| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7 64 bit Version nach dem Anmelden weißer BildschirmWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.01.2014, 16:42
| #1 |
 |  Windows 7 64 bit Version nach dem Anmelden weißer Bildschirm Windows 7 64 bit Version nach dem Anmelden weißer Bildschirm; Kamera eingeschaltet-nichts geht mehr, Maus ist sichtbar, abgesicherter Modus das selbe Problem, Über Tastenkombi - STRG+ALT+ENTF sieht man kurzfristig das Hintergrundbild: folgende Progr laufen: csrss.exe / conhost.exe / DaemonProcess.exe / mgab.exe / Mobogenie.exe / nvtray.exe / nvvsvc.exe / nvxdsync.exe / taskhost.exe / taskmgr.exe / Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014 Ran by Nicole (administrator) on NICOLE-LAPTOP on 04-01-2014 16:31:50 Running from F:\ Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe (TuneUp Software) C:\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe (MarketResearchHelper) C:\Program Files (x86)\MarketResearchHelper\updateMarketResearchHelper.exe (MarketResearchHelper) C:\Program Files (x86)\MarketResearchHelper\bin\utilMarketResearchHelper.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (TuneUp Software) C:\TuneUpPortable\App\TuneUp\TuneUpUtilitiesApp32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1743648 2013-06-13] (Wondershare) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKCU\...\Run: [LightShot] - C:\Users\Nicole\AppData\Local\Skillbrains\lightshot\LightShot.exe [226592 2013-09-27] () HKCU\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Nicole\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l HKCU\...\Winlogon: [Userinit] C:\Users\Nicole\AppData\Roaming\loadit.exe [596484 2014-01-04] () HKCU\...\Winlogon: [Shell] C:\Users\Nicole\AppData\Roaming\loadit.exe [596484 2014-01-04] () <==== ATTENTION MountPoints2: G - G:\Startme.exe MountPoints2: {0d9f50fd-18d5-11e0-985a-001d72ee8bab} - G:\Startme.exe HKU\Andre\...\Run: [IncrediMail] - C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c HKU\Andre\...\Run: [Facebook Update] - C:\Users\Andre\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-07] (Facebook Inc.) IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\browsemngr.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browsermngr.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IFEO\cltmngsvc.exe: [Debugger] tasklist.exe IFEO\delta babylon.exe: [Debugger] tasklist.exe IFEO\delta tb.exe: [Debugger] tasklist.exe IFEO\delta2.exe: [Debugger] tasklist.exe IFEO\deltainstaller.exe: [Debugger] tasklist.exe IFEO\deltasetup.exe: [Debugger] tasklist.exe IFEO\deltatb.exe: [Debugger] tasklist.exe IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IFEO\iminentsetup.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\sweetimsetup.exe: [Debugger] tasklist.exe IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe Startup: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk ShortcutTarget: AutoStarter.lnk -> I:\wizard\wizard\GGG Bukkake Best of XXX WEBRip MP4 - iaK\GGG.Bukkake.Best.of.29.German.XXX.1080p.WEBRip.MP4-iaK.exe (No File) Startup: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Nicole\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk ShortcutTarget: ja.lnk -> C:\Users\Nicole\AppData\Roaming\loadit.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x33FED1749901CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aartemis.com/?type=hp&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aartemis.com/?type=hp&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://aartemis.com/?type=hp&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aartemis.com/?type=hp&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://aartemis.com/?type=hp&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://aartemis.com/?type=sc&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms} SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=n9602-153&apn_uid=8054343232924648&apn_dtid=BND473&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms} SearchScopes: HKLM-x32 - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=n9602-153&apn_uid=8054343232924648&apn_dtid=BND473&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKLM-x32 - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNxpt738YYDE&ptnrS=ZNxpt738YYDE&si=107645&ptb=9LEKrsRGlzEeXZSWRQIlhg&ind=2013041014&n=77fc9176&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms} SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=dpg&s={searchTerms}&f=4 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_def&mntrId=AE2B00216B71484C&affID=119557&tsp=5099 SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms} SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=n9602-153&apn_uid=8054343232924648&apn_dtid=BND473&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKCU - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNxpt738YYDE&ptnrS=ZNxpt738YYDE&si=107645&ptb=9LEKrsRGlzEeXZSWRQIlhg&ind=2011031711&n=77dde89f&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={A51482E6-53AF-4F42-A36C-6AB6E31701F5}&mid=450ab429456557be8a10a60a7d55a151-12090c1fcf72a2d0672e0918ac999121b812f56c&lang=de&ds=AVG&pr=fr&d=2012-07-01 09:01:51&v=11.1.0.12&sap=dsp&q={searchTerms} SearchScopes: HKCU - {977A53BB-0DD6-4D36-9E8E-C937A6967C19} URL = hxxp://searchya.com/?chnl=ft-100&s=1&cr=1746044404&cd=2XzutAtN2Y1L1QzutDtDtBtCyC0ByBtCyEzzyE0C0B0CyE0C0FtN0D0TzutBtDtCtBtDtBtByD&q={searchTerms} SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6OxVVZkTNA&loc=skw&search={searchTerms} SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms} BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File BHO-x32: MarketResearchHelper - {e71ecfaa-158b-4027-9a01-1959834a82db} - C:\Program Files (x86)\MarketResearchHelper\MarketResearchHelperBHO.dll (MarketResearchHelper) Toolbar: HKLM-x32 - buenosearch Toolbar - {828DC97A-2277-4E10-92A9-4907FA0922A9} - No File Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH) Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File Toolbar: HKCU - No Name - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No File Toolbar: HKCU - No Name - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No File Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Hosts: 127.0.0.1 secure.tune-up.com Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8i0k0k3k.default-1383333122076 FF user.js: detected! => C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8i0k0k3k.default-1383333122076\user.js FF NewTab: hxxp://www.buenosearch.com/?babsrc=NT_def&mntrId=AE2B00216B71484C&affID=119557&tsp=5099 FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", ""); FF Homepage: about:home FF Keyword.URL: hxxp://mystart.incredibar.com/?a=6OxVVZkTNA&loc=skw&search= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: {@alibaba.com/alisetup;version=1.0} - C:\Users\Nicole\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba) FF SearchPlugin: C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8i0k0k3k.default-1383333122076\searchplugins\buenosearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: BuenoSearch - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8i0k0k3k.default-1383333122076\Extensions\ffxtlbr@buenosearch.com FF Extension: MarketResearchHelper - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8i0k0k3k.default-1383333122076\Extensions\firefox@marketresearchhelper.com.xpi FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - I:\Babylon\Utils\ocr@babylon.com FF Extension: Babylon Translation Activation - I:\Babylon\Utils\ocr@babylon.com FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt Chrome: ======= CHR DefaultSearchKeyword: aartemis CHR DefaultSearchProvider: aartemis CHR DefaultSearchURL: hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms} CHR DefaultNewTabURL: CHR Extension: (IncrediMail MediaBar Deutsch 2) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajeaeekpfakbiidigngcnelnclhnaibo\10.23.0.822_0 CHR Extension: (DVDVideoSoftTB DE) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.23.0.822_0 CHR Extension: (Babylon Translator) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.9_1 CHR Extension: (Lightning Newtab) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\1.1.8.4_0 CHR Extension: (Google Wallet) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1 CHR Extension: () - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppkgikfccbpebogfnekmgiomgamjafel\1.0.0_1 CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx CHR HKLM-x32\...\Chrome\Extension: [ajeaeekpfakbiidigngcnelnclhnaibo] - C:\Users\Nicole\AppData\Local\CRE\ajeaeekpfakbiidigngcnelnclhnaibo.crx CHR HKLM-x32\...\Chrome\Extension: [bhphemoobgnikcoofkgackkaimpfmenm] - C:\Users\Nicole\AppData\Local\CRE\bhphemoobgnikcoofkgackkaimpfmenm.crx CHR HKLM-x32\...\Chrome\Extension: [chgdeabpmphfhkoemjjglmilajldekbp] - H:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRChromePlugin.crx CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - I:\Babylon\Utils\BabylonChrome.crx CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx CHR HKLM-x32\...\Chrome\Extension: [fgfdfcbeamjnjdejakdidpniblllnbpg] - C:\Windows\SysWOW64\jmdp\pnte.crx CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\NewTab.crx CHR HKLM-x32\...\Chrome\Extension: [ppkgikfccbpebogfnekmgiomgamjafel] - C:\Program Files (x86)\MarketResearchHelper\ppkgikfccbpebogfnekmgiomgamjafel.crx CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://aartemis.com/?type=sc&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543 ==================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 TuneUp.UtilitiesSvc; C:\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe [1699680 2012-09-17] (TuneUp Software) R2 Update MarketResearchHelper; C:\Program Files (x86)\MarketResearchHelper\updateMarketResearchHelper.exe [65840 2013-11-23] (MarketResearchHelper) R2 Util MarketResearchHelper; C:\Program Files (x86)\MarketResearchHelper\bin\utilMarketResearchHelper.exe [65840 2013-12-28] (MarketResearchHelper) S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2013-12-26] () S2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [x] ==================== Drivers (Whitelisted) ==================== R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.) S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2010-03-01] (MCCI Corporation) S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2010-03-15] (MCCI Corporation) S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2010-03-15] (MCCI Corporation) S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2010-03-01] (MCCI Corporation) S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2010-03-15] (MCCI Corporation) S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2010-03-01] (MCCI Corporation) S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2010-03-15] (MCCI Corporation) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2010-12-17] (Duplex Secure Ltd.) S3 TuneUpUtilitiesDrv; C:\TuneUpPortable\App\TuneUp\TuneUpUtilitiesDriver32.sys [10088 2012-08-29] (TuneUp Software) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-04 16:01 - 2014-01-04 16:01 - 00000000 ____D C:\FRST 2014-01-04 14:26 - 2014-01-04 15:55 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup 2014-01-04 14:26 - 2014-01-04 14:26 - 00001201 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk 2014-01-04 14:26 - 2014-01-04 14:26 - 00000000 ____D C:\ProgramData\Systweak 2014-01-04 14:26 - 2014-01-04 14:26 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector 2014-01-04 14:26 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe 2014-01-04 12:25 - 2014-01-04 12:25 - 00596484 _____ C:\Users\Nicole\AppData\Roaming\loadit.exe 2014-01-04 11:19 - 2014-01-04 11:20 - 00000000 ____D C:\Users\Nicole\AppData\Local\{CFFD2ADD-B266-4974-9500-127D5EFA74DE} 2014-01-03 19:18 - 2014-01-03 19:18 - 05738913 _____ C:\Users\Nicole\Downloads\Anhänge_201413.zip 2014-01-03 12:37 - 2014-01-03 12:37 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup 2014-01-03 08:52 - 2014-01-03 08:52 - 00000000 ____D C:\Users\Nicole\AppData\Local\{51E948DB-8DF8-45F2-B8F6-87814F727DE2} 2013-12-30 19:49 - 2013-12-31 19:50 - 00000000 ____D C:\Users\Nicole\AppData\Local\{99F72A29-B239-4096-81A0-A7D8E8A2C928} 2013-12-30 06:41 - 2014-01-04 16:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-30 06:41 - 2013-12-30 06:41 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-29 19:42 - 2013-12-30 07:49 - 00000000 ____D C:\Users\Nicole\AppData\Local\{EA03446A-D759-45AC-BC57-A8452279A97B} 2013-12-27 15:08 - 2013-12-27 15:08 - 00000000 ____D C:\NVIDIA 2013-12-27 14:55 - 2013-12-28 14:56 - 00000000 ____D C:\Program Files (x86)\MarketResearchHelper 2013-12-27 06:38 - 2012-02-11 07:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe 2013-12-27 06:38 - 2012-02-11 07:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe 2013-12-26 15:36 - 2013-12-26 15:36 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\PDF Architect 2013-12-26 15:32 - 2013-12-26 15:33 - 00000000 ____D C:\Program Files (x86)\PDFCreator 2013-12-26 15:32 - 2013-12-26 15:33 - 00000000 ____D C:\Program Files (x86)\PDF Architect 2013-12-26 15:32 - 2013-12-26 15:32 - 00001031 _____ C:\Users\Public\Desktop\PDFCreator.lnk 2013-12-26 15:32 - 2013-12-26 15:32 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\pdfforge 2013-12-26 15:32 - 2013-04-09 14:13 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll 2013-12-26 15:32 - 2012-05-05 10:54 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX 2013-12-26 15:32 - 2012-05-05 10:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX 2013-12-26 15:32 - 2012-05-05 10:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL 2013-12-26 15:32 - 1998-07-06 17:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL 2013-12-26 15:32 - 1998-07-06 17:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL 2013-12-26 15:32 - 1998-07-06 17:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL 2013-12-26 15:29 - 2013-12-26 15:30 - 69734576 _____ (pdfforge ) C:\Users\Nicole\Downloads\PDFCreator-1_7_2_setup_offline.exe 2013-12-26 09:27 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2013-12-26 09:27 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2013-12-26 09:27 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2013-12-26 09:27 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-12-26 09:11 - 2012-07-26 04:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll 2013-12-26 09:11 - 2012-07-26 04:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe 2013-12-26 09:11 - 2012-07-26 04:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll 2013-12-26 09:11 - 2012-07-26 04:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll 2013-12-26 09:11 - 2012-07-26 04:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll 2013-12-26 09:11 - 2012-07-26 03:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys 2013-12-26 09:11 - 2012-07-26 03:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys 2013-12-26 09:11 - 2012-06-02 15:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2013-12-26 08:48 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-26 08:48 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-26 08:48 - 2012-12-07 14:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll 2013-12-26 08:48 - 2012-12-07 14:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll 2013-12-26 08:48 - 2012-12-07 13:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll 2013-12-26 08:48 - 2012-12-07 13:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll 2013-12-26 08:48 - 2012-12-07 12:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs 2013-12-26 08:48 - 2012-12-07 12:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs 2013-12-26 08:48 - 2012-12-07 12:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs 2013-12-26 08:48 - 2012-12-07 12:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs 2013-12-26 08:48 - 2012-12-07 12:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs 2013-12-26 08:48 - 2012-12-07 12:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs 2013-12-26 08:48 - 2012-12-07 12:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs 2013-12-26 08:48 - 2012-12-07 12:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs 2013-12-26 08:48 - 2012-12-07 12:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs 2013-12-26 08:48 - 2012-12-07 12:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs 2013-12-26 08:48 - 2012-12-07 12:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs 2013-12-26 08:48 - 2012-12-07 12:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs 2013-12-26 08:48 - 2012-12-07 12:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs 2013-12-26 08:48 - 2012-12-07 12:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs 2013-12-26 08:48 - 2012-10-09 19:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll 2013-12-26 08:48 - 2012-10-09 19:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll 2013-12-26 08:48 - 2012-10-09 18:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll 2013-12-26 08:48 - 2012-10-09 18:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll 2013-12-26 08:48 - 2012-01-04 11:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll 2013-12-26 08:48 - 2012-01-04 09:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll 2013-12-26 08:47 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-12-26 08:47 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-12-26 08:47 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2013-12-26 08:47 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2013-12-26 08:47 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2013-12-26 08:47 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2013-12-26 08:47 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-12-26 08:47 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2013-12-26 08:47 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2013-12-26 08:47 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2013-12-26 08:47 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2013-12-26 08:47 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2013-12-26 08:47 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2013-12-26 08:47 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2013-12-26 08:47 - 2013-03-19 06:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2013-12-26 08:47 - 2013-03-19 06:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll 2013-12-26 08:47 - 2012-11-22 06:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2013-12-26 08:47 - 2012-11-22 05:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2013-12-26 08:47 - 2012-10-03 18:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2013-12-26 08:47 - 2012-10-03 18:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll 2013-12-26 08:47 - 2012-10-03 18:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2013-12-26 08:47 - 2012-10-03 18:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2013-12-26 08:47 - 2012-10-03 18:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll 2013-12-26 08:47 - 2012-10-03 18:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll 2013-12-26 08:47 - 2012-10-03 17:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll 2013-12-26 08:47 - 2012-10-03 17:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2013-12-26 08:47 - 2012-10-03 17:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll 2013-12-26 08:47 - 2012-10-03 17:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys 2013-12-26 08:47 - 2012-08-22 19:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2013-12-26 08:47 - 2012-08-21 22:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe 2013-12-26 08:47 - 2012-07-04 21:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys 2013-12-26 08:47 - 2012-05-01 06:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2013-12-26 08:47 - 2012-04-07 13:31 - 03216384 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2013-12-26 08:47 - 2012-04-07 12:26 - 02342400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2013-12-26 08:47 - 2012-01-13 08:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2013-12-26 08:47 - 2011-12-30 07:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl 2013-12-26 08:47 - 2011-12-30 06:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl 2013-12-26 08:45 - 2013-05-10 06:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2013-12-26 08:45 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-12-26 08:45 - 2012-11-30 00:17 - 00420064 _____ C:\Windows\SysWOW64\locale.nls 2013-12-26 08:45 - 2012-11-30 00:15 - 00420064 _____ C:\Windows\system32\locale.nls 2013-12-26 08:45 - 2012-07-06 21:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys 2013-12-26 08:44 - 2013-04-17 08:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-12-26 08:44 - 2013-04-17 07:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2013-12-26 08:44 - 2013-01-24 07:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys 2013-12-26 08:44 - 2012-05-05 09:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2013-12-26 08:44 - 2012-05-05 08:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2013-12-26 08:31 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2013-12-26 08:30 - 2013-12-30 06:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-26 08:30 - 2013-12-30 06:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-26 08:24 - 2013-12-29 19:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-26 08:24 - 2013-12-27 14:58 - 00000000 ____D C:\ProgramData\WPM 2013-12-26 08:24 - 2013-12-26 08:24 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-12-26 08:21 - 2014-01-04 11:18 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\newnext.me 2013-12-26 08:21 - 2013-12-27 14:56 - 00000000 ____D