Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: awesomehp.com

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.02.2014, 09:03   #1
Isapuin
 
awesomehp.com - Standard

awesomehp.com



Hallo

Ich habe mir awesomehp.com auf dem PC eingefangen.
Bitte um Hilfe, da ich ein selbständiges Beseitigen nicht hinbekomme.

Vielen, vielen Dank im voraus!

Alt 09.02.2014, 09:21   #2
schrauber
/// the machine
/// TB-Ausbilder
 

awesomehp.com - Standard

awesomehp.com



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 09.02.2014, 09:27   #3
Isapuin
 
awesomehp.com - Standard

awesomehp.com



Hallo

vielen Dank noch mal für die schnelle Hilfe

FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2014
Ran by Tim (administrator) on TIM-TOSH on 09-02-2014 08:46:27
Running from C:\Users\Tim\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(BrowserSafeguard) C:\Users\Tim\AppData\Local\BrowserSafeguard\BrowserSafeguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2014-01-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKU\S-1-5-21-2222540248-2346116835-2167669864-1000\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Tim\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-2222540248-2346116835-2167669864-1000\...\Run: [BrowserSafeguard] - C:\Users\Tim\AppData\Local\BrowserSafeguard\BrowserSafeguard.exe [417792 2014-02-07] (BrowserSafeguard)
HKU\S-1-5-21-2222540248-2346116835-2167669864-1000\...\Run: [BrowserSafeguard Update Task] - C:\Users\Tim\AppData\Local\BrowserSafeguard\uninstall.BrowserSafeguard.exe [3350016 2014-02-08] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49164;https=127.0.0.1:49164
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {05AAD116-DA88-4096-92BA-E3B41F45C8C8} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {05AAD116-DA88-4096-92BA-E3B41F45C8C8} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {1358F16A-CA75-42B4-B256-2F5A5F7AE6D9} URL = 
SearchScopes: HKCU - {4242676E-0C6D-4DA0-8552-0958547F6CF3} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {E86E71E6-5E7A-41BF-B85E-1F1E71B74DD9} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2014-01-31] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2014-01-31] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2014-01-31] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-12-11] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-01-31] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-01-31] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-01-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2014-01-31] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-09 08:46 - 2014-02-09 08:47 - 00013100 _____ () C:\Users\Tim\Downloads\FRST.txt
2014-02-09 08:46 - 2014-02-09 08:46 - 00000000 ____D () C:\FRST
2014-02-09 08:45 - 2014-02-09 08:45 - 02079744 _____ (Farbar) C:\Users\Tim\Downloads\FRST64.exe
2014-02-09 08:28 - 2014-02-09 08:30 - 00000000 ____D () C:\AdwCleaner
2014-02-09 08:22 - 2014-02-09 08:22 - 00000000 ____D () C:\Users\Tim\AppData\Local\{391BAE8A-21F0-4522-8BBE-DDAB00F62FAC}
2014-02-08 21:55 - 2014-02-08 21:55 - 00001080 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-08 21:55 - 2014-02-08 21:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 21:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-08 21:30 - 2014-02-08 21:30 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\Program Files\iTunes
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\Program Files\iPod
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-08 17:50 - 2014-02-08 17:50 - 00000000 ____D () C:\Users\Tim\AppData\Local\{5894E934-4CA8-4B00-BF2A-CD45C0BA2D9C}
2014-02-08 13:34 - 2014-02-09 08:33 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\newnext.me
2014-02-08 13:34 - 2014-02-08 13:43 - 00000000 ____D () C:\Users\Tim\AppData\Local\Mobogenie
2014-02-08 13:34 - 2014-02-08 13:35 - 00000000 ____D () C:\Users\Tim\AppData\Local\cache
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\Documents\Mobogenie
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\AppData\Local\genienext
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\AppData\Local\BrowserSafeguard
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\.android
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 _____ () C:\Users\Tim\daemonprocess.txt
2014-02-08 13:31 - 2014-02-08 13:43 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-08 13:31 - 2014-02-08 13:41 - 00000000 ____D () C:\ProgramData\WPM
2014-02-08 13:31 - 2014-02-08 13:41 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Trigger
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Startup
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Screenshots
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Scenario
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Savegame
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\RM
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\HomeCities
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Data
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\campaign
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\AI
2014-02-04 18:28 - 2014-02-04 18:28 - 00000000 ____D () C:\Users\Tim\AppData\Local\{AF7755C7-FEA9-4D32-84B6-C13277F7F274}
2014-01-31 23:00 - 2014-01-31 23:00 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Avira
2014-01-31 22:59 - 2014-01-31 22:59 - 00001961 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-01-31 22:59 - 2014-01-31 22:59 - 00000000 ____D () C:\ProgramData\Avira
2014-01-31 22:59 - 2014-01-31 22:59 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-01-31 22:59 - 2014-01-31 22:56 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-01-31 22:59 - 2014-01-31 22:56 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-01-31 22:59 - 2014-01-31 22:56 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-01-31 22:59 - 2014-01-31 22:56 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-01-30 13:33 - 2014-01-30 13:33 - 00002944 _____ () C:\Windows\System32\Tasks\{84B55787-5C8D-43B8-BE8E-FDC08FD8C2DD}
2014-01-30 13:33 - 2014-01-30 13:33 - 00002944 _____ () C:\Windows\System32\Tasks\{1B2793D4-663B-40AF-BC12-F8CADD4AFBC3}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{E3564BDA-2FDB-4C7D-942F-B5C8E5F45661}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{6D685726-5E35-4CDB-9374-90E50F3A43D9}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{5ACC64A0-6D80-418E-AF24-45C569A4F89A}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{176DB793-3EB4-4C37-9171-731AFD6EA925}
2014-01-30 13:30 - 2014-01-30 13:30 - 00002944 _____ () C:\Windows\System32\Tasks\{13024CDD-B8D2-4350-9181-D9056EF638D1}
2014-01-30 13:29 - 2014-01-30 13:29 - 00002944 _____ () C:\Windows\System32\Tasks\{6CE05304-5CEE-478F-A735-63B14955A94F}
2014-01-30 13:28 - 2014-01-30 13:28 - 00002944 _____ () C:\Windows\System32\Tasks\{A300BC7E-F9A3-4B0C-A8C1-A6E40EC3856A}
2014-01-30 13:27 - 2014-01-30 13:27 - 00002944 _____ () C:\Windows\System32\Tasks\{F6827632-CF90-4BDE-B7D4-F8C78FF612AA}
2014-01-30 13:27 - 2014-01-30 13:27 - 00002944 _____ () C:\Windows\System32\Tasks\{B0E70F42-3BA1-49C8-9211-E0F86D63BE7C}
2014-01-30 13:27 - 2014-01-30 13:27 - 00002944 _____ () C:\Windows\System32\Tasks\{7E4852C2-EF31-4914-ADA8-47A0BC90E2EE}
2014-01-30 13:26 - 2014-01-30 13:26 - 00002944 _____ () C:\Windows\System32\Tasks\{BC05359E-D485-45EA-96BA-7BB4E3511E8B}
2014-01-30 13:22 - 2014-01-30 13:33 - 00000021 _____ () C:\Windows\SysWOW64\game.ini
2014-01-30 13:22 - 2014-01-30 13:32 - 00000031 _____ () C:\Windows\SysWOW64\news.ini
2014-01-30 13:21 - 2014-01-30 13:21 - 00002944 _____ () C:\Windows\System32\Tasks\{65EEB126-CF78-4D42-A7C3-645423B584DB}
2014-01-30 13:16 - 2014-01-30 13:16 - 00000060 _____ () C:\Windows\WININIT.INI
2014-01-30 13:00 - 2014-01-30 13:00 - 00000587 _____ () C:\Users\Tim\Desktop\Run HarpoonCE.lnk
2014-01-30 12:50 - 2014-01-30 12:55 - 734003200 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part1.exe
2014-01-30 12:40 - 2014-01-30 12:47 - 734003200 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part2.rar
2014-01-30 12:32 - 2014-01-30 12:38 - 734003200 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part3.rar
2014-01-30 12:25 - 2014-01-30 12:31 - 671103005 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part4.rar
2014-01-30 12:06 - 2014-01-30 12:07 - 00000000 ____D () C:\Users\Tim\AppData\Local\{EF5E4059-E1CA-4973-9241-62181A502C20}
2014-01-25 22:57 - 2014-01-25 22:57 - 00003274 _____ () C:\Windows\System32\Tasks\{8F40D587-C68E-4862-B189-0853B75531CD}
2014-01-25 22:55 - 2014-01-25 22:55 - 00000000 __RHD () C:\Users\Tim\AppData\Roaming\SecuROM
2014-01-25 22:54 - 2014-01-25 22:55 - 00000000 ____D () C:\Users\Tim\Downloads\fussball_manager09_installations_dateien
2014-01-25 20:19 - 2014-01-25 20:19 - 00031597 _____ () C:\Users\Tim\Downloads\meinGame.htm
2014-01-20 13:52 - 2014-01-20 13:52 - 00000559 _____ () C:\Users\Public\Desktop\GuildII Venedig.lnk
2014-01-20 12:55 - 2014-01-20 13:05 - 00000000 ____D () C:\Windows\SysWOW64\gilde-2-venedig-setup-dateien
2014-01-19 11:49 - 2014-01-19 11:49 - 00000000 ____D () C:\Users\Tim\AppData\Local\{03BDE6D4-88CF-42B5-971D-0E847FDED034}
2014-01-19 10:55 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-19 10:55 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-19 10:55 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-19 10:55 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-19 10:55 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-19 10:55 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-19 10:55 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-19 10:55 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-19 10:55 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

