| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7 64 bit Version nach dem Anmelden weißer BildschirmWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.01.2014, 16:42
| #1 |
 |  Windows 7 64 bit Version nach dem Anmelden weißer Bildschirm Windows 7 64 bit Version nach dem Anmelden weißer Bildschirm; Kamera eingeschaltet-nichts geht mehr, Maus ist sichtbar, abgesicherter Modus das selbe Problem, Über Tastenkombi - STRG+ALT+ENTF sieht man kurzfristig das Hintergrundbild: folgende Progr laufen: csrss.exe / conhost.exe / DaemonProcess.exe / mgab.exe / Mobogenie.exe / nvtray.exe / nvvsvc.exe / nvxdsync.exe / taskhost.exe / taskmgr.exe / Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014 Ran by Nicole (administrator) on NICOLE-LAPTOP on 04-01-2014 16:31:50 Running from F:\ Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe (TuneUp Software) C:\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe (MarketResearchHelper) C:\Program Files (x86)\MarketResearchHelper\updateMarketResearchHelper.exe (MarketResearchHelper) C:\Program Files (x86)\MarketResearchHelper\bin\utilMarketResearchHelper.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (TuneUp Software) C:\TuneUpPortable\App\TuneUp\TuneUpUtilitiesApp32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1743648 2013-06-13] (Wondershare) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKCU\...\Run: [LightShot] - C:\Users\Nicole\AppData\Local\Skillbrains\lightshot\LightShot.exe [226592 2013-09-27] () HKCU\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Nicole\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l HKCU\...\Winlogon: [Userinit] C:\Users\Nicole\AppData\Roaming\loadit.exe [596484 2014-01-04] () HKCU\...\Winlogon: [Shell] C:\Users\Nicole\AppData\Roaming\loadit.exe [596484 2014-01-04] () <==== ATTENTION MountPoints2: G - G:\Startme.exe MountPoints2: {0d9f50fd-18d5-11e0-985a-001d72ee8bab} - G:\Startme.exe HKU\Andre\...\Run: [IncrediMail] - C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c HKU\Andre\...\Run: [Facebook Update] - C:\Users\Andre\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-07] (Facebook Inc.) IFEO\bitguard.exe: [Debugger] tasklist.exe IFEO\bprotect.exe: [Debugger] tasklist.exe IFEO\browsemngr.exe: [Debugger] tasklist.exe IFEO\browserdefender.exe: [Debugger] tasklist.exe IFEO\browsermngr.exe: [Debugger] tasklist.exe IFEO\browserprotect.exe: [Debugger] tasklist.exe IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe IFEO\cltmngsvc.exe: [Debugger] tasklist.exe IFEO\delta babylon.exe: [Debugger] tasklist.exe IFEO\delta tb.exe: [Debugger] tasklist.exe IFEO\delta2.exe: [Debugger] tasklist.exe IFEO\deltainstaller.exe: [Debugger] tasklist.exe IFEO\deltasetup.exe: [Debugger] tasklist.exe IFEO\deltatb.exe: [Debugger] tasklist.exe IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe IFEO\iminentsetup.exe: [Debugger] tasklist.exe IFEO\rjatydimofu.exe: [Debugger] tasklist.exe IFEO\sweetimsetup.exe: [Debugger] tasklist.exe IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe Startup: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk ShortcutTarget: AutoStarter.lnk -> I:\wizard\wizard\GGG Bukkake Best of XXX WEBRip MP4 - iaK\GGG.Bukkake.Best.of.29.German.XXX.1080p.WEBRip.MP4-iaK.exe (No File) Startup: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Nicole\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk ShortcutTarget: ja.lnk -> C:\Users\Nicole\AppData\Roaming\loadit.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x33FED1749901CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aartemis.com/?type=hp&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aartemis.com/?type=hp&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://aartemis.com/?type=hp&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://aartemis.com/?type=hp&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://aartemis.com/?type=hp&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://aartemis.com/?type=sc&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms} SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=n9602-153&apn_uid=8054343232924648&apn_dtid=BND473&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms} SearchScopes: HKLM-x32 - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=n9602-153&apn_uid=8054343232924648&apn_dtid=BND473&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKLM-x32 - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNxpt738YYDE&ptnrS=ZNxpt738YYDE&si=107645&ptb=9LEKrsRGlzEeXZSWRQIlhg&ind=2013041014&n=77fc9176&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms} SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=dpg&s={searchTerms}&f=4 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_def&mntrId=AE2B00216B71484C&affID=119557&tsp=5099 SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms} SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=n9602-153&apn_uid=8054343232924648&apn_dtid=BND473&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKCU - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNxpt738YYDE&ptnrS=ZNxpt738YYDE&si=107645&ptb=9LEKrsRGlzEeXZSWRQIlhg&ind=2011031711&n=77dde89f&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={A51482E6-53AF-4F42-A36C-6AB6E31701F5}&mid=450ab429456557be8a10a60a7d55a151-12090c1fcf72a2d0672e0918ac999121b812f56c&lang=de&ds=AVG&pr=fr&d=2012-07-01 09:01:51&v=11.1.0.12&sap=dsp&q={searchTerms} SearchScopes: HKCU - {977A53BB-0DD6-4D36-9E8E-C937A6967C19} URL = hxxp://searchya.com/?chnl=ft-100&s=1&cr=1746044404&cd=2XzutAtN2Y1L1QzutDtDtBtCyC0ByBtCyEzzyE0C0B0CyE0C0FtN0D0TzutBtDtCtBtDtBtByD&q={searchTerms} SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/?a=6OxVVZkTNA&loc=skw&search={searchTerms} SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms} BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File BHO-x32: MarketResearchHelper - {e71ecfaa-158b-4027-9a01-1959834a82db} - C:\Program Files (x86)\MarketResearchHelper\MarketResearchHelperBHO.dll (MarketResearchHelper) Toolbar: HKLM-x32 - buenosearch Toolbar - {828DC97A-2277-4E10-92A9-4907FA0922A9} - No File Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH) Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File Toolbar: HKCU - No Name - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No File Toolbar: HKCU - No Name - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No File Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Hosts: 127.0.0.1 secure.tune-up.com Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8i0k0k3k.default-1383333122076 FF user.js: detected! => C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8i0k0k3k.default-1383333122076\user.js FF NewTab: hxxp://www.buenosearch.com/?babsrc=NT_def&mntrId=AE2B00216B71484C&affID=119557&tsp=5099 FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", ""); FF Homepage: about:home FF Keyword.URL: hxxp://mystart.incredibar.com/?a=6OxVVZkTNA&loc=skw&search= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: {@alibaba.com/alisetup;version=1.0} - C:\Users\Nicole\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba) FF SearchPlugin: C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8i0k0k3k.default-1383333122076\searchplugins\buenosearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: BuenoSearch - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8i0k0k3k.default-1383333122076\Extensions\ffxtlbr@buenosearch.com FF Extension: MarketResearchHelper - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\8i0k0k3k.default-1383333122076\Extensions\firefox@marketresearchhelper.com.xpi FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - I:\Babylon\Utils\ocr@babylon.com FF Extension: Babylon Translation Activation - I:\Babylon\Utils\ocr@babylon.com FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt Chrome: ======= CHR DefaultSearchKeyword: aartemis CHR DefaultSearchProvider: aartemis CHR DefaultSearchURL: hxxp://www.aartemis.com/web/?type=ds&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543&q={searchTerms} CHR DefaultNewTabURL: CHR Extension: (IncrediMail MediaBar Deutsch 2) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajeaeekpfakbiidigngcnelnclhnaibo\10.23.0.822_0 CHR Extension: (DVDVideoSoftTB DE) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.23.0.822_0 CHR Extension: (Babylon Translator) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.9_1 CHR Extension: (Lightning Newtab) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\1.1.8.4_0 CHR Extension: (Google Wallet) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1 CHR Extension: () - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppkgikfccbpebogfnekmgiomgamjafel\1.0.0_1 CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx CHR HKLM-x32\...\Chrome\Extension: [ajeaeekpfakbiidigngcnelnclhnaibo] - C:\Users\Nicole\AppData\Local\CRE\ajeaeekpfakbiidigngcnelnclhnaibo.crx CHR HKLM-x32\...\Chrome\Extension: [bhphemoobgnikcoofkgackkaimpfmenm] - C:\Users\Nicole\AppData\Local\CRE\bhphemoobgnikcoofkgackkaimpfmenm.crx CHR HKLM-x32\...\Chrome\Extension: [chgdeabpmphfhkoemjjglmilajldekbp] - H:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRChromePlugin.crx CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - I:\Babylon\Utils\BabylonChrome.crx CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx CHR HKLM-x32\...\Chrome\Extension: [fgfdfcbeamjnjdejakdidpniblllnbpg] - C:\Windows\SysWOW64\jmdp\pnte.crx CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\NewTab.crx CHR HKLM-x32\...\Chrome\Extension: [ppkgikfccbpebogfnekmgiomgamjafel] - C:\Program Files (x86)\MarketResearchHelper\ppkgikfccbpebogfnekmgiomgamjafel.crx CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://aartemis.com/?type=sc&ts=1388042624&from=obw&uid=WDCXWD3200BEVT-22ZCT0_WD-WXEZ08N9654396543 ==================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 TuneUp.UtilitiesSvc; C:\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe [1699680 2012-09-17] (TuneUp Software) R2 Update MarketResearchHelper; C:\Program Files (x86)\MarketResearchHelper\updateMarketResearchHelper.exe [65840 2013-11-23] (MarketResearchHelper) R2 Util MarketResearchHelper; C:\Program Files (x86)\MarketResearchHelper\bin\utilMarketResearchHelper.exe [65840 2013-12-28] (MarketResearchHelper) S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2013-12-26] () S2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [x] ==================== Drivers (Whitelisted) ==================== R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.) S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2010-03-01] (MCCI Corporation) S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2010-03-15] (MCCI Corporation) S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2010-03-15] (MCCI Corporation) S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2010-03-01] (MCCI