C:\Users\Nicole\AppData\Local\Mobogenie 2013-12-26 08:21 - 2013-12-27 14:04 - 00000000 ____D C:\Users\Nicole\AppData\Local\cache 2013-12-26 08:21 - 2013-12-27 13:56 - 00000000 ____D C:\Users\Nicole\AppData\Local\genienext 2013-12-26 08:21 - 2013-12-26 08:51 - 00000202 _____ C:\Users\Nicole\daemonprocess.txt 2013-12-26 08:21 - 2013-12-26 08:23 - 00002445 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-12-26 08:21 - 2013-12-26 08:21 - 00109152 _____ () C:\Users\Nicole\Downloads\Setup.exe 2013-12-26 08:20 - 2013-12-29 19:36 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-26 08:20 - 2013-12-29 19:36 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-26 08:20 - 2013-12-28 08:16 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-12-26 08:20 - 2013-12-28 08:16 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-12-26 08:18 - 2013-12-26 08:19 - 00000000 ____D C:\Users\Nicole\AppData\Local\Deployment 2013-12-26 08:18 - 2013-12-26 08:18 - 00000000 ____D C:\Users\Nicole\AppData\Local\Apps\2.0 2013-12-26 08:02 - 2013-12-26 08:02 - 00000000 ____D C:\Users\Nicole\AppData\Local\{6ED0F5F2-8AD0-4A67-8EF0-D6BB62567A8A} 2013-12-24 13:34 - 2013-12-24 13:34 - 00000000 ____D C:\Users\Nicole\AppData\Local\{C28EC42B-09EF-460B-BFCE-2F54B5FC1B39} 2013-12-23 20:32 - 2013-12-23 20:32 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr 2013-12-17 19:17 - 2013-12-17 19:17 - 00284360 _____ C:\Windows\Minidump\121713-45021-01.dmp.old 2013-12-17 18:22 - 2014-01-04 15:57 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro 2013-12-17 18:22 - 2013-12-17 18:30 - 00001660 _____ C:\Windows\system32\ASOROSet.bin 2013-12-17 18:22 - 2013-12-17 18:22 - 00000000 ____D C:\Windows\system32\config\RCCBakup 2013-12-17 18:12 - 2013-12-17 18:13 - 00000000 ____D C:\Users\Nicole\AppData\Local\{E0802343-90D3-4C6C-9B08-A2D041218F91} 2013-12-17 16:25 - 2014-01-04 15:01 - 00000278 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job 2013-12-17 16:25 - 2014-01-04 14:26 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Systweak 2013-12-17 16:25 - 2014-01-01 16:25 - 00000286 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job 2013-12-17 16:25 - 2013-12-17 16:25 - 00003040 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES 2013-12-17 16:25 - 2013-12-17 16:25 - 00002884 _____ C:\Windows\System32\Tasks\RegClean Pro_DEFAULT 2013-12-17 16:24 - 2013-12-17 16:24 - 00001050 _____ C:\Users\Public\Desktop\RegClean Pro.lnk 2013-12-17 16:24 - 2013-12-17 16:24 - 00000000 ____D C:\Program Files (x86)\RegClean Pro 2013-12-17 16:24 - 2013-05-27 16:01 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe 2013-12-17 16:14 - 2013-12-17 16:23 - 00000000 ____D C:\ProgramData\SecTaskMan 2013-12-17 05:32 - 2013-12-17 05:34 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\buenosearch LTD 2013-12-17 05:32 - 2013-12-17 05:32 - 00000000 ____D C:\Program Files\Babylon 2013-12-17 05:32 - 2013-12-17 05:32 - 00000000 ____D C:\Program Files (x86)\buenosearch LTD 2013-12-15 13:58 - 2013-12-15 13:58 - 18291784 _____ (AVM Berlin ) C:\Users\Nicole\Downloads\FRITZ!fax_3.07.04.exe 2013-12-15 04:42 - 2013-12-15 04:42 - 00000000 ____D C:\Users\Nicole\AppData\Local\{EAFB1D75-2710-499C-969B-B7282AD998FA} 2013-12-14 18:11 - 2013-12-14 18:14 - 149157408 _____ (AVG Technologies) C:\Users\Nicole\Downloads\avg_free_x64_all_2014_4259a6848.exe 2013-12-14 18:01 - 2013-12-14 18:02 - 37738048 _____ (Wondershare Software ) C:\Users\Nicole\Downloads\video-converter-ultimate_full1045.exe 2013-12-12 06:37 - 2013-12-13 13:53 - 00000000 ____D C:\Users\Nicole\AppData\Local\{9C636FA2-4EAF-45A7-8F77-067AC6D0550A} 2013-12-11 06:08 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-11 06:08 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-11 06:08 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-12-11 06:08 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-11 06:08 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-12-11 06:08 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-12-11 06:08 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-11 06:08 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-11 06:08 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-12-11 06:08 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-12-11 06:08 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-11 06:08 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-12-11 06:08 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-12-11 06:08 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-12-11 06:08 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-11 06:08 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-11 06:08 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-12-11 06:08 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-11 06:08 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-12-11 06:08 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-12-11 06:08 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-12-11 06:08 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-12-11 06:08 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-11 06:08 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-12-11 06:08 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-11 06:08 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-11 06:08 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-11 06:08 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-12-11 06:08 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-12-11 06:08 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-11 06:08 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-10 20:47 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-12-10 20:47 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-12-10 20:47 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-10 20:47 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-10 20:47 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2013-12-10 20:47 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-10 20:47 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2013-12-10 20:46 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-10 20:46 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-10 20:46 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2013-12-10 20:46 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2013-12-10 20:46 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-12-10 20:46 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-10 20:46 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2013-12-10 20:46 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2013-12-09 21:06 - 2013-12-09 21:06 - 00000000 ____D C:\Users\Nicole\AppData\Local\{7575FAC2-82C4-4895-AD5D-ACC8269CD746} 2013-12-07 20:02 - 2013-12-07 20:02 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Wondershare Video Converter Ultimate 2013-12-07 18:50 - 2013-12-07 18:50 - 00000048 _____ C:\Windows\wininit.ini 2013-12-07 18:40 - 2013-12-07 18:40 - 00000000 ____D C:\Users\Nicole\AppData\Local\{E7BE259E-4778-4F4A-8870-3FF53E29BA14} 2013-12-07 18:39 - 2013-12-07 18:39 - 00000068 _____ C:\Users\Nicole\Win8UpgradeKit_07.12.2013.LOG 2013-12-06 21:08 - 2013-12-06 21:09 - 00000000 ____D C:\Users\Nicole\AppData\Local\{19989C47-A05D-439F-829C-A38945147913} 2013-12-06 21:08 - 2013-12-06 21:08 - 00000068 _____ C:\Users\Nicole\Win8UpgradeKit_06.12.2013.LOG ==================== One Month Modified Files and Folders ======= 2014-01-04 16:22 - 2013-09-23 17:34 - 00000390 _____ C:\Windows\Tasks\update-sys.job 2014-01-04 16:20 - 2013-12-30 06:41 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-04 16:07 - 2010-12-17 08:03 - 01991816 _____ C:\Windows\WindowsUpdate.log 2014-01-04 16:01 - 2014-01-04 16:01 - 00000000 ____D C:\FRST 2014-01-04 15:59 - 2009-07-14 18:58 - 00700608 _____ C:\Windows\system32\perfh007.dat 2014-01-04 15:59 - 2009-07-14 18:58 - 00149372 _____ C:\Windows\system32\perfc007.dat 2014-01-04 15:59 - 2009-07-14 06:13 - 01622012 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-04 15:57 - 2013-12-17 18:22 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro 2014-01-04 15:55 - 2014-01-04 14:26 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup 2014-01-04 15:54 - 2013-10-04 21:57 - 00010630 _____ C:\Windows\setupact.log 2014-01-04 15:54 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-04 15:01 - 2013-12-17 16:25 - 00000278 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job 2014-01-04 14:41 - 2013-07-07 13:36 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1577357195-738740372-4011112676-1003UA.job 2014-01-04 14:41 - 2013-07-07 13:36 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1577357195-738740372-4011112676-1003Core.job 2014-01-04 14:34 - 2013-09-23 17:34 - 00000390 _____ C:\Windows\Tasks\update-S-1-5-21-1577357195-738740372-4011112676-1000.job 2014-01-04 14:34 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-04 14:26 - 2014-01-04 14:26 - 00001201 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk 2014-01-04 14:26 - 2014-01-04 14:26 - 00000000 ____D C:\ProgramData\Systweak 2014-01-04 14:26 - 2014-01-04 14:26 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector 2014-01-04 14:26 - 2013-12-17 16:25 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Systweak 2014-01-04 12:25 - 2014-01-04 12:25 - 00596484 _____ C:\Users\Nicole\AppData\Roaming\loadit.exe 2014-01-04 12:25 - 2013-10-28 21:52 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate 2014-01-04 12:25 - 2010-12-25 14:13 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\UseNeXT 2014-01-04 12:25 - 2010-12-17 08:04 - 00000000 ___RD C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-04 11:20 - 2014-01-04 11:19 - 00000000 ____D C:\Users\Nicole\AppData\Local\{CFFD2ADD-B266-4974-9500-127D5EFA74DE} 2014-01-04 11:18 - 2013-12-26 08:21 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\newnext.me 2014-01-04 11:18 - 2012-09-29 15:49 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Dropbox 2014-01-04 11:18 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2014-01-04 09:38 - 2012-05-31 18:18 - 00000000 ____D C:\ProgramData\MFAData 2014-01-04 08:08 - 2013-01-15 15:57 - 00000000 ____D C:\Users\Nicole\Desktop\nicole 2014-01-04 08:08 - 2010-12-17 09:12 - 00000000 ____D C:\Users\Nicole\Desktop\Programme 2014-01-03 19:22 - 2011-10-14 18:35 - 15135232 ___SH C:\Users\Nicole\Desktop\Thumbs.db 2014-01-03 19:18 - 2014-01-03 19:18 - 05738913 _____ C:\Users\Nicole\Downloads\Anhänge_201413.zip 2014-01-03 12:37 - 2014-01-03 12:37 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup 2014-01-03 08:52 - 2014-01-03 08:52 - 00000000 ____D C:\Users\Nicole\AppData\Local\{51E948DB-8DF8-45F2-B8F6-87814F727DE2} 2014-01-03 08:46 - 2009-07-14 05:45 - 00009904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-03 08:46 - 2009-07-14 05:45 - 00009904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-01 16:25 - 2013-12-17 16:25 - 00000286 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job 2013-12-31 19:50 - 2013-12-30 19:49 - 00000000 ____D C:\Users\Nicole\AppData\Local\{99F72A29-B239-4096-81A0-A7D8E8A2C928} 2013-12-30 07:49 - 2013-12-29 19:42 - 00000000 ____D C:\Users\Nicole\AppData\Local\{EA03446A-D759-45AC-BC57-A8452279A97B} 2013-12-30 06:43 - 2010-12-22 16:09 - 00000000 ____D C:\Users\Nicole\AppData\Local\Adobe 2013-12-30 06:41 - 2013-12-30 06:41 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-30 06:41 - 2013-12-26 08:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-30 06:41 - 2013-12-26 08:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-29 19:36 - 2013-12-26 08:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-29 19:36 - 2013-12-26 08:20 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-29 19:36 - 2013-12-26 08:20 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-29 19:36 - 2013-10-12 22:57 - 00052384 _____ C:\Windows\PFRO.log 2013-12-28 14:56 - 2013-12-27 14:55 - 00000000 ____D C:\Program Files (x86)\MarketResearchHelper 2013-12-28 08:16 - 2013-12-26 08:20 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-12-28 08:16 - 2013-12-26 08:20 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-12-27 20:41 - 2013-11-15 20:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-27 15:10 - 2010-12-17 08:04 - 00000000 ____D C:\Users\Nicole 2013-12-27 15:08 - 2013-12-27 15:08 - 00000000 ____D C:\NVIDIA 2013-12-27 15:06 - 2013-01-15 16:06 - 00000000 ____D C:\Users\Nicole\Desktop\kenny 2013-12-27 14:58 - 2013-12-26 08:24 - 00000000 ____D C:\ProgramData\WPM 2013-12-27 14:56 - 2013-12-26 08:21 - 00000000 ____D C:\Users\Nicole\AppData\Local\Mobogenie 2013-12-27 14:04 - 2013-12-26 08:21 - 00000000 ____D C:\Users\Nicole\AppData\Local\cache 2013-12-27 13:56 - 2013-12-26 08:21 - 00000000 ____D C:\Users\Nicole\AppData\Local\genienext 2013-12-26 18:13 - 2010-12-25 23:33 - 00446976 ___SH C:\Users\Nicole\Documents\Thumbs.db 2013-12-26 15:36 - 2013-12-26 15:36 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\PDF Architect 2013-12-26 15:33 - 2013-12-26 15:32 - 00000000 ____D C:\Program Files (x86)\PDFCreator 2013-12-26 15:33 - 2013-12-26 15:32 - 00000000 ____D C:\Program Files (x86)\PDF Architect 2013-12-26 15:32 - 2013-12-26 15:32 - 00001031 _____ C:\Users\Public\Desktop\PDFCreator.lnk 2013-12-26 15:32 - 2013-12-26 15:32 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\pdfforge 2013-12-26 15:30 - 2013-12-26 15:29 - 69734576 _____ (pdfforge ) C:\Users\Nicole\Downloads\PDFCreator-1_7_2_setup_offline.exe 2013-12-26 10:44 - 2013-08-25 18:12 - 00088624 _____ C:\Users\Nicole\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-26 10:41 - 2013-08-26 12:53 - 00349200 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-26 10:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-12-26 09:26 - 2010-12-26 11:49 - 01599906 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-12-26 08:51 - 2013-12-26 08:21 - 00000202 _____ C:\Users\Nicole\daemonprocess.txt 2013-12-26 08:28 - 2011-02-20 13:42 - 00000000 ____D C:\Windows\Minidump 2013-12-26 08:24 - 2013-12-26 08:24 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-12-26 08:23 - 2013-12-26 08:21 - 00002445 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-12-26 08:23 - 2013-12-04 15:11 - 00001623 _____ C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-26 08:23 - 2010-12-17 08:04 - 00001593 _____ C:\Users\Nicole\Desktop\Internet Explorer.lnk 2013-12-26 08:22 - 2010-12-18 07:51 - 00000000 ____D C:\Users\Nicole\AppData\Local\Google 2013-12-26 08:21 - 2013-12-26 08:21 - 00109152 _____ () C:\Users\Nicole\Downloads\Setup.exe 2013-12-26 08:21 - 2010-12-22 14:02 - 00000000 ____D C:\Program Files (x86)\Google 2013-12-26 08:19 - 2013-12-26 08:18 - 00000000 ____D C:\Users\Nicole\AppData\Local\Deployment 2013-12-26 08:18 - 2013-12-26 08:18 - 00000000 ____D C:\Users\Nicole\AppData\Local\Apps\2.0 2013-12-26 08:12 - 2011-07-02 10:00 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll 2013-12-26 08:12 - 2011-07-02 10:00 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll 2013-12-26 08:12 - 2011-07-02 10:00 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll 2013-12-26 08:11 - 2011-07-02 10:01 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2013-12-26 08:11 - 2011-07-02 10:01 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2013-12-26 08:02 - 2013-12-26 08:02 - 00000000 ____D C:\Users\Nicole\AppData\Local\{6ED0F5F2-8AD0-4A67-8EF0-D6BB62567A8A} 2013-12-26 07:49 - 2012-03-26 23:28 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-12-26 07:49 - 2012-03-26 23:28 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Skype 2013-12-26 07:49 - 2012-03-26 23:27 - 00000000 ____D C:\ProgramData\Skype 2013-12-26 07:43 - 2013-11-01 21:25 - 00000000 ____D C:\Users\Nicole\AppData\Local\WebPlayer 2013-12-24 13:34 - 2013-12-24 13:34 - 00000000 ____D C:\Users\Nicole\AppData\Local\{C28EC42B-09EF-460B-BFCE-2F54B5FC1B39} 2013-12-23 20:32 - 2013-12-23 20:32 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr 2013-12-21 20:43 - 2012-09-29 15:51 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2013-12-17 19:17 - 2013-12-17 19:17 - 00284360 _____ C:\Windows\Minidump\121713-45021-01.dmp.old 2013-12-17 18:30 - 2013-12-17 18:22 - 00001660 _____ C:\Windows\system32\ASOROSet.bin 2013-12-17 18:30 - 2009-07-14 03:34 - 80216064 _____ C:\Windows\system32\config\software.bak 2013-12-17 18:30 - 2009-07-14 03:34 - 21233664 _____ C:\Windows\system32\config\system.bak 2013-12-17 18:30 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\security.bak 2013-12-17 18:24 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\sam.bak 2013-12-17 18:22 - 2013-12-17 18:22 - 00000000 ____D C:\Windows\system32\config\RCCBakup 2013-12-17 18:13 - 2013-12-17 18:12 - 00000000 ____D C:\Users\Nicole\AppData\Local\{E0802343-90D3-4C6C-9B08-A2D041218F91} 2013-12-17 16:45 - 2013-09-05 19:49 - 00000000 ____D C:\Users\Nicole\AppData\Local\DownloadGuide 2013-12-17 16:25 - 2013-12-17 16:25 - 00003040 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES 2013-12-17 16:25 - 2013-12-17 16:25 - 00002884 _____ C:\Windows\System32\Tasks\RegClean Pro_DEFAULT 2013-12-17 16:24 - 2013-12-17 16:24 - 00001050 _____ C:\Users\Public\Desktop\RegClean Pro.lnk 2013-12-17 16:24 - 2013-12-17 16:24 - 00000000 ____D C:\Program Files (x86)\RegClean Pro 2013-12-17 16:23 - 2013-12-17 16:14 - 00000000 ____D C:\ProgramData\SecTaskMan 2013-12-17 05:34 - 2013-12-17 05:32 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\buenosearch LTD 2013-12-17 05:34 - 2011-12-07 12:59 - 00000000 ____D C:\ProgramData\Babylon 2013-12-17 05:33 - 2013-09-30 16:35 - 00000000 ____D C:\ProgramData\AVG2014 2013-12-17 05:32 - 2013-12-17 05:32 - 00000000 ____D C:\Program Files\Babylon 2013-12-17 05:32 - 2013-12-17 05:32 - 00000000 ____D C:\Program Files (x86)\buenosearch LTD 2013-12-15 13:58 - 2013-12-15 13:58 - 18291784 _____ (AVM Berlin ) C:\Users\Nicole\Downloads\FRITZ!fax_3.07.04.exe 2013-12-15 04:42 - 2013-12-15 04:42 - 00000000 ____D C:\Users\Nicole\AppData\Local\{EAFB1D75-2710-499C-969B-B7282AD998FA} 2013-12-14 18:14 - 2013-12-14 18:11 - 149157408 _____ (AVG Technologies) C:\Users\Nicole\Downloads\avg_free_x64_all_2014_4259a6848.exe 2013-12-14 18:02 - 2013-12-14 18:01 - 37738048 _____ (Wondershare Software ) C:\Users\Nicole\Downloads\video-converter-ultimate_full1045.exe 2013-12-14 09:05 - 2013-08-10 20:00 - 00000000 ____D C:\Users\Nicole\Desktop\DCIM 2013-12-13 13:53 - 2013-12-12 06:37 - 00000000 ____D C:\Users\Nicole\AppData\Local\{9C636FA2-4EAF-45A7-8F77-067AC6D0550A} 2013-12-12 19:21 - 2013-08-17 09:17 - 00000000 ____D C:\Windows\rescache 2013-12-11 06:10 - 2010-12-17 10:54 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-12-09 21:06 - 2013-12-09 21:06 - 00000000 ____D C:\Users\Nicole\AppData\Local\{7575FAC2-82C4-4895-AD5D-ACC8269CD746} 2013-12-07 20:18 - 2013-10-28 22:08 - 00000000 ____D C:\ProgramData\xml_param 2013-12-07 20:02 - 2013-12-07 20:02 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Wondershare Video Converter Ultimate 2013-12-07 19:06 - 2010-12-18 23:44 - 00000000 ____D C:\Program Files (x86)\Windows Live 2013-12-07 19:00 - 2013-11-01 21:25 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro 2013-12-07 18:57 - 2010-12-23 23:14 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Apple Computer 2013-12-07 18:56 - 2013-10-19 18:52 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog 2013-12-07 18:55 - 2013-03-04 21:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-12-07 18:50 - 2013-12-07 18:50 - 00000048 _____ C:\Windows\wininit.ini 2013-12-07 18:42 - 2011-04-29 09:58 - 00000000 ____D C:\Program Files (x86)\Acer 2013-12-07 18:40 - 2013-12-07 18:40 - 00000000 ____D C:\Users\Nicole\AppData\Local\{E7BE259E-4778-4F4A-8870-3FF53E29BA14} 2013-12-07 18:39 - 2013-12-07 18:39 - 00000068 _____ C:\Users\Nicole\Win8UpgradeKit_07.12.2013.LOG 2013-12-06 21:09 - 2013-12-06 21:08 - 00000000 ____D C:\Users\Nicole\AppData\Local\{19989C47-A05D-439F-829C-A38945147913} 2013-12-06 21:08 - 2013-12-06 21:08 - 00000068 _____ C:\Users\Nicole\Win8UpgradeKit_06.12.2013.LOG Some content of TEMP: ==================== C:\Users\Nicole\AppData\Local\Temp\6_Offer_15.exe C:\Users\Nicole\AppData\Local\Temp\DownloadManager.exe C:\Users\Nicole\AppData\Local\Temp\Mobogenie_Setup_INT.exe C:\Users\Nicole\AppData\Local\Temp\nscB723.exe C:\Users\Nicole\AppData\Local\Temp\nsk97A6.exe C:\Users\Nicole\AppData\Local\Temp\nsr6BA1.exe C:\Users\Nicole\AppData\Local\Temp\obw_aartemis_2013111118305.exe C:\Users\Nicole\AppData\Local\Temp\pcspeedmaxsetup.exe C:\Users\Nicole\AppData\Local\Temp\SearchProtectINT.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-12 14:21 ==================== End Of Log ============================ |
|
04.01.2014, 17:30
| #2 |
| /// TB-Ausbilder   | Windows 7 64 bit Version nach dem Anmelden weißer Bildschirm Hi,
__________________die fixlist.txt ins gleiche Verzeichnis speichern, in welchem frst64.exe liegt. (Also auf den USB-Stick, wenn FRST von dort läuft.) Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...\Winlogon: [Userinit] C:\Users\Nicole\AppData\Roaming\loadit.exe [596484 2014-01-04] ()
HKCU\...\Winlogon: [Shell] C:\Users\Nicole\AppData\Roaming\loadit.exe [596484 2014-01-04] () <==== ATTENTION
Startup: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk -> C:\Users\Nicole\AppData\Roaming\loadit.exe ()
Startup: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
ShortcutTarget: AutoStarter.lnk -> I:\wizard\wizard\GGG Bukkake Best of XXX WEBRip MP4 - iaK\GGG.Bukkake.Best.of.29.German.XXX.1080p.WEBRip.MP4-iaK.exe (No File)
2014-01-04 12:25 - 2014-01-04 12:25 - 00596484 _____ C:\Users\Nicole\AppData\Roaming\loadit.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ |
|
04.01.2014, 18:03
| #3 |
| | Windows 7 64 bit Version nach dem Anmelden weißer Bildschirm nun schaut es so aus...