2014-02-09 08:47 - 2014-02-09 08:46 - 00013100 _____ () C:\Users\Tim\Downloads\FRST.txt
2014-02-09 08:46 - 2014-02-09 08:46 - 00000000 ____D () C:\FRST
2014-02-09 08:45 - 2014-02-09 08:45 - 02079744 _____ (Farbar) C:\Users\Tim\Downloads\FRST64.exe
2014-02-09 08:40 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-09 08:40 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-09 08:37 - 2010-10-09 04:32 - 01420153 _____ () C:\Windows\WindowsUpdate.log
2014-02-09 08:33 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\newnext.me
2014-02-09 08:33 - 2010-11-14 16:50 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-02-09 08:32 - 2010-11-28 01:08 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-09 08:32 - 2010-11-10 14:22 - 00090042 _____ () C:\Windows\setupact.log
2014-02-09 08:32 - 2010-11-10 14:21 - 01577078 _____ () C:\Windows\PFRO.log
2014-02-09 08:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-09 08:30 - 2014-02-09 08:28 - 00000000 ____D () C:\AdwCleaner
2014-02-09 08:22 - 2014-02-09 08:22 - 00000000 ____D () C:\Users\Tim\AppData\Local\{391BAE8A-21F0-4522-8BBE-DDAB00F62FAC}
2014-02-09 08:09 - 2010-11-28 01:08 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-08 21:55 - 2014-02-08 21:55 - 00001080 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-08 21:55 - 2014-02-08 21:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 21:40 - 2010-11-01 13:39 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-02-08 21:38 - 2010-11-28 01:08 - 00000000 ____D () C:\Users\Tim\AppData\Local\Google
2014-02-08 21:38 - 2010-11-28 01:08 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-08 21:30 - 2014-02-08 21:30 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\Program Files\iTunes
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\Program Files\iPod
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-08 18:23 - 2013-03-14 16:35 - 00000000 ____D () C:\Users\Tim\Desktop\Dokumente
2014-02-08 17:50 - 2014-02-08 17:50 - 00000000 ____D () C:\Users\Tim\AppData\Local\{5894E934-4CA8-4B00-BF2A-CD45C0BA2D9C}
2014-02-08 13:43 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\AppData\Local\Mobogenie
2014-02-08 13:43 - 2014-02-08 13:31 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-08 13:41 - 2014-02-08 13:31 - 00000000 ____D () C:\ProgramData\WPM
2014-02-08 13:41 - 2014-02-08 13:31 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-08 13:35 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\AppData\Local\cache
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\Documents\Mobogenie
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\AppData\Local\genienext
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\AppData\Local\BrowserSafeguard
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\.android
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 _____ () C:\Users\Tim\daemonprocess.txt
2014-02-08 13:34 - 2010-11-01 13:29 - 00000000 ____D () C:\Users\Tim
2014-02-08 13:31 - 2010-11-01 13:31 - 00001648 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-07 17:03 - 2012-10-17 06:21 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Trigger
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Startup
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Screenshots
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Scenario
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Savegame
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\RM
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\HomeCities
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Data
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\campaign
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\AI
2014-02-04 18:30 - 2009-07-14 18:58 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-02-04 18:30 - 2009-07-14 18:58 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-02-04 18:30 - 2009-07-14 06:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-04 18:28 - 2014-02-04 18:28 - 00000000 ____D () C:\Users\Tim\AppData\Local\{AF7755C7-FEA9-4D32-84B6-C13277F7F274}
2014-01-31 23:00 - 2014-01-31 23:00 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Avira
2014-01-31 22:59 - 2014-01-31 22:59 - 00001961 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-01-31 22:59 - 2014-01-31 22:59 - 00000000 ____D () C:\ProgramData\Avira
2014-01-31 22:59 - 2014-01-31 22:59 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-01-31 22:56 - 2014-01-31 22:59 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-01-31 22:56 - 2014-01-31 22:59 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-01-31 22:56 - 2014-01-31 22:59 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-01-31 22:56 - 2014-01-31 22:59 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-01-30 18:51 - 2010-11-01 13:32 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Nero
2014-01-30 13:33 - 2014-01-30 13:33 - 00002944 _____ () C:\Windows\System32\Tasks\{84B55787-5C8D-43B8-BE8E-FDC08FD8C2DD}
2014-01-30 13:33 - 2014-01-30 13:33 - 00002944 _____ () C:\Windows\System32\Tasks\{1B2793D4-663B-40AF-BC12-F8CADD4AFBC3}
2014-01-30 13:33 - 2014-01-30 13:22 - 00000021 _____ () C:\Windows\SysWOW64\game.ini
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{E3564BDA-2FDB-4C7D-942F-B5C8E5F45661}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{6D685726-5E35-4CDB-9374-90E50F3A43D9}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{5ACC64A0-6D80-418E-AF24-45C569A4F89A}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{176DB793-3EB4-4C37-9171-731AFD6EA925}
2014-01-30 13:32 - 2014-01-30 13:22 - 00000031 _____ () C:\Windows\SysWOW64\news.ini
2014-01-30 13:30 - 2014-01-30 13:30 - 00002944 _____ () C:\Windows\System32\Tasks\{13024CDD-B8D2-4350-9181-D9056EF638D1}
2014-01-30 13:29 - 2014-01-30 13:29 - 00002944 _____ () C:\Windows\System32\Tasks\{6CE05304-5CEE-478F-A735-63B14955A94F}
2014-01-30 13:28 - 2014-01-30 13:28 - 00002944 _____ () C:\Windows\System32\Tasks\{A300BC7E-F9A3-4B0C-A8C1-A6E40EC3856A}
2014-01-30 13:27 - 2014-01-30 13:27 - 00002944 _____ () C:\Windows\System32\Tasks\{F6827632-CF90-4BDE-B7D4-F8C78FF612AA}
2014-01-30 13:27 - 2014-01-30 13:27 - 00002944 _____ () C:\Windows\System32\Tasks\{B0E70F42-3BA1-49C8-9211-E0F86D63BE7C}
2014-01-30 13:27 - 2014-01-30 13:27 - 00002944 _____ () C:\Windows\System32\Tasks\{7E4852C2-EF31-4914-ADA8-47A0BC90E2EE}
2014-01-30 13:26 - 2014-01-30 13:26 - 00002944 _____ () C:\Windows\System32\Tasks\{BC05359E-D485-45EA-96BA-7BB4E3511E8B}
2014-01-30 13:21 - 2014-01-30 13:21 - 00002944 _____ () C:\Windows\System32\Tasks\{65EEB126-CF78-4D42-A7C3-645423B584DB}
2014-01-30 13:20 - 2010-11-15 12:06 - 00250911 _____ () C:\Windows\DirectX.log
2014-01-30 13:16 - 2014-01-30 13:16 - 00000060 _____ () C:\Windows\WININIT.INI
2014-01-30 13:00 - 2014-01-30 13:00 - 00000587 _____ () C:\Users\Tim\Desktop\Run HarpoonCE.lnk
2014-01-30 12:55 - 2014-01-30 12:50 - 734003200 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part1.exe
2014-01-30 12:47 - 2014-01-30 12:40 - 734003200 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part2.rar
2014-01-30 12:38 - 2014-01-30 12:32 - 734003200 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part3.rar
2014-01-30 12:31 - 2014-01-30 12:25 - 671103005 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part4.rar
2014-01-30 12:07 - 2014-01-30 12:06 - 00000000 ____D () C:\Users\Tim\AppData\Local\{EF5E4059-E1CA-4973-9241-62181A502C20}
2014-01-29 17:13 - 2010-11-01 15:36 - 00000000 ____D () C:\ProgramData\Apple
2014-01-25 22:57 - 2014-01-25 22:57 - 00003274 _____ () C:\Windows\System32\Tasks\{8F40D587-C68E-4862-B189-0853B75531CD}
2014-01-25 22:55 - 2014-01-25 22:55 - 00000000 __RHD () C:\Users\Tim\AppData\Roaming\SecuROM
2014-01-25 22:55 - 2014-01-25 22:54 - 00000000 ____D () C:\Users\Tim\Downloads\fussball_manager09_installations_dateien
2014-01-25 20:19 - 2014-01-25 20:19 - 00031597 _____ () C:\Users\Tim\Downloads\meinGame.htm
2014-01-20 17:04 - 2009-07-14 05:45 - 00312496 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-20 13:52 - 2014-01-20 13:52 - 00000559 _____ () C:\Users\Public\Desktop\GuildII Venedig.lnk
2014-01-20 13:33 - 2013-11-15 18:47 - 00000000 ____D () C:\Users\Tim\Downloads\Glide 2
2014-01-20 13:05 - 2014-01-20 12:55 - 00000000 ____D () C:\Windows\SysWOW64\gilde-2-venedig-setup-dateien
2014-01-20 12:54 - 2010-11-01 14:42 - 00000000 ____D () C:\Users\Tim\AppData\Local\Adobe
2014-01-20 12:52 - 2010-12-11 12:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-20 12:51 - 2013-08-13 22:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-20 12:47 - 2010-11-01 19:29 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-19 11:49 - 2014-01-19 11:49 - 00000000 ____D () C:\Users\Tim\AppData\Local\{03BDE6D4-88CF-42B5-971D-0E847FDED034}

Some content of TEMP:
====================
C:\Users\Tim\AppData\Local\Temp\avgnt.exe
C:\Users\Tim\AppData\Local\Temp\drm_dyndata_7390004.dll
C:\Users\Tim\AppData\Local\Temp\Quarantine.exe
C:\Users\Tim\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Tim\AppData\Local\Temp\System.Data.SQLite28496.dll
C:\Users\Tim\AppData\Local\Temp\System.Data.SQLite81007.dll
C:\Users\Tim\AppData\Local\Temp\System.Data.SQLite89130.dll
C:\Users\Tim\AppData\Local\Temp\System.Data.SQLite97021.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-09 00:09

==================== End Of Log
         
und

Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2014
Ran by Tim at 2014-02-09 08:47:39
Running from C:\Users\Tim\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Reader 9.5.5 - Deutsch (x32 Version: 9.5.5 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Apple Application Support (x32 Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
BrowserSafeguard (HKCU Version:  - Browsersafeguard) <==== ATTENTION
bwin Poker (x32 Version:  - bwin)
bwin Poker (x32 Version:  - bwincom)
Canon IJ Network Scanner Selector EX (x32 Version:  - ‪Canon Inc.‬)
Canon IJ Network Tool (x32 Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (x32 Version:  - ‪Canon Inc.‬)
Canon iP2700 series Printer Driver (Version:  - )
Canon MG5400 series Benutzerregistrierung (x32 Version:  - Canon Inc.‎)
Canon MG5400 series MP Drivers (Version: 1.00 - Canon Inc.)
Canon MG5400 series On-screen Manual (x32 Version: 7.5.0 - Canon Inc.)
Canon My Image Garden (x32 Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (x32 Version: 1.0.0 - Canon Inc.)
Canon My Printer (x32 Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (x32 Version: 2.0.0 - Canon Inc.)
Catalyst Control Center InstallProxy (x32 Version: 2010.0315.1050.17562 - ATI Technologies, Inc.) Hidden
Counter-Strike: Source (x32 Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Gilde 2 - Gold Edition (x32 Version: V 1.20 - JoWood)
Die Gilde 2 Venedig (x32 Version: 1.0.0 - JoWood)
EA Download Manager (x32 Version: 7.2.0.32 - Electronic Arts, Inc.)
eBay (x32 Version: 1.1.9 - eBay Inc.)
FUSSBALL MANAGER 12 (x32 Version: 1.0.0.3 - Electronic Arts)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Half-Life 2 (x32 Version:  - Valve)
Harpoon - Commander's Edition Demo (x32 Version: 2009.097 - Matrix Games, Advanced Gaming Systems, Inc.)
iCloud (Version: 3.1.0.40 - Apple Inc.)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 9.5.7.1002 - Intel Corporation)
iTunes (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 7 Update 5 (64-bit) (Version: 7.0.50 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.1.55.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Napoleon: Total War (x32 Version:  - The Creative Assembly)
Nero 9 Essentials (x32 Version:  - Nero AG)
Nero BackItUp (x32 Version: 5.2.21001 - Nero AG)
Nero BackItUp and Burn (x32 Version: 1.2.0030 - Nero AG)
Nero BurnRights (x32 Version: 3.4.13.100 - Nero AG) Hidden
Nero BurnRights (x32 Version: 3.6.26001 - Nero AG)
Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express (x32 Version: 9.6.16000 - Nero AG)
Nero Express Help (x32 Version: 9.4.34.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 2.6.25002 - Nero AG)
Nero StartSmart (x32 Version: 9.4.37.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.37.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.34.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
OF Dragon Rising (x32 Version: 1.02.0000 - Codemasters)
Patch v2.2 (x32 Version:  - RUNEFORGE Games Studios)
Patch v4.17b Update (x32 Version:  - RUNEFORGE Games Studios)
PDFCreator (x32 Version: 1.2.1 - Frank Heindörfer, Philip Chinery)
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.13.112.2010 - Realtek)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (x32 Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Skype Toolbars (x32 Version: 5.3.7280 - Skype Technologies S.A.)
Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (Version: 15.0.8.1 - Synaptics Incorporated)
Toshiba Assist (x32 Version: 3.00.11 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (Version: 1.6.07.64 - TOSHIBA Corporation) Hidden
TOSHIBA Bulletin Board (x32 Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (x32 Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.6C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (x32 Version: 1.63.0.22C - Ihr Firmenname)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.22C - Ihr Firmenname) Hidden
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
Toshiba Manuals (x32 Version: 10.01 - TOSHIBA)
TOSHIBA Media Controller (x32 Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.5.10 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019 - TOSHIBA) Hidden
TOSHIBA ReelTime (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA ReelTime (x32 Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (x32 Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.9C - TOSHIBA CORPORATION) Hidden
TOSHIBA Supervisorkennwort (x32 Version: 1.63.0.9C - TOSHIBA CORPORATION)
Toshiba TEMPRO (x32 Version: 3.30 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (Version: 1.3.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (x32 Version: 1.3.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (x32 Version: 1.1.1.15 - TOSHIBA Corporation)
TRORMCLauncher (Version: 1.0.0.9 - TOSHIBA) Hidden
TRORMCLauncher (x32 Version:  - )
TuneUp Utilities 2012 (x32 Version: 12.0.3600.171 - TuneUp Software)
TuneUp Utilities 2012 (x32 Version: 12.0.3600.171 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 10.0.4310.8 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.171 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 9.0.6030.1 - TuneUp Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
X3: Albion Prelude (x32 Version:  - )

==================== Restore Points  =========================

31-01-2014 14:14:28 Geplanter Prüfpunkt
31-01-2014 21:52:53 Removed iTunes
04-02-2014 17:37:55 Windows Update
08-02-2014 20:29:23 Installed iTunes