Corporation) S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2010-03-15] (MCCI Corporation) S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2010-03-01] (MCCI Corporation) S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2010-03-15] (MCCI Corporation) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2010-12-17] (Duplex Secure Ltd.) S3 TuneUpUtilitiesDrv; C:\TuneUpPortable\App\TuneUp\TuneUpUtilitiesDriver32.sys [10088 2012-08-29] (TuneUp Software) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-04 16:01 - 2014-01-04 16:01 - 00000000 ____D C:\FRST 2014-01-04 14:26 - 2014-01-04 15:55 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup 2014-01-04 14:26 - 2014-01-04 14:26 - 00001201 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk 2014-01-04 14:26 - 2014-01-04 14:26 - 00000000 ____D C:\ProgramData\Systweak 2014-01-04 14:26 - 2014-01-04 14:26 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector 2014-01-04 14:26 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe 2014-01-04 12:25 - 2014-01-04 12:25 - 00596484 _____ C:\Users\Nicole\AppData\Roaming\loadit.exe 2014-01-04 11:19 - 2014-01-04 11:20 - 00000000 ____D C:\Users\Nicole\AppData\Local\{CFFD2ADD-B266-4974-9500-127D5EFA74DE} 2014-01-03 19:18 - 2014-01-03 19:18 - 05738913 _____ C:\Users\Nicole\Downloads\Anhänge_201413.zip 2014-01-03 12:37 - 2014-01-03 12:37 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup 2014-01-03 08:52 - 2014-01-03 08:52 - 00000000 ____D C:\Users\Nicole\AppData\Local\{51E948DB-8DF8-45F2-B8F6-87814F727DE2} 2013-12-30 19:49 - 2013-12-31 19:50 - 00000000 ____D C:\Users\Nicole\AppData\Local\{99F72A29-B239-4096-81A0-A7D8E8A2C928} 2013-12-30 06:41 - 2014-01-04 16:20 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-30 06:41 - 2013-12-30 06:41 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-29 19:42 - 2013-12-30 07:49 - 00000000 ____D C:\Users\Nicole\AppData\Local\{EA03446A-D759-45AC-BC57-A8452279A97B} 2013-12-27 15:08 - 2013-12-27 15:08 - 00000000 ____D C:\NVIDIA 2013-12-27 14:55 - 2013-12-28 14:56 - 00000000 ____D C:\Program Files (x86)\MarketResearchHelper 2013-12-27 06:38 - 2012-02-11 07:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe 2013-12-27 06:38 - 2012-02-11 07:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe 2013-12-26 15:36 - 2013-12-26 15:36 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\PDF Architect 2013-12-26 15:32 - 2013-12-26 15:33 - 00000000 ____D C:\Program Files (x86)\PDFCreator 2013-12-26 15:32 - 2013-12-26 15:33 - 00000000 ____D C:\Program Files (x86)\PDF Architect 2013-12-26 15:32 - 2013-12-26 15:32 - 00001031 _____ C:\Users\Public\Desktop\PDFCreator.lnk 2013-12-26 15:32 - 2013-12-26 15:32 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\pdfforge 2013-12-26 15:32 - 2013-04-09 14:13 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll 2013-12-26 15:32 - 2012-05-05 10:54 - 00662288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX 2013-12-26 15:32 - 2012-05-05 10:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX 2013-12-26 15:32 - 2012-05-05 10:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL 2013-12-26 15:32 - 1998-07-06 17:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL 2013-12-26 15:32 - 1998-07-06 17:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL 2013-12-26 15:32 - 1998-07-06 17:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL 2013-12-26 15:29 - 2013-12-26 15:30 - 69734576 _____ (pdfforge ) C:\Users\Nicole\Downloads\PDFCreator-1_7_2_setup_offline.exe 2013-12-26 09:27 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2013-12-26 09:27 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2013-12-26 09:27 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2013-12-26 09:27 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-12-26 09:11 - 2012-07-26 04:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll 2013-12-26 09:11 - 2012-07-26 04:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe 2013-12-26 09:11 - 2012-07-26 04:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll 2013-12-26 09:11 - 2012-07-26 04:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll 2013-12-26 09:11 - 2012-07-26 04:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll 2013-12-26 09:11 - 2012-07-26 03:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys 2013-12-26 09:11 - 2012-07-26 03:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys 2013-12-26 09:11 - 2012-06-02 15:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2013-12-26 08:48 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-26 08:48 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-26 08:48 - 2012-12-07 14:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll 2013-12-26 08:48 - 2012-12-07 14:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll 2013-12-26 08:48 - 2012-12-07 13:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll 2013-12-26 08:48 - 2012-12-07 13:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll 2013-12-26 08:48 - 2012-12-07 12:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs 2013-12-26 08:48 - 2012-12-07 12:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs 2013-12-26 08:48 - 2012-12-07 12:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs 2013-12-26 08:48 - 2012-12-07 12:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs 2013-12-26 08:48 - 2012-12-07 12:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs 2013-12-26 08:48 - 2012-12-07 12:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs 2013-12-26 08:48 - 2012-12-07 12:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs 2013-12-26 08:48 - 2012-12-07 12:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs 2013-12-26 08:48 - 2012-12-07 12:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs 2013-12-26 08:48 - 2012-12-07 12:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs 2013-12-26 08:48 - 2012-12-07 12:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs 2013-12-26 08:48 - 2012-12-07 12:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs 2013-12-26 08:48 - 2012-12-07 12:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs 2013-12-26 08:48 - 2012-12-07 12:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs 2013-12-26 08:48 - 2012-12-07 11:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs 2013-12-26 08:48 - 2012-10-09 19:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll 2013-12-26 08:48 - 2012-10-09 19:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll 2013-12-26 08:48 - 2012-10-09 18:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll 2013-12-26 08:48 - 2012-10-09 18:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll 2013-12-26 08:48 - 2012-01-04 11:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll 2013-12-26 08:48 - 2012-01-04 09:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll 2013-12-26 08:47 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-12-26 08:47 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-12-26 08:47 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2013-12-26 08:47 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2013-12-26 08:47 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2013-12-26 08:47 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2013-12-26 08:47 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-12-26 08:47 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2013-12-26 08:47 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2013-12-26 08:47 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2013-12-26 08:47 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2013-12-26 08:47 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2013-12-26 08:47 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2013-12-26 08:47 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2013-12-26 08:47 - 2013-03-19 06:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2013-12-26 08:47 - 2013-03-19 06:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll 2013-12-26 08:47 - 2012-11-22 06:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2013-12-26 08:47 - 2012-11-22 05:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2013-12-26 08:47 - 2012-10-03 18:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2013-12-26 08:47 - 2012-10-03 18:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll 2013-12-26 08:47 - 2012-10-03 18:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2013-12-26 08:47 - 2012-10-03 18:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2013-12-26 08:47 - 2012-10-03 18:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll 2013-12-26 08:47 - 2012-10-03 18:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll 2013-12-26 08:47 - 2012-10-03 17:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll 2013-12-26 08:47 - 2012-10-03 17:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2013-12-26 08:47 - 2012-10-03 17:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll 2013-12-26 08:47 - 2012-10-03 17:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys 2013-12-26 08:47 - 2012-08-22 19:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2013-12-26 08:47 - 2012-08-21 22:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe 2013-12-26 08:47 - 2012-07-04 21:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys 2013-12-26 08:47 - 2012-05-01 06:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2013-12-26 08:47 - 2012-04-07 13:31 - 03216384 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2013-12-26 08:47 - 2012-04-07 12:26 - 02342400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2013-12-26 08:47 - 2012-01-13 08:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2013-12-26 08:47 - 2011-12-30 07:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl 2013-12-26 08:47 - 2011-12-30 06:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl 2013-12-26 08:45 - 2013-05-10 06:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2013-12-26 08:45 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-12-26 08:45 - 2012-11-30 00:17 - 00420064 _____ C:\Windows\SysWOW64\locale.nls 2013-12-26 08:45 - 2012-11-30 00:15 - 00420064 _____ C:\Windows\system32\locale.nls 2013-12-26 08:45 - 2012-07-06 21:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys 2013-12-26 08:44 - 2013-04-17 08:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-12-26 08:44 - 2013-04-17 07:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2013-12-26 08:44 - 2013-01-24 07:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys 2013-12-26 08:44 - 2012-05-05 09:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2013-12-26 08:44 - 2012-05-05 08:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2013-12-26 08:31 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2013-12-26 08:30 - 2013-12-30 06:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-26 08:30 - 2013-12-30 06:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-26 08:24 - 2013-12-29 19:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-26 08:24 - 2013-12-27 14:58 - 00000000 ____D C:\ProgramData\WPM 2013-12-26 08:24 - 2013-12-26 08:24 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-12-26 08:21 - 2014-01-04 11:18 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\newnext.me 2013-12-26 08:21 - 2013-12-27 14:56 - 00000000 ____D C:\Users\Nicole\AppData\Local\Mobogenie 2013-12-26 08:21 - 2013-12-27 14:04 - 00000000 ____D C:\Users\Nicole\AppData\Local\cache 2013-12-26 08:21 - 2013-12-27 13:56 - 00000000 ____D C:\Users\Nicole\AppData\Local\genienext 2013-12-26 08:21 - 2013-12-26 08:51 - 00000202 _____ C:\Users\Nicole\daemonprocess.txt 2013-12-26 08:21 - 2013-12-26 08:23 - 00002445 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-12-26 08:21 - 2013-12-26 08:21 - 00109152 _____ () C:\Users\Nicole\Downloads\Setup.exe 2013-12-26 08:20 - 2013-12-29 19:36 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-26 08:20 - 2013-12-29 19:36 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-26 08:20 - 2013-12-28 08:16 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-12-26 08:20 - 2013-12-28 08:16 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-12-26 08:18 - 2013-12-26 08:19 - 00000000 ____D C:\Users\Nicole\AppData\Local\Deployment 2013-12-26 08:18 - 2013-12-26 08:18 - 00000000 ____D C:\Users\Nicole\AppData\Local\Apps\2.0 2013-12-26 08:02 - 2013-12-26 08:02 - 00000000 ____D C:\Users\Nicole\AppData\Local\{6ED0F5F2-8AD0-4A67-8EF0-D6BB62567A8A} 2013-12-24 13:34 - 2013-12-24 13:34 - 00000000 ____D C:\Users\Nicole\AppData\Local\{C28EC42B-09EF-460B-BFCE-2F54B5FC1B39} 2013-12-23 20:32 - 2013-12-23 20:32 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr 2013-12-17 19:17 - 2013-12-17 19:17 - 00284360 _____ C:\Windows\Minidump\121713-45021-01.dmp.old 2013-12-17 18:22 - 2014-01-04 15:57 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro 2013-12-17 18:22 - 2013-12-17 18:30 - 00001660 _____ C:\Windows\system32\ASOROSet.bin 2013-12-17 18:22 - 2013-12-17 18:22 - 00000000 ____D C:\Windows\system32\config\RCCBakup 2013-12-17 18:12 - 2013-12-17 18:13 - 00000000 ____D C:\Users\Nicole\AppData\Local\{E0802343-90D3-4C6C-9B08-A2D041218F91} 2013-12-17 16:25 - 2014-01-04 15:01 - 00000278 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job 2013-12-17 16:25 - 2014-01-04 14:26 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Systweak 2013-12-17 16:25 - 2014-01-01 16:25 - 00000286 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job 2013-12-17 16:25 - 2013-12-17 16:25 - 00003040 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES 2013-12-17 16:25 - 2013-12-17 16:25 - 00002884 _____ C:\Windows\System32\Tasks\RegClean Pro_DEFAULT 2013-12-17 16:24 - 2013-12-17 16:24 - 00001050 _____ C:\Users\Public\Desktop\RegClean Pro.lnk 2013-12-17 16:24 - 2013-12-17 16:24 - 00000000 ____D C:\Program Files (x86)\RegClean Pro 2013-12-17 16:24 - 2013-05-27 16:01 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe 2013-12-17 16:14 - 2013-12-17 16:23 - 00000000 ____D C:\ProgramData\SecTaskMan 2013-12-17 05:32 - 2013-12-17 05:34 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\buenosearch LTD 2013-12-17 05:32 - 2013-12-17 05:32 - 00000000 ____D C:\Program Files\Babylon 2013-12-17 05:32 - 2013-12-17 05:32 - 00000000 ____D C:\Program Files (x86)\buenosearch LTD 2013-12-15 13:58 - 2013-12-15 13:58 - 18291784 _____ (AVM Berlin ) C:\Users\Nicole\Downloads\FRITZ!fax_3.07.04.exe 2013-12-15 04:42 - 2013-12-15 04:42 - 00000000 ____D C:\Users\Nicole\AppData\Local\{EAFB1D75-2710-499C-969B-B7282AD998FA} 2013-12-14 18:11 - 2013-12-14 18:14 - 149157408 _____ (AVG Technologies) C:\Users\Nicole\Downloads\avg_free_x64_all_2014_4259a6848.exe 2013-12-14 18:01 - 2013-12-14 18:02 - 37738048 _____ (Wondershare Software ) C:\Users\Nicole\Downloads\video-converter-ultimate_full1045.exe 2013-12-12 06:37 - 2013-12-13 13:53 - 00000000 ____D C:\Users\Nicole\AppData\Local\{9C636FA2-4EAF-45A7-8F77-067AC6D0550A} 2013-12-11 06:08 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-12-11 06:08 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-12-11 06:08 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-12-11 06:08 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-12-11 06:08 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-12-11 06:08 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-12-11 06:08 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-12-11 06:08 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-12-11 06:08 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-12-11 06:08 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-12-11 06:08 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-12-11 06:08 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-12-11 06:08 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-12-11 06:08 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-12-11 06:08 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-12-11 06:08 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-12-11 06:08 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-12-11 06:08 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-12-11 06:08 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-12-11 06:08 