__________________er zeigte mit kurzzeitig GVU - Sperre an... wegen Urheberverletzung Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2014 Ran by Nicole at 2014-01-04 18:00:45 Run:1 Running from F:\ Boot Mode: Normal ============================================== Content of fixlist: ***************** HKCU\...\Winlogon: [Userinit] C:\Users\Nicole\AppData\Roaming\loadit.exe [596484 2014-01-04] () HKCU\...\Winlogon: [Shell] C:\Users\Nicole\AppData\Roaming\loadit.exe [596484 2014-01-04] () <==== ATTENTION Startup: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk ShortcutTarget: ja.lnk -> C:\Users\Nicole\AppData\Roaming\loadit.exe () Startup: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk ShortcutTarget: AutoStarter.lnk -> I:\wizard\wizard\GGG Bukkake Best of XXX WEBRip MP4 - iaK\GGG.Bukkake.Best.of.29.German.XXX.1080p.WEBRip.MP4-iaK.exe (No File) 2014-01-04 12:25 - 2014-01-04 12:25 - 00596484 _____ C:\Users\Nicole\AppData\Roaming\loadit.exe ***************** HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value deleted successfully. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk => Moved successfully. C:\Users\Nicole\AppData\Roaming\loadit.exe => Moved successfully. C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk not found. I:\wizard\wizard\GGG Bukkake Best of XXX WEBRip MP4 - iaK\GGG.Bukkake.Best.of.29.German.XXX.1080p.WEBRip.MP4-iaK.exe not found. "C:\Users\Nicole\AppData\Roaming\loadit.exe" => File/Directory not found. ==== End of Fixlog ==== |
|
04.01.2014, 19:12
| #4 |
| /// TB-Ausbilder | Windows 7 64 bit Version nach dem Anmelden weißer Bildschirm Also ist der Rechner jetzt gesperrt oder kannst du auf den normalen Modus zugreifen?
__________________ cheers, Leo |
|
04.01.2014, 19:26
| #5 |
| | Windows 7 64 bit Version nach dem Anmelden weißer Bildschirm Ich weiß ja nicht was du gemacht hast, aber er funktioniert ohne Probleme. War es tatsächlich die GVU oder ein fake um zu zahlen? Bin ich jetzt erstmal safe? Beim googeln stellte ich fest, das momentan ganz viele Leute betroffen sind. Recht herzlichen Dank für deine Hilfe. Super.... schönes Wochenende. .. Danke |
|
04.01.2014, 19:58
| #6 | |
| /// TB-Ausbilder | Windows 7 64 bit Version nach dem Anmelden weißer BildschirmZitat:
 Mach bitte einen frischen FRST-Scan: Starte noch einmal FRST.
__________________ --> Windows 7 64 bit Version nach dem Anmelden weißer Bildschirm |
|
04.01.2014, 21:17
| #7 |
| |  Windows 7 64 bit Version nach dem Anmelden weißer Bildschirm bei optional scan kann ich keinen harken setzen, graues Feld das ist das Ergebnis des Scans... FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014
Ran by Nicole (administrator) on NICOLE-LAPTOP on 04-01-2014 20:47:45
Running from F:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(TuneUp Software) C:\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe
(MarketResearchHelper) C:\Program Files (x86)\MarketResearchHelper\updateMarketResearchHelper.exe
(MarketResearchHelper) C:\Program Files (x86)\MarketResearchHelper\bin\utilMarketResearchHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(TuneUp Software) C:\TuneUpPortable\App\TuneUp\TuneUpUtilitiesApp32.exe
(Systweak) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Skillbrains) C:\Users\Nicole\AppData\Local\Skillbrains\lightshot\4.4.2.10\Lightshot.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Dropbox, Inc.) C:\Users\Nicole\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
(Smart PC Solutions) C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe
(Smart PC Solutions) C:\Program Files (x86)\PC Speed Maximizer\SPMReminder.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1743648 2013-06-13] (Wondershare)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761536 2014-01-04] ()
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKCU\...\Run: [LightShot] - C:\Users\Nicole\AppData\Local\Skillbrains\lightshot\LightShot.exe [226592 2013-09-27] ()
HKCU\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Nicole\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKCU\...\Run: [PC Speed Maximizer] - C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe [134456 2013-03-09] (Smart PC Solutions)
MountPoints2: G - G:\Startme.exe
MountPoints2: {0d9f50fd-18d5-11e0-985a-001d72ee8bab} - G:\Startme.exe
HKU\Andre\...\Run: [IncrediMail] - C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
HKU\Andre\...\Run: [Facebook Update] - C:\Users\Andre\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-07] (Facebook Inc.)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
Startup: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Nicole\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x33FED1749901CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aartemis.com/?type=hp&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aartemis.com/?type=hp&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://aartemis.com/?type=hp&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aartemis.com/?type=hp&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://aartemis.com/?type=hp&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://aartemis.com/?type=sc&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms}
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=n9602-153&apn_uid=8054343232924648&apn_dtid=BND473&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms}
SearchScopes: HKLM-x32 - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=n9602-153&apn_uid=8054343232924648&apn_dtid=BND473&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=dpg&s={searchTerms}&f=4
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_def&mntrId=AE2B00216B71484C&affID=119557&tsp=5099
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms}
SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=n9602-153&apn_uid=8054343232924648&apn_dtid=BND473&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={A51482E6-53AF-4F42-A36C-6AB6E31701F5}&mid=450ab429456557be8a10a60a7d55a151-12090c1fcf72a2d0672e0918ac999121b812f56c&lang=de&ds=AVG&pr=fr&d=2012-07-01 09:01:51&v=11.1.0.12&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {977A53BB-0DD6-4D36-9E8E-C937A6967C19} URL = hxxp://searchya.com/?chnl=ft-100&s=1&cr=1746044404&cd=2XzutAtN2Y1L1QzutDtDtBtCyC0ByBtCyEzzyE0C0B0CyE0C0FtN0D0TzutBtDtCtBtDtBtByD&q={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6OxVVZkTNA&loc=skw&search={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
BHO: Plus-HD-5.0 - {11111111-1111-1111-1111-110411771118} - C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-bho64.dll (Plus HD)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Plus-HD-5.0 - {11111111-1111-1111-1111-110411771118} - C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-bho.dll (Plus HD)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-x32: MarketResearchHelper - {e71ecfaa-158b-4027-9a01-1959834a82db} - C:\Program Files (x86)\MarketResearchHelper\MarketResearchHelperBHO.dll (MarketResearchHelper)
Toolbar: HKLM-x32 - buenosearch Toolbar - {828DC97A-2277-4E10-92A9-4907FA0922A9} - No File
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File
Toolbar: HKCU - No Name - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No File
Toolbar: HKCU - No Name - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Hosts: 127.0.0.1 secure.tune-up.com
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8i0k0k3k.default-1383333122076
FF user.js: detected! => C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8i0k0k3k.default-1383333122076\user.js
FF NewTab: hxxp://www.buenosearch.com/?babsrc=NT_def&mntrId=AE2B00216B71484C&affID=119557&tsp=5099
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: about:home
FF Keyword.URL: hxxp://mystart.incredibar.com/?a=6OxVVZkTNA&loc=skw&search=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: {@alibaba.com/alisetup;version=1.0} - C:\Users\Nicole\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)
FF SearchPlugin: C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8i0k0k3k.default-1383333122076\searchplugins\buenosearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-5.0 - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8i0k0k3k.default-1383333122076\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com
FF Extension: BuenoSearch - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8i0k0k3k.default-1383333122076\Extensions\ffxtlbr@buenosearch.com
FF Extension: MarketResearchHelper - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8i0k0k3k.default-1383333122076\Extensions\firefox@marketresearchhelper.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - I:\Babylon\Utils\ocr@babylon.com
FF Extension: Babylon Translation Activation - I:\Babylon\Utils\ocr@babylon.com
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
Chrome:
=======
CHR DefaultSearchURL: hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (IncrediMail MediaBar Deutsch 2) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajeaeekpfakbiidigngcnelnclhnaibo\10.23.0.822_0
CHR Extension: (DVDVideoSoftTB DE) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.23.0.822_0
CHR Extension: (Babylon Translator) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.9_1
CHR Extension: (Lightning Newtab) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\1.1.8.4_0
CHR Extension: (Plus-HD-5.0) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0
CHR Extension: (Google Wallet) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1
CHR Extension: () - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppkgikfccbpebogfnekmgiomgamjafel\1.0.0_1
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
CHR HKLM-x32\...\Chrome\Extension: [ajeaeekpfakbiidigngcnelnclhnaibo] - C:\Users\Nicole\AppData\Local\CRE\ajeaeekpfakbiidigngcnelnclhnaibo.crx
CHR HKLM-x32\...\Chrome\Extension: [bhphemoobgnikcoofkgackkaimpfmenm] - C:\Users\Nicole\AppData\Local\CRE\bhphemoobgnikcoofkgackkaimpfmenm.crx
CHR HKLM-x32\...\Chrome\Extension: [chgdeabpmphfhkoemjjglmilajldekbp] - H:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRChromePlugin.crx
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - I:\Babylon\Utils\BabylonChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
CHR HKLM-x32\...\Chrome\Extension: [fgfdfcbeamjnjdejakdidpniblllnbpg] - C:\Windows\SysWOW64\jmdp\pnte.crx
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\NewTab.crx
CHR HKLM-x32\...\Chrome\Extension: [ppkgikfccbpebogfnekmgiomgamjafel] - C:\Program Files (x86)\MarketResearchHelper\ppkgikfccbpebogfnekmgiomgamjafel.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://aartemis.com/?type=sc&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543
==================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2014-01-04] (SurfRight B.V.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 TuneUp.UtilitiesSvc; C:\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe [1699680 2012-09-17] (TuneUp Software)
R2 Update MarketResearchHelper; C:\Program Files (x86)\MarketResearchHelper\updateMarketResearchHelper.exe [65840 2013-11-23] (MarketResearchHelper)
R2 Util MarketResearchHelper; C:\Program Files (x86)\MarketResearchHelper\bin\utilMarketResearchHelper.exe [65840 2013-12-28] (MarketResearchHelper)
S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2013-12-26] ()
S2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [x]
==================== Drivers (Whitelisted) ====================
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2010-03-01] (MCCI Corporation)
S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2010-03-15] (MCCI Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2010-03-15] (MCCI Corporation)
S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2010-03-01] (MCCI Corporation)
S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2010-03-15] (MCCI Corporation)
S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2010-03-01] (MCCI Corporation)
S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2010-03-15] (MCCI Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2010-12-17] (Duplex Secure Ltd.)