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {079238BA-1992-4B70-A928-FE2C47B870A0} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {164D114C-4A4C-45F2-9F49-FC10121D3C7D} - \Desk 365 RunAsStdUser No Task File
Task: {1CFFD0B9-2E3B-448C-8CD5-CE8A0BBAD38F} - System32\Tasks\{B75F2576-AEA4-426E-9424-7FD2F3EA146D} => E:\autorun.exe
Task: {25AEDAB0-E12A-4687-95F3-82908662CBBB} - System32\Tasks\{A99C1936-50E7-4189-B5F2-6AE4A7869D03} => C:\Users\Tim\Desktop\Neuer Ordner\OF_Dragon_Rising_Demo_Eng.exe
Task: {30A45DB2-2146-4CB4-9F30-57D8ABB1974A} - System32\Tasks\{1B2793D4-663B-40AF-BC12-F8CADD4AFBC3} => D:\Spiele\PANZERS - Phase2\Run\Switch.exe
Task: {37D073A7-A62B-4DF2-8157-93E1B6F2CBEB} - System32\Tasks\{84B55787-5C8D-43B8-BE8E-FDC08FD8C2DD} => D:\Spiele\PANZERS - Phase2\Run\Switch.exe
Task: {3C987E6A-716C-4A43-B8AD-641BBA36A661} - System32\Tasks\{A300BC7E-F9A3-4B0C-A8C1-A6E40EC3856A} => D:\Spiele\PANZERS - Phase2\Run\Switch.exe
Task: {40CA46AE-B680-40E4-8C92-8D868575F59A} - System32\Tasks\{64F1DE64-4332-4B4D-922A-F01660DD073D} => D:\Spiele\codename-panzers-2.part1.exe
Task: {43708E6F-B7B4-4E15-9E73-54507E32630F} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2222540248-2346116835-2167669864-1000
Task: {4F2CFC5F-0138-46B5-BEF3-5532A5400314} - System32\Tasks\{7E4852C2-EF31-4914-ADA8-47A0BC90E2EE} => D:\Spiele\PANZERS - Phase2\Run\Switch.exe
Task: {508A5B42-C831-4299-928A-363D353CB100} - System32\Tasks\{5A8CEEAA-69B2-4BAF-9170-0EBC81E6413A} => D:\Spiele\medieval2.exe
Task: {68E01FB3-9ED9-40B3-BB44-DCB025ACA8CE} - System32\Tasks\{541AF1F7-50A5-458C-818A-39D22318D57B} => C:\Users\Tim\Desktop\Neuer Ordner\OF_Dragon_Rising_Demo_Eng.exe
Task: {7754C978-1B9B-4DB0-994A-6FCBB858AD11} - System32\Tasks\{6CE05304-5CEE-478F-A735-63B14955A94F} => D:\Spiele\PANZERS - Phase2\Run\Switch.exe
Task: {84D8806B-194D-42FD-9D37-129E1A02D419} - System32\Tasks\{5D093AB1-580A-4F91-9384-13FF4E864D43} => C:\Users\Tim\Desktop\Neuer Ordner\OF_Dragon_Rising_Demo_Eng.exe
Task: {90725B4A-E10A-45D8-B159-3C32EEB163EB} - System32\Tasks\{BC05359E-D485-45EA-96BA-7BB4E3511E8B} => D:\Spiele\PANZERS - Phase2\Run\Switch.exe
Task: {912BC31A-EAE9-47F1-A0DD-E56965EFB5C3} - System32\Tasks\{56E97BEE-4A36-40A2-9242-20724606B265} => E:\autorun.exe
Task: {97C2884F-7DFC-4910-A271-1613962A7323} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28] (Google Inc.)
Task: {9B102F30-2C2D-4EEB-97FF-6F911CFD2FB9} - System32\Tasks\{B0E70F42-3BA1-49C8-9211-E0F86D63BE7C} => D:\Spiele\PANZERS - Phase2\Run\Switch.exe
Task: {A4278034-BDB6-4DB1-9E83-AE83BB4B7083} - System32\Tasks\{2909E5DD-8463-493E-AF49-35560A724E61} => D:\Spiele\codename-panzers-2.part1.exe
Task: {A737ADCC-B3A5-46C9-9DE5-2B7090492B1E} - System32\Tasks\{F6827632-CF90-4BDE-B7D4-F8C78FF612AA} => D:\Spiele\PANZERS - Phase2\Run\Switch.exe
Task: {A8750FC5-53AB-4D7D-A3AB-506F58480F9F} - System32\Tasks\{176DB793-3EB4-4C37-9171-731AFD6EA925} => D:\Spiele\PANZERS - Phase2\Run\Switch.exe
Task: {B3B5A04F-C9DA-40EF-B069-C01C0C02C54F} - System32\Tasks\{B0528386-DFC6-40B2-8818-AB5075D92C31} => E:\autorun.exe
Task: {B62FEC56-BD8F-4120-A17C-E04C605FCD35} - System32\Tasks\{6D685726-5E35-4CDB-9374-90E50F3A43D9} => D:\Spiele\PANZERS - Phase2\Run\Switch.exe
Task: {B83C256E-889B-4886-B4DF-AE352C08C033} - System32\Tasks\{D3133EBB-B722-46D7-A5F1-A6C777A68255} => D:\Spiele\codename-panzers-2.part1.exe
Task: {BF930AD8-145A-4134-B219-194B77868459} - System32\Tasks\{E3564BDA-2FDB-4C7D-942F-B5C8E5F45661} => D:\Spiele\PANZERS - Phase2\Run\Switch.exe
Task: {C7793A31-9E3B-4C8A-A8B7-98F42CEC1181} - System32\Tasks\{5ACC64A0-6D80-418E-AF24-45C569A4F89A} => D:\Spiele\PANZERS - Phase2\Run\Switch.exe
Task: {D0E90601-2A9E-4B35-BA99-BCA9E56CDC00} - System32\Tasks\{13024CDD-B8D2-4350-9181-D9056EF638D1} => D:\Spiele\PANZERS - Phase2\Run\Switch.exe
Task: {D351F9D3-592F-4E6B-98A9-E08D987AF200} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {DA2F09CB-398C-4126-AC2A-E3803AC5CC55} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2013-12-11] (TuneUp Software)
Task: {DD38FB2B-5289-4760-B862-037AA2A2FED8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DF8BCA65-E778-4F04-913D-FDB0E58A9926} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28] (Google Inc.)
Task: {EC587E57-5BDA-4222-ABAE-F5D2F1E172D3} - System32\Tasks\{65EEB126-CF78-4D42-A7C3-645423B584DB} => D:\Spiele\PANZERS - Phase2\Run\Switch.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-31 22:59 - 2014-01-31 22:55 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/09/2014 00:11:23 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (02/08/2014 09:33:11 PM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(34:51:c9:41:ef:10@fe80::3651:c9ff:fe41:ef10._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (02/07/2014 05:04:19 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ins314C.tmp, Version: 3.0.0.0, Zeitstempel: 0x40daa4fa
Name des fehlerhaften Moduls: ins314C.tmp, Version: 3.0.0.0, Zeitstempel: 0x40daa4fa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00058b94
ID des fehlerhaften Prozesses: 0x11b4
Startzeit der fehlerhaften Anwendung: 0xins314C.tmp0
Pfad der fehlerhaften Anwendung: ins314C.tmp1
Pfad des fehlerhaften Moduls: ins314C.tmp2
Berichtskennung: ins314C.tmp3

Error: (02/07/2014 05:03:11 PM) (Source: Application Error) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Protection Stub wurde wegen dieses Fehlers geschlossen.

Programm: Protection Stub
Datei: 

Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
	- diese sich im Netzwerk befindet, 
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
	- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. 
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.

Zusätzliche Daten
Fehlerwert: 00000000
Datenträgertyp: 0

Error: (02/07/2014 05:03:11 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ins5E9.tmp, Version: 3.0.0.0, Zeitstempel: 0x40daa4fa
Name des fehlerhaften Moduls: ins5E9.tmp, Version: 3.0.0.0, Zeitstempel: 0x40daa4fa
Ausnahmecode: 0xc0000096
Fehleroffset: 0x00058b94
ID des fehlerhaften Prozesses: 0xa30
Startzeit der fehlerhaften Anwendung: 0xins5E9.tmp0
Pfad der fehlerhaften Anwendung: ins5E9.tmp1
Pfad des fehlerhaften Moduls: ins5E9.tmp2
Berichtskennung: ins5E9.tmp3

Error: (02/07/2014 05:02:48 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: insC300.tmp, Version: 3.0.0.0, Zeitstempel: 0x40daa4fa
Name des fehlerhaften Moduls: insC300.tmp, Version: 3.0.0.0, Zeitstempel: 0x40daa4fa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00058b99
ID des fehlerhaften Prozesses: 0xfe4
Startzeit der fehlerhaften Anwendung: 0xinsC300.tmp0
Pfad der fehlerhaften Anwendung: insC300.tmp1
Pfad des fehlerhaften Moduls: insC300.tmp2
Berichtskennung: insC300.tmp3

Error: (01/31/2014 11:06:43 PM) (Source: MsiInstaller) (User: Tim-TOSH)
Description: Product: Apple Mobile Device Support -- Error 1920. Service 'Apple Mobile Device' (Apple Mobile Device) failed to start.  Verify that you have sufficient privileges to start system services.

Error: (01/31/2014 11:06:43 PM) (Source: MsiInstaller) (User: Tim-TOSH)
Description: Produkt: iTunes -- Service 'Apple Mobile Device' (Apple Mobile Device) failed to start.  Verify that you have sufficient privileges to start system services.

Error: (01/31/2014 11:06:11 PM) (Source: MsiInstaller) (User: Tim-TOSH)
Description: Product: Apple Mobile Device Support -- Error 1920. Service 'Apple Mobile Device' (Apple Mobile Device) failed to start.  Verify that you have sufficient privileges to start system services.

Error: (01/31/2014 11:06:11 PM) (Source: MsiInstaller) (User: Tim-TOSH)
Description: Produkt: iTunes -- Service 'Apple Mobile Device' (Apple Mobile Device) failed to start.  Verify that you have sufficient privileges to start system services.


System errors:
=============
Error: (02/09/2014 08:33:26 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (02/09/2014 08:32:31 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (02/08/2014 09:18:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (02/08/2014 09:17:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (02/08/2014 05:49:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (02/08/2014 05:48:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (02/08/2014 01:41:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (02/08/2014 01:40:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (02/08/2014 01:34:50 PM) (Source: Service Control Manager) (User: )
Description: Dienst "MgAssist Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/08/2014 01:33:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MgAssist Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-02-08 21:23:35.816
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-08 21:23:35.636
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-06-11 18:03:06.896
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2011-06-11 18:03:06.876
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-11-22 15:13:42.045
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-11-22 15:13:42.013
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 33%
Total physical RAM: 3954.67 MB
Available physical RAM: 2617.02 MB
Total Pagefile: 7907.52 MB
Available Pagefile: 6094.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:69.85 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:121.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 40D49AEE)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232 GB) - (Type=07 NTFS)

==================== End Of Log ===========================
         
--- --- ---
__________________

Alt 09.02.2014, 17:19   #4
schrauber
/// the machine
/// TB-Ausbilder
 

awesomehp.com - Standard

awesomehp.com



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.
  • Starte die sc-cleaner.exe mit einem Doppelclick.
  • Bestätige die Meldung Shortcut Cleaner Finished am Ende des Suchlaufs mit Ok.
  • Eine Logdatei wird sich öffnen (sc-cleaner.txt).
  • Poste den Inhalt mit deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.02.2014, 19:55   #5
Isapuin
 
awesomehp.com - Standard

awesomehp.com



Malwarebytes:

Code:
ATTFilter
 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.08.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Tim :: TIM-TOSH [Administrator]

08.02.2014 21:56:03
mbam-log-2014-02-08 (21-56-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 534072
Laufzeit: 1 Stunde(n), 55 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Users\Tim\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 9
HKCR\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} (PUP.Optional.DynConIE.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Keine Aktion durchgeführt.
HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\pkndmigholgfjlniaohblojbhgjbkakn (PUP.Optional.NewTab.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Keine Aktion durchgeführt.
HKLM\Software\awesomehpSoftware (PUP.Optional.Awesomehp.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Daten: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Tim\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 6
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.Awesomehp.A) -> Bösartig: (hxxp://www.awesomehp.com/?type=hp&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (PUP.Optional.Awesomehp.A) -> Bösartig: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT) Gut: (iexplore.exe) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (PUP.Optional.Awesomehp.A) -> Bösartig: (hxxp://www.awesomehp.com/web/?type=ds&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT&q={searchTerms}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Awesomehp.A) -> Bösartig: (hxxp://www.awesomehp.com/?type=hp&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bösartig: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Keine Aktion durchgeführt.
HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.Awesomehp.A) -> Bösartig: (hxxp://www.awesomehp.com/?type=hp&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 7
C:\Program Files (x86)\Common Files\337\libcef (PUP.Optional.337Technologies.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123 (PUP.Optional.337Technologies.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\locales (PUP.Optional.337Technologies.A) -> Keine Aktion durchgeführt.
C:\Users\Tim\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.
C:\Users\Tim\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.
C:\ProgramData\IePluginService (PUP.Optional.IePluginService.A) -> Keine Aktion durchgeführt.
C:\ProgramData\IePluginService\update (PUP.Optional.IePluginService.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 18
C:\Users\Tim\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SupTab\SupTab.dll (PUP.Optional.SupTab.A) -> Keine Aktion durchgeführt.
C:\Users\Tim\AppData\Local\genienext\nengine.dll (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.
C:\Users\Tim\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.
C:\Users\Tim\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.
C:\Users\Tim\AppData\Local\Opera\Opera\temporary_downloads\Setup.exe (PUP.Optional.OptimumInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\Tim\AppData\Local\Temp\fullpackage_temp1391862647\Baofeng.exe (PUP.Optional.NationZoom.A) -> Keine Aktion durchgeführt.
C:\Users\Tim\AppData\Local\Temp\fullpackage_temp1391862647\package1.zip (PUP.Optional.NationZoom.A) -> Keine Aktion durchgeführt.
C:\Users\Tim\AppData\Local\Temp\fullpackage_temp1391862647\UpDate.dll (PUP.Optional.SkyTech.A) -> Keine Aktion durchgeführt.
C:\Users\Tim\AppData\Local\Temp\fullpackage_temp1391862647\tmp\desk365.exe (PUP.Optional.Desk365.A) -> Keine Aktion durchgeführt.
C:\Users\Tim\AppData\Local\Temp\fullpackage_temp1391862647\tmp\SupTab.exe (PUP.Optional.SupTab.A) -> Keine Aktion durchgeführt.
D:\Users\User\AppData\Roaming\OpenCandy\OpenCandy_155BDBC590F241A0AE155276272E7844\DLMgr_3_1.6.44.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\icudt.dll (PUP.Optional.337Technologies.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\libcef.dll (PUP.Optional.337Technologies.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\locales\en-US.pak (PUP.Optional.337Technologies.A) -> Keine Aktion durchgeführt.
C:\Users\Tim\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.
C:\Users\Tim\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Keine Aktion durchgeführt.

