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:17 - 2014-04-14 11:17 - 00001426 _____ () C:\Users\Xebat\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:15 - 2014-04-14 11:15 - 00001426 _____ () C:\Users\Schule\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 09:11 - 2014-04-15 22:25 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-04-13 04:05 - 2014-04-13 04:05 - 00000000 ____D () C:\Users\Botan\AppData\Local\QuickLoL 2014-04-13 04:05 - 2013-11-14 18:26 - 00000507 _____ () C:\Users\Botan\Desktop\readme.txt 2014-04-13 04:05 - 2013-11-14 18:25 - 00272384 _____ (QuickLoL) C:\Users\Botan\Desktop\QuickLoL Timers.exe 2014-04-13 04:04 - 2014-04-13 04:04 - 00080780 _____ () C:\Users\Botan\Downloads\quickloltimers.rar 2014-04-12 08:47 - 2014-04-12 08:47 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-12 08:47 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-12 08:47 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-12 08:47 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-12 08:47 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-12 08:46 - 2014-04-12 08:47 - 00006660 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-04-10 15:39 - 2014-04-10 15:39 - 00993712 _____ () C:\Users\Botan\Downloads\setup (1).exe 2014-04-08 20:29 - 2014-04-08 20:29 - 00013281 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles(1).zip 2014-04-08 20:28 - 2014-04-08 20:28 - 00008908 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles.zip 2014-04-07 20:20 - 2014-04-07 20:19 - 00043113 _____ () C:\Users\Botan\Desktop\beautiful es.zip 2014-04-07 20:19 - 2014-04-07 20:18 - 00096732 _____ () C:\Users\Botan\Desktop\flaemische kanzleischrift.zip 2014-04-07 20:18 - 2014-04-07 20:18 - 00236936 _____ () C:\Users\Botan\Downloads\FlaemischeKanzleischrift_downloader-25q8QlRF.exe 2014-04-07 20:18 - 2014-04-07 20:18 - 00236920 _____ () C:\Users\Botan\Downloads\BeautifulES_downloader-cvjY6Vss.exe 2014-04-07 20:15 - 2014-04-07 20:15 - 00139237 _____ () C:\Users\Botan\Downloads\Learning-Curve-Pro.zip 2014-04-07 19:44 - 2014-04-15 19:46 - 00000000 ____D () C:\Users\Botan\Desktop\Bewerbung 2014-04-05 23:49 - 2014-04-05 23:49 - 00262144 ____N () C:\Windows\Minidump\040514-39140-01.dmp 2014-04-05 13:40 - 2014-04-05 13:40 - 00000000 ____D () C:\Users\Botan\Documents\League of Legends 2014-04-05 13:38 - 2014-04-05 13:38 - 00138280 ____H () C:\Windows\SysWOW64\mlfcache.dat 2014-04-04 14:46 - 2014-04-04 15:22 - 108731266 _____ () C:\Users\Botan\Downloads\C-BL_LNFBE.rar 2014-04-03 22:35 - 2014-04-16 15:29 - 00000000 ____D () C:\Users\Botan\Desktop\Neuer Ordner 2014-04-03 18:09 - 2014-04-03 18:09 - 00000000 ____D () C:\Users\Schule\AppData\Local\Skype 2014-04-02 20:52 - 2014-04-02 20:52 - 00016795 _____ () C:\Users\Botan\Documents\Lebenslauf.odt 2014-04-02 20:49 - 2014-04-02 20:49 - 00026660 _____ () C:\Users\Botan\Documents\Bekir Yentar3BKM.odt 2014-03-30 22:28 - 2014-03-31 20:55 - 00000000 ____D () C:\Users\Botan\Downloads\client 2014-03-30 22:11 - 2013-09-29 13:59 - 02407774 ____N () C:\Users\Botan\Desktop\blackmart.apk 2014-03-30 21:54 - 2014-03-30 22:28 - 1613897479 _____ () C:\Users\Botan\Downloads\extremmt2_update3.0.tar.gz 2014-03-30 15:43 - 2014-04-14 11:48 - 00001091 _____ () C:\Users\Botan\Desktop\Continue VuuPC Installation.lnk 2014-03-30 15:27 - 2014-03-30 15:27 - 00617837 _____ () C:\Users\Botan\Downloads\Pokemon XandY emulator.zip 2014-03-30 15:27 - 2014-03-14 00:08 - 00630757 _____ (3DS Emulator - Pokemon X Y) C:\Users\Botan\Desktop\Pokemon XY + Emulator.exe 2014-03-29 15:40 - 2014-03-29 15:40 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee 2014-03-23 14:13 - 2014-03-23 14:15 - 02798160 _____ () C:\Users\Botan\Downloads\TGPMiniDown.1450.2.1.4.7357.bns.signed.exe 2014-03-20 16:02 - 2014-03-20 16:02 - 00001102 _____ () C:\Users\Botan\Desktop\ÌÚѶÓÎϷƽ̨.lnk 2014-03-20 16:01 - 2014-03-20 16:02 - 32992408 _____ (Tencent) C:\Users\Botan\Downloads\TGPSetup1.0.9.1323.exe 2014-03-20 15:59 - 2014-03-20 15:59 - 00002193 _____ () C:\Users\Botan\Desktop\网游加速小助手(剑灵).lnk 2014-03-20 15:59 - 2014-03-20 15:59 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2014-03-20 15:57 - 2014-03-20 15:58 - 06867888 _____ (腾讯) C:\Users\Botan\Downloads\QQAccInstall_2.0.45.89_BNS.exe 2014-03-20 12:02 - 2014-03-20 12:02 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard 2014-03-20 10:04 - 2014-03-20 10:04 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard Entertainment 2014-03-20 01:17 - 2014-03-20 12:02 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-03-20 01:17 - 2014-03-20 01:17 - 00001161 _____ () C:\Users\Public\Desktop\Hearthstone.lnk 2014-03-20 01:16 - 2014-03-23 22:43 - 00000000 ____D () C:\Users\Botan\AppData\Local\Battle.net 2014-03-20 01:16 - 2014-03-21 23:07 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00001124 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-03-20 01:14 - 2014-03-20 01:14 - 07056680 _____ (Blizzard Entertainment) C:\Users\Botan\Downloads\Hearthstone-Setup-deDE.exe 2014-03-20 01:14 - 2014-03-20 01:14 - 00000000 ____D () C:\ProgramData\Battle.net 2014-03-19 20:00 - 2014-03-19 20:00 - 00000220 _____ () C:\Users\Botan\Downloads\ms_728x90.hml 2014-03-19 19:36 - 2014-03-19 19:36 - 00002573 _____ () C:\Users\Public\Desktop\China English Patch.lnk 2014-03-19 19:36 - 2014-03-19 19:36 - 00000000 ____D () C:\Program Files (x86)\LokiReborn 2014-03-19 19:35 - 2014-03-19 19:35 - 03094092 _____ (LokiReborn) C:\Users\Botan\Downloads\setup.exe 2014-03-19 19:35 - 2014-03-19 19:35 - 00000000 ____D () C:\Users\Botan\AppData\Local\Downloaded Installations 2014-03-19 19:30 - 2014-03-19 19:30 - 00000000 ____D () C:\Users\Botan\Documents\Tencent Files 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\Documents\BnS 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Awesomium 2014-03-19 19:23 - 2014-03-19 19:23 - 00000010 _____ () C:\Users\Botan\Documents\aaaa.txt 2014-03-19 19:02 - 2014-03-20 15:35 - 00001192 _____ () C:\Users\Botan\Desktop\½£Áé_ÌÚѶ.lnk 2014-03-19 19:02 - 2014-03-19 19:02 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÌÚѶÓÎÏ· 2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\Program Files\ÌÚѶÓÎÏ· 2014-03-18 21:32 - 2014-03-18 21:32 - 00000000 ____D () C:\Users\Botan\Downloads\data 2014-03-18 20:41 - 2014-03-19 18:28 - 00000000 ____D () C:\GameDownload 2014-03-18 20:37 - 2014-03-18 20:37 - 03046584 _____ () C:\Users\Botan\Downloads\bns_1.89.4110.4_setup_signed_TDL_signed.exe 2014-03-18 18:41 - 2014-03-18 18:41 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ____D () C:\Users\Botan\AppData\Local\Skype 2014-03-18 18:22 - 2014-03-18 18:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-18 18:05 - 2014-03-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-18 18:04 - 2014-03-18 18:04 - 02006233 _____ () C:\Users\Botan\Downloads\SoundDownloader.jar ==================== One Month Modified Files and Folders ======= 2014-04-16 21:29 - 