S3 TuneUpUtilitiesDrv; C:\TuneUpPortable\App\TuneUp\TuneUpUtilitiesDriver32.sys [10088 2012-08-29] (TuneUp Software)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-04 18:26 - 2014-01-04 18:32 - 340465664 _____ C:\Users\Nicole\Downloads\kav_rescue_10-0513.iso
2014-01-04 17:36 - 2014-01-04 17:36 - 00000108 _____ C:\Users\Nicole\AppData\Roaming\WB.CFG
2014-01-04 17:36 - 2014-01-04 17:36 - 00000005 _____ C:\Users\Nicole\AppData\Roaming\WBPU-TTL.DAT
2014-01-04 17:06 - 2014-01-04 17:06 - 00011970 _____ C:\Windows\system32\.crusader
2014-01-04 16:57 - 2014-01-04 16:57 - 00001905 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2014-01-04 16:57 - 2014-01-04 16:57 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-04 16:56 - 2014-01-04 17:09 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-04 16:51 - 2014-01-04 16:56 - 10264904 _____ (SurfRight B.V.) C:\Users\Nicole\Downloads\hitmanpro_x64.exe
2014-01-04 16:42 - 2014-01-04 16:42 - 00000000 ____D C:\Users\Nicole\Documents\PC Speed Maximizer
2014-01-04 16:42 - 2014-01-04 16:42 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\PC Speed Maximizer
2014-01-04 16:37 - 2014-01-04 18:21 - 00002106 _____ C:\Windows\Tasks\Plus-HD-5.0-firefoxinstaller.job
2014-01-04 16:37 - 2014-01-04 18:21 - 00001974 _____ C:\Windows\Tasks\Plus-HD-5.0-chromeinstaller.job
2014-01-04 16:37 - 2014-01-04 18:21 - 00001330 _____ C:\Windows\Tasks\Plus-HD-5.0-updater.job
2014-01-04 16:37 - 2014-01-04 18:21 - 00001232 _____ C:\Windows\Tasks\Plus-HD-5.0-codedownloader.job
2014-01-04 16:37 - 2014-01-04 18:21 - 00001132 _____ C:\Windows\Tasks\Plus-HD-5.0-enabler.job
2014-01-04 16:37 - 2014-01-04 16:50 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2014-01-04 16:37 - 2014-01-04 16:38 - 00000000 ____D C:\Users\Nicole\.android
2014-01-04 16:37 - 2014-01-04 16:37 - 00004360 _____ C:\Windows\System32\Tasks\Plus-HD-5.0-updater
2014-01-04 16:37 - 2014-01-04 16:37 - 00004262 _____ C:\Windows\System32\Tasks\Plus-HD-5.0-codedownloader
2014-01-04 16:37 - 2014-01-04 16:37 - 00004162 _____ C:\Windows\System32\Tasks\Plus-HD-5.0-enabler
2014-01-04 16:37 - 2014-01-04 16:37 - 00000000 ____D C:\Users\Nicole\Documents\Mobogenie
2014-01-04 16:37 - 2014-01-04 16:37 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2014-01-04 16:37 - 2014-01-04 16:37 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-01-04 16:37 - 2014-01-04 16:37 - 00000000 ____D C:\Program Files (x86)\Plus-HD-5.0
2014-01-04 16:37 - 2014-01-04 16:37 - 00000000 ____D C:\Program Files (x86)\PC Speed Maximizer
2014-01-04 16:36 - 2014-01-04 20:46 - 00000296 _____ C:\Windows\Tasks\Digital Sites.job
2014-01-04 16:36 - 2014-01-04 16:36 - 00003248 _____ C:\Windows\System32\Tasks\Digital Sites
2014-01-04 16:36 - 2014-01-04 16:36 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\DigitalSites
2014-01-04 16:36 - 2014-01-04 16:36 - 00000000 ____D C:\Program Files (x86)\Image Converter
2014-01-04 16:01 - 2014-01-04 16:01 - 00000000 ____D C:\FRST
2014-01-04 14:26 - 2014-01-04 18:23 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-01-04 14:26 - 2014-01-04 14:26 - 00000000 ____D C:\ProgramData\Systweak
2014-01-04 14:26 - 2014-01-04 14:26 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2014-01-04 14:26 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe
2014-01-04 11:19 - 2014-01-04 11:20 - 00000000 ____D C:\Users\Nicole\AppData\Local\{CFFD2ADD-B266-4974-9500-127D5EFA74DE}
2014-01-03 19:18 - 2014-01-03 19:18 - 05738913 _____ C:\Users\Nicole\Downloads\Anhänge_201413.zip
2014-01-03 12:37 - 2014-01-03 12:37 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-03 08:52 - 2014-01-03 08:52 - 00000000 ____D C:\Users\Nicole\AppData\Local\{51E948DB-8DF8-45F2-B8F6-87814F727DE2}
2013-12-30 19:49 - 2013-12-31 19:50 - 00000000 ____D C:\Users\Nicole\AppData\Local\{99F72A29-B239-4096-81A0-A7D8E8A2C928}
2013-12-30 06:41 - 2014-01-04 20:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-30 06:41 - 2013-12-30 06:41 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-29 19:42 - 2013-12-30 07:49 - 00000000 ____D C:\Users\Nicole\AppData\Local\{EA03446A-D759-45AC-BC57-A8452279A97B}
2013-12-27 15:08 - 2013-12-27 15:08 - 00000000 ____D C:\NVIDIA
2013-12-27 14:55 - 2013-12-28 14:56 - 00000000 ____D C:\Program Files (x86)\MarketResearchHelper
2013-12-27 06:38 - 2012-02-11 07:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-12-27 06:38 - 2012-02-11 07:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2013-12-26 15:36 - 2013-12-26 15:36 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\PDF Architect
2013-12-26 15:32 - 2013-12-26 15:33 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-12-26 15:32 - 2013-12-26 15:33 - 00000000 ____D C:\Program Files (x86)\PDF Architect
2013-12-26 15:32 - 2013-12-26 15:32 - 00001031 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2013-12-26 15:32 - 2013-12-26 15:32 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\pdfforge
2013-12-26 15:32 - 2013-04-09 14:13 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2013-12-26 15:32 - 2012-05-05 10:54 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2013-12-26 15:32 - 2012-05-05 10:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2013-12-26 15:32 - 2012-05-05 10:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2013-12-26 15:32 - 1998-07-06 17:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2013-12-26 15:32 - 1998-07-06 17:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2013-12-26 15:32 - 1998-07-06 17:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2013-12-26 15:29 - 2013-12-26 15:30 - 69734576 _____ (pdfforge ) C:\Users\Nicole\Downloads\PDFCreator-1_7_2_setup_offline.exe
2013-12-26 09:27 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-26 09:27 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-26 09:27 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-26 09:27 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-26 09:11 - 2012-07-26 04:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-12-26 09:11 - 2012-07-26 04:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-12-26 09:11 - 2012-07-26 04:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-12-26 09:11 - 2012-07-26 04:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-12-26 09:11 - 2012-07-26 04:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-12-26 09:11 - 2012-07-26 03:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-12-26 09:11 - 2012-07-26 03:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-12-26 09:11 - 2012-06-02 15:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-12-26 08:48 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-26 08:48 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-26 08:48 - 2012-12-07 14:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-12-26 08:48 - 2012-12-07 14:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-12-26 08:48 - 2012-12-07 13:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-12-26 08:48 - 2012-12-07 13:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-12-26 08:48 - 2012-12-07 12:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-12-26 08:48 - 2012-12-07 12:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-12-26 08:48 - 2012-12-07 12:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-12-26 08:48 - 2012-12-07 12:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-12-26 08:48 - 2012-12-07 12:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-12-26 08:48 - 2012-12-07 12:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-12-26 08:48 - 2012-12-07 12:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-12-26 08:48 - 2012-12-07 12:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-12-26 08:48 - 2012-12-07 12:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-12-26 08:48 - 2012-12-07 12:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-12-26 08:48 - 2012-12-07 12:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-12-26 08:48 - 2012-12-07 12:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-12-26 08:48 - 2012-12-07 12:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-12-26 08:48 - 2012-12-07 12:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-12-26 08:48 - 2012-10-09 19:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-12-26 08:48 - 2012-10-09 19:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-12-26 08:48 - 2012-10-09 18:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-12-26 08:48 - 2012-10-09 18:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-12-26 08:48 - 2012-01-04 11:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2013-12-26 08:48 - 2012-01-04 09:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2013-12-26 08:47 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-26 08:47 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-26 08:47 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-12-26 08:47 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-12-26 08:47 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-12-26 08:47 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-12-26 08:47 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-12-26 08:47 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-12-26 08:47 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-12-26 08:47 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-12-26 08:47 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-12-26 08:47 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-12-26 08:47 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-12-26 08:47 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-12-26 08:47 - 2013-03-19 06:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-12-26 08:47 - 2013-03-19 06:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-12-26 08:47 - 2012-11-22 06:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-12-26 08:47 - 2012-11-22 05:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-12-26 08:47 - 2012-10-03 18:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-12-26 08:47 - 2012-10-03 18:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2013-12-26 08:47 - 2012-10-03 18:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-12-26 08:47 - 2012-10-03 18:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-12-26 08:47 - 2012-10-03 18:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-12-26 08:47 - 2012-10-03 18:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-12-26 08:47 - 2012-10-03 17:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-12-26 08:47 - 2012-10-03 17:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-12-26 08:47 - 2012-10-03 17:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-12-26 08:47 - 2012-10-03 17:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-12-26 08:47 - 2012-08-22 19:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-12-26 08:47 - 2012-08-21 22:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2013-12-26 08:47 - 2012-07-04 21:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2013-12-26 08:47 - 2012-05-01 06:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2013-12-26 08:47 - 2012-04-07 13:31 - 03216384 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2013-12-26 08:47 - 2012-04-07 12:26 - 02342400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2013-12-26 08:47 - 2012-01-13 08:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-12-26 08:47 - 2011-12-30 07:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2013-12-26 08:47 - 2011-12-30 06:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2013-12-26 08:45 - 2013-05-10 06:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-12-26 08:45 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-12-26 08:45 - 2012-11-30 00:17 - 00420064 _____ C:\Windows\SysWOW64\locale.nls
2013-12-26 08:45 - 2012-11-30 00:15 - 00420064 _____ C:\Windows\system32\locale.nls
2013-12-26 08:45 - 2012-07-06 21:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2013-12-26 08:44 - 2013-04-17 08:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-12-26 08:44 - 2013-04-17 07:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-12-26 08:44 - 2013-01-24 07:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-12-26 08:44 - 2012-05-05 09:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-12-26 08:44 - 2012-05-05 08:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-12-26 08:31 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-12-26 08:30 - 2013-12-30 06:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-26 08:30 - 2013-12-30 06:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-26 08:24 - 2013-12-29 19:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-26 08:24 - 2013-12-27 14:58 - 00000000 ____D C:\ProgramData\WPM
2013-12-26 08:24 - 2013-12-26 08:24 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-26 08:21 - 2014-01-04 18:22 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\newnext.me
2013-12-26 08:21 - 2014-01-04 18:22 - 00000000 ____D C:\Users\Nicole\AppData\Local\Mobogenie
2013-12-26 08:21 - 2014-01-04 16:51 - 00000000 ____D C:\Users\Nicole\AppData\Local\cache
2013-12-26 08:21 - 2014-01-04 16:41 - 00000697 _____ C:\Users\Nicole\daemonprocess.txt
2013-12-26 08:21 - 2014-01-04 16:37 - 00000000 ____D C:\Users\Nicole\AppData\Local\genienext
2013-12-26 08:21 - 2013-12-26 08:23 - 00002445 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-26 08:21 - 2013-12-26 08:21 - 00109152 _____ () C:\Users\Nicole\Downloads\Setup.exe
2013-12-26 08:20 - 2013-12-29 19:36 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-26 08:20 - 2013-12-29 19:36 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-26 08:20 - 2013-12-28 08:16 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-26 08:20 - 2013-12-28 08:16 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-26 08:18 - 2013-12-26 08:19 - 00000000 ____D C:\Users\Nicole\AppData\Local\Deployment
2013-12-26 08:18 - 2013-12-26 08:18 - 00000000 ____D C:\Users\Nicole\AppData\Local\Apps\2.0
2013-12-26 08:02 - 2013-12-26 08:02 - 00000000 ____D C:\Users\Nicole\AppData\Local\{6ED0F5F2-8AD0-4A67-8EF0-D6BB62567A8A}
2013-12-24 13:34 - 2013-12-24 13:34 - 00000000 ____D C:\Users\Nicole\AppData\Local\{C28EC42B-09EF-460B-BFCE-2F54B5FC1B39}
2013-12-23 20:32 - 2013-12-23 20:32 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2013-12-17 19:17 - 2013-12-17 19:17 - 00284360 _____ C:\Windows\Minidump\121713-45021-01.dmp.old
2013-12-17 18:22 - 2014-01-04 18:00 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2013-12-17 18:22 - 2013-12-17 18:30 - 00001660 _____ C:\Windows\system32\ASOROSet.bin
2013-12-17 18:22 - 2013-12-17 18:22 - 00000000 ____D C:\Windows\system32\config\RCCBakup
2013-12-17 18:12 - 2013-12-17 18:13 - 00000000 ____D C:\Users\Nicole\AppData\Local\{E0802343-90D3-4C6C-9B08-A2D041218F91}
2013-12-17 16:25 - 2014-01-04 15:01 - 00000278 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-12-17 16:25 - 2014-01-04 14:26 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Systweak
2013-12-17 16:25 - 2014-01-01 16:25 - 00000286 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-12-17 16:25 - 2013-12-17 16:25 - 00003040 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2013-12-17 16:25 - 2013-12-17 16:25 - 00002884 _____ C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2013-12-17 16:24 - 2013-12-17 16:24 - 00001050 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2013-12-17 16:24 - 2013-12-17 16:24 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-12-17 16:24 - 2013-05-27 16:01 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2013-12-17 16:14 - 2013-12-17 16:23 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-12-17 05:32 - 2013-12-17 05:34 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\buenosearch LTD
2013-12-17 05:32 - 2013-12-17 05:32 - 00000000 ____D C:\Program Files\Babylon
2013-12-17 05:32 - 2013-12-17 05:32 - 00000000 ____D C:\Program Files (x86)\buenosearch LTD
2013-12-15 13:58 - 2013-12-15 13:58 - 18291784 _____ (AVM Berlin ) C:\Users\Nicole\Downloads\FRITZ!fax_3.07.04.exe
2013-12-15 04:42 - 2013-12-15 04:42 - 00000000 ____D C:\Users\Nicole\AppData\Local\{EAFB1D75-2710-499C-969B-B7282AD998FA}
2013-12-14 18:11 - 2013-12-14 18:14 - 149157408 _____ (AVG Technologies) C:\Users\Nicole\Downloads\avg_free_x64_all_2014_4259a6848.exe
2013-12-14 18:01 - 2013-12-14 18:02 - 37738048 _____ (Wondershare Software ) C:\Users\Nicole\Downloads\video-converter-ultimate_full1045.exe
2013-12-12 06:37 - 2013-12-13 13:53 - 00000000 ____D C:\Users\Nicole\AppData\Local\{9C636FA2-4EAF-45A7-8F77-067AC6D0550A}
2013-12-11 06:08 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 06:08 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 06:08 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 06:08 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 06:08 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 06:08 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 06:08 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 06:08 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 06:08 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 06:08 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 06:08 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 06:08 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 06:08 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 06:08 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 06:08 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 06:08 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 06:08 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 06:08 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 06:08 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 06:08 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-11 06:08 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 06:08 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 06:08 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 06:08 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-11 06:08 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 06:08 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 06:08 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 06:08 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 06:08 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-11 06:08 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 06:08 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-10 20:47 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-10 20:47 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-10 20:47 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-10 20:47 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-10 20:47 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-10 20:47 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-10 20:47 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 20:46 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-10 20:46 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-10 20:46 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-10 20:46 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-10 20:46 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-10 20:46 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-10 20:46 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-10 20:46 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-09 21:06 - 2013-12-09 21:06 - 00000000 ____D C:\Users\Nicole\AppData\Local\{7575FAC2-82C4-4895-AD5D-ACC8269CD746}