(Ende)
         
ADW-Cleaner

Code:
ATTFilter
   AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.018 - Bericht erstellt am 09/02/2014 um 19:20:31
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Tim - TIM-TOSH
# Gestartet von : C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\225G1OA9\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


*************************

AdwCleaner[R0].txt - [9168 octets] - [09/02/2014 08:28:49]
AdwCleaner[R1].txt - [851 octets] - [09/02/2014 19:18:26]
AdwCleaner[S0].txt - [8472 octets] - [09/02/2014 08:30:48]
AdwCleaner[S1].txt - [773 octets] - [09/02/2014 19:20:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [832 octets] ##########
         
--- --- ---

Ich kann mit dem PC nicht mehr ins Internet.

Bekomme die Meldung:

"Der Proxyserever reagiert nicht"


Alt 10.02.2014, 17:05   #6
schrauber
/// the machine
/// TB-Ausbilder
 

awesomehp.com - Standard

awesomehp.com



Poste mal ein frisches FRST Log. Seit wann is das so, nach welchem der Tools?
__________________
--> awesomehp.com

Alt 10.02.2014, 18:24   #7
Isapuin
 
awesomehp.com - Standard

awesomehp.com



Ich würde ja gerne ein neues FRST machen aber das Programm scheint nicht mehr auf dem PC zu sein, jedenfalls finde ich es nicht mehr.

Alt 11.02.2014, 16:33   #8
schrauber
/// the machine
/// TB-Ausbilder
 

awesomehp.com - Standard

awesomehp.com



Dann lade es bitte neu auf enem anderen Rechner. Versuch bitte mal ob bei dir Safe Mode mit Netzwerk geht.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.02.2014, 19:27   #9
Isapuin
 
awesomehp.com - Standard

awesomehp.com



Zitat:
Zitat von schrauber Beitrag anzeigen
Dann lade es bitte neu auf enem anderen Rechner. Versuch bitte mal ob bei dir Safe Mode mit Netzwerk geht.
Mir ist nicht ganz klar wie ich das Programm auf meinen Rechner laden kann, ohne dass mein Browser funktioniert und leider hab ich keinen Schimmer was der Safe Mode ist.
Moment, das Programm auf einen anderen Rechner laden? Gut mach ich..
So, ist auf einem anderen Rechner.

O.K. Das mit dem Safe Mode ist geklärt, leider hab aber auch so keinen Zugriff auf das Internet, da die LAN Verbindung nicht erkannt wird.

Geändert von Isapuin (21.02.2014 um 20:00 Uhr)

Alt 22.02.2014, 17:06   #10
schrauber
/// the machine
/// TB-Ausbilder
 

awesomehp.com - Standard

awesomehp.com



Jetzt nimm das Programm vom anderen Rechner, wo du es geladen hast, per USB auf diesen Rechner und lass es scannen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.02.2014, 21:52   #11
Isapuin
 
awesomehp.com - Standard

awesomehp.com



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-02-2014
Ran by Tim (administrator) on TIM-TOSH on 24-02-2014 21:44:37
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2014-02-09] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2222540248-2346116835-2167669864-1000\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Tim\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49180;https=127.0.0.1:49180
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {05AAD116-DA88-4096-92BA-E3B41F45C8C8} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {05AAD116-DA88-4096-92BA-E3B41F45C8C8} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {1358F16A-CA75-42B4-B256-2F5A5F7AE6D9} URL = 
SearchScopes: HKCU - {4242676E-0C6D-4DA0-8552-0958547F6CF3} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {E86E71E6-5E7A-41BF-B85E-1F1E71B74DD9} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2014-02-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2014-02-09] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2014-02-09] (Avira Operations GmbH & Co. KG)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-12-11] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2014-02-09] (Avira Operations GmbH & Co. KG)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-21 18:44 - 2014-02-21 18:44 - 00000000 ____D () C:\Users\Tim\AppData\Local\{5A9011D8-4C10-4E36-8ABC-C439B7C98740}
2014-02-20 16:38 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-20 16:38 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-20 16:38 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-20 16:38 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-20 16:38 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-20 16:38 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-20 16:38 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-20 16:38 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-20 16:38 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-20 16:38 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-20 16:38 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-20 16:38 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-20 16:38 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-20 16:38 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-20 16:38 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-20 16:38 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-20 16:38 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-20 16:38 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-20 16:38 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-20 16:38 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-20 16:38 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-20 16:38 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-20 16:38 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-20 16:38 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-20 16:38 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-20 16:38 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-20 16:38 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-20 16:38 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-20 16:38 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-20 16:38 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-20 16:38 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-20 16:38 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-20 16:38 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-20 16:38 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-20 16:38 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-20 16:38 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-20 16:38 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-20 16:38 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-20 16:38 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-20 16:38 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-20 16:38 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-20 07:17 - 2014-02-20 07:17 - 00000000 ____D () C:\Users\Tim\AppData\Local\{80157F31-CE63-4AD6-90BE-B2D8DDA6F01B}
2014-02-17 17:08 - 2014-02-17 17:08 - 00000000 ____D () C:\Users\Tim\AppData\Local\{4DD72B0C-C7B7-4E14-A910-CD82D286DCCC}
2014-02-17 17:06 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-17 17:06 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-17 17:06 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-17 17:06 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-17 17:06 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-17 17:06 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-17 17:06 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-17 17:06 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-17 17:06 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-17 17:06 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-17 17:06 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-17 17:06 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-17 17:06 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-17 17:06 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-17 17:06 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-17 17:06 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-17 17:06 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-17 17:06 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-17 17:06 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-17 17:06 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-17 17:06 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-17 17:06 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-17 17:06 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-17 17:06 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-17 17:06 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-17 17:06 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-17 17:06 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-17 17:06 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-09 20:12 - 2014-02-09 20:12 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Avira
2014-02-09 20:11 - 2014-02-09 20:11 - 00001961 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-02-09 20:11 - 2014-02-09 20:11 - 00000000 ____D () C:\ProgramData\Avira
2014-02-09 20:11 - 2014-02-09 20:11 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-02-09 20:11 - 2014-02-09 20:08 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-09 20:11 - 2014-02-09 20:08 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-09 20:11 - 2014-02-09 20:08 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-02-09 20:11 - 2014-02-09 20:08 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-09 19:26 - 2014-02-09 19:26 - 00000000 ____D () C:\Windows\ERUNT
2014-02-09 08:47 - 2014-02-09 08:47 - 00035185 _____ () C:\Users\Tim\Downloads\Addition.txt
2014-02-09 08:46 - 2014-02-24 21:44 - 00000000 ____D () C:\FRST
2014-02-09 08:46 - 2014-02-09 08:47 - 00033361 _____ () C:\Users\Tim\Downloads\FRST.txt
2014-02-09 08:45 - 2014-02-09 08:45 - 02079744 _____ (Farbar) C:\Users\Tim\Downloads\FRST64.exe
2014-02-09 08:28 - 2014-02-09 19:20 - 00000000 ____D () C:\AdwCleaner
2014-02-08 21:30 - 2014-02-08 21:30 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\Program Files\iTunes
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\Program Files\iPod
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-08 13:34 - 2014-02-09 19:22 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\newnext.me
2014-02-08 13:34 - 2014-02-08 13:43 - 00000000 ____D () C:\Users\Tim\AppData\Local\Mobogenie
2014-02-08 13:34 - 2014-02-08 13:35 - 00000000 ____D () C:\Users\Tim\AppData\Local\cache
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\Documents\Mobogenie
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\AppData\Local\genienext
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\.android
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 _____ () C:\Users\Tim\daemonprocess.txt
2014-02-08 13:31 - 2014-02-08 13:43 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-08 13:31 - 2014-02-08 13:41 - 00000000 ____D () C:\ProgramData\WPM
2014-02-08 13:31 - 2014-02-08 13:41 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Trigger
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Startup
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Screenshots
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Scenario
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Savegame
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\RM
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\HomeCities
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Data
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\campaign
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\AI
2014-01-30 13:33 - 2014-01-30 13:33 - 00002944 _____ () C:\Windows\System32\Tasks\{84B55787-5C8D-43B8-BE8E-FDC08FD8C2DD}
2014-01-30 13:33 - 2014-01-30 13:33 - 00002944 _____ () C:\Windows\System32\Tasks\{1B2793D4-663B-40AF-BC12-F8CADD4AFBC3}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{E3564BDA-2FDB-4C7D-942F-B5C8E5F45661}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{6D685726-5E35-4CDB-9374-90E50F3A43D9}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{5ACC64A0-6D80-418E-AF24-45C569A4F89A}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{176DB793-3EB4-4C37-9171-731AFD6EA925}
2014-01-30 13:30 - 2014-01-30 13:30 - 00002944 _____ () C:\Windows\System32\Tasks\{13024CDD-B8D2-4350-9181-D9056EF638D1}
2014-01-30 13:29 - 2014-01-30 13:29 - 00002944 _____ () C:\Windows\System32\Tasks\{6CE05304-5CEE-478F-A735-63B14955A94F}
2014-01-30 13:28 - 2014-01-30 13:28 - 00002944 _____ () C:\Windows\System32\Tasks\{A300BC7E-F9A3-4B0C-A8C1-A6E40EC3856A}
2014-01-30 13:27 - 2014-01-30 13:27 - 00002944 _____ () C:\Windows\System32\Tasks\{F6827632-CF90-4BDE-B7D4-F8C78FF612AA}
2014-01-30 13:27 - 2014-01-30 13:27 - 00002944 _____ () C:\Windows\System32\Tasks\{B0E70F42-3BA1-49C8-9211-E0F86D63BE7C}
2014-01-30 13:27 - 2014-01-30 13:27 - 00002944 _____ () C:\Windows\System32\Tasks\{7E4852C2-EF31-4914-ADA8-47A0BC90E2EE}
2014-01-30 13:26 - 2014-01-30 13:26 - 00002944 _____ () C:\Windows\System32\Tasks\{BC05359E-D485-45EA-96BA-7BB4E3511E8B}
2014-01-30 13:22 - 2014-01-30 13:33 - 00000021 _____ () C:\Windows\SysWOW64\game.ini
2014-01-30 13:22 - 2014-01-30 13:32 - 00000031 _____ () C:\Windows\SysWOW64\news.ini
2014-01-30 13:21 - 2014-01-30 13:21 - 00002944 _____ () C:\Windows\System32\Tasks\{65EEB126-CF78-4D42-A7C3-645423B584DB}
2014-01-30 13:16 - 2014-01-30 13:16 - 00000060 _____ () C:\Windows\WININIT.INI
2014-01-30 13:00 - 2014-01-30 13:00 - 00000587 _____ () C:\Users\Tim\Desktop\Run HarpoonCE.lnk
2014-01-30 12:50 - 2014-01-30 12:55 - 734003200 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part1.exe
2014-01-30 12:40 - 2014-01-30 12:47 - 734003200 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part2.rar
2014-01-30 12:32 - 2014-01-30 12:38 - 734003200 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part3.rar
2014-01-30 12:25 - 2014-01-30 12:31 - 671103005 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part4.rar
2014-01-25 22:57 - 2014-01-25 22:57 - 00003274 _____ () C:\Windows\System32\Tasks\{8F40D587-C68E-4862-B189-0853B75531CD}
2014-01-25 22:55 - 2014-01-25 22:55 - 00000000 __RHD () C:\Users\Tim\AppData\Roaming\SecuROM
2014-01-25 22:54 - 2014-01-25 22:55 - 00000000 ____D () C:\Users\Tim\Downloads\fussball_manager09_installations_dateien
2014-01-25 20:19 - 2014-01-25 20:19 - 00031597 _____ () C:\Users\Tim\Downloads\meinGame.htm