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-12-11 06:08 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-12-11 06:08 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-12-11 06:08 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-12-11 06:08 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-12-11 06:08 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-12-11 06:08 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-12-11 06:08 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-12-11 06:08 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-12-11 06:08 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-12-11 06:08 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-12-11 06:08 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-12-10 20:47 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-12-10 20:47 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-12-10 20:47 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-10 20:47 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-10 20:47 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2013-12-10 20:47 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-10 20:47 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2013-12-10 20:46 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-10 20:46 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-10 20:46 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2013-12-10 20:46 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2013-12-10 20:46 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-12-10 20:46 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-10 20:46 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2013-12-10 20:46 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2013-12-09 21:06 - 2013-12-09 21:06 - 00000000 ____D C:\Users\Nicole\AppData\Local\{7575FAC2-82C4-4895-AD5D-ACC8269CD746} 2013-12-07 20:02 - 2013-12-07 20:02 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Wondershare Video Converter Ultimate 2013-12-07 18:50 - 2013-12-07 18:50 - 00000048 _____ C:\Windows\wininit.ini 2013-12-07 18:40 - 2013-12-07 18:40 - 00000000 ____D C:\Users\Nicole\AppData\Local\{E7BE259E-4778-4F4A-8870-3FF53E29BA14} 2013-12-07 18:39 - 2013-12-07 18:39 - 00000068 _____ C:\Users\Nicole\Win8UpgradeKit_07.12.2013.LOG 2013-12-06 21:08 - 2013-12-06 21:09 - 00000000 ____D C:\Users\Nicole\AppData\Local\{19989C47-A05D-439F-829C-A38945147913} 2013-12-06 21:08 - 2013-12-06 21:08 - 00000068 _____ C:\Users\Nicole\Win8UpgradeKit_06.12.2013.LOG ==================== One Month Modified Files and Folders ======= 2014-01-04 16:22 - 2013-09-23 17:34 - 00000390 _____ C:\Windows\Tasks\update-sys.job 2014-01-04 16:20 - 2013-12-30 06:41 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-04 16:07 - 2010-12-17 08:03 - 01991816 _____ C:\Windows\WindowsUpdate.log 2014-01-04 16:01 - 2014-01-04 16:01 - 00000000 ____D C:\FRST 2014-01-04 15:59 - 2009-07-14 18:58 - 00700608 _____ C:\Windows\system32\perfh007.dat 2014-01-04 15:59 - 2009-07-14 18:58 - 00149372 _____ C:\Windows\system32\perfc007.dat 2014-01-04 15:59 - 2009-07-14 06:13 - 01622012 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-04 15:57 - 2013-12-17 18:22 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro 2014-01-04 15:55 - 2014-01-04 14:26 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup 2014-01-04 15:54 - 2013-10-04 21:57 - 00010630 _____ C:\Windows\setupact.log 2014-01-04 15:54 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-04 15:01 - 2013-12-17 16:25 - 00000278 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job 2014-01-04 14:41 - 2013-07-07 13:36 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1577357195-738740372-4011112676-1003UA.job 2014-01-04 14:41 - 2013-07-07 13:36 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1577357195-738740372-4011112676-1003Core.job 2014-01-04 14:34 - 2013-09-23 17:34 - 00000390 _____ C:\Windows\Tasks\update-S-1-5-21-1577357195-738740372-4011112676-1000.job 2014-01-04 14:34 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-04 14:26 - 2014-01-04 14:26 - 00001201 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk 2014-01-04 14:26 - 2014-01-04 14:26 - 00000000 ____D C:\ProgramData\Systweak 2014-01-04 14:26 - 2014-01-04 14:26 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector 2014-01-04 14:26 - 2013-12-17 16:25 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Systweak 2014-01-04 12:25 - 2014-01-04 12:25 - 00596484 _____ C:\Users\Nicole\AppData\Roaming\loadit.exe 2014-01-04 12:25 - 2013-10-28 21:52 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate 2014-01-04 12:25 - 2010-12-25 14:13 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\UseNeXT 2014-01-04 12:25 - 2010-12-17 08:04 - 00000000 ___RD C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-04 11:20 - 2014-01-04 11:19 - 00000000 ____D C:\Users\Nicole\AppData\Local\{CFFD2ADD-B266-4974-9500-127D5EFA74DE} 2014-01-04 11:18 - 2013-12-26 08:21 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\newnext.me 2014-01-04 11:18 - 2012-09-29 15:49 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Dropbox 2014-01-04 11:18 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2014-01-04 09:38 - 2012-05-31 18:18 - 00000000 ____D C:\ProgramData\MFAData 2014-01-04 08:08 - 2013-01-15 15:57 - 00000000 ____D C:\Users\Nicole\Desktop\nicole 2014-01-04 08:08 - 2010-12-17 09:12 - 00000000 ____D