2013-12-07 20:02 - 2013-12-07 20:02 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Wondershare Video Converter Ultimate
2013-12-07 18:50 - 2013-12-07 18:50 - 00000048 _____ C:\Windows\wininit.ini
2013-12-07 18:40 - 2013-12-07 18:40 - 00000000 ____D C:\Users\Nicole\AppData\Local\{E7BE259E-4778-4F4A-8870-3FF53E29BA14}
2013-12-07 18:39 - 2013-12-07 18:39 - 00000068 _____ C:\Users\Nicole\Win8UpgradeKit_07.12.2013.LOG
2013-12-06 21:08 - 2013-12-06 21:09 - 00000000 ____D C:\Users\Nicole\AppData\Local\{19989C47-A05D-439F-829C-A38945147913}
2013-12-06 21:08 - 2013-12-06 21:08 - 00000068 _____ C:\Users\Nicole\Win8UpgradeKit_06.12.2013.LOG
==================== One Month Modified Files and Folders =======
2014-01-04 20:46 - 2014-01-04 16:36 - 00000296 _____ C:\Windows\Tasks\Digital Sites.job
2014-01-04 20:46 - 2013-12-30 06:41 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-04 20:46 - 2013-12-26 08:21 - 00000697 _____ C:\Users\Nicole\daemonprocess.txt
2014-01-04 20:46 - 2013-09-23 17:34 - 00000390 _____ C:\Windows\Tasks\update-sys.job
2014-01-04 20:46 - 2013-07-07 13:36 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1577357195-738740372-4011112676-1003UA.job
2014-01-04 20:46 - 2011-11-07 20:12 - 00002960 _____ C:\Windows\System32\Tasks\{552B12E3-30F7-4BC9-B04C-E79550E30D49}
2014-01-04 20:46 - 2011-11-03 08:26 - 00002960 _____ C:\Windows\System32\Tasks\{715DB407-1006-4870-8F02-B3D93110762D}
2014-01-04 20:01 - 2009-07-14 18:58 - 00700608 _____ C:\Windows\system32\perfh007.dat
2014-01-04 20:01 - 2009-07-14 18:58 - 00149372 _____ C:\Windows\system32\perfc007.dat
2014-01-04 20:01 - 2009-07-14 06:13 - 01622012 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-04 19:57 - 2010-12-17 08:03 - 01058127 _____ C:\Windows\WindowsUpdate.log
2014-01-04 18:34 - 2013-09-23 17:34 - 00000390 _____ C:\Windows\Tasks\update-S-1-5-21-1577357195-738740372-4011112676-1000.job
2014-01-04 18:32 - 2014-01-04 18:26 - 340465664 _____ C:\Users\Nicole\Downloads\kav_rescue_10-0513.iso
2014-01-04 18:29 - 2012-09-29 15:49 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Dropbox
2014-01-04 18:24 - 2010-12-25 14:13 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\UseNeXT
2014-01-04 18:23 - 2014-01-04 14:26 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-01-04 18:22 - 2013-12-26 08:21 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\newnext.me
2014-01-04 18:22 - 2013-12-26 08:21 - 00000000 ____D C:\Users\Nicole\AppData\Local\Mobogenie
2014-01-04 18:21 - 2014-01-04 16:37 - 00002106 _____ C:\Windows\Tasks\Plus-HD-5.0-firefoxinstaller.job
2014-01-04 18:21 - 2014-01-04 16:37 - 00001974 _____ C:\Windows\Tasks\Plus-HD-5.0-chromeinstaller.job
2014-01-04 18:21 - 2014-01-04 16:37 - 00001330 _____ C:\Windows\Tasks\Plus-HD-5.0-updater.job
2014-01-04 18:21 - 2014-01-04 16:37 - 00001232 _____ C:\Windows\Tasks\Plus-HD-5.0-codedownloader.job
2014-01-04 18:21 - 2014-01-04 16:37 - 00001132 _____ C:\Windows\Tasks\Plus-HD-5.0-enabler.job
2014-01-04 18:20 - 2013-10-04 21:57 - 00010798 _____ C:\Windows\setupact.log
2014-01-04 18:20 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-04 18:00 - 2013-12-17 18:22 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro
2014-01-04 18:00 - 2010-12-17 08:04 - 00000000 ___RD C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-04 17:43 - 2012-05-31 18:18 - 00000000 ____D C:\ProgramData\MFAData
2014-01-04 17:36 - 2014-01-04 17:36 - 00000108 _____ C:\Users\Nicole\AppData\Roaming\WB.CFG
2014-01-04 17:36 - 2014-01-04 17:36 - 00000005 _____ C:\Users\Nicole\AppData\Roaming\WBPU-TTL.DAT
2014-01-04 17:09 - 2014-01-04 16:56 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-04 17:06 - 2014-01-04 17:06 - 00011970 _____ C:\Windows\system32\.crusader
2014-01-04 16:57 - 2014-01-04 16:57 - 00001905 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2014-01-04 16:57 - 2014-01-04 16:57 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-04 16:56 - 2014-01-04 16:51 - 10264904 _____ (SurfRight B.V.) C:\Users\Nicole\Downloads\hitmanpro_x64.exe
2014-01-04 16:51 - 2013-12-26 08:21 - 00000000 ____D C:\Users\Nicole\AppData\Local\cache
2014-01-04 16:50 - 2014-01-04 16:37 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2014-01-04 16:42 - 2014-01-04 16:42 - 00000000 ____D C:\Users\Nicole\Documents\PC Speed Maximizer
2014-01-04 16:42 - 2014-01-04 16:42 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\PC Speed Maximizer
2014-01-04 16:38 - 2014-01-04 16:37 - 00000000 ____D C:\Users\Nicole\.android
2014-01-04 16:37 - 2014-01-04 16:37 - 00004360 _____ C:\Windows\System32\Tasks\Plus-HD-5.0-updater
2014-01-04 16:37 - 2014-01-04 16:37 - 00004262 _____ C:\Windows\System32\Tasks\Plus-HD-5.0-codedownloader
2014-01-04 16:37 - 2014-01-04 16:37 - 00004162 _____ C:\Windows\System32\Tasks\Plus-HD-5.0-enabler
2014-01-04 16:37 - 2014-01-04 16:37 - 00000000 ____D C:\Users\Nicole\Documents\Mobogenie
2014-01-04 16:37 - 2014-01-04 16:37 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2014-01-04 16:37 - 2014-01-04 16:37 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-01-04 16:37 - 2014-01-04 16:37 - 00000000 ____D C:\Program Files (x86)\Plus-HD-5.0
2014-01-04 16:37 - 2014-01-04 16:37 - 00000000 ____D C:\Program Files (x86)\PC Speed Maximizer
2014-01-04 16:37 - 2013-12-26 08:21 - 00000000 ____D C:\Users\Nicole\AppData\Local\genienext
2014-01-04 16:37 - 2010-12-17 08:04 - 00000000 ____D C:\Users\Nicole
2014-01-04 16:36 - 2014-01-04 16:36 - 00003248 _____ C:\Windows\System32\Tasks\Digital Sites
2014-01-04 16:36 - 2014-01-04 16:36 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\DigitalSites
2014-01-04 16:36 - 2014-01-04 16:36 - 00000000 ____D C:\Program Files (x86)\Image Converter
2014-01-04 16:01 - 2014-01-04 16:01 - 00000000 ____D C:\FRST
2014-01-04 15:01 - 2013-12-17 16:25 - 00000278 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-01-04 14:41 - 2013-07-07 13:36 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1577357195-738740372-4011112676-1003Core.job
2014-01-04 14:34 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-04 14:26 - 2014-01-04 14:26 - 00000000 ____D C:\ProgramData\Systweak
2014-01-04 14:26 - 2014-01-04 14:26 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2014-01-04 14:26 - 2013-12-17 16:25 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Systweak
2014-01-04 12:25 - 2013-10-28 21:52 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate
2014-01-04 11:20 - 2014-01-04 11:19 - 00000000 ____D C:\Users\Nicole\AppData\Local\{CFFD2ADD-B266-4974-9500-127D5EFA74DE}
2014-01-04 11:18 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-04 08:08 - 2013-01-15 15:57 - 00000000 ____D C:\Users\Nicole\Desktop\nicole
2014-01-04 08:08 - 2010-12-17 09:12 - 00000000 ____D C:\Users\Nicole\Desktop\Programme
2014-01-03 19:22 - 2011-10-14 18:35 - 15135232 ___SH C:\Users\Nicole\Desktop\Thumbs.db
2014-01-03 19:18 - 2014-01-03 19:18 - 05738913 _____ C:\Users\Nicole\Downloads\Anhänge_201413.zip
2014-01-03 12:37 - 2014-01-03 12:37 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-03 08:52 - 2014-01-03 08:52 - 00000000 ____D C:\Users\Nicole\AppData\Local\{51E948DB-8DF8-45F2-B8F6-87814F727DE2}
2014-01-03 08:46 - 2009-07-14 05:45 - 00009904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-03 08:46 - 2009-07-14 05:45 - 00009904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-01 16:25 - 2013-12-17 16:25 - 00000286 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-12-31 19:50 - 2013-12-30 19:49 - 00000000 ____D C:\Users\Nicole\AppData\Local\{99F72A29-B239-4096-81A0-A7D8E8A2C928}
2013-12-30 07:49 - 2013-12-29 19:42 - 00000000 ____D C:\Users\Nicole\AppData\Local\{EA03446A-D759-45AC-BC57-A8452279A97B}
2013-12-30 06:43 - 2010-12-22 16:09 - 00000000 ____D C:\Users\Nicole\AppData\Local\Adobe
2013-12-30 06:41 - 2013-12-30 06:41 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-30 06:41 - 2013-12-26 08:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-30 06:41 - 2013-12-26 08:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-29 19:36 - 2013-12-26 08:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-29 19:36 - 2013-12-26 08:20 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-29 19:36 - 2013-12-26 08:20 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-29 19:36 - 2013-10-12 22:57 - 00052384 _____ C:\Windows\PFRO.log
2013-12-28 14:56 - 2013-12-27 14:55 - 00000000 ____D C:\Program Files (x86)\MarketResearchHelper
2013-12-28 08:16 - 2013-12-26 08:20 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-28 08:16 - 2013-12-26 08:20 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-27 20:41 - 2013-11-15 20:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-27 15:08 - 2013-12-27 15:08 - 00000000 ____D C:\NVIDIA
2013-12-27 15:06 - 2013-01-15 16:06 - 00000000 ____D C:\Users\Nicole\Desktop\kenny
2013-12-27 14:58 - 2013-12-26 08:24 - 00000000 ____D C:\ProgramData\WPM
2013-12-26 18:13 - 2010-12-25 23:33 - 00446976 ___SH C:\Users\Nicole\Documents\Thumbs.db
2013-12-26 15:36 - 2013-12-26 15:36 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\PDF Architect
2013-12-26 15:33 - 2013-12-26 15:32 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-12-26 15:33 - 2013-12-26 15:32 - 00000000 ____D C:\Program Files (x86)\PDF Architect
2013-12-26 15:32 - 2013-12-26 15:32 - 00001031 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2013-12-26 15:32 - 2013-12-26 15:32 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\pdfforge
2013-12-26 15:30 - 2013-12-26 15:29 - 69734576 _____ (pdfforge ) C:\Users\Nicole\Downloads\PDFCreator-1_7_2_setup_offline.exe
2013-12-26 10:44 - 2013-08-25 18:12 - 00088624 _____ C:\Users\Nicole\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-26 10:41 - 2013-08-26 12:53 - 00349200 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-26 10:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-26 09:26 - 2010-12-26 11:49 - 01599906 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-26 08:28 - 2011-02-20 13:42 - 00000000 ____D C:\Windows\Minidump
2013-12-26 08:24 - 2013-12-26 08:24 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-26 08:23 - 2013-12-26 08:21 - 00002445 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-26 08:23 - 2013-12-04 15:11 - 00001623 _____ C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-26 08:23 - 2010-12-17 08:04 - 00001593 _____ C:\Users\Nicole\Desktop\Internet Explorer.lnk
2013-12-26 08:22 - 2010-12-18 07:51 - 00000000 ____D C:\Users\Nicole\AppData\Local\Google
2013-12-26 08:21 - 2013-12-26 08:21 - 00109152 _____ () C:\Users\Nicole\Downloads\Setup.exe
2013-12-26 08:21 - 2010-12-22 14:02 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-26 08:19 - 2013-12-26 08:18 - 00000000 ____D C:\Users\Nicole\AppData\Local\Deployment
2013-12-26 08:18 - 2013-12-26 08:18 - 00000000 ____D C:\Users\Nicole\AppData\Local\Apps\2.0
2013-12-26 08:12 - 2011-07-02 10:00 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2013-12-26 08:12 - 2011-07-02 10:00 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2013-12-26 08:12 - 2011-07-02 10:00 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2013-12-26 08:11 - 2011-07-02 10:01 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2013-12-26 08:11 - 2011-07-02 10:01 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2013-12-26 08:02 - 2013-12-26 08:02 - 00000000 ____D C:\Users\Nicole\AppData\Local\{6ED0F5F2-8AD0-4A67-8EF0-D6BB62567A8A}
2013-12-26 07:49 - 2012-03-26 23:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-26 07:49 - 2012-03-26 23:28 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Skype
2013-12-26 07:49 - 2012-03-26 23:27 - 00000000 ____D C:\ProgramData\Skype
2013-12-26 07:43 - 2013-11-01 21:25 - 00000000 ____D C:\Users\Nicole\AppData\Local\WebPlayer
2013-12-24 13:34 - 2013-12-24 13:34 - 00000000 ____D C:\Users\Nicole\AppData\Local\{C28EC42B-09EF-460B-BFCE-2F54B5FC1B39}
2013-12-23 20:32 - 2013-12-23 20:32 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2013-12-21 20:43 - 2012-09-29 15:51 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-17 19:17 - 2013-12-17 19:17 - 00284360 _____ C:\Windows\Minidump\121713-45021-01.dmp.old
2013-12-17 18:30 - 2013-12-17 18:22 - 00001660 _____ C:\Windows\system32\ASOROSet.bin
2013-12-17 18:30 - 2009-07-14 03:34 - 80216064 _____ C:\Windows\system32\config\software.bak
2013-12-17 18:30 - 2009-07-14 03:34 - 21233664 _____ C:\Windows\system32\config\system.bak
2013-12-17 18:30 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-12-17 18:24 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-12-17 18:22 - 2013-12-17 18:22 - 00000000 ____D C:\Windows\system32\config\RCCBakup
2013-12-17 18:13 - 2013-12-17 18:12 - 00000000 ____D C:\Users\Nicole\AppData\Local\{E0802343-90D3-4C6C-9B08-A2D041218F91}
2013-12-17 16:45 - 2013-09-05 19:49 - 00000000 ____D C:\Users\Nicole\AppData\Local\DownloadGuide
2013-12-17 16:25 - 2013-12-17 16:25 - 00003040 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2013-12-17 16:25 - 2013-12-17 16:25 - 00002884 _____ C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2013-12-17 16:24 - 2013-12-17 16:24 - 00001050 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2013-12-17 16:24 - 2013-12-17 16:24 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-12-17 16:23 - 2013-12-17 16:14 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-12-17 05:34 - 2013-12-17 05:32 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\buenosearch LTD
2013-12-17 05:34 - 2011-12-07 12:59 - 00000000 ____D C:\ProgramData\Babylon
2013-12-17 05:33 - 2013-09-30 16:35 - 00000000 ____D C:\ProgramData\AVG2014
2013-12-17 05:32 - 2013-12-17 05:32 - 00000000 ____D C:\Program Files\Babylon
2013-12-17 05:32 - 2013-12-17 05:32 - 00000000 ____D C:\Program Files (x86)\buenosearch LTD
2013-12-15 13:58 - 2013-12-15 13:58 - 18291784 _____ (AVM Berlin ) C:\Users\Nicole\Downloads\FRITZ!fax_3.07.04.exe
2013-12-15 04:42 - 2013-12-15 04:42 - 00000000 ____D C:\Users\Nicole\AppData\Local\{EAFB1D75-2710-499C-969B-B7282AD998FA}
2013-12-14 18:14 - 2013-12-14 18:11 - 149157408 _____ (AVG Technologies) C:\Users\Nicole\Downloads\avg_free_x64_all_2014_4259a6848.exe
2013-12-14 18:02 - 2013-12-14 18:01 - 37738048 _____ (Wondershare Software ) C:\Users\Nicole\Downloads\video-converter-ultimate_full1045.exe
2013-12-14 09:05 - 2013-08-10 20:00 - 00000000 ____D C:\Users\Nicole\Desktop\DCIM
2013-12-13 13:53 - 2013-12-12 06:37 - 00000000 ____D C:\Users\Nicole\AppData\Local\{9C636FA2-4EAF-45A7-8F77-067AC6D0550A}
2013-12-12 19:21 - 2013-08-17 09:17 - 00000000 ____D C:\Windows\rescache
2013-12-11 06:10 - 2010-12-17 10:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-09 21:06 - 2013-12-09 21:06 - 00000000 ____D C:\Users\Nicole\AppData\Local\{7575FAC2-82C4-4895-AD5D-ACC8269CD746}
2013-12-07 20:18 - 2013-10-28 22:08 - 00000000 ____D C:\ProgramData\xml_param
2013-12-07 20:02 - 2013-12-07 20:02 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Wondershare Video Converter Ultimate
2013-12-07 19:06 - 2010-12-18 23:44 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-12-07 19:00 - 2013-11-01 21:25 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-12-07 18:57 - 2010-12-23 23:14 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Apple Computer
2013-12-07 18:56 - 2013-10-19 18:52 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-12-07 18:55 - 2013-03-04 21:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-07 18:50 - 2013-12-07 18:50 - 00000048 _____ C:\Windows\wininit.ini
2013-12-07 18:42 - 2011-04-29 09:58 - 00000000 ____D C:\Program Files (x86)\Acer
2013-12-07 18:40 - 2013-12-07 18:40 - 00000000 ____D C:\Users\Nicole\AppData\Local\{E7BE259E-4778-4F4A-8870-3FF53E29BA14}
2013-12-07 18:39 - 2013-12-07 18:39 - 00000068 _____ C:\Users\Nicole\Win8UpgradeKit_07.12.2013.LOG
2013-12-06 21:09 - 2013-12-06 21:08 - 00000000 ____D C:\Users\Nicole\AppData\Local\{19989C47-A05D-439F-829C-A38945147913}
2013-12-06 21:08 - 2013-12-06 21:08 - 00000068 _____ C:\Users\Nicole\Win8UpgradeKit_06.12.2013.LOG
Some content of TEMP:
====================
C:\Users\Nicole\AppData\Local\Temp\6_Offer_15.exe
C:\Users\Nicole\AppData\Local\Temp\DownloadManager.exe
C:\Users\Nicole\AppData\Local\Temp\Mobogenie_Setup_INT.exe
C:\Users\Nicole\AppData\Local\Temp\nscB723.exe
C:\Users\Nicole\AppData\Local\Temp\nsk97A6.exe
C:\Users\Nicole\AppData\Local\Temp\nsr6BA1.exe
C:\Users\Nicole\AppData\Local\Temp\obw_aartemis_2013111118305.exe
C:\Users\Nicole\AppData\Local\Temp\SearchProtectINT.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-12 14:21
==================== End Of Log ============================
|
|
04.01.2014, 21:36
| #8 |
| /// TB-Ausbilder | Windows 7 64 bit Version nach dem Anmelden weißer Bildschirm ok. Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Scan mit Combofix
Schritt 3 Starte noch einmal FRST.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
04.01.2014, 23:18
| #9 |
| | Windows 7 64 bit Version nach dem Anmelden weißer Bildschirm Ok. Das kann ich erst morgen im laufe des Vormittags durchführen. Habe morgen Dienst und zeit.... |
|
04.01.2014, 23:19
| #10 |
| /// TB-Ausbilder | Windows 7 64 bit Version nach dem Anmelden weißer Bildschirm Alles klar. 
__________________ cheers, Leo |
|
05.01.2014, 17:09
| #11 |
| | Windows 7 64 bit Version nach dem Anmelden weißer Bildschirm Leo - Aufgabe nahm doch mehr Zeit in Anspruch als gedacht. Da ich im Dienst keine Hardware nutzen darf (Bunker) muss ich alles auf Montag verschieben. Schritt 1 ist soweit erledigt, das die Logfile schon vorliegt Schritt 2 ist heute morgen nicht fertig geworden.... Ich werde mich melden... |
|
05.01.2014, 17:46
| #12 |
| /// TB-Ausbilder | Windows 7 64 bit Version nach dem Anmelden weißer Bildschirm Alles klar.