==================== One Month Modified Files and Folders =======

2014-02-24 21:44 - 2014-02-09 08:46 - 00000000 ____D () C:\FRST
2014-02-24 21:39 - 2010-11-28 01:08 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-24 21:39 - 2010-11-14 16:50 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-02-24 21:39 - 2010-11-10 14:22 - 00090938 _____ () C:\Windows\setupact.log
2014-02-24 21:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-23 13:12 - 2010-10-09 04:32 - 01236514 _____ () C:\Windows\WindowsUpdate.log
2014-02-23 12:23 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-23 12:23 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-21 22:13 - 2010-11-28 01:08 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-21 19:43 - 2012-10-17 06:21 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-21 18:44 - 2014-02-21 18:44 - 00000000 ____D () C:\Users\Tim\AppData\Local\{5A9011D8-4C10-4E36-8ABC-C439B7C98740}
2014-02-21 18:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-21 18:41 - 2013-03-14 16:35 - 00000000 ____D () C:\Users\Tim\Desktop\Dokumente
2014-02-20 16:49 - 2009-07-14 18:58 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-02-20 16:49 - 2009-07-14 18:58 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-02-20 16:49 - 2009-07-14 06:13 - 01520734 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-20 16:48 - 2013-08-13 22:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-20 16:46 - 2010-11-01 19:29 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-20 07:17 - 2014-02-20 07:17 - 00000000 ____D () C:\Users\Tim\AppData\Local\{80157F31-CE63-4AD6-90BE-B2D8DDA6F01B}
2014-02-17 17:08 - 2014-02-17 17:08 - 00000000 ____D () C:\Users\Tim\AppData\Local\{4DD72B0C-C7B7-4E14-A910-CD82D286DCCC}
2014-02-17 17:08 - 2010-11-28 01:08 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-17 17:08 - 2010-11-28 01:08 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-17 17:04 - 2010-11-01 13:29 - 00000000 ____D () C:\Users\Tim
2014-02-10 07:17 - 2010-11-10 14:21 - 01737170 _____ () C:\Windows\PFRO.log
2014-02-09 20:12 - 2014-02-09 20:12 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Avira
2014-02-09 20:11 - 2014-02-09 20:11 - 00001961 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-02-09 20:11 - 2014-02-09 20:11 - 00000000 ____D () C:\ProgramData\Avira
2014-02-09 20:11 - 2014-02-09 20:11 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-02-09 20:08 - 2014-02-09 20:11 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-09 20:08 - 2014-02-09 20:11 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-09 20:08 - 2014-02-09 20:11 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-02-09 20:08 - 2014-02-09 20:11 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-09 19:26 - 2014-02-09 19:26 - 00000000 ____D () C:\Windows\ERUNT
2014-02-09 19:22 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\newnext.me
2014-02-09 19:20 - 2014-02-09 08:28 - 00000000 ____D () C:\AdwCleaner
2014-02-09 08:47 - 2014-02-09 08:47 - 00035185 _____ () C:\Users\Tim\Downloads\Addition.txt
2014-02-09 08:47 - 2014-02-09 08:46 - 00033361 _____ () C:\Users\Tim\Downloads\FRST.txt
2014-02-09 08:45 - 2014-02-09 08:45 - 02079744 _____ (Farbar) C:\Users\Tim\Downloads\FRST64.exe
2014-02-08 21:40 - 2010-11-01 13:39 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-02-08 21:38 - 2010-11-28 01:08 - 00000000 ____D () C:\Users\Tim\AppData\Local\Google
2014-02-08 21:38 - 2010-11-28 01:08 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-08 21:30 - 2014-02-08 21:30 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\Program Files\iTunes
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\Program Files\iPod
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-08 13:43 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\AppData\Local\Mobogenie
2014-02-08 13:43 - 2014-02-08 13:31 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-08 13:41 - 2014-02-08 13:31 - 00000000 ____D () C:\ProgramData\WPM
2014-02-08 13:41 - 2014-02-08 13:31 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-08 13:35 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\AppData\Local\cache
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\Documents\Mobogenie
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\AppData\Local\genienext
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\.android
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 _____ () C:\Users\Tim\daemonprocess.txt
2014-02-08 13:31 - 2010-11-01 13:31 - 00001648 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Trigger
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Startup
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Screenshots
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Scenario
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Savegame
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\RM
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\HomeCities
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Data
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\campaign
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\AI
2014-02-06 13:16 - 2014-02-20 16:38 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-20 16:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-20 16:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-20 16:38 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-20 16:38 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-20 16:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-20 16:38 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-20 16:38 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-20 16:38 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-20 16:38 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-20 16:38 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-20 16:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-20 16:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-20 16:38 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-20 16:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-20 16:38 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-20 16:38 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-20 16:38 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-20 16:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-20 16:38 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-20 16:38 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-20 16:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-20 16:38 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-20 16:38 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-20 16:38 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-20 16:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-20 16:38 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-20 16:38 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-20 16:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-20 16:38 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-20 16:38 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-20 16:38 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-20 16:38 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-20 16:38 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-20 16:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-20 16:38 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-20 16:38 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-20 16:38 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-20 16:38 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-30 18:51 - 2010-11-01 13:32 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Nero
2014-01-30 13:33 - 2014-01-30 13:33 - 00002944 _____ () C:\Windows\System32\Tasks\{84B55787-5C8D-43B8-BE8E-FDC08FD8C2DD}
2014-01-30 13:33 - 2014-01-30 13:33 - 00002944 _____ () C:\Windows\System32\Tasks\{1B2793D4-663B-40AF-BC12-F8CADD4AFBC3}
2014-01-30 13:33 - 2014-01-30 13:22 - 00000021 _____ () C:\Windows\SysWOW64\game.ini
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{E3564BDA-2FDB-4C7D-942F-B5C8E5F45661}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{6D685726-5E35-4CDB-9374-90E50F3A43D9}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{5ACC64A0-6D80-418E-AF24-45C569A4F89A}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{176DB793-3EB4-4C37-9171-731AFD6EA925}
2014-01-30 13:32 - 2014-01-30 13:22 - 00000031 _____ () C:\Windows\SysWOW64\news.ini
2014-01-30 13:30 - 2014-01-30 13:30 - 00002944 _____ () C:\Windows\System32\Tasks\{13024CDD-B8D2-4350-9181-D9056EF638D1}
2014-01-30 13:29 - 2014-01-30 13:29 - 00002944 _____ () C:\Windows\System32\Tasks\{6CE05304-5CEE-478F-A735-63B14955A94F}
2014-01-30 13:28 - 2014-01-30 13:28 - 00002944 _____ () C:\Windows\System32\Tasks\{A300BC7E-F9A3-4B0C-A8C1-A6E40EC3856A}
2014-01-30 13:27 - 2014-01-30 13:27 - 00002944 _____ () C:\Windows\System32\Tasks\{F6827632-CF90-4BDE-B7D4-F8C78FF612AA}
2014-01-30 13:27 - 2014-01-30 13:27 - 00002944 _____ () C:\Windows\System32\Tasks\{B0E70F42-3BA1-49C8-9211-E0F86D63BE7C}
2014-01-30 13:27 - 2014-01-30 13:27 - 00002944 _____ () C:\Windows\System32\Tasks\{7E4852C2-EF31-4914-ADA8-47A0BC90E2EE}
2014-01-30 13:26 - 2014-01-30 13:26 - 00002944 _____ () C:\Windows\System32\Tasks\{BC05359E-D485-45EA-96BA-7BB4E3511E8B}
2014-01-30 13:21 - 2014-01-30 13:21 - 00002944 _____ () C:\Windows\System32\Tasks\{65EEB126-CF78-4D42-A7C3-645423B584DB}
2014-01-30 13:20 - 2010-11-15 12:06 - 00250911 _____ () C:\Windows\DirectX.log
2014-01-30 13:16 - 2014-01-30 13:16 - 00000060 _____ () C:\Windows\WININIT.INI
2014-01-30 13:00 - 2014-01-30 13:00 - 00000587 _____ () C:\Users\Tim\Desktop\Run HarpoonCE.lnk
2014-01-30 12:55 - 2014-01-30 12:50 - 734003200 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part1.exe
2014-01-30 12:47 - 2014-01-30 12:40 - 734003200 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part2.rar
2014-01-30 12:38 - 2014-01-30 12:32 - 734003200 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part3.rar
2014-01-30 12:31 - 2014-01-30 12:25 - 671103005 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part4.rar
2014-01-29 17:13 - 2010-11-01 15:36 - 00000000 ____D () C:\ProgramData\Apple
2014-01-25 22:57 - 2014-01-25 22:57 - 00003274 _____ () C:\Windows\System32\Tasks\{8F40D587-C68E-4862-B189-0853B75531CD}
2014-01-25 22:55 - 2014-01-25 22:55 - 00000000 __RHD () C:\Users\Tim\AppData\Roaming\SecuROM
2014-01-25 22:55 - 2014-01-25 22:54 - 00000000 ____D () C:\Users\Tim\Downloads\fussball_manager09_installations_dateien
2014-01-25 20:19 - 2014-01-25 20:19 - 00031597 _____ () C:\Users\Tim\Downloads\meinGame.htm

Some content of TEMP:
====================
C:\Users\Tim\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-09 00:09

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 25.02.2014, 19:49   #12
schrauber
/// the machine
/// TB-Ausbilder
 

awesomehp.com - Standard

awesomehp.com



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49180;https=127.0.0.1:49180
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Internet sollte wieder gehen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.02.2014, 13:13   #13
Isapuin
 
awesomehp.com - Standard

awesomehp.com



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-02-2014
Ran by Tim at 2014-02-25 20:08:08 Run:1
Running from F:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49180;https=127.0.0.1:49180
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.

==== End of Fixlog ====
         
Ja, Internet funktioniert wieder

JRT.txt


Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Tim on 26.02.2014 at 12:58:50,18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

    Value Name          Type                             Value Data                     
========================================================================================
    NextLive    REG_SZ    C:\Windows\SysWOW64\rundll32.exe "C:\Users\Tim\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l




~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{3D0458FD-BB79-4FB4-9730-527F9C5FF25D}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{4DD72B0C-C7B7-4E14-A910-CD82D286DCCC}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{5A9011D8-4C10-4E36-8ABC-C439B7C98740}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{80157F31-CE63-4AD6-90BE-B2D8DDA6F01B}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{D3C75CC9-43EA-4B05-98B6-ED14FDFBF42F}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.02.2014 at 13:04:21,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
sc-cleaner.txt

Code:
ATTFilter
Shortcut Cleaner 1.2.9 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 7 Home Premium Service Pack 1
Program started at: 02/26/2014 01:08:04 PM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\

  * Shortcut Cleaned: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT

  * Shortcut Cleaned: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Tim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

  * Shortcut Cleaned: C:\Users\Tim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT

  * Shortcut Cleaned: C:\Users\Tim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT

Searching C:\Users\Public\Desktop\

Searching C:\Users\Tim\Desktop


4 bad shortcuts found.

Program finished at: 02/26/2014 01:08:05 PM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)
         





FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-02-2014
Ran by Tim (administrator) on TIM-TOSH on 26-02-2014 13:12:06
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2222540248-2346116835-2167669864-1000\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Tim\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {05AAD116-DA88-4096-92BA-E3B41F45C8C8} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {05AAD116-DA88-4096-92BA-E3B41F45C8C8} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {1358F16A-CA75-42B4-B256-2F5A5F7AE6D9} URL = 
SearchScopes: HKCU - {4242676E-0C6D-4DA0-8552-0958547F6CF3} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {E86E71E6-5E7A-41BF-B85E-1F1E71B74DD9} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-12-11] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2014-02-09] (Avira Operations GmbH & Co. KG)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-26 13:09 - 2014-02-26 13:09 - 02155520 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe
2014-02-26 13:08 - 2014-02-26 13:08 - 00004090 _____ () C:\sc-cleaner.txt
2014-02-26 13:07 - 2014-02-26 13:07 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Tim\Desktop\sc-cleaner.exe
2014-02-26 13:04 - 2014-02-26 13:04 - 00001520 _____ () C:\Users\Tim\Desktop\JRT.txt
2014-02-26 12:58 - 2014-02-26 12:58 - 01037734 _____ (Thisisu) C:\Users\Tim\Desktop\JRT.exe
2014-02-26 12:57 - 2014-02-26 12:57 - 01037734 _____ (Thisisu) C:\Users\Tim\Downloads\JRT.exe
2014-02-25 20:07 - 2014-02-25 20:07 - 00000105 _____ () C:\Users\Tim\Desktop\FIXLIST.txt
2014-02-20 16:38 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-20 16:38 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-20 16:38 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-20 16:38 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-20 16:38 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-20 16:38 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-20 16:38 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-20 16:38 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-20 16:38 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-20 16:38 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-20 16:38 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-20 16:38 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-20 16:38 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-20 16:38 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-20 16:38 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-20 16:38 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-20 16:38 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-20 16:38 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-20 16:38 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-20 16:38 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-20 16:38 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-20 16:38 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-20 16:38 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-20 16:38 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-20 16:38 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-20 16:38 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-20 16:38 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-20 16:38 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-20 16:38 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-20 16:38 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-20 16:38 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-20 16:38 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-20 16:38 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-20 16:38 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-20 16:38 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-20 16:38 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-20 16:38 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-20 16:38 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-20 16:38 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-20 16:38 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-20 16:38 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-17 17:06 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-17 17:06 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-17 17:06 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-17 17:06 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-17 17:06 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-17 17:06 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-17 17:06 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-17 17:06 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-17 17:06 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-17 17:06 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-17 17:06 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-17 17:06 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-17 17:06 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-17 17:06 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-17 17:06 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-17 17:06 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-17 17:06 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-17 17:06 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-17 17:06 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-17 17:06 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-17 17:06 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-17 17:06 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-17 17:06 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-17 17:06 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-17 17:06 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-17 17:06 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-17 17:06 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-17 17:06 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-09 20:12 - 2014-02-09 20:12 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Avira
2014-02-09 20:11 - 2014-02-09 20:11 - 00001961 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-02-09 20:11 - 2014-02-09 20:11 - 00000000 ____D () C:\ProgramData\Avira
2014-02-09 20:11 - 2014-02-09 20:11 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-02-09 20:11 - 2014-02-09 20:08 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-09 20:11 - 2014-02-09 20:08 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-09 20:11 - 2014-02-09 20:08 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-02-09 20:11 - 2014-02-09 20:08 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-09 19:26 - 2014-02-09 19:26 - 00000000 ____D () C:\Windows\ERUNT
2014-02-09 08:47 - 2014-02-09 08:47 - 00035185 _____ () C:\Users\Tim\Downloads\Addition.txt
2014-02-09 08:46 - 2014-02-26 13:12 - 00000000 ____D () C:\FRST
2014-02-09 08:46 - 2014-02-09 08:47 - 00033361 _____ () C:\Users\Tim\Downloads\FRST.txt
2014-02-09 08:45 - 2014-02-09 08:45 - 02079744 _____ (Farbar) C:\Users\Tim\Downloads\FRST64.exe
2014-02-09 08:28 - 2014-02-09 19:20 - 00000000 ____D () C:\AdwCleaner
2014-02-08 21:30 - 2014-02-08 21:30 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\Program Files\iTunes
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\Program Files\iPod
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-08 13:34 - 2014-02-26 12:55 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\newnext.me
2014-02-08 13:34 - 2014-02-08 13:43 - 00000000 ____D () C:\Users\Tim\AppData\Local\Mobogenie
2014-02-08 13:34 - 2014-02-08 13:35 - 00000000 ____D () C:\Users\Tim\AppData\Local\cache
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\Documents\Mobogenie
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\AppData\Local\genienext
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\.android
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 _____ () C:\Users\Tim\daemonprocess.txt
2014-02-08 13:31 - 2014-02-08 13:43 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-08 13:31 - 2014-02-08 13:41 - 00000000 ____D () C:\ProgramData\WPM
2014-02-08 13:31 - 2014-02-08 13:41 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Trigger
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Startup
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Screenshots
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Scenario
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Savegame
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\RM
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\HomeCities
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Data
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\campaign
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\AI
2014-01-30 13:33 - 2014-01-30 13:33 - 00002944 _____ () C:\Windows\System32\Tasks\{84B55787-5C8D-43B8-BE8E-FDC08FD8C2DD}
2014-01-30 13:33 - 2014-01-30 13:33 - 00002944 _____ () C:\Windows\System32\Tasks\{1B2793D4-663B-40AF-BC12-F8CADD4AFBC3}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{E3564BDA-2FDB-4C7D-942F-B5C8E5F45661}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{6D685726-5E35-4CDB-9374-90E50F3A43D9}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{5ACC64A0-6D80-418E-AF24-45C569A4F89A}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{176DB793-3EB4-4C37-9171-731AFD6EA925}
2014-01-30 13:30 - 2014-01-30 13:30 - 00002944 _____ () C:\Windows\System32\Tasks\{13024CDD-B8D2-4350-9181-D9056EF638D1}
2014-01-30 13:29 - 2014-01-30 13:29 - 00002944 _____ () C:\Windows\System32\Tasks\{6CE05304-5CEE-478F-A735-63B14955A94F}
2014-01-30 13:28 - 2014-01-30 13:28 - 00002944 _____ () C:\Windows\System32\Tasks\{A300BC7E-F9A3-4B0C-A8C1-A6E40EC3856A}
2014-01-30 13:27 - 2014-01-30 13:27 - 00002944 _____ () C:\Windows\System32\Tasks\{F6827632-CF90-4BDE-B7D4-F8C78FF612AA}
2014-01-30 13:27 - 2014-01-30 13:27 - 00002944 _____ () C:\Windows\System32\Tasks\{B0E70F42-3BA1-49C8-9211-E0F86D63BE7C}
2014-01-30 13:27 - 2014-01-30 13:27 - 00002944 _____ () C:\Windows\System32\Tasks\{7E4852C2-EF31-4914-ADA8-47A0BC90E2EE}
2014-01-30 13:26 - 2014-01-30 13:26 - 00002944 _____ () C:\Windows\System32\Tasks\{BC05359E-D485-45EA-96BA-7BB4E3511E8B}
2014-01-30 13:22 - 2014-01-30 13:33 - 00000021 _____ () C:\Windows\SysWOW64\game.ini
2014-01-30 13:22 - 2014-01-30 13:32 - 00000031 _____ () C:\Windows\SysWOW64\news.ini
2014-01-30 13:21 - 2014-01-30 13:21 - 00002944 _____ () C:\Windows\System32\Tasks\{65EEB126-CF78-4D42-A7C3-645423B584DB}
2014-01-30 13:16 - 2014-01-30 13:16 - 00000060 _____ () C:\Windows\WININIT.INI
2014-01-30 13:00 - 2014-01-30 13:00 - 00000587 _____ () C:\Users\Tim\Desktop\Run HarpoonCE.lnk
2014-01-30 12:50 - 2014-01-30 12:55 - 734003200 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part1.exe
2014-01-30 12:40 - 2014-01-30 12:47 - 734003200 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part2.rar
2014-01-30 12:32 - 2014-01-30 12:38 - 734003200 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part3.rar
2014-01-30 12:25 - 2014-01-30 12:31 - 671103005 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part4.rar

==================== One Month Modified Files and Folders =======

2014-02-26 13:12 - 2014-02-09 08:46 - 00000000 ____D () C:\FRST
2014-02-26 13:09 - 2014-02-26 13:09 - 02155520 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe
2014-02-26 13:08 - 2014-02-26 13:08 - 00004090 _____ () C:\sc-cleaner.txt
2014-02-26 13:08 - 2010-11-01 13:31 - 00001432 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-26 13:07 - 2014-02-26 13:07 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Tim\Desktop\sc-cleaner.exe
2014-02-26 13:04 - 2014-02-26 13:04 - 00001520 _____ () C:\Users\Tim\Desktop\JRT.txt
2014-02-26 13:03 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-26 13:03 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-26 12:59 - 2010-10-09 04:32 - 01297999 _____ () C:\Windows\WindowsUpdate.log
2014-02-26 12:58 - 2014-02-26 12:58 - 01037734 _____ (Thisisu) C:\Users\Tim\Desktop\JRT.exe
2014-02-26 12:57 - 2014-02-26 12:57 - 01037734 _____ (Thisisu) C:\Users\Tim\Downloads\JRT.exe
2014-02-26 12:56 - 2010-11-14 16:50 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-02-26 12:55 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\newnext.me
2014-02-26 12:55 - 2010-11-28 01:08 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-26 12:55 - 2010-11-10 14:22 - 00091106 _____ () C:\Windows\setupact.log
2014-02-26 12:55 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-26 12:16 - 2009-07-14 18:58 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-02-26 12:16 - 2009-07-14 18:58 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-02-26 12:16 - 2009-07-14 06:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 12:13 - 2010-11-28 01:08 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-25 20:07 - 2014-02-25 20:07 - 00000105 _____ () C:\Users\Tim\Desktop\FIXLIST.txt
2014-02-25 20:00 - 2013-03-14 16:35 - 00000000 ____D () C:\Users\Tim\Desktop\Dokumente
2014-02-25 17:14 - 2010-11-01 14:51 - 00000000 ____D () C:\Users\Tim\AppData\Local\Windows Live
2014-02-21 19:43 - 2012-10-17 06:21 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-21 18:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-20 16:48 - 2013-08-13 22:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-20 16:46 - 2010-11-01 19:29 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-17 17:08 - 2010-11-28 01:08 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-17 17:08 - 2010-11-28 01:08 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-17 17:04 - 2010-11-01 13:29 - 00000000 ____D () C:\Users\Tim
2014-02-10 07:17 - 2010-11-10 14:21 - 01737170 _____ () C:\Windows\PFRO.log
2014-02-09 20:12 - 2014-02-09 20:12 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Avira
2014-02-09 20:11 - 2014-02-09 20:11 - 00001961 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-02-09 20:11 - 2014-02-09 20:11 - 00000000 ____D () C:\ProgramData\Avira
2014-02-09 20:11 - 2014-02-09 20:11 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-02-09 20:08 - 2014-02-09 20:11 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-09 20:08 - 2014-02-09 20:11 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-09 20:08 - 2014-02-09 20:11 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-02-09 20:08 - 2014-02-09 20:11 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-09 19:26 - 2014-02-09 19:26 - 00000000 ____D () C:\Windows\ERUNT
2014-02-09 19:20 - 2014-02-09 08:28 - 00000000 ____D () C:\AdwCleaner
2014-02-09 08:47 - 2014-02-09 08:47 - 00035185 _____ () C:\Users\Tim\Downloads\Addition.txt
2014-02-09 08:47 - 2014-02-09 08:46 - 00033361 _____ () C:\Users\Tim\Downloads\FRST.txt
2014-02-09 08:45 - 2014-02-09 08:45 - 02079744 _____ (Farbar) C:\Users\Tim\Downloads\FRST64.exe
2014-02-08 21:40 - 2010-11-01 13:39 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-02-08 21:38 - 2010-11-28 01:08 - 00000000 ____D () C:\Users\Tim\AppData\Local\Google
2014-02-08 21:38 - 2010-11-28 01:08 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-08 21:30 - 2014-02-08 21:30 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\Program Files\iTunes
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\Program Files\iPod
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-08 13:43 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\AppData\Local\Mobogenie
2014-02-08 13:43 - 2014-02-08 13:31 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-08 13:41 - 2014-02-08 13:31 - 00000000 ____D () C:\ProgramData\WPM
2014-02-08 13:41 - 2014-02-08 13:31 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-08 13:35 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\AppData\Local\cache
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\Documents\Mobogenie
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\AppData\Local\genienext
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\.android
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 _____ () C:\Users\Tim\daemonprocess.txt
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Trigger
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Startup
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Screenshots
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Scenario
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Savegame
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\RM
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\HomeCities
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Data
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\campaign
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\AI
2014-02-06 13:16 - 2014-02-20 16:38 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-20 16:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-20 16:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-20 16:38 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-20 16:38 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-20 16:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-20 16:38 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-20 16:38 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-20 16:38 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-20 16:38 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-20 16:38 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-20 16:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-20 16:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-20 16:38 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-20 16:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-20 16:38 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-20 16:38 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-20 16:38 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-20 16:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-20 16:38 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-20 16:38 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-20 16:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-20 16:38 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-20 16:38 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-20 16:38 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-20 16:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-20 16:38 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-20 16:38 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-20 16:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-20 16:38 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-20 16:38 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-20 16:38 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-20 16:38 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-20 16:38 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-20 16:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-20 16:38 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-20 16:38 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-20 16:38 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-20 16:38 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-30 18:51 - 2010-11-01 13:32 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Nero
2014-01-30 13:33 - 2014-01-30 13:33 - 00002944 _____ () C:\Windows\System32\Tasks\{84B55787-5C8D-43B8-BE8E-FDC08FD8C2DD}
2014-01-30 13:33 - 2014-01-30 13:33 - 00002944 _____ () C:\Windows\System32\Tasks\{1B2793D4-663B-40AF-BC12-F8CADD4AFBC3}
2014-01-30 13:33 - 2014-01-30 13:22 - 00000021 _____ () C:\Windows\SysWOW64\game.ini
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{E3564BDA-2FDB-4C7D-942F-B5C8E5F45661}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{6D685726-5E35-4CDB-9374-90E50F3A43D9}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{5ACC64A0-6D80-418E-AF24-45C569A4F89A}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{176DB793-3EB4-4C37-9171-731AFD6EA925}
2014-01-30 13:32 - 2014-01-30 13:22 - 00000031 _____ () C:\Windows\SysWOW64\news.ini
2014-01-30 13:30 - 2014-01-30 13:30 - 00002944 _____ () C:\Windows\System32\Tasks\{13024CDD-B8D2-4350-9181-D9056EF638D1}
2014-01-30 13:29 - 2014-01-30 13:29 - 00002944 _____ () C:\Windows\System32\Tasks\{6CE05304-5CEE-478F-A735-63B14955A94F}
2014-01-30 13:28 - 2014-01-30 13:28 - 00002944 _____ () C:\Windows\System32\Tasks\{A300BC7E-F9A3-4B0C-A8C1-A6E40EC3856A}
2014-01-30 13:27 - 2014-01-30 13:27 - 00002944 _____ () C:\Windows\System32\Tasks\{F6827632-CF90-4BDE-B7D4-F8C78FF612AA}
2014-01-30 13:27 - 2014-01-30 13:27 - 00002944 _____ () C:\Windows\System32\Tasks\{B0E70F42-3BA1-49C8-9211-E0F86D63BE7C}
2014-01-30 13:27 - 2014-01-30 13:27 - 00002944 _____ () C:\Windows\System32\Tasks\{7E4852C2-EF31-4914-ADA8-47A0BC90E2EE}
2014-01-30 13:26 - 2014-01-30 13:26 - 00002944 _____ () C:\Windows\System32\Tasks\{BC05359E-D485-45EA-96BA-7BB4E3511E8B}
2014-01-30 13:21 - 2014-01-30 13:21 - 00002944 _____ () C:\Windows\System32\Tasks\{65EEB126-CF78-4D42-A7C3-645423B584DB}
2014-01-30 13:20 - 2010-11-15 12:06 - 00250911 _____ () C:\Windows\DirectX.log
2014-01-30 13:16 - 2014-01-30 13:16 - 00000060 _____ () C:\Windows\WININIT.INI
2014-01-30 13:00 - 2014-01-30 13:00 - 00000587 _____ () C:\Users\Tim\Desktop\Run HarpoonCE.lnk
2014-01-30 12:55 - 2014-01-30 12:50 - 734003200 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part1.exe
2014-01-30 12:47 - 2014-01-30 12:40 - 734003200 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part2.rar
2014-01-30 12:38 - 2014-01-30 12:32 - 734003200 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part3.rar
2014-01-30 12:31 - 2014-01-30 12:25 - 671103005 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part4.rar
2014-01-29 17:13 - 2010-11-01 15:36 - 00000000 ____D () C:\ProgramData\Apple