2014-04-14 12:30 - 00012859 _____ () C:\Users\Botan\Downloads\FRST.txt 2014-04-16 21:29 - 2014-04-14 12:30 - 00000000 ____D () C:\FRST 2014-04-16 21:28 - 2014-04-15 14:09 - 00000000 ____D () C:\Users\Botan\Downloads\FRST-OlderVersion 2014-04-16 21:28 - 2014-04-14 12:29 - 02158592 _____ (Farbar) C:\Users\Botan\Downloads\FRST64.exe 2014-04-16 21:28 - 2014-01-21 16:15 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Spotify 2014-04-16 21:22 - 2014-04-15 13:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-16 21:06 - 2013-06-10 22:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-16 21:01 - 2013-03-26 00:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-16 20:41 - 2014-01-21 16:15 - 00000000 ____D () C:\Users\Botan\AppData\Local\Spotify 2014-04-16 20:40 - 2009-07-14 06:51 - 00081905 _____ () C:\Windows\setupact.log 2014-04-16 20:37 - 2014-01-17 21:43 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Skype 2014-04-16 20:06 - 2013-06-10 22:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-16 17:41 - 2013-03-25 23:44 - 01901884 _____ () C:\Windows\WindowsUpdate.log 2014-04-16 15:29 - 2014-04-03 22:35 - 00000000 ____D () C:\Users\Botan\Desktop\Neuer Ordner 2014-04-16 14:56 - 2014-04-16 14:56 - 00000000 ____D () C:\Users\Botan\Downloads\break-party-flyer-graphics-vibe 2014-04-16 14:56 - 2014-04-16 14:56 - 00000000 ____D () C:\Users\Botan\Desktop\break-party-flyer-graphics-vibe 2014-04-16 14:55 - 2014-04-16 14:55 - 09622872 _____ () C:\Users\Botan\Downloads\p1714cn4h31m5h1qu0eg87cbou9b.zip 2014-04-16 11:32 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-16 11:32 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-16 11:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-16 00:33 - 2013-03-26 00:21 - 00202436 _____ () C:\Windows\PFRO.log 2014-04-15 22:57 - 2014-04-15 22:57 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\DropboxMaster 2014-04-15 22:57 - 2014-04-15 22:53 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Dropbox 2014-04-15 22:56 - 2014-04-15 22:56 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-04-15 22:53 - 2014-04-15 22:53 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-15 22:53 - 2014-04-15 22:53 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\AVAST Software 2014-04-15 22:53 - 2014-04-15 22:52 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-15 22:51 - 2014-04-15 22:51 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-15 22:51 - 2014-04-15 22:51 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-15 22:50 - 2014-04-15 22:50 - 00000000 ____D () C:\Program Files\AVAST Software 2014-04-15 22:49 - 2014-04-15 22:49 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-04-15 22:29 - 2014-04-15 22:29 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-04-15 22:29 - 2014-04-15 22:28 - 88551496 _____ (AVAST Software) C:\Users\Botan\Downloads\avast_free_antivirus_setup_9.0.2016.exe 2014-04-15 22:28 - 2014-04-15 22:28 - 02347384 _____ (ESET) C:\Users\Botan\Downloads\esetsmartinstaller_enu.exe 2014-04-15 22:25 - 2014-04-14 09:11 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-04-15 22:23 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-04-15 19:46 - 2014-04-07 19:44 - 00000000 ____D () C:\Users\Botan\Desktop\Bewerbung 2014-04-15 17:11 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini 2014-04-15 14:11 - 2014-04-15 14:11 - 00052958 _____ () C:\Users\Botan\Documents\FRST.txt 2014-04-15 14:11 - 2014-04-15 14:11 - 00037638 _____ () C:\Users\Botan\Documents\Addition.txt 2014-04-15 14:11 - 2014-04-14 12:31 - 00037638 _____ () C:\Users\Botan\Downloads\Addition.txt 2014-04-15 13:13 - 2014-04-15 13:13 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-15 13:12 - 2014-04-15 13:12 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Botan\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-15 13:11 - 2014-04-15 13:11 - 00030649 _____ () C:\Users\Botan\Desktop\AdwCleaner[S0].txt 2014-04-15 13:09 - 2014-04-15 13:07 - 00000000 ____D () C:\AdwCleaner 2014-04-15 13:08 - 2013-06-10 22:13 - 00001282 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-15 13:08 - 2013-03-26 00:11 - 00001053 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-15 13:06 - 2014-04-15 13:06 - 01426178 _____ () C:\Users\Botan\Downloads\adwcleaner.exe 2014-04-15 13:01 - 2013-06-23 18:59 - 00000000 ____D () C:\ProgramData\InstallMate 2014-04-15 10:50 - 2014-02-07 14:35 - 00000000 ____D () C:\Program Files (x86)\PDF24 2014-04-14 12:32 - 2014-04-14 12:32 - 00059941 _____ () C:\Users\Botan\Desktop\FRST.txt 2014-04-14 12:32 - 2014-04-14 12:32 - 00044435 _____ () C:\Users\Botan\Desktop\Addition.txt 2014-04-14 12:24 - 2014-01-14 15:49 - 00000000 ____D () C:\Users\Botan\Documents\My RoboForm Data 2014-04-14 12:24 - 2013-06-29 13:50 - 00003976 _____ () C:\Windows\System32\Tasks\Open URL by RoboForm 2014-04-14 12:14 - 2014-01-07 17:34 - 00000000 ___RD () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-14 12:13 - 2014-04-14 12:13 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\VSRevoGroup 2014-04-14 12:10 - 2014-04-14 12:10 - 00000045 _____ () C:\Users\Botan\AppData\Roaming\WB.CFG 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Opera Software 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Local\Opera Software 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D7 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D6 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D5 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D4 2014-04-14 12:06 - 2014-04-14 12:06 - 00001268 _____ () C:\Users\Botan\Desktop\Revo Uninstaller.lnk 2014-04-14 12:06 - 2014-04-14 12:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D3 2014-04-14 12:05 - 2014-04-14 12:05 - 00001133 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-04-14 12:05 - 2014-04-14 12:05 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-14 12:04 - 2014-04-14 12:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Botan\Downloads\revosetup.exe 2014-04-14 12:04 - 2014-04-14 12:04 - 00710848 _____ ( ) C:\Users\Botan\Downloads\COMPUTER_BILD-Download-Manager_fuer_revosetup.exe 2014-04-14 12:02 - 2014-04-14 12:02 - 00000000 ____D () C:\Users\Botan\Desktop\Alte Firefox-Daten 2014-04-14 11:48 - 2014-04-14 11:48 - 00001103 _____ () C:\Users\Bekir&Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:48 - 2014-03-30 15:43 - 00001091 _____ () C:\Users\Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:19 - 2014-04-14 11:19 - 00001426 _____ () C:\Users\Bekir&Botan\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:19 - 2013-10-23 15:20 - 00000000 ____D () C:\Users\Bekir&Botan\AppData\Roaming\Spotify 2014-04-14 11:19 - 2013-09-30 18:50 - 00099152 _____ () C:\Users\Bekir&Botan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-14 11:17 - 2014-04-14 11:17 - 00001426 _____ () C:\Users\Xebat\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:15 - 2014-04-14 11:15 - 00001426 _____ () C:\Users\Schule\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:01 - 2013-03-26 00:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-14 11:01 - 2013-03-26 00:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-14 11:01 - 2013-03-26 00:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-14 09:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-04-13 04:05 - 2014-04-13 04:05 - 00000000 ____D () C:\Users\Botan\AppData\Local\QuickLoL 2014-04-13 04:04 - 2014-04-13 04:04 - 00080780 _____ () C:\Users\Botan\Downloads\quickloltimers.rar 2014-04-12 08:47 - 2014-04-12 08:47 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-12 08:47 - 2014-04-12 08:46 - 00006660 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-04-12 08:47 - 2013-05-16 21:57 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-11 00:20 - 2013-04-10 13:40 - 00000000 ____D () C:\Users\Schule\AppData\Roaming\Spotify 2014-04-10 18:07 - 2013-09-07 18:12 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-10 18:06 - 2009-10-14 07:12 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-10 15:58 - 2009-07-14 19:58 - 01169372 _____ () C:\Windows\system32\perfh007.dat 2014-04-10 15:58 - 2009-07-14 19:58 - 00296124 _____ () C:\Windows\system32\perfc007.dat 2014-04-10 15:58 - 2009-07-14 07:13 - 00006248 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-10 15:39 - 2014-04-10 15:39 - 00993712 _____ () C:\Users\Botan\Downloads\setup (1).exe 2014-04-08 20:29 - 2014-04-08 20:29 - 00013281 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles(1).zip 2014-04-08 20:28 - 2014-04-08 20:28 - 00008908 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles.zip 2014-04-08 14:21 - 2009-07-14 06:45 - 04947952 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-07 20:30 - 2014-01-07 17:34 - 00099152 _____ () C:\Users\Botan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-07 20:19 - 2014-04-07 20:20 - 00043113 _____ () C:\Users\Botan\Desktop\beautiful es.zip 2014-04-07 20:18 - 2014-04-07 20:19 - 00096732 _____ () C:\Users\Botan\Desktop\flaemische kanzleischrift.zip 2014-04-07 20:18 - 2014-04-07 20:18 - 00236936 _____ () C:\Users\Botan\Downloads\FlaemischeKanzleischrift_downloader-25q8QlRF.exe 2014-04-07 20:18 - 2014-04-07 20:18 - 00236920 _____ () C:\Users\Botan\Downloads\BeautifulES_downloader-cvjY6Vss.exe 2014-04-07 20:15 - 2014-04-07 20:15 - 00139237 _____ () C:\Users\Botan\Downloads\Learning-Curve-Pro.zip 2014-04-05 23:50 - 2013-03-27 03:49 - 00000000 ____D () C:\Windows\Minidump 2014-04-05 23:49 - 2014-04-05 23:49 - 00262144 ____N () C:\Windows\Minidump\040514-39140-01.dmp 2014-04-05 13:40 - 2014-04-05 13:40 - 00000000 ____D () C:\Users\Botan\Documents\League of Legends 2014-04-05 13:38 - 2014-04-05 13:38 - 00138280 ____H () C:\Windows\SysWOW64\mlfcache.dat 2014-04-04 20:01 - 2013-06-10 22:12 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-04 20:01 - 2013-06-10 22:12 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-04 15:22 - 2014-04-04 14:46 - 108731266 _____ () C:\Users\Botan\Downloads\C-BL_LNFBE.rar 2014-04-03 18:13 - 2014-01-14 22:20 - 00000000 ____D () C:\Users\Bekir&Botan\AppData\Local\Akamai 2014-04-03 18:12 - 2013-05-01 19:43 - 00000000 ____D () C:\Users\Schule\AppData\Local\PMB Files 2014-04-03 18:09 - 2014-04-03 18:09 - 00000000 ____D () C:\Users\Schule\AppData\Local\Skype 2014-04-03 18:09 - 2013-04-08 15:06 - 00000000 ____D () C:\Users\Schule\AppData\Roaming\Skype 2014-04-03 18:01 - 2013-06-11 18:09 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-03 18:00 - 2013-07-02 21:48 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-04-03 17:58 - 2014-02-07 14:33 - 00000000 ____D () C:\Users\Botan\AppData\Local\Adobe 2014-04-03 17:55 - 2014-01-15 19:47 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Adobe 2014-04-03 09:51 - 2014-04-15 13:13 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-15 13:13 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-15 13:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-02 20:52 - 2014-04-02 20:52 - 00016795 _____ () C:\Users\Botan\Documents\Lebenslauf.odt 2014-04-02 20:49 - 2014-04-02 20:49 - 00026660 _____ () C:\Users\Botan\Documents\Bekir Yentar3BKM.odt 2014-03-31 20:55 - 2014-03-30 22:28 - 00000000 ____D () C:\Users\Botan\Downloads\client 2014-03-30 22:28 - 2014-03-30 21:54 - 1613897479 _____ () C:\Users\Botan\Downloads\extremmt2_update3.0.tar.gz 2014-03-30 15:27 - 2014-03-30 15:27 - 00617837 _____ () C:\Users\Botan\Downloads\Pokemon XandY emulator.zip 2014-03-30 12:17 - 2014-01-18 15:23 - 00000000 ____D () C:\Program Files (x86)\RIFT 2014-03-29 15:40 - 2014-03-29 15:40 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee 2014-03-26 22:36 - 2013-04-11 13:25 - 00000000 ____D () C:\Users\Schule\Desktop\Bilder 2014-03-23 22:43 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Local\Battle.net 2014-03-23 14:25 - 2013-11-10 21:39 - 00000000 ____D () C:\download 2014-03-23 14:15 - 2014-03-23 14:13 - 02798160 _____ () C:\Users\Botan\Downloads\TGPMiniDown.1450.2.1.4.7357.bns.signed.exe 2014-03-23 05:55 - 2013-10-03 19:32 - 00000062 _____ () C:\Users\Bekir&Botan\Desktop\settings.json 2014-03-21 23:07 - 2014-03-20 01:16 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-03-20 16:02 - 2014-03-20 16:02 - 00001102 _____ () C:\Users\Botan\Desktop\ÌÚѶÓÎϷƽ̨.lnk 2014-03-20 16:02 - 2014-03-20 16:01 - 32992408 _____ (Tencent) C:\Users\Botan\Downloads\TGPSetup1.0.9.1323.exe 2014-03-20 15:59 - 2014-03-20 15:59 - 00002193 _____ () C:\Users\Botan\Desktop\网游加速小助手(剑灵).lnk 2014-03-20 15:59 - 2014-03-20 15:59 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2014-03-20 15:58 - 2014-03-20 15:57 - 06867888 _____ (腾讯) C:\Users\Botan\Downloads\QQAccInstall_2.0.45.89_BNS.exe 2014-03-20 15:35 - 2014-03-19 19:02 - 00001192 _____ () C:\Users\Botan\Desktop\½£Áé_ÌÚѶ.lnk 2014-03-20 12:02 - 2014-03-20 12:02 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard 2014-03-20 12:02 - 2014-03-20 01:17 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-03-20 10:04 - 2014-03-20 10:04 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard Entertainment 2014-03-20 01:17 - 2014-03-20 01:17 - 00001161 _____ () C:\Users\Public\Desktop\Hearthstone.