__________________ cheers, Leo |
|
06.01.2014, 15:01
| #13 |
| | Windows 7 64 bit Version nach dem Anmelden weißer Bildschirm Da bin ich vom Dienst zurück... Schritt 1:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 05/01/2014 um 06:28:01
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Nicole - NICOLE-LAPTOP
# Gestartet von : C:\Users\Nicole\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : Update MarketResearchHelper
[#] Dienst Gelöscht : Util MarketResearchHelper
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\ProgramData\HBLiteSA
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\Uniblue\DriverScanner
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Ordner Gelöscht : C:\Program Files (x86)\Advanced System Protector
Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Program Files (x86)\optimizer pro
Ordner Gelöscht : C:\Program Files (x86)\PC Speed Maximizer
Ordner Gelöscht : C:\Program Files (x86)\RegClean Pro
Ordner Gelöscht : C:\Program Files (x86)\Plus-HD-5.0
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\Users\Nicole\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Nicole\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Nicole\AppData\Local\lollipop
Ordner Gelöscht : C:\Users\Nicole\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Nicole\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\Nicole\AppData\Local\webplayer
Ordner Gelöscht : C:\Users\Nicole\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Nicole\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Nicole\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Nicole\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\Nicole\AppData\LocalLow\FunWebProducts
Ordner Gelöscht : C:\Users\Nicole\AppData\LocalLow\IncrediMail_MediaBar_2
Ordner Gelöscht : C:\Users\Nicole\AppData\LocalLow\Ironsource
Ordner Gelöscht : C:\Users\Nicole\AppData\LocalLow\MyWebSearch
Ordner Gelöscht : C:\Users\Nicole\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Nicole\AppData\LocalLow\softonic-de3
Ordner Gelöscht : C:\Users\Nicole\AppData\LocalLow\somotomoviestoolbar1
Ordner Gelöscht : C:\Users\Nicole\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Ordner Gelöscht : C:\Users\Nicole\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Nicole\AppData\Roaming\HBLite
Ordner Gelöscht : C:\Users\Nicole\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Nicole\AppData\Roaming\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Nicole\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Nicole\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Nicole\AppData\Roaming\Windows Net Data
Ordner Gelöscht : C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Ordner Gelöscht : C:\Users\Nicole\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Nicole\Documents\optimizer pro
Ordner Gelöscht : C:\Users\Nicole\Documents\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Andre\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Andre\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Andre\AppData\LocalLow\FunWebProducts
Ordner Gelöscht : C:\Users\Andre\AppData\LocalLow\incredibar.com
Ordner Gelöscht : C:\Users\Andre\AppData\LocalLow\IncrediMail_MediaBar_2
Ordner Gelöscht : C:\Users\Andre\AppData\LocalLow\Ironsource
Ordner Gelöscht : C:\Users\Andre\AppData\LocalLow\MyWebSearch
Ordner Gelöscht : C:\Users\Andre\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Andre\AppData\LocalLow\softonic-de3
Ordner Gelöscht : C:\Users\Andre\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8i0k0k3k.default-1383333122076\Extensions\8c6c8c15-21d7-4f62-8a57-202aee8f7fb3@6567ba21-e435-4eb0-838d-8395b2265c30.com
Ordner Gelöscht : C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Ordner Gelöscht : C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Ordner Gelöscht : C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Ordner Gelöscht : C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii
Ordner Gelöscht : C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajeaeekpfakbiidigngcnelnclhnaibo
[!] Ordner Gelöscht : C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Public\Desktop\RegClean Pro.lnk
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
Datei Gelöscht : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8i0k0k3k.default-1383333122076\user.js
Datei Gelöscht : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\vut3akl4.default\user.js
Datei Gelöscht : C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
Datei Gelöscht : C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
Datei Gelöscht : C:\Windows\System32\Tasks\Advanced System Protector_startup
Datei Gelöscht : C:\Windows\System32\Tasks\RegClean Pro
Datei Gelöscht : C:\Windows\Tasks\RegClean Pro_DEFAULT.job
Datei Gelöscht : C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
Datei Gelöscht : C:\Windows\Tasks\RegClean Pro_UPDATES.job
Datei Gelöscht : C:\Windows\System32\Tasks\RegClean Pro_UPDATES
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-5.0-chromeinstaller.job
Datei Gelöscht : C:\Windows\System32\Tasks\Plus-HD-5.0-chromeinstaller
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-5.0-codedownloader.job
Datei Gelöscht : C:\Windows\System32\Tasks\Plus-HD-5.0-codedownloader
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-5.0-enabler.job
Datei Gelöscht : C:\Windows\System32\Tasks\Plus-HD-5.0-enabler
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-5.0-firefoxinstaller.job
Datei Gelöscht : C:\Windows\System32\Tasks\Plus-HD-5.0-firefoxinstaller
Datei Gelöscht : C:\Windows\Tasks\Plus-HD-5.0-updater.job
Datei Gelöscht : C:\Windows\System32\Tasks\Plus-HD-5.0-updater
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Nicole\Desktop\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Nicole\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Nicole\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Nicole\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\ajeaeekpfakbiidigngcnelnclhnaibo
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ajeaeekpfakbiidigngcnelnclhnaibo
Schlüssel Gelöscht : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
Schlüssel Gelöscht : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PC Speed Maximizer]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\hbliteax.info
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\hbliteax.userprofiles
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ShopperReports.Reporter
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0047718.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0047718.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0047718.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0047718.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2724407
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_adobe-photoshop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_adobe-photoshop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photofiltre (1)_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photofiltre (1)_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photofiltre_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photofiltre_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_windows-live-messenger_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_windows-live-messenger_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7025E484-D4B0-441A-9F0B-69063BD679CE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{8258B35C-05B8-4C0E-9525-9BCCC70F8F2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A89256AD-EC17-4A83-BEF5-4B8BC4F39306}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E71ECFAA-158B-4027-9A01-1959834A82DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411771118}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422772218}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455775518}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466776618}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444774418}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E71ECFAA-158B-4027-9A01-1959834A82DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411771118}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E71ECFAA-158B-4027-9A01-1959834A82DB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3444C3C5-6C56-4A16-A453-832B05BF6EA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22d36aab-58e2-4972-881b-6b8a475aca49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{604eb3e2-6b4d-4328-aef6-41a15b339be2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92182fb4-ae7e-4dd1-a8d0-b63404bf5b60}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95389704-673c-4716-8fec-3eb5de296e99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fe62c7a5-6ca7-463d-bb77-748d4c9e28f7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411771118}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422772218}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{83B2FE06-BA20-4F7D-96C6-6FC3A4E877D3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B32966A2-F7C2-4362-A6CF-399EC8B44110}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F8B4EC8A-2407-4BE0-AEE2-0F430D65A90D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455775518}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466776618}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411771118}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22d36aab-58e2-4972-881b-6b8a475aca49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{604eb3e2-6b4d-4328-aef6-41a15b339be2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92182fb4-ae7e-4dd1-a8d0-b63404bf5b60}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95389704-673c-4716-8fec-3eb5de296e99}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fe62c7a5-6ca7-463d-bb77-748d4c9e28f7}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Schlüssel Gelöscht : HKCU\Software\APN DTX
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\hblitesa
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\pc speed maximizer
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\SearchProtectINT
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Fun Web Products
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\FunWebProducts
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\MyAshampoo\toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\MyWebSearch
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Plus-HD-5.0
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\aartemisSoftware
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\HBLite
Schlüssel Gelöscht : HKLM\Software\IB Updater
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\ImInstaller
Schlüssel Gelöscht : HKLM\Software\SafetyNut
Schlüssel Gelöscht : HKLM\Software\ScanQuery
Schlüssel Gelöscht : HKLM\Software\SimplyGen
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKLM\Software\Plus-HD-5.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-5.0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\IB Updater
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Web Assistant
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v26.0 (en-US)
[ Datei : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8i0k0k3k.default-1383333122076\prefs.js ]
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.InstallationThankYouPage", false);
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.InstallationTime", 1388849830);
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.active", true);
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.addressbar", "NA");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.addressbarenhanced", "");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.asyncdb_dbWasSet", true);
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.asyncdb_dbWasSet_FF25_FIX", true);
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.asyncinternaldb_dbWasSet", true);
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.asyncinternaldb_dbWasSet_FF25_FIX", true);
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.backgroundver", 1);
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.certdomaininstaller", "");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.changeprevious", false);
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.cookie.InstallationTime.value", "%221388849830%22");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22000781%22%2C%22sub_id%22%3A%220%22%2C%22uz[...]
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.cookie.iframe-exists.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.cookie.iframe-exists.value", "true");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.cookie.jw_token.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.cookie.jw_token.value", "%22f2f3636b-85ca-4ec4-7d24-db57f0ce1864%22");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.description", "Turn YouTube videos to High Definition by default");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.domain", "");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.enablesearch", false);
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.homepage", "");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.iframe", false);
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%2284C468DEC464469AA742F00F3CE72[...]
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22000781%22%2C%22sub_id%22%3A%220%22%2C%[...]
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22000781%22%2C%22sub_id%22%3A%220%2[...]
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%2284C468DEC464469AA742[...]
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.Resources_appVer.value", "14");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.Resources_lastVersion.value", "1");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.Resources_meta.value", "%7B%7D");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.Resources_nextCheck.expiration", "Sun Jan 05 2014 12:23:38 GMT+0100");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.Resources_nextCheck.value", "true");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.Resources_queue.value", "%7B%7D");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%2284C468DE[...]
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.monetization_plugin_last_executable_request.expiration", "Sun Jan 05 2014 18:11:07 GMT+[...]
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.internaldb.monetization_plugin_last_executable_request.value", "%22hxxp%3A//download.bleepingcompu[...]
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.lastDailyReport", "1388898491344");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.lastUpdate", "1388898527327");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.manifesturl", "");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.name", "Plus-HD-5.0");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.newtab", "");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.opensearch", "");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/47718/plugins/093/ff/plugins.json");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.pluginsversion", 10);
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.publisher", "Plus HD");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.searchstatus", 0);
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.setnewtab", false);
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.thankyou", "");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.updateinterval", 360);
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.47718.ver", 14);
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.apps", "47718");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.bic", "142b47f6b4c338690d68b6d958348016");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.cid", 47718);
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.firstrun", false);
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.hadappinstalled", true);
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.installationdate", 1388856332);
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.modetype", "production");
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.reportInstall", true);
Zeile gelöscht : user_pref("extensions.a8c6c8c1521d74f628a57202aee8f7fb36567ba21e4354eb0838d8395b2265c30com47718.statsDailyCounter", 2);
Zeile gelöscht : user_pref("extensions.crossrider.bic", "142b47f6b4c338690d68b6d958348016");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/?a=6OxVVZkTNA&loc=skw&search=");
[ Datei : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\vut3akl4.default\prefs.js ]
[ Datei : C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\tbwvwd7p.default\prefs.js ]
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://mystart.incredimail.com");
-\\ Google Chrome v31.0.1650.63
[ Datei : C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : icon_url
*************************
AdwCleaner[R0].txt - [65924 octets] - [05/01/2014 06:24:16]
AdwCleaner[S0].txt - [58019 octets] - [05/01/2014 06:28:01]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [58080 octets] ##########
Schritt 2: Combofix Logfile: Code:
ATTFilter ComboFix 14-01-04.03 - Nicole 05.01.2014 6:58.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4091.2668 [GMT 1:00]
ausgeführt von:: c:\users\Nicole\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-12-05 bis 2014-01-05 ))))))))))))))))))))))))))))))
.
.
2014-01-05 06:06 . 2014-01-05 06:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-05 06:06 . 2014-01-05 06:06 -------- d-----w- c:\users\Andre\AppData\Local\temp
2014-01-05 05:24 . 2014-01-05 05:29 -------- d-----w- C:\AdwCleaner
2014-01-04 15:57 . 2014-01-04 15:57 -------- d-----w- c:\program files\HitmanPro
2014-01-04 15:56 . 2014-01-04 16:09 -------- d-----w- c:\programdata\HitmanPro
2014-01-04 15:37 . 2014-01-04 15:38 -------- d-----w- c:\users\Nicole\.android
2014-01-04 15:36 . 2014-01-04 15:36 -------- d-----w- c:\users\Nicole\AppData\Roaming\DigitalSites
2014-01-04 15:36 . 2014-01-04 15:36 -------- d-----w- c:\program files (x86)\Image Converter
2014-01-04 15:01 . 2014-01-04 15:01 -------- d-----w- C:\FRST
2014-01-04 13:26 . 2012-07-25 11:03 16896 ----a-w- c:\windows\system32\sasnative64.exe
2013-12-27 14:08 . 2013-12-27 14:08 -------- d-----w- C:\NVIDIA
2013-12-27 13:55 . 2013-12-28 13:56 -------- d-----w- c:\program files (x86)\MarketResearchHelper
2013-12-27 05:38 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2013-12-27 05:38 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2013-12-26 14:36 . 2013-12-26 14:36 -------- d-----w- c:\users\Nicole\AppData\Roaming\PDF Architect
2013-12-26 14:32 . 2013-12-26 14:33 -------- d-----w- c:\program files (x86)\PDF Architect
2013-12-26 14:32 . 2013-04-09 13:13 110264 ----a-w- c:\windows\system32\pdfcmon.dll
2013-12-26 14:32 . 2012-05-05 09:54 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2013-12-26 14:32 . 2012-05-05 09:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2013-12-26 14:32 . 2013-12-26 14:33 -------- d-----w- c:\program files (x86)\PDFCreator
2013-12-26 14:32 . 2012-05-05 09:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2013-12-26 14:32 . 1998-07-06 16:56 125712 ----a-w- c:\windows\SysWow64\VB6DE.DLL
2013-12-26 14:32 . 1998-07-06 16:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL
2013-12-26 14:32 . 1998-07-06 16:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL
2013-12-26 08:27 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-26 08:27 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-26 08:27 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-26 08:27 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-26 08:27 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-26 08:15 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-12-26 08:11 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-12-26 08:11 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-12-26 08:11 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-12-26 08:11 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-12-26 08:11 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-12-26 08:11 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-12-26 08:11 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-12-26 07:47 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-26 07:45 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2013-12-26 07:45 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-12-26 07:45 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-12-26 07:44 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-12-26 07:44 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-12-26 07:44 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-12-26 07:44 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2013-12-26 07:44 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2013-12-26 07:31 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-12-26 07:30 . 2013-12-30 05:41 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-26 07:30 . 2013-12-30 05:41 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-26 07:21 . 2014-01-04 15:51 -------- d-----w- c:\users\Nicole\AppData\Local\cache
2013-12-26 07:21 . 2014-01-05 05:08 -------- d-----w- c:\users\Nicole\AppData\Roaming\newnext.me
2013-12-26 07:21 . 2014-01-04 15:37 -------- d-----w- c:\users\Nicole\AppData\Local\genienext
2013-12-26 07:18 . 2013-12-26 07:18 -------- d-----w- c:\users\Nicole\AppData\Local\Apps
2013-12-26 07:18 . 2013-12-26 07:19 -------- d-----w- c:\users\Nicole\AppData\Local\Deployment
2013-12-26 07:12 . 2013-12-26 07:12 -------- d-----w- c:\windows\SysWow64\Wat
2013-12-26 07:12 . 2013-12-26 07:12 -------- d-----w- c:\windows\system32\Wat
2013-12-23 19:32 . 2013-12-23 19:32 4558848 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-12-17 17:22 . 2013-12-17 17:30 1660 ----a-w- c:\windows\system32\ASOROSet.bin
2013-12-17 15:14 . 2013-12-17 15:23 -------- d-----w- c:\programdata\SecTaskMan
2013-12-17 04:32 . 2013-12-17 04:32 -------- d-----w- c:\program files (x86)\buenosearch LTD
2013-12-17 04:32 . 2013-12-17 04:34 -------- d-----w- c:\users\Nicole\AppData\Roaming\buenosearch LTD
2013-12-10 19:47 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-12-10 19:47 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-10 19:47 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-12-10 19:47 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-10 19:47 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-12-10 19:47 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-10 19:47 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-10 19:46 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2013-12-10 19:46 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2013-12-10 19:46 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2013-12-10 19:46 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2013-12-10 19:46 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2013-12-10 19:46 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2013-12-10 19:46 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2013-12-10 19:46 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2013-12-07 19:02 . 2013-12-07 19:02 -------- d-----w- c:\users\Nicole\AppData\Roaming\Wondershare Video Converter Ultimate
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-05 06:11 . 2014-01-05 06:11 32512 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-12-26 07:12 . 2011-07-02 09:00 419840 ----a-w- c:\windows\system32\systemcpl.dll
2013-12-26 07:12 . 2011-07-02 09:00 14848 ----a-w- c:\windows\system32\slwga.dll
2013-12-26 07:12 . 2011-07-02 09:00 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2013-12-26 07:11 . 2011-07-02 09:01 1008640 ----a-w- c:\windows\system32\user32.dll
2013-12-26 07:11 . 2011-07-02 09:01 833024 ----a-w- c:\windows\SysWow64\user32.dll
2013-12-04 13:56 . 2013-12-04 13:56 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-04 13:56 . 2013-12-04 13:56 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-04 13:55 . 2013-12-04 13:55 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-04 13:55 . 2013-12-04 13:55 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-04 13:55 . 2013-12-04 13:55 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-04 13:55 . 2013-12-04 13:55 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-04 13:55 . 2013-12-04 13:55 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-04 13:55 . 2013-12-04 13:55 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-04 13:55 . 2013-12-04 13:55 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-04 13:55 . 2013-12-04 13:55 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-04 13:55 . 2013-12-04 13:55 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-04 13:55 . 2013-12-04 13:55 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-04 13:55 . 2013-12-04 13:55 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-04 13:55 . 2013-12-04 13:55 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-04 13:55 . 2013-12-04 13:55 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-04 13:55 . 2013-12-04 13:55 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-04 13:55 . 2013-12-04 13:55 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-04 13:55 . 2013-12-04 13:55 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-04 13:55 . 2013-12-04 13:55 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-04 13:55 . 2013-12-04 13:55 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-04 13:55 . 2013-12-04 13:55 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-04 13:55 . 2013-12-04 13:55 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-04 13:55 . 2013-12-04 13:55 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-04 13:55 . 2013-12-04 13:55 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-04 13:55 . 2013-12-04 13:55 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-04 13:55 . 2013-12-04 13:55 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-04 13:55 . 2013-12-04 13:55 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-04 13:55 . 2013-12-04 13:55 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-04 13:55 . 2013-12-04 13:55 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-04 13:55 . 2013-12-04 13:55 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-04 13:55 . 2013-12-04 13:55 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-04 13:55 . 2013-12-04 13:55 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-04 13:55 . 2013-12-04 13:55 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-04 13:55 . 2013-12-04 13:55 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-04 13:55 . 2013-12-04 13:55 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-04 13:55 . 2013-12-04 13:55 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-04 13:55 . 2013-12-04 13:55 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-04 13:55 . 2013-12-04 13:55 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-04 13:55 . 2013-12-04 13:55 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-04 13:55 . 2013-12-04 13:55 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-04 13:55 . 2013-12-04 13:55 413696 ----a-w- c:\windows\system32\html.iec
2013-12-04 13:55 . 2013-12-04 13:55 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-04 13:55 . 2013-12-04 13:55 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-04 13:55 . 2013-12-04 13:55 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-04 13:55 . 2013-12-04 13:55 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-04 13:55 . 2013-12-04 13:55 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-04 13:55 . 2013-12-04 13:55 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-04 13:55 . 2013-12-04 13:55 235520 ----a-w- c:\windows\system32\url.dll
2013-12-04 13:55 . 2013-12-04 13:55 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-04 13:55 . 2013-12-04 13:55 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-04 13:55 . 2013-12-04 13:55 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-04 13:55 . 2013-12-04 13:55 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-04 13:55 . 2013-12-04 13:55 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-04 13:55 . 2013-12-04 13:55 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-04 13:55 . 2013-12-04 13:55 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-04 13:55 . 2013-12-04 13:55 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-04 13:55 . 2013-12-04 13:55 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-04 13:55 . 2013-12-04 13:55 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-04 13:55 . 2013-12-04 13:55 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-04 13:54 . 2013-12-04 13:54 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-12-04 13:54 . 2013-12-04 13:54 859648 ----a-w- c:\windows\system32\tdh.dll
2013-12-04 13:54 . 2013-12-04 13:54 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-12-04 13:54 . 2013-12-04 13:54 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-12-04 13:54 . 2013-12-04 13:54 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-12-04 13:54 . 2013-12-04 13:54 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-12-04 13:54 . 2013-12-04 13:54 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-12-04 13:54 . 2013-12-04 13:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-12-04 13:54 . 2013-12-04 13:54 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-12-04 13:54 . 2013-12-04 13:54 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-12-04 13:54 . 2013-12-04 13:54 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-12-04 13:54 . 2013-12-04 13:54 243712 ----a-w- c:\windows\system32\wow64.dll
2013-12-04 13:54 . 2013-12-04 13:54 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-12-04 13:54 . 2013-12-04 13:54 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-12-04 13:54 . 2013-12-04 13:54 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-12-04 13:54 . 2013-12-04 13:54 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-12-04 13:54 . 2013-12-04 13:54 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-12-04 13:54 . 2013-12-04 13:54 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-12-04 13:54 . 2013-12-04 13:54 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-12-04 13:53 . 2013-12-04 13:53 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-12-04 13:53 . 2013-12-04 13:53 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-11-05 20:55 . 2013-11-05 20:55 150808 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-11-04 20:52 . 2013-11-04 20:52 240920 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-10-31 22:00 . 2013-10-31 22:00 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-10-31 21:49 . 2013-10-31 21:49 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-10-24 21:25 . 2013-10-24 21:25 194872 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-10-12 02:30 . 2013-11-13 15:32 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 15:32 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 15:32 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 15:32 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 15:32 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-12-26 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Nicole\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Nicole\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Nicole\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightShot"="c:\users\Nicole\AppData\Local\Skillbrains\lightshot\LightShot.exe" [2013-09-27 226592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-11-07 4956176]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-06-13 1743648]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
.
c:\users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Nicole\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-12-18 30714312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"My Web Search Bar Search Scope Monitor"="c:\progra~2\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1039bus.sys [x]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mdfl.sys [x]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mdm.sys [x]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mgmt.sys [x]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1039nd5.sys [x]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1039obex.sys [x]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1039unic.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\tuneupportable\App\TuneUp\TuneUpUtilitiesDriver32.sys;c:\tuneupportable\App\TuneUp\TuneUpUtilitiesDriver32.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\tuneupportable\App\TuneUp\TuneUpUtilitiesService32.exe;c:\tuneupportable\App\TuneUp\TuneUpUtilitiesService32.exe [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-26 07:21 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-26 05:41]
.