Some content of TEMP:
====================
C:\Users\Tim\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-09 00:09

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Alt 27.02.2014, 11:57   #14
schrauber
/// the machine
/// TB-Ausbilder
 

awesomehp.com - Standard

awesomehp.com




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.02.2014, 17:25   #15
Isapuin
 
awesomehp.com - Standard

awesomehp.com



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=922e16d037dd6d4383bcd5a0b72ce223
# engine=17247
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-27 03:12:36
# local_time=2014-02-27 04:12:36 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 82787 164181661 75552 0
# compatibility_mode=5893 16776574 100 94 78063 145143806 0 0
# scanned=340612
# found=2
# cleaned=0
# scan_time=12682
sh=691C23039F8EB55F5C1333E93F932828C234CCDD ft=1 fh=a1638f49f71e8b80 vn="a variant of Win32/AdWare.iBryte.Q application" ac=I fn="C:\Users\Tim\AppData\Local\Opera\Opera\temporary_downloads\Setup.exe"
sh=17BCD2383679B1BD3ABA3E352C8BE3E8BC4D25DA ft=1 fh=c71c001192ebd825 vn="Win32/Adware.RegistryEasy application" ac=I fn="D:\DATA\Program Files\Registry Easy\Recoveryer.dll"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 TuneUp Utilities 2012   
 TuneUp Utilities Language Pack (de-DE) 
 Java 7 Update 45  
 Java version out of Date! 
  Adobe Flash Player 12.0.0.70 Flash Player out of Date!  
 Adobe Reader XI  
 Google Chrome 29.0.1547.66  
 Google Chrome 33.0.1750.117  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-02-2014
Ran by Tim (administrator) on TIM-TOSH on 27-02-2014 17:09:53
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
() C:\Program Files (x86)\Opera\19.0.1326.63\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2222540248-2346116835-2167669864-1000\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Tim\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391862656&from=adks&uid=TOSHIBAXMK5055GSXN_20DZT1SFTXX20DZT1SFT
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {05AAD116-DA88-4096-92BA-E3B41F45C8C8} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {05AAD116-DA88-4096-92BA-E3B41F45C8C8} URL = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
SearchScopes: HKCU - {1358F16A-CA75-42B4-B256-2F5A5F7AE6D9} URL = 
SearchScopes: HKCU - {4242676E-0C6D-4DA0-8552-0958547F6CF3} URL = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKCU - {9C635871-B306-4E34-B314-716ED036FEF1} URL = 
SearchScopes: HKCU - {E86E71E6-5E7A-41BF-B85E-1F1E71B74DD9} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
CHR Plugin: (TVU Web Player for FireFox) - C:\Windows\system32\TVUAx\npTVUAx.dll No File
CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-26]
CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-26]
CHR HKLM-x32\...\Chrome\Extension: [pkndmigholgfjlniaohblojbhgjbkakn] - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-02-26]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-11] (Toshiba Europe GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2144056 2013-12-11] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2014-02-09] (Avira Operations GmbH & Co. KG)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-27 17:03 - 2014-02-27 17:03 - 00987425 _____ () C:\Users\Tim\Desktop\SecurityCheck.exe
2014-02-27 12:44 - 2014-02-27 12:44 - 00000000 ____D () C:\Users\Tim\AppData\Local\{4E75D6CD-0BC0-42D1-813E-9061DBA43BFD}
2014-02-27 12:39 - 2014-02-27 12:39 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-27 12:37 - 2014-02-27 12:37 - 02347384 _____ (ESET) C:\Users\Tim\Downloads\esetsmartinstaller_enu.exe
2014-02-26 18:45 - 2014-02-27 13:17 - 00002142 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-26 18:44 - 2014-02-26 18:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-26 18:44 - 2014-02-26 18:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-26 18:40 - 2014-02-26 18:40 - 00001100 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-02-26 18:40 - 2014-02-26 18:40 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Opera Software
2014-02-26 18:40 - 2014-02-26 18:40 - 00000000 ____D () C:\Users\Tim\AppData\Local\Opera Software
2014-02-26 18:39 - 2014-02-26 18:39 - 35623952 _____ (Opera Software ASA) C:\Users\Tim\Desktop\Opera_19.0.1326.63_Setup.exe
2014-02-26 18:29 - 2014-02-26 18:30 - 137004504 _____ () C:\Users\Tim\Desktop\avira_free_antivirus_de.exe
2014-02-26 18:24 - 2014-02-26 18:24 - 00001986 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-02-26 18:24 - 2014-02-26 18:24 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-26 13:08 - 2014-02-26 13:08 - 00004090 _____ () C:\sc-cleaner.txt
2014-02-26 13:07 - 2014-02-26 13:07 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Tim\Desktop\sc-cleaner.exe
2014-02-26 13:04 - 2014-02-26 13:04 - 00001520 _____ () C:\Users\Tim\Desktop\JRT.txt
2014-02-26 12:58 - 2014-02-26 12:58 - 01037734 _____ (Thisisu) C:\Users\Tim\Desktop\JRT.exe
2014-02-26 12:57 - 2014-02-26 12:57 - 01037734 _____ (Thisisu) C:\Users\Tim\Downloads\JRT.exe
2014-02-25 20:07 - 2014-02-25 20:07 - 00000105 _____ () C:\Users\Tim\Desktop\FIXLIST.txt
2014-02-20 16:38 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-20 16:38 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-20 16:38 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-20 16:38 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-20 16:38 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-20 16:38 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-20 16:38 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-20 16:38 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-20 16:38 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-20 16:38 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-20 16:38 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-20 16:38 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-20 16:38 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-20 16:38 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-20 16:38 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-20 16:38 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-20 16:38 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-20 16:38 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-20 16:38 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-20 16:38 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-20 16:38 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-20 16:38 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-20 16:38 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-20 16:38 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-20 16:38 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-20 16:38 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-20 16:38 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-20 16:38 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-20 16:38 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-20 16:38 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-20 16:38 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-20 16:38 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-20 16:38 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-20 16:38 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-20 16:38 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-20 16:38 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-20 16:38 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-20 16:38 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-20 16:38 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-20 16:38 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-20 16:38 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-17 17:06 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-17 17:06 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-17 17:06 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-17 17:06 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-17 17:06 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-17 17:06 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-17 17:06 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-17 17:06 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-17 17:06 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-17 17:06 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-17 17:06 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-17 17:06 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-17 17:06 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-17 17:06 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-17 17:06 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-17 17:06 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-17 17:06 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-17 17:06 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-17 17:06 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-17 17:06 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-17 17:06 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-17 17:06 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-17 17:06 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-17 17:06 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-17 17:06 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-17 17:06 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-17 17:06 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-17 17:06 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-09 20:12 - 2014-02-09 20:12 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Avira
2014-02-09 20:11 - 2014-02-26 18:30 - 00002037 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-02-09 20:11 - 2014-02-09 20:11 - 00000000 ____D () C:\ProgramData\Avira
2014-02-09 20:11 - 2014-02-09 20:11 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-02-09 20:11 - 2014-02-09 20:08 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-09 20:11 - 2014-02-09 20:08 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-09 20:11 - 2014-02-09 20:08 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-02-09 20:11 - 2014-02-09 20:08 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-09 19:26 - 2014-02-09 19:26 - 00000000 ____D () C:\Windows\ERUNT
2014-02-09 08:47 - 2014-02-09 08:47 - 00035185 _____ () C:\Users\Tim\Downloads\Addition.txt
2014-02-09 08:46 - 2014-02-27 17:09 - 00000000 ____D () C:\FRST
2014-02-09 08:46 - 2014-02-09 08:47 - 00033361 _____ () C:\Users\Tim\Downloads\FRST.txt
2014-02-09 08:45 - 2014-02-09 08:45 - 02079744 _____ (Farbar) C:\Users\Tim\Downloads\FRST64.exe
2014-02-09 08:28 - 2014-02-09 19:20 - 00000000 ____D () C:\AdwCleaner
2014-02-08 21:30 - 2014-02-08 21:30 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\Program Files\iTunes
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\Program Files\iPod
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-08 13:34 - 2014-02-27 12:34 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\newnext.me
2014-02-08 13:34 - 2014-02-08 13:43 - 00000000 ____D () C:\Users\Tim\AppData\Local\Mobogenie
2014-02-08 13:34 - 2014-02-08 13:35 - 00000000 ____D () C:\Users\Tim\AppData\Local\cache
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\Documents\Mobogenie
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\AppData\Local\genienext
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\.android
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 _____ () C:\Users\Tim\daemonprocess.txt
2014-02-08 13:31 - 2014-02-08 13:43 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-08 13:31 - 2014-02-08 13:41 - 00000000 ____D () C:\ProgramData\WPM
2014-02-08 13:31 - 2014-02-08 13:41 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Trigger
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Startup
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Screenshots
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Scenario
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Savegame
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\RM
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\HomeCities
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Data
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\campaign
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\AI
2014-01-30 13:33 - 2014-01-30 13:33 - 00002944 _____ () C:\Windows\System32\Tasks\{84B55787-5C8D-43B8-BE8E-FDC08FD8C2DD}
2014-01-30 13:33 - 2014-01-30 13:33 - 00002944 _____ () C:\Windows\System32\Tasks\{1B2793D4-663B-40AF-BC12-F8CADD4AFBC3}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{E3564BDA-2FDB-4C7D-942F-B5C8E5F45661}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{6D685726-5E35-4CDB-9374-90E50F3A43D9}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{5ACC64A0-6D80-418E-AF24-45C569A4F89A}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{176DB793-3EB4-4C37-9171-731AFD6EA925}
2014-01-30 13:30 - 2014-01-30 13:30 - 00002944 _____ () C:\Windows\System32\Tasks\{13024CDD-B8D2-4350-9181-D9056EF638D1}
2014-01-30 13:29 - 2014-01-30 13:29 - 00002944 _____ () C:\Windows\System32\Tasks\{6CE05304-5CEE-478F-A735-63B14955A94F}
2014-01-30 13:28 - 2014-01-30 13:28 - 00002944 _____ () C:\Windows\System32\Tasks\{A300BC7E-F9A3-4B0C-A8C1-A6E40EC3856A}
2014-01-30 13:27 - 2014-01-30 13:27 - 00002944 _____ () C:\Windows\System32\Tasks\{F6827632-CF90-4BDE-B7D4-F8C78FF612AA}
2014-01-30 13:27 - 2014-01-30 13:27 - 00002944 _____ () C:\Windows\System32\Tasks\{B0E70F42-3BA1-49C8-9211-E0F86D63BE7C}
2014-01-30 13:27 - 2014-01-30 13:27 - 00002944 _____ () C:\Windows\System32\Tasks\{7E4852C2-EF31-4914-ADA8-47A0BC90E2EE}
2014-01-30 13:26 - 2014-01-30 13:26 - 00002944 _____ () C:\Windows\System32\Tasks\{BC05359E-D485-45EA-96BA-7BB4E3511E8B}
2014-01-30 13:22 - 2014-01-30 13:33 - 00000021 _____ () C:\Windows\SysWOW64\game.ini
2014-01-30 13:22 - 2014-01-30 13:32 - 00000031 _____ () C:\Windows\SysWOW64\news.ini
2014-01-30 13:21 - 2014-01-30 13:21 - 00002944 _____ () C:\Windows\System32\Tasks\{65EEB126-CF78-4D42-A7C3-645423B584DB}
2014-01-30 13:16 - 2014-01-30 13:16 - 00000060 _____ () C:\Windows\WININIT.INI
2014-01-30 13:00 - 2014-01-30 13:00 - 00000587 _____ () C:\Users\Tim\Desktop\Run HarpoonCE.lnk
2014-01-30 12:50 - 2014-01-30 12:55 - 734003200 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part1.exe
2014-01-30 12:40 - 2014-01-30 12:47 - 734003200 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part2.rar
2014-01-30 12:32 - 2014-01-30 12:38 - 734003200 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part3.rar
2014-01-30 12:25 - 2014-01-30 12:31 - 671103005 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part4.rar