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00001124 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-03-20 01:14 - 2014-03-20 01:14 - 07056680 _____ (Blizzard Entertainment) C:\Users\Botan\Downloads\Hearthstone-Setup-deDE.exe 2014-03-20 01:14 - 2014-03-20 01:14 - 00000000 ____D () C:\ProgramData\Battle.net 2014-03-19 20:00 - 2014-03-19 20:00 - 00000220 _____ () C:\Users\Botan\Downloads\ms_728x90.hml 2014-03-19 19:36 - 2014-03-19 19:36 - 00002573 _____ () C:\Users\Public\Desktop\China English Patch.lnk 2014-03-19 19:36 - 2014-03-19 19:36 - 00000000 ____D () C:\Program Files (x86)\LokiReborn 2014-03-19 19:35 - 2014-03-19 19:35 - 03094092 _____ (LokiReborn) C:\Users\Botan\Downloads\setup.exe 2014-03-19 19:35 - 2014-03-19 19:35 - 00000000 ____D () C:\Users\Botan\AppData\Local\Downloaded Installations 2014-03-19 19:30 - 2014-03-19 19:30 - 00000000 ____D () C:\Users\Botan\Documents\Tencent Files 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\Documents\BnS 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Awesomium 2014-03-19 19:23 - 2014-03-19 19:23 - 00000010 _____ () C:\Users\Botan\Documents\aaaa.txt 2014-03-19 19:02 - 2014-03-19 19:02 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÌÚѶÓÎÏ· 2014-03-19 18:57 - 2013-03-26 04:53 - 00155987 _____ () C:\Windows\DirectX.log 2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\Program Files\ÌÚѶÓÎÏ· 2014-03-19 18:28 - 2014-03-18 20:41 - 00000000 ____D () C:\GameDownload 2014-03-18 21:32 - 2014-03-18 21:32 - 00000000 ____D () C:\Users\Botan\Downloads\data 2014-03-18 20:37 - 2014-03-18 20:37 - 03046584 _____ () C:\Users\Botan\Downloads\bns_1.89.4110.4_setup_signed_TDL_signed.exe 2014-03-18 20:25 - 2013-05-27 21:48 - 00000000 ____D () C:\Users\Xebat\AppData\Roaming\Spotify 2014-03-18 20:24 - 2013-05-27 21:49 - 00000000 ____D () C:\Users\Xebat\AppData\Local\Spotify 2014-03-18 20:21 - 2013-03-26 00:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-18 18:41 - 2014-03-18 18:41 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ____D () C:\Users\Botan\AppData\Local\Skype 2014-03-18 18:41 - 2013-04-08 15:06 - 00000000 ____D () C:\ProgramData\Skype 2014-03-18 18:23 - 2014-01-07 17:34 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Apple Computer 2014-03-18 18:22 - 2014-03-18 18:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-18 18:05 - 2014-03-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-18 18:04 - 2014-03-18 18:04 - 02006233 _____ () C:\Users\Botan\Downloads\SoundDownloader.jar Some content of TEMP: ==================== C:\Users\Botan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpszn0rt.dll C:\Users\Xebat\AppData\Local\Temp\bitool.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-10 20:32 ==================== End Of Log ============================ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-04-2014 02 Ran by Botan (administrator) on XEBAT-PC on 16-04-2014 21:29:45 Running from C:\Users\Botan\Downloads Windows 7 Ultimate (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Spotify Ltd) C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe (Realtek) C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\LevelOne\WUA-0605\RtWlan.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Spotify Ltd) C:\Users\Schule\AppData\Roaming\Spotify\spotify.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyHelper.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-15] (AVAST Software) HKU\S-1-5-21-1789832465-2975819574-3199883490-1007\...\Run: [Spotify Web Helper] => C:\Users\Schule\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-11] (Spotify Ltd) Startup: C:\Users\Bekir&Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://cn.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBCE002826F4BCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-CN StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Botan\AppData\Roaming\Mozilla\Firefox\Profiles\fo16hqsi.default-1397469719534 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-15] Chrome: ======= CHR DefaultSearchKeyword: mysearchdial.com CHR DefaultSearchProvider: Mysearchdial CHR DefaultSearchURL: hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= CHR DefaultNewTabURL: &a=cmi_14_16_ch&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzy0DyD0FyDzztC0E0CtBtBtN0D0Tzu0SzztAyEtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0Czz0C0B0Bzz0CtG0AyB0BzztGyB0ByCtBtG0B0DtD0DtGyB0ByBtAzy0Fzz0A0ByB0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtCtCtAzz0EzyyDtGyD0FtB0DtG0A0C0CyEtGzz0EtDyBtGyCzytC0DtBzzzztA0FyDtB0A2Q&cr=2124572885&ir= CHR Extension: (Google Docs) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-14] CHR Extension: (Google Drive) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-14] CHR Extension: (YouTube) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-14] CHR Extension: (Google Search) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-14] CHR Extension: (Google Wallet) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-15] CHR Extension: (Gmail) - C:\Users\Botan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-14] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-15] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-15] (AVAST Software) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-06-01] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2013-06-01] () R2 Realtek11nSU; C:\Program Files (x86)\LevelOne\WUA-0605\RtlService.exe [45056 2010-01-21] (Realtek) S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe" [X] ==================== Drivers (Whitelisted) ==================== S3 AODDriver; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-15] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-15] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-15] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-15] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-15] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-15] () R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [14760 2011-12-06] () R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [14760 2011-12-06] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-26] (DT Soft Ltd) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-05-04] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) S1 dgztwemx; \??\C:\Windows\system32\drivers\dgztwemx.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S1 opuaoowl; \??\C:\Windows\system32\drivers\opuaoowl.sys [X] S3 TesSafe; \??\C:\Windows\system32\TesSafe.sys [X] S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X] S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-16 14:56 - 2014-04-16 14:56 - 00000000 ____D () C:\Users\Botan\Downloads\break-party-flyer-graphics-vibe 2014-04-16 14:56 - 2014-04-16 14:56 - 00000000 ____D () C:\Users\Botan\Desktop\break-party-flyer-graphics-vibe 2014-04-16 14:55 - 2014-04-16 14:55 - 09622872 _____ () C:\Users\Botan\Downloads\p1714cn4h31m5h1qu0eg87cbou9b.zip 2014-04-15 22:57 - 2014-04-15 22:57 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\DropboxMaster 2014-04-15 22:56 - 2014-04-15 22:56 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-04-15 22:53 - 2014-04-15 22:57 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Dropbox 2014-04-15 22:53 - 2014-04-15 22:53 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-15 22:53 - 2014-04-15 22:53 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\AVAST Software 2014-04-15 22:52 - 2014-04-15 22:53 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-15 22:51 - 2014-04-15 22:51 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-15 22:51 - 2014-04-15 22:51 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-15 