2014-01-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1577357195-738740372-4011112676-1003Core.job
- c:\users\Andre\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-07 12:36]
.
2014-01-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1577357195-738740372-4011112676-1003UA.job
- c:\users\Andre\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-07 12:36]
.
2013-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-26 07:20]
.
2013-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-26 07:20]
.
2014-01-05 c:\windows\Tasks\update-S-1-5-21-1577357195-738740372-4011112676-1000.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2013-09-23 11:37]
.
2014-01-05 c:\windows\Tasks\update-sys.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2013-09-23 11:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Nicole\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Nicole\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Nicole\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Nicole\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearchAssistant =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\vut3akl4.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
Toolbar-{828DC97A-2277-4E10-92A9-4907FA0922A9} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)
AddRemove-PC Speed Maximizer_is1 - c:\program files (x86)\PC Speed Maximizer\unins000.exe
AddRemove-Wondershare Video Converter Ultimate_is1 - h:\program files (x86)\Wondershare\Video Converter Ultimate\unins000.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2487367 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2736428 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2742595 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2858302v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2160841 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2446708 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2478663 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572078 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2633870 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2686827 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2729449 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2736428 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2737019 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2742595 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2789642 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2804576 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2835393 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2840628 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2840628v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2858302v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-Image Editor Packages - c:\users\Nicole\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Image Editor Packages\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Micro Focus]
@Denied: (C D) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\tuneupportable\App\TuneUp\TuneUpUtilitiesApp32.exe
c:\program files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-01-05 07:18:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-01-05 06:18
.
Vor Suchlauf: 10 Verzeichnis(se), 17.940.451.328 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 20.704.882.688 Bytes frei
.
- - End Of File - - 80FC33ACCFCEAE681237F170A2AAF98A
AF410CC8F726E6487D5DE1E125EFA36C |
|
06.01.2014, 15:01
| #14 |
| | Windows 7 64 bit Version nach dem Anmelden weißer Bildschirm Schritt 3: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014
Ran by Nicole (administrator) on NICOLE-LAPTOP on 06-01-2014 14:52:08
Running from F:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(TuneUp Software) C:\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(TuneUp Software) C:\TuneUpPortable\App\TuneUp\TuneUpUtilitiesApp32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1743648 2013-06-13] (Wondershare)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKCU\...\Run: [LightShot] - C:\Users\Nicole\AppData\Local\Skillbrains\lightshot\LightShot.exe [226592 2013-09-27] ()
HKU\Andre\...\Run: [IncrediMail] - C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
HKU\Andre\...\Run: [Facebook Update] - C:\Users\Andre\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-07] (Facebook Inc.)
Startup: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Nicole\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x33FED1749901CF01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=n9602-153&apn_uid=8054343232924648&apn_dtid=BND473&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM-x32 - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=n9602-153&apn_uid=8054343232924648&apn_dtid=BND473&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=n9602-153&apn_uid=8054343232924648&apn_dtid=BND473&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - {977A53BB-0DD6-4D36-9E8E-C937A6967C19} URL = hxxp://searchya.com/?chnl=ft-100&s=1&cr=1746044404&cd=2XzutAtN2Y1L1QzutDtDtBtCyC0ByBtCyEzzyE0C0B0CyE0C0FtN0D0TzutBtDtCtBtDtBtByD&q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
Toolbar: HKLM-x32 - buenosearch Toolbar - {828DC97A-2277-4E10-92A9-4907FA0922A9} - No File
Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8i0k0k3k.default-1383333122076
FF NewTab: hxxp://www.buenosearch.com/?babsrc=NT_def&mntrId=AE2B00216B71484C&affID=119557&tsp=5099
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: {@alibaba.com/alisetup;version=1.0} - C:\Users\Nicole\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)
FF SearchPlugin: C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8i0k0k3k.default-1383333122076\searchplugins\buenosearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: BuenoSearch - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8i0k0k3k.default-1383333122076\Extensions\ffxtlbr@buenosearch.com
FF Extension: MarketResearchHelper - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8i0k0k3k.default-1383333122076\Extensions\firefox@marketresearchhelper.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
Chrome:
=======
CHR Extension: (Google Wallet) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1
CHR Extension: () - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppkgikfccbpebogfnekmgiomgamjafel\1.0.0_1
CHR HKLM-x32\...\Chrome\Extension: [chgdeabpmphfhkoemjjglmilajldekbp] - H:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRChromePlugin.crx
CHR HKLM-x32\...\Chrome\Extension: [ppkgikfccbpebogfnekmgiomgamjafel] - C:\Program Files (x86)\MarketResearchHelper\ppkgikfccbpebogfnekmgiomgamjafel.crx
==================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2014-01-04] (SurfRight B.V.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 TuneUp.UtilitiesSvc; C:\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe [1699680 2012-09-17] (TuneUp Software)
S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2013-12-26] ()
S2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [x]
==================== Drivers (Whitelisted) ====================
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2010-03-01] (MCCI Corporation)
S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2010-03-15] (MCCI Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2010-03-15] (MCCI Corporation)
S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2010-03-01] (MCCI Corporation)
S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2010-03-15] (MCCI Corporation)
S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2010-03-01] (MCCI Corporation)
S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2010-03-15] (MCCI Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2010-12-17] (Duplex Secure Ltd.)
S3 TuneUpUtilitiesDrv; C:\TuneUpPortable\App\TuneUp\TuneUpUtilitiesDriver32.sys [10088 2012-08-29] (TuneUp Software)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-06 14:44 - 2014-01-06 14:44 - 00040322 _____ C:\Users\Nicole\Desktop\combofix.txt
2014-01-05 07:18 - 2014-01-05 07:18 - 00040322 _____ C:\ComboFix.txt
2014-01-05 06:36 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-05 06:36 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-05 06:36 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-05 06:36 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-05 06:36 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-05 06:36 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-05 06:36 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-05 06:36 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-05 06:34 - 2014-01-05 07:18 - 00000000 ____D C:\Qoobox
2014-01-05 06:33 - 2014-01-05 07:14 - 00000000 ____D C:\Windows\erdnt
2014-01-05 06:32 - 2014-01-05 06:32 - 00058541 _____ C:\Users\Nicole\Desktop\AdwCleaner[S0].txt
2014-01-05 06:32 - 2014-01-05 06:32 - 00000000 ____D C:\Users\Nicole\AppData\Local\{9DB2EABF-F8CE-4521-A282-2DE7BE4D33E0}
2014-01-05 06:24 - 2014-01-05 06:29 - 00000000 ____D C:\AdwCleaner
2014-01-05 06:16 - 2014-01-05 06:16 - 00001950 _____ C:\Users\Nicole\Desktop\Test.txt
2014-01-05 06:11 - 2014-01-05 06:11 - 05160001 ____R (Swearware) C:\Users\Nicole\Desktop\ComboFix.exe
2014-01-05 06:10 - 2014-01-05 06:10 - 01233962 _____ C:\Users\Nicole\Desktop\adwcleaner.exe
2014-01-04 18:26 - 2014-01-04 18:32 - 340465664 _____ C:\Users\Nicole\Downloads\kav_rescue_10-0513.iso
2014-01-04 17:36 - 2014-01-05 06:23 - 00000101 _____ C:\Users\Nicole\AppData\Roaming\WB.CFG
2014-01-04 17:36 - 2014-01-05 06:23 - 00000005 _____ C:\Users\Nicole\AppData\Roaming\WBPU-TTL.DAT
2014-01-04 17:06 - 2014-01-04 17:06 - 00011970 _____ C:\Windows\system32\.crusader
2014-01-04 16:57 - 2014-01-04 16:57 - 00001905 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2014-01-04 16:57 - 2014-01-04 16:57 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-04 16:56 - 2014-01-04 17:09 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-04 16:51 - 2014-01-04 16:56 - 10264904 _____ (SurfRight B.V.) C:\Users\Nicole\Downloads\hitmanpro_x64.exe
2014-01-04 16:37 - 2014-01-04 16:38 - 00000000 ____D C:\Users\Nicole\.android
2014-01-04 16:36 - 2014-01-04 16:36 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\DigitalSites
2014-01-04 16:36 - 2014-01-04 16:36 - 00000000 ____D C:\Program Files (x86)\Image Converter
2014-01-04 16:01 - 2014-01-06 14:48 - 00000000 ____D C:\FRST
2014-01-04 14:26 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe
2014-01-04 11:19 - 2014-01-04 11:20 - 00000000 ____D C:\Users\Nicole\AppData\Local\{CFFD2ADD-B266-4974-9500-127D5EFA74DE}
2014-01-03 19:18 - 2014-01-03 19:18 - 05738913 _____ C:\Users\Nicole\Downloads\Anhänge_201413.zip
2014-01-03 12:37 - 2014-01-03 12:37 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-03 08:52 - 2014-01-03 08:52 - 00000000 ____D C:\Users\Nicole\AppData\Local\{51E948DB-8DF8-45F2-B8F6-87814F727DE2}
2013-12-30 19:49 - 2013-12-31 19:50 - 00000000 ____D C:\Users\Nicole\AppData\Local\{99F72A29-B239-4096-81A0-A7D8E8A2C928}
2013-12-30 06:41 - 2014-01-06 14:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-30 06:41 - 2013-12-30 06:41 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-29 19:42 - 2013-12-30 07:49 - 00000000 ____D C:\Users\Nicole\AppData\Local\{EA03446A-D759-45AC-BC57-A8452279A97B}
2013-12-27 15:08 - 2013-12-27 15:08 - 00000000 ____D C:\NVIDIA
2013-12-27 14:55 - 2013-12-28 14:56 - 00000000 ____D C:\Program Files (x86)\MarketResearchHelper
2013-12-27 06:38 - 2012-02-11 07:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-12-27 06:38 - 2012-02-11 07:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2013-12-26 15:36 - 2013-12-26 15:36 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\PDF Architect
2013-12-26 15:32 - 2013-12-26 15:33 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-12-26 15:32 - 2013-12-26 15:33 - 00000000 ____D C:\Program Files (x86)\PDF Architect
2013-12-26 15:32 - 2013-12-26 15:32 - 00001031 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2013-12-26 15:32 - 2013-04-09 14:13 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2013-12-26 15:32 - 2012-05-05 10:54 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2013-12-26 15:32 - 2012-05-05 10:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2013-12-26 15:32 - 2012-05-05 10:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2013-12-26 15:32 - 1998-07-06 17:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2013-12-26 15:32 - 1998-07-06 17:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2013-12-26 15:32 - 1998-07-06 17:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2013-12-26 15:29 - 2013-12-26 15:30 - 69734576 _____ (pdfforge ) C:\Users\Nicole\Downloads\PDFCreator-1_7_2_setup_offline.exe
2013-12-26 09:27 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-26 09:27 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-26 09:27 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-26 09:27 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-26 09:11 - 2012-07-26 04:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-12-26 09:11 - 2012-07-26 04:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-12-26 09:11 - 2012-07-26 04:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-12-26 09:11 - 2012-07-26 04:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-12-26 09:11 - 2012-07-26 04:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-12-26 09:11 - 2012-07-26 03:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-12-26 09:11 - 2012-07-26 03:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-12-26 09:11 - 2012-06-02 15:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-12-26 08:48 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-26 08:48 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-26 08:48 - 2012-12-07 14:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-12-26 08:48 - 2012-12-07 14:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-12-26 08:48 - 2012-12-07 13:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-12-26 08:48 - 2012-12-07 13:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-12-26 08:48 - 2012-12-07 12:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-12-26 08:48 - 2012-12-07 12:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-12-26 08:48 - 2012-12-07 12:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-12-26 08:48 - 2012-12-07 12:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-12-26 08:48 - 2012-12-07 12:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-12-26 08:48 - 2012-12-07 12:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-12-26 08:48 - 2012-12-07 12:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-12-26 08:48 - 2012-12-07 12:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-12-26 08:48 - 2012-12-07 12:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-12-26 08:48 - 2012-12-07 12:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-12-26 08:48 - 2012-12-07 12:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-12-26 08:48 - 2012-12-07 12:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-12-26 08:48 - 2012-12-07 12:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-12-26 08:48 - 2012-12-07 12:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-12-26 08:48 - 2012-12-07 11:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-12-26 08:48 - 2012-10-09 19:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-12-26 08:48 - 2012-10-09 19:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-12-26 08:48 - 2012-10-09 18:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-12-26 08:48 - 2012-10-09 18:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-12-26 08:48 - 2012-01-04 11:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2013-12-26 08:48 - 2012-01-04 09:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2013-12-26 08:47 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-26 08:47 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-26 08:47 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-12-26 08:47 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-12-26 08:47 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-12-26 08:47 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-12-26 08:47 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-12-26 08:47 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-12-26 08:47 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-12-26 08:47 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-12-26 08:47 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-12-26 08:47 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-12-26 08:47 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-12-26 08:47 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-12-26 08:47 - 2013-03-19 06:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-12-26 08:47 - 2013-03-19 06:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-12-26 08:47 - 2012-11-22 06:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-12-26 08:47 - 2012-11-22 05:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-12-26 08:47 - 2012-10-03 18:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-12-26 08:47 - 2012-10-03 18:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2013-12-26 08:47 - 2012-10-03 18:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-12-26 08:47 - 2012-10-03 18:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-12-26 08:47 - 2012-10-03 18:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-12-26 08:47 - 2012-10-03 18:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-12-26 08:47 - 2012-10-03 17:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-12-26 08:47 - 2012-10-03 17:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-12-26 08:47 - 2012-10-03 17:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-12-26 08:47 - 2012-10-03 17:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-12-26 08:47 - 2012-08-22 19:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-12-26 08:47 - 2012-08-21 22:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2013-12-26 08:47 - 2012-07-04 21:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2013-12-26 08:47 - 2012-05-01 06:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2013-12-26 08:47 - 2012-04-07 13:31 - 03216384 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2013-12-26 08:47 - 2012-04-07 12:26 - 02342400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2013-12-26 08:47 - 2012-01-13 08:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-12-26 08:47 - 2011-12-30 07:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2013-12-26 08:47 - 2011-12-30 06:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2013-12-26 08:45 - 2013-05-10 06:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-12-26 08:45 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-12-26 08:45 - 2012-11-30 00:17 - 00420064 _____ C:\Windows\SysWOW64\locale.nls
2013-12-26 08:45 - 2012-11-30 00:15 - 00420064 _____ C:\Windows\system32\locale.nls
2013-12-26 08:45 - 2012-07-06 21:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2013-12-26 08:44 - 2013-04-17 08:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-12-26 08:44 - 2013-04-17 07:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-12-26 08:44 - 2013-01-24 07:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-12-26 08:44 - 2012-05-05 09:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-12-26 08:44 - 2012-05-05 08:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-12-26 08:31 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-12-26 08:30 - 2013-12-30 06:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-26 08:30 - 2013-12-30 06:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-26 08:24 - 2013-12-29 19:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-26 08:24 - 2013-12-26 08:24 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-26 08:21 - 2014-01-05 06:29 - 00001278 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-26 08:21 - 2014-01-05 06:08 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\newnext.me