C:\Users\Nicole\Desktop\Programme 2014-01-03 19:22 - 2011-10-14 18:35 - 15135232 ___SH C:\Users\Nicole\Desktop\Thumbs.db 2014-01-03 19:18 - 2014-01-03 19:18 - 05738913 _____ C:\Users\Nicole\Downloads\Anhänge_201413.zip 2014-01-03 12:37 - 2014-01-03 12:37 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup 2014-01-03 08:52 - 2014-01-03 08:52 - 00000000 ____D C:\Users\Nicole\AppData\Local\{51E948DB-8DF8-45F2-B8F6-87814F727DE2} 2014-01-03 08:46 - 2009-07-14 05:45 - 00009904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-03 08:46 - 2009-07-14 05:45 - 00009904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-01 16:25 - 2013-12-17 16:25 - 00000286 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job 2013-12-31 19:50 - 2013-12-30 19:49 - 00000000 ____D C:\Users\Nicole\AppData\Local\{99F72A29-B239-4096-81A0-A7D8E8A2C928} 2013-12-30 07:49 - 2013-12-29 19:42 - 00000000 ____D C:\Users\Nicole\AppData\Local\{EA03446A-D759-45AC-BC57-A8452279A97B} 2013-12-30 06:43 - 2010-12-22 16:09 - 00000000 ____D C:\Users\Nicole\AppData\Local\Adobe 2013-12-30 06:41 - 2013-12-30 06:41 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-30 06:41 - 2013-12-26 08:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-30 06:41 - 2013-12-26 08:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-29 19:36 - 2013-12-26 08:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-29 19:36 - 2013-12-26 08:20 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-29 19:36 - 2013-12-26 08:20 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-29 19:36 - 2013-10-12 22:57 - 00052384 _____ C:\Windows\PFRO.log 2013-12-28 14:56 - 2013-12-27 14:55 - 00000000 ____D C:\Program Files (x86)\MarketResearchHelper 2013-12-28 08:16 - 2013-12-26 08:20 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-12-28 08:16 - 2013-12-26 08:20 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-12-27 20:41 - 2013-11-15 20:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-27 15:10 - 2010-12-17 08:04 - 00000000 ____D C:\Users\Nicole 2013-12-27 15:08 - 2013-12-27 15:08 - 00000000 ____D C:\NVIDIA 2013-12-27 15:06 - 2013-01-15 16:06 - 00000000 ____D C:\Users\Nicole\Desktop\kenny 2013-12-27 14:58 - 2013-12-26 08:24 - 00000000 ____D C:\ProgramData\WPM 2013-12-27 14:56 - 2013-12-26 08:21 - 00000000 ____D C:\Users\Nicole\AppData\Local\Mobogenie 2013-12-27 14:04 - 2013-12-26 08:21 - 00000000 ____D C:\Users\Nicole\AppData\Local\cache 2013-12-27 13:56 - 2013-12-26 08:21 - 00000000 ____D C:\Users\Nicole\AppData\Local\genienext 2013-12-26 18:13 - 2010-12-25 23:33 - 00446976 ___SH C:\Users\Nicole\Documents\Thumbs.db 2013-12-26 15:36 - 2013-12-26 15:36 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\PDF Architect 2013-12-26 15:33 - 2013-12-26 15:32 - 00000000 ____D C:\Program Files (x86)\PDFCreator 2013-12-26 15:33 - 2013-12-26 15:32 - 00000000 ____D C:\Program Files (x86)\PDF Architect 2013-12-26 15:32 - 2013-12-26 15:32 - 00001031 _____ C:\Users\Public\Desktop\PDFCreator.lnk 2013-12-26 15:32 - 2013-12-26 15:32 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\pdfforge 2013-12-26 15:30 - 2013-12-26 15:29 - 69734576 _____ (pdfforge ) C:\Users\Nicole\Downloads\PDFCreator-1_7_2_setup_offline.exe 2013-12-26 10:44 - 2013-08-25 18:12 - 00088624 _____ C:\Users\Nicole\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-26 10:41 - 2013-08-26 12:53 - 00349200 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-26 10:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-12-26 09:26 - 2010-12-26 11:49 - 01599906 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-12-26 08:51 - 2013-12-26 08:21 - 00000202 _____ C:\Users\Nicole\daemonprocess.txt 2013-12-26 08:28 - 2011-02-20 13:42 - 00000000 ____D C:\Windows\Minidump 2013-12-26 08:24 - 2013-12-26 08:24 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-12-26 08:23 - 2013-12-26 08:21 - 00002445 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-12-26 08:23 - 2013-12-04 15:11 - 00001623 _____ C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-26 08:23 - 2010-12-17 08:04 - 00001593 _____ C:\Users\Nicole\Desktop\Internet Explorer.lnk 2013-12-26 08:22 - 2010-12-18 07:51 - 00000000 ____D C:\Users\Nicole\AppData\Local\Google 2013-12-26 08:21 - 2013-12-26 08:21 - 00109152 _____ () C:\Users\Nicole\Downloads\Setup.exe 2013-12-26 08:21 - 2010-12-22 14:02 - 00000000 ____D C:\Program Files (x86)\Google 2013-12-26 08:19 - 2013-12-26 08:18 - 00000000 ____D C:\Users\Nicole\AppData\Local\Deployment 2013-12-26 08:18 - 2013-12-26 08:18 - 00000000 ____D C:\Users\Nicole\AppData\Local\Apps\2.0 2013-12-26 08:12 - 2011-07-02 10:00 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll 2013-12-26 08:12 - 2011-07-02 10:00 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll 2013-12-26 08:12 - 2011-07-02 10:00 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll 2013-12-26 08:11 - 2011-07-02 10:01 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2013-12-26 08:11 - 2011-07-02 10:01 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2013-12-26 08:02 - 2013-12-26 08:02 - 00000000 ____D C:\Users\Nicole\AppData\Local\{6ED0F5F2-8AD0-4A67-8EF0-D6BB62567A8A} 2013-12-26 07:49 - 2012-03-26 23:28 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-12-26 07:49 - 2012-03-26 23:28 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Skype 2013-12-26 07:49 - 2012-03-26 23:27 - 00000000 ____D C:\ProgramData\Skype 2013-12-26 07:43 - 2013-11-01 