22:50 - 2014-04-15 22:50 - 00000000 ____D () C:\Program Files\AVAST Software 2014-04-15 22:49 - 2014-04-15 22:49 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-04-15 22:29 - 2014-04-15 22:29 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-04-15 22:28 - 2014-04-15 22:29 - 88551496 _____ (AVAST Software) C:\Users\Botan\Downloads\avast_free_antivirus_setup_9.0.2016.exe 2014-04-15 22:28 - 2014-04-15 22:28 - 02347384 _____ (ESET) C:\Users\Botan\Downloads\esetsmartinstaller_enu.exe 2014-04-15 14:11 - 2014-04-15 14:11 - 00052958 _____ () C:\Users\Botan\Documents\FRST.txt 2014-04-15 14:11 - 2014-04-15 14:11 - 00037638 _____ () C:\Users\Botan\Documents\Addition.txt 2014-04-15 14:09 - 2014-04-16 21:28 - 00000000 ____D () C:\Users\Botan\Downloads\FRST-OlderVersion 2014-04-15 13:14 - 2014-04-16 21:22 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-15 13:13 - 2014-04-15 13:13 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-15 13:13 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-15 13:13 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-15 13:13 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-15 13:12 - 2014-04-15 13:12 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Botan\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-15 13:11 - 2014-04-15 13:11 - 00030649 _____ () C:\Users\Botan\Desktop\AdwCleaner[S0].txt 2014-04-15 13:07 - 2014-04-15 13:09 - 00000000 ____D () C:\AdwCleaner 2014-04-15 13:06 - 2014-04-15 13:06 - 01426178 _____ () C:\Users\Botan\Downloads\adwcleaner.exe 2014-04-14 12:32 - 2014-04-14 12:32 - 00059941 _____ () C:\Users\Botan\Desktop\FRST.txt 2014-04-14 12:32 - 2014-04-14 12:32 - 00044435 _____ () C:\Users\Botan\Desktop\Addition.txt 2014-04-14 12:31 - 2014-04-15 14:11 - 00037638 _____ () C:\Users\Botan\Downloads\Addition.txt 2014-04-14 12:30 - 2014-04-16 21:29 - 00012859 _____ () C:\Users\Botan\Downloads\FRST.txt 2014-04-14 12:30 - 2014-04-16 21:29 - 00000000 ____D () C:\FRST 2014-04-14 12:29 - 2014-04-16 21:28 - 02158592 _____ (Farbar) C:\Users\Botan\Downloads\FRST64.exe 2014-04-14 12:13 - 2014-04-14 12:13 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\VSRevoGroup 2014-04-14 12:10 - 2014-04-14 12:10 - 00000045 _____ () C:\Users\Botan\AppData\Roaming\WB.CFG 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Opera Software 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Local\Opera Software 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D7 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D6 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D5 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D4 2014-04-14 12:06 - 2014-04-14 12:06 - 00001268 _____ () C:\Users\Botan\Desktop\Revo Uninstaller.lnk 2014-04-14 12:06 - 2014-04-14 12:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D3 2014-04-14 12:05 - 2014-04-14 12:05 - 00001133 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-04-14 12:05 - 2014-04-14 12:05 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-14 12:04 - 2014-04-14 12:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Botan\Downloads\revosetup.exe 2014-04-14 12:04 - 2014-04-14 12:04 - 00710848 _____ ( ) C:\Users\Botan\Downloads\COMPUTER_BILD-Download-Manager_fuer_revosetup.exe 2014-04-14 12:02 - 2014-04-14 12:02 - 00000000 ____D () C:\Users\Botan\Desktop\Alte Firefox-Daten 2014-04-14 11:48 - 2014-04-14 11:48 - 00001103 _____ () C:\Users\Bekir&Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:19 - 2014-04-14 11:19 - 00001426 _____ () C:\Users\Bekir&Botan\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:17 - 2014-04-14 11:17 - 00001426 _____ () C:\Users\Xebat\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:15 - 2014-04-14 11:15 - 00001426 _____ () C:\Users\Schule\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 09:11 - 2014-04-15 22:25 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-04-13 04:05 - 2014-04-13 04:05 - 00000000 ____D () C:\Users\Botan\AppData\Local\QuickLoL 2014-04-13 04:05 - 2013-11-14 18:26 - 00000507 _____ () C:\Users\Botan\Desktop\readme.txt 2014-04-13 04:05 - 2013-11-14 18:25 - 00272384 _____ (QuickLoL) C:\Users\Botan\Desktop\QuickLoL Timers.exe 2014-04-13 04:04 - 2014-04-13 04:04 - 00080780 _____ () C:\Users\Botan\Downloads\quickloltimers.rar 2014-04-12 08:47 - 2014-04-12 08:47 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-12 08:47 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-12 08:47 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-12 08:47 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-12 08:47 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-12 08:46 - 2014-04-12 08:47 - 00006660 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-04-10 15:39 - 2014-04-10 15:39 - 00993712 _____ () C:\Users\Botan\Downloads\setup (1).exe 2014-04-08 20:29 - 2014-04-08 20:29 - 00013281 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles(1).zip 2014-04-08 20:28 - 2014-04-08 20:28 - 00008908 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles.zip 2014-04-07 20:20 - 2014-04-07 20:19 - 00043113 _____ () C:\Users\Botan\Desktop\beautiful es.zip 2014-04-07 20:19 - 2014-04-07 20:18 - 00096732 _____ () C:\Users\Botan\Desktop\flaemische kanzleischrift.zip 2014-04-07 20:18 - 2014-04-07 20:18 - 00236936 _____ () C:\Users\Botan\Downloads\FlaemischeKanzleischrift_downloader-25q8QlRF.exe 2014-04-07 20:18 - 2014-04-07 20:18 - 00236920 _____ () C:\Users\Botan\Downloads\BeautifulES_downloader-cvjY6Vss.exe 2014-04-07 20:15 - 2014-04-07 20:15 - 00139237 _____ () C:\Users\Botan\Downloads\Learning-Curve-Pro.zip 2014-04-07 19:44 - 2014-04-15 19:46 - 00000000 ____D () C:\Users\Botan\Desktop\Bewerbung 2014-04-05 23:49 - 2014-04-05 23:49 - 00262144 ____N () C:\Windows\Minidump\040514-39140-01.dmp 2014-04-05 13:40 - 2014-04-05 13:40 - 00000000 ____D () C:\Users\Botan\Documents\League of Legends 2014-04-05 13:38 - 2014-04-05 13:38 - 00138280 ____H () C:\Windows\SysWOW64\mlfcache.dat 2014-04-04 14:46 - 2014-04-04 15:22 - 108731266 _____ () C:\Users\Botan\Downloads\C-BL_LNFBE.rar 2014-04-03 22:35 - 2014-04-16 15:29 - 00000000 ____D () C:\Users\Botan\Desktop\Neuer Ordner 2014-04-03 18:09 - 2014-04-03 18:09 - 00000000 ____D () C:\Users\Schule\AppData\Local\Skype 2014-04-02 20:52 - 2014-04-02 20:52 - 00016795 _____ () C:\Users\Botan\Documents\Lebenslauf.odt 2014-04-02 20:49 - 2014-04-02 20:49 - 00026660 _____ () C:\Users\Botan\Documents\Bekir Yentar3BKM.odt 2014-03-30 22:28 - 2014-03-31 20:55 - 00000000 ____D () C:\Users\Botan\Downloads\client 2014-03-30 22:11 - 2013-09-29 13:59 - 02407774 ____N () C:\Users\Botan\Desktop\blackmart.apk 2014-03-30 21:54 - 2014-03-30 22:28 - 1613897479 _____ () C:\Users\Botan\Downloads\extremmt2_update3.0.tar.gz 2014-03-30 15:43 - 2014-04-14 11:48 - 00001091 _____ () C:\Users\Botan\Desktop\Continue VuuPC Installation.lnk 2014-03-30 15:27 - 2014-03-30 15:27 - 00617837 _____ () C:\Users\Botan\Downloads\Pokemon