2013-12-26 08:21 - 2014-01-04 20:46 - 00000697 _____ C:\Users\Nicole\daemonprocess.txt
2013-12-26 08:21 - 2014-01-04 16:51 - 00000000 ____D C:\Users\Nicole\AppData\Local\cache
2013-12-26 08:21 - 2014-01-04 16:37 - 00000000 ____D C:\Users\Nicole\AppData\Local\genienext
2013-12-26 08:21 - 2013-12-26 08:21 - 00109152 _____ () C:\Users\Nicole\Downloads\Setup.exe
2013-12-26 08:20 - 2013-12-29 19:36 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-26 08:20 - 2013-12-29 19:36 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-26 08:20 - 2013-12-28 08:16 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-26 08:20 - 2013-12-28 08:16 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-26 08:18 - 2013-12-26 08:19 - 00000000 ____D C:\Users\Nicole\AppData\Local\Deployment
2013-12-26 08:18 - 2013-12-26 08:18 - 00000000 ____D C:\Users\Nicole\AppData\Local\Apps\2.0
2013-12-26 08:02 - 2013-12-26 08:02 - 00000000 ____D C:\Users\Nicole\AppData\Local\{6ED0F5F2-8AD0-4A67-8EF0-D6BB62567A8A}
2013-12-24 13:34 - 2013-12-24 13:34 - 00000000 ____D C:\Users\Nicole\AppData\Local\{C28EC42B-09EF-460B-BFCE-2F54B5FC1B39}
2013-12-23 20:32 - 2013-12-23 20:32 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2013-12-17 19:17 - 2013-12-17 19:17 - 00284360 _____ C:\Windows\Minidump\121713-45021-01.dmp.old
2013-12-17 18:22 - 2013-12-17 18:30 - 00001660 _____ C:\Windows\system32\ASOROSet.bin
2013-12-17 18:22 - 2013-12-17 18:22 - 00000000 ____D C:\Windows\system32\config\RCCBakup
2013-12-17 18:12 - 2013-12-17 18:13 - 00000000 ____D C:\Users\Nicole\AppData\Local\{E0802343-90D3-4C6C-9B08-A2D041218F91}
2013-12-17 16:14 - 2013-12-17 16:23 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-12-17 05:32 - 2013-12-17 05:34 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\buenosearch LTD
2013-12-17 05:32 - 2013-12-17 05:32 - 00000000 ____D C:\Program Files (x86)\buenosearch LTD
2013-12-15 13:58 - 2013-12-15 13:58 - 18291784 _____ (AVM Berlin ) C:\Users\Nicole\Downloads\FRITZ!fax_3.07.04.exe
2013-12-15 04:42 - 2013-12-15 04:42 - 00000000 ____D C:\Users\Nicole\AppData\Local\{EAFB1D75-2710-499C-969B-B7282AD998FA}
2013-12-14 18:11 - 2013-12-14 18:14 - 149157408 _____ (AVG Technologies) C:\Users\Nicole\Downloads\avg_free_x64_all_2014_4259a6848.exe
2013-12-14 18:01 - 2013-12-14 18:02 - 37738048 _____ (Wondershare Software ) C:\Users\Nicole\Downloads\video-converter-ultimate_full1045.exe
2013-12-12 06:37 - 2013-12-13 13:53 - 00000000 ____D C:\Users\Nicole\AppData\Local\{9C636FA2-4EAF-45A7-8F77-067AC6D0550A}
2013-12-11 06:08 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 06:08 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 06:08 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-11 06:08 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 06:08 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 06:08 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-11 06:08 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 06:08 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 06:08 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 06:08 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 06:08 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 06:08 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-11 06:08 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-11 06:08 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-11 06:08 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 06:08 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 06:08 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 06:08 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 06:08 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 06:08 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-11 06:08 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 06:08 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-11 06:08 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 06:08 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-11 06:08 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 06:08 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 06:08 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 06:08 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-11 06:08 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-11 06:08 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 06:08 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-10 20:47 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-10 20:47 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-10 20:47 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-10 20:47 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-10 20:47 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-10 20:47 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-10 20:47 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 20:46 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-10 20:46 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-10 20:46 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-10 20:46 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-10 20:46 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-10 20:46 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-10 20:46 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-10 20:46 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-09 21:06 - 2013-12-09 21:06 - 00000000 ____D C:\Users\Nicole\AppData\Local\{7575FAC2-82C4-4895-AD5D-ACC8269CD746}
2013-12-07 20:02 - 2013-12-07 20:02 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Wondershare Video Converter Ultimate
2013-12-07 18:50 - 2013-12-07 18:50 - 00000048 _____ C:\Windows\wininit.ini
2013-12-07 18:40 - 2013-12-07 18:40 - 00000000 ____D C:\Users\Nicole\AppData\Local\{E7BE259E-4778-4F4A-8870-3FF53E29BA14}
2013-12-07 18:39 - 2013-12-07 18:39 - 00000068 _____ C:\Users\Nicole\Win8UpgradeKit_07.12.2013.LOG
==================== One Month Modified Files and Folders =======
2014-01-06 14:48 - 2014-01-04 16:01 - 00000000 ____D C:\FRST
2014-01-06 14:48 - 2009-07-14 18:58 - 00700608 _____ C:\Windows\system32\perfh007.dat
2014-01-06 14:48 - 2009-07-14 18:58 - 00149372 _____ C:\Windows\system32\perfc007.dat
2014-01-06 14:48 - 2009-07-14 06:13 - 01622012 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-06 14:44 - 2014-01-06 14:44 - 00040322 _____ C:\Users\Nicole\Desktop\combofix.txt
2014-01-06 14:41 - 2013-07-07 13:36 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1577357195-738740372-4011112676-1003UA.job
2014-01-06 14:41 - 2013-07-07 13:36 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1577357195-738740372-4011112676-1003Core.job
2014-01-06 14:34 - 2013-09-23 17:34 - 00000390 _____ C:\Windows\Tasks\update-S-1-5-21-1577357195-738740372-4011112676-1000.job
2014-01-06 14:21 - 2010-12-17 08:03 - 01155356 _____ C:\Windows\WindowsUpdate.log
2014-01-06 14:20 - 2013-12-30 06:41 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-06 12:22 - 2013-09-23 17:34 - 00000390 _____ C:\Windows\Tasks\update-sys.job
2014-01-06 08:33 - 2012-05-31 18:18 - 00000000 ____D C:\ProgramData\MFAData
2014-01-05 07:55 - 2013-08-17 09:17 - 00000000 ____D C:\Windows\rescache
2014-01-05 07:18 - 2014-01-05 07:18 - 00040322 _____ C:\ComboFix.txt
2014-01-05 07:18 - 2014-01-05 06:34 - 00000000 ____D C:\Qoobox
2014-01-05 07:18 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-05 07:14 - 2014-01-05 06:33 - 00000000 ____D C:\Windows\erdnt
2014-01-05 07:09 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2014-01-05 07:08 - 2013-10-12 22:57 - 00053352 _____ C:\Windows\PFRO.log
2014-01-05 07:08 - 2013-10-04 21:57 - 00010910 _____ C:\Windows\setupact.log
2014-01-05 07:08 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-05 06:32 - 2014-01-05 06:32 - 00058541 _____ C:\Users\Nicole\Desktop\AdwCleaner[S0].txt
2014-01-05 06:32 - 2014-01-05 06:32 - 00000000 ____D C:\Users\Nicole\AppData\Local\{9DB2EABF-F8CE-4521-A282-2DE7BE4D33E0}
2014-01-05 06:32 - 2012-09-29 15:49 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Dropbox
2014-01-05 06:29 - 2014-01-05 06:24 - 00000000 ____D C:\AdwCleaner
2014-01-05 06:29 - 2013-12-26 08:21 - 00001278 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-05 06:29 - 2013-12-04 15:11 - 00000991 _____ C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-05 06:29 - 2010-12-17 08:04 - 00000961 _____ C:\Users\Nicole\Desktop\Internet Explorer.lnk
2014-01-05 06:28 - 2012-12-31 15:57 - 00000000 ____D C:\ProgramData\Uniblue
2014-01-05 06:23 - 2014-01-04 17:36 - 00000101 _____ C:\Users\Nicole\AppData\Roaming\WB.CFG
2014-01-05 06:23 - 2014-01-04 17:36 - 00000005 _____ C:\Users\Nicole\AppData\Roaming\WBPU-TTL.DAT
2014-01-05 06:23 - 2011-11-07 20:12 - 00002958 _____ C:\Windows\System32\Tasks\{552B12E3-30F7-4BC9-B04C-E79550E30D49}
2014-01-05 06:23 - 2011-11-03 08:26 - 00002958 _____ C:\Windows\System32\Tasks\{715DB407-1006-4870-8F02-B3D93110762D}
2014-01-05 06:16 - 2014-01-05 06:16 - 00001950 _____ C:\Users\Nicole\Desktop\Test.txt
2014-01-05 06:11 - 2014-01-05 06:11 - 05160001 ____R (Swearware) C:\Users\Nicole\Desktop\ComboFix.exe
2014-01-05 06:10 - 2014-01-05 06:10 - 01233962 _____ C:\Users\Nicole\Desktop\adwcleaner.exe
2014-01-05 06:08 - 2013-12-26 08:21 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\newnext.me
2014-01-04 20:46 - 2013-12-26 08:21 - 00000697 _____ C:\Users\Nicole\daemonprocess.txt
2014-01-04 18:32 - 2014-01-04 18:26 - 340465664 _____ C:\Users\Nicole\Downloads\kav_rescue_10-0513.iso
2014-01-04 18:24 - 2010-12-25 14:13 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\UseNeXT
2014-01-04 18:00 - 2010-12-17 08:04 - 00000000 ___RD C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-04 17:09 - 2014-01-04 16:56 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-04 17:06 - 2014-01-04 17:06 - 00011970 _____ C:\Windows\system32\.crusader
2014-01-04 16:57 - 2014-01-04 16:57 - 00001905 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2014-01-04 16:57 - 2014-01-04 16:57 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-04 16:56 - 2014-01-04 16:51 - 10264904 _____ (SurfRight B.V.) C:\Users\Nicole\Downloads\hitmanpro_x64.exe
2014-01-04 16:51 - 2013-12-26 08:21 - 00000000 ____D C:\Users\Nicole\AppData\Local\cache
2014-01-04 16:38 - 2014-01-04 16:37 - 00000000 ____D C:\Users\Nicole\.android
2014-01-04 16:37 - 2013-12-26 08:21 - 00000000 ____D C:\Users\Nicole\AppData\Local\genienext
2014-01-04 16:37 - 2010-12-17 08:04 - 00000000 ____D C:\Users\Nicole
2014-01-04 16:36 - 2014-01-04 16:36 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\DigitalSites
2014-01-04 16:36 - 2014-01-04 16:36 - 00000000 ____D C:\Program Files (x86)\Image Converter
2014-01-04 14:34 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-04 12:25 - 2013-10-28 21:52 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate
2014-01-04 11:20 - 2014-01-04 11:19 - 00000000 ____D C:\Users\Nicole\AppData\Local\{CFFD2ADD-B266-4974-9500-127D5EFA74DE}
2014-01-04 11:18 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-04 08:08 - 2013-01-15 15:57 - 00000000 ____D C:\Users\Nicole\Desktop\nicole
2014-01-04 08:08 - 2010-12-17 09:12 - 00000000 ____D C:\Users\Nicole\Desktop\Programme
2014-01-03 19:22 - 2011-10-14 18:35 - 15135232 ___SH C:\Users\Nicole\Desktop\Thumbs.db
2014-01-03 19:18 - 2014-01-03 19:18 - 05738913 _____ C:\Users\Nicole\Downloads\Anhänge_201413.zip
2014-01-03 12:37 - 2014-01-03 12:37 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-01-03 08:52 - 2014-01-03 08:52 - 00000000 ____D C:\Users\Nicole\AppData\Local\{51E948DB-8DF8-45F2-B8F6-87814F727DE2}
2014-01-03 08:46 - 2009-07-14 05:45 - 00009904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-03 08:46 - 2009-07-14 05:45 - 00009904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-31 19:50 - 2013-12-30 19:49 - 00000000 ____D C:\Users\Nicole\AppData\Local\{99F72A29-B239-4096-81A0-A7D8E8A2C928}
2013-12-30 07:49 - 2013-12-29 19:42 - 00000000 ____D C:\Users\Nicole\AppData\Local\{EA03446A-D759-45AC-BC57-A8452279A97B}
2013-12-30 06:43 - 2010-12-22 16:09 - 00000000 ____D C:\Users\Nicole\AppData\Local\Adobe
2013-12-30 06:41 - 2013-12-30 06:41 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-30 06:41 - 2013-12-26 08:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-30 06:41 - 2013-12-26 08:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-29 19:36 - 2013-12-26 08:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-29 19:36 - 2013-12-26 08:20 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-29 19:36 - 2013-12-26 08:20 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-28 14:56 - 2013-12-27 14:55 - 00000000 ____D C:\Program Files (x86)\MarketResearchHelper
2013-12-28 08:16 - 2013-12-26 08:20 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-28 08:16 - 2013-12-26 08:20 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-27 20:41 - 2013-11-15 20:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-27 15:08 - 2013-12-27 15:08 - 00000000 ____D C:\NVIDIA
2013-12-27 15:06 - 2013-01-15 16:06 - 00000000 ____D C:\Users\Nicole\Desktop\kenny
2013-12-26 18:13 - 2010-12-25 23:33 - 00446976 ___SH C:\Users\Nicole\Documents\Thumbs.db
2013-12-26 15:36 - 2013-12-26 15:36 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\PDF Architect
2013-12-26 15:33 - 2013-12-26 15:32 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-12-26 15:33 - 2013-12-26 15:32 - 00000000 ____D C:\Program Files (x86)\PDF Architect
2013-12-26 15:32 - 2013-12-26 15:32 - 00001031 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2013-12-26 15:30 - 2013-12-26 15:29 - 69734576 _____ (pdfforge ) C:\Users\Nicole\Downloads\PDFCreator-1_7_2_setup_offline.exe
2013-12-26 10:44 - 2013-08-25 18:12 - 00088624 _____ C:\Users\Nicole\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-26 10:41 - 2013-08-26 12:53 - 00349200 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-26 10:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-26 09:26 - 2010-12-26 11:49 - 01599906 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-26 08:28 - 2011-02-20 13:42 - 00000000 ____D C:\Windows\Minidump
2013-12-26 08:24 - 2013-12-26 08:24 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-26 08:22 - 2010-12-18 07:51 - 00000000 ____D C:\Users\Nicole\AppData\Local\Google
2013-12-26 08:21 - 2013-12-26 08:21 - 00109152 _____ () C:\Users\Nicole\Downloads\Setup.exe
2013-12-26 08:21 - 2010-12-22 14:02 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-26 08:19 - 2013-12-26 08:18 - 00000000 ____D C:\Users\Nicole\AppData\Local\Deployment
2013-12-26 08:18 - 2013-12-26 08:18 - 00000000 ____D C:\Users\Nicole\AppData\Local\Apps\2.0
2013-12-26 08:12 - 2011-07-02 10:00 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2013-12-26 08:12 - 2011-07-02 10:00 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2013-12-26 08:12 - 2011-07-02 10:00 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2013-12-26 08:11 - 2011-07-02 10:01 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2013-12-26 08:11 - 2011-07-02 10:01 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2013-12-26 08:02 - 2013-12-26 08:02 - 00000000 ____D C:\Users\Nicole\AppData\Local\{6ED0F5F2-8AD0-4A67-8EF0-D6BB62567A8A}
2013-12-26 07:49 - 2012-03-26 23:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-26 07:49 - 2012-03-26 23:28 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Skype
2013-12-26 07:49 - 2012-03-26 23:27 - 00000000 ____D C:\ProgramData\Skype
2013-12-24 13:34 - 2013-12-24 13:34 - 00000000 ____D C:\Users\Nicole\AppData\Local\{C28EC42B-09EF-460B-BFCE-2F54B5FC1B39}
2013-12-23 20:32 - 2013-12-23 20:32 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2013-12-21 20:43 - 2012-09-29 15:51 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-17 19:17 - 2013-12-17 19:17 - 00284360 _____ C:\Windows\Minidump\121713-45021-01.dmp.old
2013-12-17 18:30 - 2013-12-17 18:22 - 00001660 _____ C:\Windows\system32\ASOROSet.bin
2013-12-17 18:30 - 2009-07-14 03:34 - 80216064 _____ C:\Windows\system32\config\software.bak
2013-12-17 18:30 - 2009-07-14 03:34 - 21233664 _____ C:\Windows\system32\config\system.bak
2013-12-17 18:30 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-12-17 18:24 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-12-17 18:22 - 2013-12-17 18:22 - 00000000 ____D C:\Windows\system32\config\RCCBakup
2013-12-17 18:13 - 2013-12-17 18:12 - 00000000 ____D C:\Users\Nicole\AppData\Local\{E0802343-90D3-4C6C-9B08-A2D041218F91}
2013-12-17 16:23 - 2013-12-17 16:14 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-12-17 05:34 - 2013-12-17 05:32 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\buenosearch LTD
2013-12-17 05:33 - 2013-09-30 16:35 - 00000000 ____D C:\ProgramData\AVG2014
2013-12-17 05:32 - 2013-12-17 05:32 - 00000000 ____D C:\Program Files (x86)\buenosearch LTD
2013-12-15 13:58 - 2013-12-15 13:58 - 18291784 _____ (AVM Berlin ) C:\Users\Nicole\Downloads\FRITZ!fax_3.07.04.exe
2013-12-15 04:42 - 2013-12-15 04:42 - 00000000 ____D C:\Users\Nicole\AppData\Local\{EAFB1D75-2710-499C-969B-B7282AD998FA}
2013-12-14 18:14 - 2013-12-14 18:11 - 149157408 _____ (AVG Technologies) C:\Users\Nicole\Downloads\avg_free_x64_all_2014_4259a6848.exe
2013-12-14 18:02 - 2013-12-14 18:01 - 37738048 _____ (Wondershare Software ) C:\Users\Nicole\Downloads\video-converter-ultimate_full1045.exe
2013-12-14 09:05 - 2013-08-10 20:00 - 00000000 ____D C:\Users\Nicole\Desktop\DCIM
2013-12-13 13:53 - 2013-12-12 06:37 - 00000000 ____D C:\Users\Nicole\AppData\Local\{9C636FA2-4EAF-45A7-8F77-067AC6D0550A}
2013-12-11 06:10 - 2010-12-17 10:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-09 21:06 - 2013-12-09 21:06 - 00000000 ____D C:\Users\Nicole\AppData\Local\{7575FAC2-82C4-4895-AD5D-ACC8269CD746}
2013-12-07 20:18 - 2013-10-28 22:08 - 00000000 ____D C:\ProgramData\xml_param
2013-12-07 20:02 - 2013-12-07 20:02 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Wondershare Video Converter Ultimate
2013-12-07 19:06 - 2010-12-18 23:44 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-12-07 18:57 - 2010-12-23 23:14 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Apple Computer
2013-12-07 18:56 - 2013-10-19 18:52 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-12-07 18:55 - 2013-03-04 21:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-07 18:50 - 2013-12-07 18:50 - 00000048 _____ C:\Windows\wininit.ini
2013-12-07 18:42 - 2011-04-29 09:58 - 00000000 ____D C:\Program Files (x86)\Acer
2013-12-07 18:40 - 2013-12-07 18:40 - 00000000 ____D C:\Users\Nicole\AppData\Local\{E7BE259E-4778-4F4A-8870-3FF53E29BA14}
2013-12-07 18:39 - 2013-12-07 18:39 - 00000068 _____ C:\Users\Nicole\Win8UpgradeKit_07.12.2013.LOG
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-05 07:47
==================== End Of Log ============================
Fertig.... |
|
06.01.2014, 15:45
| #15 |
| /// TB-Ausbilder | Windows 7 64 bit Version nach dem Anmelden weißer Bildschirm Ok, so weiter: Lade dir bitte Emsisoft MBR Master herunter und speichere es auf den Desktop.
__________________ cheers, Leo |
|
| Themen zu Windows 7 64 bit Version nach dem Anmelden weißer Bildschirm |
| aartemis, aartemis entfernen, administrator, avg, bildschirm, converter, desktop, flash player, google, iexplore.exe, lightning, loadit.exe, maus, minidump, mobogenie, mobogenie entfernen, newtab, nextlive, problem, registry, security, services.exe, svchost.exe, system, taskhost.exe, windows, winlogon.exe |
WARNUNG an die MITLESER: 
Linear-Darstellung