==================== One Month Modified Files and Folders =======

2014-02-27 17:09 - 2014-02-09 08:46 - 00000000 ____D () C:\FRST
2014-02-27 17:03 - 2014-02-27 17:03 - 00987425 _____ () C:\Users\Tim\Desktop\SecurityCheck.exe
2014-02-27 16:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-27 16:13 - 2010-11-28 01:08 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-27 16:05 - 2010-10-09 04:32 - 01352953 _____ () C:\Windows\WindowsUpdate.log
2014-02-27 13:17 - 2014-02-26 18:45 - 00002142 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-27 12:44 - 2014-02-27 12:44 - 00000000 ____D () C:\Users\Tim\AppData\Local\{4E75D6CD-0BC0-42D1-813E-9061DBA43BFD}
2014-02-27 12:42 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-27 12:42 - 2009-07-14 05:45 - 00016304 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-27 12:39 - 2014-02-27 12:39 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-27 12:37 - 2014-02-27 12:37 - 02347384 _____ (ESET) C:\Users\Tim\Downloads\esetsmartinstaller_enu.exe
2014-02-27 12:35 - 2010-11-14 16:50 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-02-27 12:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\newnext.me
2014-02-27 12:34 - 2010-11-28 01:08 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-27 12:34 - 2010-11-10 14:22 - 00091218 _____ () C:\Windows\setupact.log
2014-02-27 12:34 - 2010-11-10 14:21 - 01740200 _____ () C:\Windows\PFRO.log
2014-02-27 12:34 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-26 18:45 - 2010-11-28 01:08 - 00000000 ____D () C:\Users\Tim\AppData\Local\Google
2014-02-26 18:45 - 2010-11-28 01:08 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-26 18:45 - 2010-11-01 14:42 - 00000000 ____D () C:\Users\Tim\AppData\Local\Adobe
2014-02-26 18:44 - 2014-02-26 18:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-26 18:44 - 2014-02-26 18:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-26 18:40 - 2014-02-26 18:40 - 00001100 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-02-26 18:40 - 2014-02-26 18:40 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Opera Software
2014-02-26 18:40 - 2014-02-26 18:40 - 00000000 ____D () C:\Users\Tim\AppData\Local\Opera Software
2014-02-26 18:40 - 2010-11-01 13:39 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-02-26 18:39 - 2014-02-26 18:39 - 35623952 _____ (Opera Software ASA) C:\Users\Tim\Desktop\Opera_19.0.1326.63_Setup.exe
2014-02-26 18:30 - 2014-02-26 18:29 - 137004504 _____ () C:\Users\Tim\Desktop\avira_free_antivirus_de.exe
2014-02-26 18:30 - 2014-02-09 20:11 - 00002037 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-02-26 18:24 - 2014-02-26 18:24 - 00001986 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-02-26 18:24 - 2014-02-26 18:24 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-26 18:24 - 2010-04-19 10:09 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-26 17:59 - 2009-07-14 18:58 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-02-26 17:59 - 2009-07-14 18:58 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-02-26 17:59 - 2009-07-14 06:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 13:08 - 2014-02-26 13:08 - 00004090 _____ () C:\sc-cleaner.txt
2014-02-26 13:08 - 2010-11-01 13:31 - 00001432 _____ () C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-26 13:07 - 2014-02-26 13:07 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Tim\Desktop\sc-cleaner.exe
2014-02-26 13:04 - 2014-02-26 13:04 - 00001520 _____ () C:\Users\Tim\Desktop\JRT.txt
2014-02-26 12:58 - 2014-02-26 12:58 - 01037734 _____ (Thisisu) C:\Users\Tim\Desktop\JRT.exe
2014-02-26 12:57 - 2014-02-26 12:57 - 01037734 _____ (Thisisu) C:\Users\Tim\Downloads\JRT.exe
2014-02-25 20:07 - 2014-02-25 20:07 - 00000105 _____ () C:\Users\Tim\Desktop\FIXLIST.txt
2014-02-25 20:00 - 2013-03-14 16:35 - 00000000 ____D () C:\Users\Tim\Desktop\Dokumente
2014-02-25 17:14 - 2010-11-01 14:51 - 00000000 ____D () C:\Users\Tim\AppData\Local\Windows Live
2014-02-21 19:43 - 2012-10-17 06:21 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-21 18:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-20 16:48 - 2013-08-13 22:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-20 16:46 - 2010-11-01 19:29 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-17 17:08 - 2010-11-28 01:08 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-17 17:08 - 2010-11-28 01:08 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-17 17:04 - 2010-11-01 13:29 - 00000000 ____D () C:\Users\Tim
2014-02-09 20:12 - 2014-02-09 20:12 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Avira
2014-02-09 20:11 - 2014-02-09 20:11 - 00000000 ____D () C:\ProgramData\Avira
2014-02-09 20:11 - 2014-02-09 20:11 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-02-09 20:08 - 2014-02-09 20:11 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-09 20:08 - 2014-02-09 20:11 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-09 20:08 - 2014-02-09 20:11 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-02-09 20:08 - 2014-02-09 20:11 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-09 19:26 - 2014-02-09 19:26 - 00000000 ____D () C:\Windows\ERUNT
2014-02-09 19:20 - 2014-02-09 08:28 - 00000000 ____D () C:\AdwCleaner
2014-02-09 08:47 - 2014-02-09 08:47 - 00035185 _____ () C:\Users\Tim\Downloads\Addition.txt
2014-02-09 08:47 - 2014-02-09 08:46 - 00033361 _____ () C:\Users\Tim\Downloads\FRST.txt
2014-02-09 08:45 - 2014-02-09 08:45 - 02079744 _____ (Farbar) C:\Users\Tim\Downloads\FRST64.exe
2014-02-08 21:30 - 2014-02-08 21:30 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\Program Files\iTunes
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\Program Files\iPod
2014-02-08 21:30 - 2014-02-08 21:30 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-08 13:43 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\AppData\Local\Mobogenie
2014-02-08 13:43 - 2014-02-08 13:31 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-08 13:41 - 2014-02-08 13:31 - 00000000 ____D () C:\ProgramData\WPM
2014-02-08 13:41 - 2014-02-08 13:31 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-08 13:35 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\AppData\Local\cache
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\Documents\Mobogenie
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\AppData\Local\genienext
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 ____D () C:\Users\Tim\.android
2014-02-08 13:34 - 2014-02-08 13:34 - 00000000 _____ () C:\Users\Tim\daemonprocess.txt
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Trigger
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Startup
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Screenshots
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Scenario
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Savegame
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\RM
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\HomeCities
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\Data
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\campaign
2014-02-07 17:02 - 2014-02-07 17:02 - 00000000 ____D () C:\Users\Tim\Documents\AI
2014-02-06 13:16 - 2014-02-20 16:38 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-20 16:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-20 16:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-20 16:38 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-20 16:38 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-20 16:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-20 16:38 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-20 16:38 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-20 16:38 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-20 16:38 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-20 16:38 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-20 16:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-20 16:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-20 16:38 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-20 16:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-20 16:38 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-20 16:38 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-20 16:38 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-20 16:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-20 16:38 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-20 16:38 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-20 16:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-20 16:38 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-20 16:38 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-20 16:38 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-20 16:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-20 16:38 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-20 16:38 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-20 16:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-20 16:38 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-20 16:38 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-20 16:38 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-20 16:38 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-20 16:38 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-20 16:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-20 16:38 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-20 16:38 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-20 16:38 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-20 16:38 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-30 18:51 - 2010-11-01 13:32 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Nero
2014-01-30 13:33 - 2014-01-30 13:33 - 00002944 _____ () C:\Windows\System32\Tasks\{84B55787-5C8D-43B8-BE8E-FDC08FD8C2DD}
2014-01-30 13:33 - 2014-01-30 13:33 - 00002944 _____ () C:\Windows\System32\Tasks\{1B2793D4-663B-40AF-BC12-F8CADD4AFBC3}
2014-01-30 13:33 - 2014-01-30 13:22 - 00000021 _____ () C:\Windows\SysWOW64\game.ini
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{E3564BDA-2FDB-4C7D-942F-B5C8E5F45661}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{6D685726-5E35-4CDB-9374-90E50F3A43D9}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{5ACC64A0-6D80-418E-AF24-45C569A4F89A}
2014-01-30 13:32 - 2014-01-30 13:32 - 00002944 _____ () C:\Windows\System32\Tasks\{176DB793-3EB4-4C37-9171-731AFD6EA925}
2014-01-30 13:32 - 2014-01-30 13:22 - 00000031 _____ () C:\Windows\SysWOW64\news.ini
2014-01-30 13:30 - 2014-01-30 13:30 - 00002944 _____ () C:\Windows\System32\Tasks\{13024CDD-B8D2-4350-9181-D9056EF638D1}
2014-01-30 13:29 - 2014-01-30 13:29 - 00002944 _____ () C:\Windows\System32\Tasks\{6CE05304-5CEE-478F-A735-63B14955A94F}
2014-01-30 13:28 - 2014-01-30 13:28 - 00002944 _____ () C:\Windows\System32\Tasks\{A300BC7E-F9A3-4B0C-A8C1-A6E40EC3856A}
2014-01-30 13:27 - 2014-01-30 13:27 - 00002944 _____ () C:\Windows\System32\Tasks\{F6827632-CF90-4BDE-B7D4-F8C78FF612AA}
2014-01-30 13:27 - 2014-01-30 13:27 - 00002944 _____ () C:\Windows\System32\Tasks\{B0E70F42-3BA1-49C8-9211-E0F86D63BE7C}
2014-01-30 13:27 - 2014-01-30 13:27 - 00002944 _____ () C:\Windows\System32\Tasks\{7E4852C2-EF31-4914-ADA8-47A0BC90E2EE}
2014-01-30 13:26 - 2014-01-30 13:26 - 00002944 _____ () C:\Windows\System32\Tasks\{BC05359E-D485-45EA-96BA-7BB4E3511E8B}
2014-01-30 13:21 - 2014-01-30 13:21 - 00002944 _____ () C:\Windows\System32\Tasks\{65EEB126-CF78-4D42-A7C3-645423B584DB}
2014-01-30 13:20 - 2010-11-15 12:06 - 00250911 _____ () C:\Windows\DirectX.log
2014-01-30 13:16 - 2014-01-30 13:16 - 00000060 _____ () C:\Windows\WININIT.INI
2014-01-30 13:00 - 2014-01-30 13:00 - 00000587 _____ () C:\Users\Tim\Desktop\Run HarpoonCE.lnk
2014-01-30 12:55 - 2014-01-30 12:50 - 734003200 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part1.exe
2014-01-30 12:47 - 2014-01-30 12:40 - 734003200 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part2.rar
2014-01-30 12:38 - 2014-01-30 12:32 - 734003200 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part3.rar
2014-01-30 12:31 - 2014-01-30 12:25 - 671103005 _____ () C:\Users\Tim\Downloads\codename-panzers-2.part4.rar
2014-01-29 17:13 - 2010-11-01 15:36 - 00000000 ____D () C:\ProgramData\Apple

Some content of TEMP:
====================
C:\Users\Tim\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-27 16:43

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---


Von meiner Seite ist alles wieder in Ordnung!

Hm, beim Öffnen von Opera hat Avira etwas gefunden bzw. die Ausführung unterbunden.
Ich mache gerade einen Systemcheck.

Geändert von Isapuin (27.02.2014 um 18:17 Uhr) Grund: Fehler in der Rechtschreibung

Antwort

Themen zu awesomehp.com
.com, awesomehp, awesomehp entfernen, awesomehp.com, beseitigen, hilfe, mobogenie, mobogenie entfernen, pup.optional.337technologies.a, pup.optional.awesomehp.a, pup.optional.conduit, pup.optional.conduit.a, pup.optional.crossrider.a, pup.optional.desk365.a, pup.optional.dynconie.a, pup.optional.iepluginservice.a, pup.optional.nationzoom.a, pup.optional.newtab.a, pup.optional.nextlive.a, pup.optional.opencandy, pup.optional.optimzerpro.a, pup.optional.qone8, pup.optional.skytech.a, pup.optional.suptab.a, selbständiges



Ähnliche Themen: awesomehp.com


  1. Awesomehp.com
    Plagegeister aller Art und deren Bekämpfung - 13.04.2014 (9)
  2. awesomehp hat Reste hinterlassen
    Log-Analyse und Auswertung - 19.03.2014 (15)
  3. Windows7 Home- Feven und awesomehp.com ...
    Plagegeister aller Art und deren Bekämpfung - 08.03.2014 (22)
  4. Awesomehp als Startseite löschen
    Log-Analyse und Auswertung - 26.02.2014 (16)
  5. awesomehp.com Toolbar entfernen
    Log-Analyse und Auswertung - 26.02.2014 (9)
  6. awesomehp.com
    Plagegeister aller Art und deren Bekämpfung - 23.02.2014 (3)
  7. Awesomehp ist auf meinem Computer
    Plagegeister aller Art und deren Bekämpfung - 23.02.2014 (19)
  8. AwesomeHP-Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.02.2014 (3)
  9. Awesomehp
    Lob, Kritik und Wünsche - 16.02.2014 (0)
  10. Awesomehp.com noch da
    Plagegeister aller Art und deren Bekämpfung - 16.02.2014 (14)
  11. Awesomehp.com Virus entfernen
    Plagegeister aller Art und deren Bekämpfung - 12.02.2014 (9)
  12. Awesomehp mit Zusätzen entfernen
    Log-Analyse und Auswertung - 07.02.2014 (3)
  13. Windows 7: Umleitung auf awesomehp entfernen?
    Log-Analyse und Auswertung - 06.02.2014 (9)
  14. Awesomehp als Startseite verschwindet nicht
    Plagegeister aller Art und deren Bekämpfung - 02.02.2014 (1)
  15. Awesomehp als Startseite
    Plagegeister aller Art und deren Bekämpfung - 02.02.2014 (7)
  16. Firefox - Neuer Tab, Awesomehp
    Plagegeister aller Art und deren Bekämpfung - 02.02.2014 (13)
  17. Awesomehp.com entfernen
    Anleitungen, FAQs & Links - 14.01.2014 (2)

Zum Thema awesomehp.com - Hallo Ich habe mir awesomehp .com auf dem PC eingefangen. Bitte um Hilfe, da ich ein selbständiges Beseitigen nicht hinbekomme. Vielen, vielen Dank im voraus! - awesomehp.com...
Archiv
Du betrachtest: awesomehp.com auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.