XandY emulator.zip 2014-03-30 15:27 - 2014-03-14 00:08 - 00630757 _____ (3DS Emulator - Pokemon X Y) C:\Users\Botan\Desktop\Pokemon XY + Emulator.exe 2014-03-29 15:40 - 2014-03-29 15:40 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee 2014-03-23 14:13 - 2014-03-23 14:15 - 02798160 _____ () C:\Users\Botan\Downloads\TGPMiniDown.1450.2.1.4.7357.bns.signed.exe 2014-03-20 16:02 - 2014-03-20 16:02 - 00001102 _____ () C:\Users\Botan\Desktop\ÌÚѶÓÎϷƽ̨.lnk 2014-03-20 16:01 - 2014-03-20 16:02 - 32992408 _____ (Tencent) C:\Users\Botan\Downloads\TGPSetup1.0.9.1323.exe 2014-03-20 15:59 - 2014-03-20 15:59 - 00002193 _____ () C:\Users\Botan\Desktop\网游加速小助手(剑灵).lnk 2014-03-20 15:59 - 2014-03-20 15:59 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2014-03-20 15:57 - 2014-03-20 15:58 - 06867888 _____ (腾讯) C:\Users\Botan\Downloads\QQAccInstall_2.0.45.89_BNS.exe 2014-03-20 12:02 - 2014-03-20 12:02 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard 2014-03-20 10:04 - 2014-03-20 10:04 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard Entertainment 2014-03-20 01:17 - 2014-03-20 12:02 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-03-20 01:17 - 2014-03-20 01:17 - 00001161 _____ () C:\Users\Public\Desktop\Hearthstone.lnk 2014-03-20 01:16 - 2014-03-23 22:43 - 00000000 ____D () C:\Users\Botan\AppData\Local\Battle.net 2014-03-20 01:16 - 2014-03-21 23:07 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00001124 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-03-20 01:14 - 2014-03-20 01:14 - 07056680 _____ (Blizzard Entertainment) C:\Users\Botan\Downloads\Hearthstone-Setup-deDE.exe 2014-03-20 01:14 - 2014-03-20 01:14 - 00000000 ____D () C:\ProgramData\Battle.net 2014-03-19 20:00 - 2014-03-19 20:00 - 00000220 _____ () C:\Users\Botan\Downloads\ms_728x90.hml 2014-03-19 19:36 - 2014-03-19 19:36 - 00002573 _____ () C:\Users\Public\Desktop\China English Patch.lnk 2014-03-19 19:36 - 2014-03-19 19:36 - 00000000 ____D () C:\Program Files (x86)\LokiReborn 2014-03-19 19:35 - 2014-03-19 19:35 - 03094092 _____ (LokiReborn) C:\Users\Botan\Downloads\setup.exe 2014-03-19 19:35 - 2014-03-19 19:35 - 00000000 ____D () C:\Users\Botan\AppData\Local\Downloaded Installations 2014-03-19 19:30 - 2014-03-19 19:30 - 00000000 ____D () C:\Users\Botan\Documents\Tencent Files 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\Documents\BnS 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Awesomium 2014-03-19 19:23 - 2014-03-19 19:23 - 00000010 _____ () C:\Users\Botan\Documents\aaaa.txt 2014-03-19 19:02 - 2014-03-20 15:35 - 00001192 _____ () C:\Users\Botan\Desktop\½£Áé_ÌÚѶ.lnk 2014-03-19 19:02 - 2014-03-19 19:02 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÌÚѶÓÎÏ· 2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\Program Files\ÌÚѶÓÎÏ· 2014-03-18 21:32 - 2014-03-18 21:32 - 00000000 ____D () C:\Users\Botan\Downloads\data 2014-03-18 20:41 - 2014-03-19 18:28 - 00000000 ____D () C:\GameDownload 2014-03-18 20:37 - 2014-03-18 20:37 - 03046584 _____ () C:\Users\Botan\Downloads\bns_1.89.4110.4_setup_signed_TDL_signed.exe 2014-03-18 18:41 - 2014-03-18 18:41 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ____D () C:\Users\Botan\AppData\Local\Skype 2014-03-18 18:22 - 2014-03-18 18:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-18 18:05 - 2014-03-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-18 18:04 - 2014-03-18 18:04 - 02006233 _____ () C:\Users\Botan\Downloads\SoundDownloader.jar ==================== One Month Modified Files and Folders ======= 2014-04-16 21:29 - 2014-04-14 12:30 - 00012859 _____ () C:\Users\Botan\Downloads\FRST.txt 2014-04-16 21:29 - 2014-04-14 12:30 - 00000000 ____D () C:\FRST 2014-04-16 21:28 - 2014-04-15 14:09 - 00000000 ____D () C:\Users\Botan\Downloads\FRST-OlderVersion 2014-04-16 21:28 - 2014-04-14 12:29 - 02158592 _____ (Farbar) C:\Users\Botan\Downloads\FRST64.exe 2014-04-16 21:28 - 2014-01-21 16:15 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Spotify 2014-04-16 21:22 - 2014-04-15 13:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-16 21:06 - 2013-06-10 22:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-16 21:01 - 2013-03-26 00:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-16 20:41 - 2014-01-21 16:15 - 00000000 ____D () C:\Users\Botan\AppData\Local\Spotify 2014-04-16 20:40 - 2009-07-14 06:51 - 00081905 _____ () C:\Windows\setupact.log 2014-04-16 20:37 - 2014-01-17 21:43 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Skype 2014-04-16 20:06 - 2013-06-10 22:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-16 17:41 - 2013-03-25 23:44 - 01901884 _____ () C:\Windows\WindowsUpdate.log 2014-04-16 15:29 - 2014-04-03 22:35 - 00000000 ____D () C:\Users\Botan\Desktop\Neuer Ordner 2014-04-16 14:56 - 2014-04-16 14:56 - 00000000 ____D () C:\Users\Botan\Downloads\break-party-flyer-graphics-vibe 2014-04-16 14:56 - 2014-04-16 14:56 - 00000000 ____D () C:\Users\Botan\Desktop\break-party-flyer-graphics-vibe 2014-04-16 14:55 - 2014-04-16 14:55 - 09622872 _____ () C:\Users\Botan\Downloads\p1714cn4h31m5h1qu0eg87cbou9b.zip 2014-04-16 11:32 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-16 11:32 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-16 11:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-16 00:33 - 2013-03-26 00:21 - 00202436 _____ () C:\Windows\PFRO.log 2014-04-15 22:57 - 2014-04-15 22:57 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\DropboxMaster 2014-04-15 22:57 - 2014-04-15 22:53 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Dropbox 2014-04-15 22:56 - 2014-04-15 22:56 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-04-15 22:53 - 2014-04-15 22:53 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-15 22:53 - 2014-04-15 22:53 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\AVAST Software 2014-04-15 22:53 - 2014-04-15 22:52 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-15 22:51 - 2014-04-15 22:51 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-15 22:51 - 2014-04-15 22:51 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-15 22:51 - 2014-04-15 22:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-15 22:50 - 2014-04-15 22:50 - 00000000 ____D () C:\Program Files\AVAST Software 2014-04-15 22:49 - 2014-04-15 22:49 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-04-15 22:29 - 2014-04-15 22:29 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-04-15 22:29 - 2014-04-15 22:28 - 88551496 _____ (AVAST Software) C:\Users\Botan\Downloads\avast_free_antivirus_setup_9.0.2016.exe 2014-04-15 22:28 - 2014-04-15 22:28 - 02347384 _____ (ESET) C:\Users\Botan\Downloads\esetsmartinstaller_enu.exe 2014-04-15 22:25 - 2014-04-14 09:11 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-04-15 22:23 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-04-15 19:46 - 2014-04-07 19:44 - 00000000 ____D () C:\Users\Botan\Desktop\Bewerbung 2014-04-15 17:11 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini 2014-04-15 14:11 - 2014-04-15 14:11 - 00052958 _____ () C:\Users\Botan\Documents\FRST.txt 2014-04-15 14:11 - 2014-04-15 14:11 - 00037638 _____ () C:\Users\Botan\Documents\Addition.txt 2014-04-15 14:11 - 2014-04-14 12:31 - 00037638 _____ () C:\Users\Botan\Downloads\Addition.txt 2014-04-15 13:13 - 2014-04-15 13:13 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-15 13:13 - 2014-04-15 13:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-15 13:12 - 2014-04-15 13:12 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Botan\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-15 13:11 - 2014-04-15 13:11 - 00030649 _____ () C:\Users\Botan\Desktop\AdwCleaner[S0].txt 2014-04-15 13:09 - 2014-04-15 13:07 - 00000000 ____D () C:\AdwCleaner 2014-04-15 13:08 - 2013-06-10 22:13 - 00001282 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-15 13:08 - 2013-03-26 00:11 - 00001053 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-15 13:06 - 2014-04-15 13:06 - 01426178 _____ () C:\Users\Botan\Downloads\adwcleaner.exe 2014-04-15 13:01 - 2013-06-23 18:59 - 00000000 ____D () C:\ProgramData\InstallMate 2014-04-15 10:50 - 2014-02-07 14:35 - 00000000 ____D () C:\Program Files (x86)\PDF24 2014-04-14 12:32 - 2014-04-14 12:32 - 00059941 _____ () C:\Users\Botan\Desktop\FRST.txt 2014-04-14 12:32 - 2014-04-14 12:32 - 00044435 _____ () C:\Users\Botan\Desktop\Addition.txt 2014-04-14 12:24 - 2014-01-14 15:49 - 00000000 ____D () C:\Users\Botan\Documents\My RoboForm Data 2014-04-14 12:24 - 2013-06-29 13:50 - 00003976 _____ () C:\Windows\System32\Tasks\Open URL by RoboForm 2014-04-14 12:14 - 2014-01-07 17:34 - 00000000 ___RD () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-14 12:13 - 2014-04-14 12:13 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\VSRevoGroup 2014-04-14 12:10 - 2014-04-14 12:10 - 00000045 _____ () C:\Users\Botan\AppData\Roaming\WB.CFG 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Opera Software 2014-04-14 12:09 - 2014-04-14 12:09 - 00000000 ____D () C:\Users\Botan\AppData\Local\Opera Software 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D7 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D6 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D5 2014-04-14 12:06 - 2014-04-14 12:06 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D4 2014-04-14 12:06 - 2014-04-14 12:06 - 00001268 _____ () C:\Users\Botan\Desktop\Revo Uninstaller.lnk 2014-04-14 12:06 - 2014-04-14 12:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-14 12:05 - 2014-04-14 12:05 - 00003254 _____ () C:\Windows\System32\Tasks\Opera D3 2014-04-14 12:05 - 2014-04-14 12:05 - 00001133 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-04-14 12:05 - 2014-04-14 12:05 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-14 12:04 - 2014-04-14 12:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Botan\Downloads\revosetup.exe 2014-04-14 12:04 - 2014-04-14 12:04 - 00710848 _____ ( ) C:\Users\Botan\Downloads\COMPUTER_BILD-Download-Manager_fuer_revosetup.exe 2014-04-14 12:02 - 2014-04-14 12:02 - 00000000 ____D () C:\Users\Botan\Desktop\Alte Firefox-Daten 2014-04-14 11:48 - 2014-04-14 11:48 - 00001103 _____ () C:\Users\Bekir&Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:48 - 2014-03-30 15:43 - 00001091 _____ () C:\Users\Botan\Desktop\Continue VuuPC Installation.lnk 2014-04-14 11:19 - 2014-04-14 11:19 - 00001426 _____ () C:\Users\Bekir&Botan\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:19 - 2013-10-23 15:20 - 00000000 ____D () C:\Users\Bekir&Botan\AppData\Roaming\Spotify 2014-04-14 11:19 - 2013-09-30 18:50 - 00099152 _____ () C:\Users\Bekir&Botan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-14 11:17 - 2014-04-14 11:17 - 00001426 _____ () C:\Users\Xebat\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:15 - 2014-04-14 11:15 - 00001426 _____ () C:\Users\Schule\Desktop\Registry kostenlos entrümpeln!.lnk 2014-04-14 11:01 - 2013-03-26 00:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-14 11:01 - 2013-03-26 00:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-14 11:01 - 2013-03-26 00:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-14 09:11 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-04-13 04:05 - 2014-04-13 04:05 - 00000000 ____D () C:\Users\Botan\AppData\Local\QuickLoL 2014-04-13 04:04 - 2014-04-13 04:04 - 00080780 _____ () C:\Users\Botan\Downloads\quickloltimers.rar 2014-04-12 08:47 - 2014-04-12 08:47 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-12 08:47 - 2014-04-12 08:46 - 00006660 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-04-12 08:47 - 2013-05-16 21:57 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-11 00:20 - 2013-04-10 13:40 - 00000000 ____D () C:\Users\Schule\AppData\Roaming\Spotify 2014-04-10 18:07 - 2013-09-07 18:12 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-10 18:06 - 2009-10-14 07:12 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-10 15:58 - 2009-07-14 19:58 - 01169372 _____ () C:\Windows\system32\perfh007.dat 2014-04-10 15:58 - 2009-07-14 19:58 - 00296124 _____ () C:\Windows\system32\perfc007.dat 2014-04-10 15:58 - 2009-07-14 07:13 - 00006248 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-10 15:39 - 2014-04-10 15:39 - 00993712 _____ () C:\Users\Botan\Downloads\setup (1).exe 2014-04-08 20:29 - 2014-04-08 20:29 - 00013281 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles(1).zip 2014-04-08 20:28 - 2014-04-08 20:28 - 00008908 _____ () C:\Users\Botan\Downloads\Flaticon_AllFiles.zip 2014-04-08 14:21 - 2009-07-14 06:45 - 04947952 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-07 20:30 - 2014-01-07 17:34 - 00099152 _____ () C:\Users\Botan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-07 20:19 - 2014-04-07 20:20 - 00043113 _____ () C:\Users\Botan\Desktop\beautiful es.zip 2014-04-07 20:18 - 2014-04-07 20:19 - 00096732 _____ () C:\Users\Botan\Desktop\flaemische kanzleischrift.zip 2014-04-07 20:18 - 2014-04-07 20:18 - 00236936 _____ () C:\Users\Botan\Downloads\FlaemischeKanzleischrift_downloader-25q8QlRF.exe 2014-04-07 20:18 - 2014-04-07 20:18 - 00236920 _____ () C:\Users\Botan\Downloads\BeautifulES_downloader-cvjY6Vss.exe 2014-04-07 20:15 - 2014-04-07 20:15 - 00139237 _____ () C:\Users\Botan\Downloads\Learning-Curve-Pro.zip 2014-04-05 23:50 - 2013-03-27 03:49 - 00000000 ____D () C:\Windows\Minidump 2014-04-05 23:49 - 2014-04-05 23:49 - 00262144 ____N () C:\Windows\Minidump\040514-39140-01.dmp 2014-04-05 13:40 - 2014-04-05 13:40 - 00000000 ____D () C:\Users\Botan\Documents\League of Legends 2014-04-05 13:38 - 2014-04-05 13:38 - 00138280 ____H () C:\Windows\SysWOW64\mlfcache.dat 2014-04-04 20:01 - 2013-06-10 22:12 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-04 20:01 - 2013-06-10 22:12 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-04 15:22 - 2014-04-04 14:46 - 108731266 _____ () C:\Users\Botan\Downloads\C-BL_LNFBE.rar 2014-04-03 18:13 - 2014-01-14 