21:25 - 00000000 ____D C:\Users\Nicole\AppData\Local\WebPlayer 2013-12-24 13:34 - 2013-12-24 13:34 - 00000000 ____D C:\Users\Nicole\AppData\Local\{C28EC42B-09EF-460B-BFCE-2F54B5FC1B39} 2013-12-23 20:32 - 2013-12-23 20:32 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr 2013-12-21 20:43 - 2012-09-29 15:51 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2013-12-17 19:17 - 2013-12-17 19:17 - 00284360 _____ C:\Windows\Minidump\121713-45021-01.dmp.old 2013-12-17 18:30 - 2013-12-17 18:22 - 00001660 _____ C:\Windows\system32\ASOROSet.bin 2013-12-17 18:30 - 2009-07-14 03:34 - 80216064 _____ C:\Windows\system32\config\software.bak 2013-12-17 18:30 - 2009-07-14 03:34 - 21233664 _____ C:\Windows\system32\config\system.bak 2013-12-17 18:30 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\security.bak 2013-12-17 18:24 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\sam.bak 2013-12-17 18:22 - 2013-12-17 18:22 - 00000000 ____D C:\Windows\system32\config\RCCBakup 2013-12-17 18:13 - 2013-12-17 18:12 - 00000000 ____D C:\Users\Nicole\AppData\Local\{E0802343-90D3-4C6C-9B08-A2D041218F91} 2013-12-17 16:45 - 2013-09-05 19:49 - 00000000 ____D C:\Users\Nicole\AppData\Local\DownloadGuide 2013-12-17 16:25 - 2013-12-17 16:25 - 00003040 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES 2013-12-17 16:25 - 2013-12-17 16:25 - 00002884 _____ C:\Windows\System32\Tasks\RegClean Pro_DEFAULT 2013-12-17 16:24 - 2013-12-17 16:24 - 00001050 _____ C:\Users\Public\Desktop\RegClean Pro.lnk 2013-12-17 16:24 - 2013-12-17 16:24 - 00000000 ____D C:\Program Files (x86)\RegClean Pro 2013-12-17 16:23 - 2013-12-17 16:14 - 00000000 ____D C:\ProgramData\SecTaskMan 2013-12-17 05:34 - 2013-12-17 05:32 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\buenosearch LTD 2013-12-17 05:34 - 2011-12-07 12:59 - 00000000 ____D C:\ProgramData\Babylon 2013-12-17 05:33 - 2013-09-30 16:35 - 00000000 ____D C:\ProgramData\AVG2014 2013-12-17 05:32 - 2013-12-17 05:32 - 00000000 ____D C:\Program Files\Babylon 2013-12-17 05:32 - 2013-12-17 05:32 - 00000000 ____D C:\Program Files (x86)\buenosearch LTD 2013-12-15 13:58 - 2013-12-15 13:58 - 18291784 _____ (AVM Berlin ) C:\Users\Nicole\Downloads\FRITZ!fax_3.07.04.exe 2013-12-15 04:42 - 2013-12-15 04:42 - 00000000 ____D C:\Users\Nicole\AppData\Local\{EAFB1D75-2710-499C-969B-B7282AD998FA} 2013-12-14 18:14 - 2013-12-14 18:11 - 149157408 _____ (AVG Technologies) C:\Users\Nicole\Downloads\avg_free_x64_all_2014_4259a6848.exe 2013-12-14 18:02 - 2013-12-14 18:01 - 37738048 _____ (Wondershare Software ) C:\Users\Nicole\Downloads\video-converter-ultimate_full1045.exe 2013-12-14 09:05 - 2013-08-10 20:00 - 00000000 ____D C:\Users\Nicole\Desktop\DCIM 2013-12-13 13:53 - 2013-12-12 06:37 - 00000000 ____D C:\Users\Nicole\AppData\Local\{9C636FA2-4EAF-45A7-8F77-067AC6D0550A} 2013-12-12 19:21 - 2013-08-17 09:17 - 00000000 ____D C:\Windows\rescache 2013-12-11 06:10 - 2010-12-17 10:54 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-12-09 21:06 - 2013-12-09 21:06 - 00000000 ____D C:\Users\Nicole\AppData\Local\{7575FAC2-82C4-4895-AD5D-ACC8269CD746} 2013-12-07 20:18 - 2013-10-28 22:08 - 00000000 ____D C:\ProgramData\xml_param 2013-12-07 20:02 - 2013-12-07 20:02 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Wondershare Video Converter Ultimate 2013-12-07 19:06 - 2010-12-18 23:44 - 00000000 ____D C:\Program Files (x86)\Windows Live 2013-12-07 19:00 - 2013-11-01 21:25 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro 2013-12-07 18:57 - 2010-12-23 23:14 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Apple Computer 2013-12-07 18:56 - 2013-10-19 18:52 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog 2013-12-07 18:55 - 2013-03-04 21:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-12-07 18:50 - 2013-12-07 18:50 - 00000048 _____ C:\Windows\wininit.ini 2013-12-07 18:42 - 2011-04-29 09:58 - 00000000 ____D C:\Program Files (x86)\Acer 2013-12-07 18:40 - 2013-12-07 18:40 - 00000000 ____D C:\Users\Nicole\AppData\Local\{E7BE259E-4778-4F4A-8870-3FF53E29BA14} 2013-12-07 18:39 - 2013-12-07 18:39 - 00000068 _____ C:\Users\Nicole\Win8UpgradeKit_07.12.2013.LOG 2013-12-06 21:09 - 2013-12-06 21:08 - 00000000 ____D C:\Users\Nicole\AppData\Local\{19989C47-A05D-439F-829C-A38945147913} 2013-12-06 21:08 - 2013-12-06 21:08 - 00000068 _____ C:\Users\Nicole\Win8UpgradeKit_06.12.2013.LOG Some content of TEMP: ==================== C:\Users\Nicole\AppData\Local\Temp\6_Offer_15.exe C:\Users\Nicole\AppData\Local\Temp\DownloadManager.exe C:\Users\Nicole\AppData\Local\Temp\Mobogenie_Setup_INT.exe C:\Users\Nicole\AppData\Local\Temp\nscB723.exe C:\Users\Nicole\AppData\Local\Temp\nsk97A6.exe C:\Users\Nicole\AppData\Local\Temp\nsr6BA1.exe C:\Users\Nicole\AppData\Local\Temp\obw_aartemis_2013111118305.exe C:\Users\Nicole\AppData\Local\Temp\pcspeedmaxsetup.exe C:\Users\Nicole\AppData\Local\Temp\SearchProtectINT.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-12 14:21 ==================== End Of Log ============================ |
| Themen zu Windows 7 64 bit Version nach dem Anmelden weißer Bildschirm |
| aartemis, aartemis entfernen, administrator, avg, bildschirm, converter, desktop, flash player, google, iexplore.exe, lightning, loadit.exe, maus, minidump, mobogenie, mobogenie entfernen, newtab, nextlive, problem, registry, security, services.exe, svchost.exe, system, taskhost.exe, windows, winlogon.exe |
Baum-Darstellung