22:20 - 00000000 ____D () C:\Users\Bekir&Botan\AppData\Local\Akamai 2014-04-03 18:12 - 2013-05-01 19:43 - 00000000 ____D () C:\Users\Schule\AppData\Local\PMB Files 2014-04-03 18:09 - 2014-04-03 18:09 - 00000000 ____D () C:\Users\Schule\AppData\Local\Skype 2014-04-03 18:09 - 2013-04-08 15:06 - 00000000 ____D () C:\Users\Schule\AppData\Roaming\Skype 2014-04-03 18:01 - 2013-06-11 18:09 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-03 18:00 - 2013-07-02 21:48 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-04-03 17:58 - 2014-02-07 14:33 - 00000000 ____D () C:\Users\Botan\AppData\Local\Adobe 2014-04-03 17:55 - 2014-01-15 19:47 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Adobe 2014-04-03 09:51 - 2014-04-15 13:13 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-15 13:13 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-15 13:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-02 20:52 - 2014-04-02 20:52 - 00016795 _____ () C:\Users\Botan\Documents\Lebenslauf.odt 2014-04-02 20:49 - 2014-04-02 20:49 - 00026660 _____ () C:\Users\Botan\Documents\Bekir Yentar3BKM.odt 2014-03-31 20:55 - 2014-03-30 22:28 - 00000000 ____D () C:\Users\Botan\Downloads\client 2014-03-30 22:28 - 2014-03-30 21:54 - 1613897479 _____ () C:\Users\Botan\Downloads\extremmt2_update3.0.tar.gz 2014-03-30 15:27 - 2014-03-30 15:27 - 00617837 _____ () C:\Users\Botan\Downloads\Pokemon XandY emulator.zip 2014-03-30 12:17 - 2014-01-18 15:23 - 00000000 ____D () C:\Program Files (x86)\RIFT 2014-03-29 15:40 - 2014-03-29 15:40 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-03-28 15:40 - 2014-03-28 15:40 - 00000000 ____D () C:\ProgramData\McAfee 2014-03-26 22:36 - 2013-04-11 13:25 - 00000000 ____D () C:\Users\Schule\Desktop\Bilder 2014-03-23 22:43 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Local\Battle.net 2014-03-23 14:25 - 2013-11-10 21:39 - 00000000 ____D () C:\download 2014-03-23 14:15 - 2014-03-23 14:13 - 02798160 _____ () C:\Users\Botan\Downloads\TGPMiniDown.1450.2.1.4.7357.bns.signed.exe 2014-03-23 05:55 - 2013-10-03 19:32 - 00000062 _____ () C:\Users\Bekir&Botan\Desktop\settings.json 2014-03-21 23:07 - 2014-03-20 01:16 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-03-20 16:02 - 2014-03-20 16:02 - 00001102 _____ () C:\Users\Botan\Desktop\ÌÚѶÓÎϷƽ̨.lnk 2014-03-20 16:02 - 2014-03-20 16:01 - 32992408 _____ (Tencent) C:\Users\Botan\Downloads\TGPSetup1.0.9.1323.exe 2014-03-20 15:59 - 2014-03-20 15:59 - 00002193 _____ () C:\Users\Botan\Desktop\网游加速小助手(剑灵).lnk 2014-03-20 15:59 - 2014-03-20 15:59 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2014-03-20 15:58 - 2014-03-20 15:57 - 06867888 _____ (腾讯) C:\Users\Botan\Downloads\QQAccInstall_2.0.45.89_BNS.exe 2014-03-20 15:35 - 2014-03-19 19:02 - 00001192 _____ () C:\Users\Botan\Desktop\½£Áé_ÌÚѶ.lnk 2014-03-20 12:02 - 2014-03-20 12:02 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard 2014-03-20 12:02 - 2014-03-20 01:17 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2014-03-20 10:04 - 2014-03-20 10:04 - 00000000 ____D () C:\Users\Botan\AppData\Local\Blizzard Entertainment 2014-03-20 01:17 - 2014-03-20 01:17 - 00001161 _____ () C:\Users\Public\Desktop\Hearthstone.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00001124 _____ () C:\Users\Public\Desktop\Battle.net.lnk 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Battle.net 2014-03-20 01:16 - 2014-03-20 01:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment 2014-03-20 01:14 - 2014-03-20 01:14 - 07056680 _____ (Blizzard Entertainment) C:\Users\Botan\Downloads\Hearthstone-Setup-deDE.exe 2014-03-20 01:14 - 2014-03-20 01:14 - 00000000 ____D () C:\ProgramData\Battle.net 2014-03-19 20:00 - 2014-03-19 20:00 - 00000220 _____ () C:\Users\Botan\Downloads\ms_728x90.hml 2014-03-19 19:36 - 2014-03-19 19:36 - 00002573 _____ () C:\Users\Public\Desktop\China English Patch.lnk 2014-03-19 19:36 - 2014-03-19 19:36 - 00000000 ____D () C:\Program Files (x86)\LokiReborn 2014-03-19 19:35 - 2014-03-19 19:35 - 03094092 _____ (LokiReborn) C:\Users\Botan\Downloads\setup.exe 2014-03-19 19:35 - 2014-03-19 19:35 - 00000000 ____D () C:\Users\Botan\AppData\Local\Downloaded Installations 2014-03-19 19:30 - 2014-03-19 19:30 - 00000000 ____D () C:\Users\Botan\Documents\Tencent Files 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\Documents\BnS 2014-03-19 19:29 - 2014-03-19 19:29 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Awesomium 2014-03-19 19:23 - 2014-03-19 19:23 - 00000010 _____ () C:\Users\Botan\Documents\aaaa.txt 2014-03-19 19:02 - 2014-03-19 19:02 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÌÚѶÓÎÏ· 2014-03-19 18:57 - 2013-03-26 04:53 - 00155987 _____ () C:\Windows\DirectX.log 2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\Program Files\ÌÚѶÓÎÏ· 2014-03-19 18:28 - 2014-03-18 20:41 - 00000000 ____D () C:\GameDownload 2014-03-18 21:32 - 2014-03-18 21:32 - 00000000 ____D () C:\Users\Botan\Downloads\data 2014-03-18 20:37 - 2014-03-18 20:37 - 03046584 _____ () C:\Users\Botan\Downloads\bns_1.89.4110.4_setup_signed_TDL_signed.exe 2014-03-18 20:25 - 2013-05-27 21:48 - 00000000 ____D () C:\Users\Xebat\AppData\Roaming\Spotify 2014-03-18 20:24 - 2013-05-27 21:49 - 00000000 ____D () C:\Users\Xebat\AppData\Local\Spotify 2014-03-18 20:21 - 2013-03-26 00:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-18 18:41 - 2014-03-18 18:41 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-18 18:41 - 2014-03-18 18:41 - 00000000 ____D () C:\Users\Botan\AppData\Local\Skype 2014-03-18 18:41 - 2013-04-08 15:06 - 00000000 ____D () C:\ProgramData\Skype 2014-03-18 18:23 - 2014-01-07 17:34 - 00000000 ____D () C:\Users\Botan\AppData\Roaming\Apple Computer 2014-03-18 18:22 - 2014-03-18 18:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-03-18 18:05 - 2014-03-18 18:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-18 18:04 - 2014-03-18 18:04 - 02006233 _____ () C:\Users\Botan\Downloads\SoundDownloader.jar Some content of TEMP: ==================== C:\Users\Botan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpszn0rt.dll C:\Users\Xebat\AppData\Local\Temp\bitool.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-10 20:32 ==================== End Of Log ============================ Die Prüfungsergebnisse von Avast sind im Anhang zu finden. Btw was muss ich alles zu dem Programm wissen? |
| Themen zu Internetverbindung schlecht, langsamer Computer und einfrieren des PC's |
| browser, internetverbindung, java/exploit.cve-2013-2423.o, js/kryptik.apu, langsamer computer, mobogenie, mobogenie entfernen, msil/coinminer.cm, msil/coinminer.cn, nationzoom, nationzoom entfernen, seiten, verbindung, win32/adware.addlyrics.f, win32/adware.lollipop.h, win32/adware.multiplug.i, win32/adware.speedingupmypc.g, win32/adware.yontoo.b, win32/agent.ujj, win32/injector.awkk, win32/kryptik.baox, win32/kryptik.baql, win32/kryptik.baxk, win32/kryptik.bbam, win32/kryptik.bgbe, woche |
Baum-Darstellung