| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Lollipop Networks! Was nun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.02.2014, 15:35
| #1 |
| |  Lollipop Networks! Was nun? Hallo, ich habe letztens ein Programm auf meinem Computer entdeckt, das sich "Lollipop Networks" nennt. Da ich nicht wusste, was das ist habe ich es gegooglet. Dabei kam heraus, dass dieses Programm meine Daten ausspäht und an einen Hacker weiterleitet. Ich war erstmal ziemlich geschockt und wollte es sofort deinstallieren. Leider kann ich es nicht deinstallieren, warum auch immer. Dann habe ich im Interenet weitergesucht, was es für Alternativen gibt und bin auf diese Seite gestoßen und habe mich natürlich sofort registriert. Mein Problem ist nun, dass ich nicht weiß, wie ich weiter vorgehen soll. Es wäre schön, wenn mir jemand helfen würde..  LG JhYve |
|
13.02.2014, 16:32
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Lollipop Networks! Was nun? Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
13.02.2014, 16:48
| #3 |
| | Lollipop Networks! Was nun? Ich habe das Programm seit dem 20.1. , was ich allerdings erst vor kurzem bemerkte. Seit dem habe ich folgende Funde:
__________________Code:
ATTFilter Exportierte Ereignisse:
24.01.2014 22:59 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL
"hxxp://staticwajam-wajam.netdna-ssl.com/static/update/wajam_update.exe?v0.018"
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Wajam.A' [adware] gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
24.01.2014 16:56 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL
"hxxp://www.premiumapplicationsdownloads.com/download-manager/ob/adlt/?dl=1&chnl
=21286_ob_lg_de&lg=de&dp=1"
wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen7' [adware]
gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
24.01.2014 16:48 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL
"hxxp://www.premiumapplicationsdownloads.com/download-manager/ob/adlt/?dl=1&chnl
=21286_ob_lg_de&lg=de&dp=1"
wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen7' [adware]
gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
24.01.2014 16:48 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL
"hxxp://www.premiumapplicationsdownloads.com/download-manager/ob/adlt/?dl=1&chnl
=21286_ob_lg_de&lg=de&dp=312652764"
wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen7' [adware]
gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
23.01.2014 22:59 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL
"hxxp://staticwajam-wajam.netdna-ssl.com/static/update/wajam_update.exe?v0.018"
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Wajam.A' [adware] gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
22.01.2014 22:59 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL
"hxxp://staticwajam-wajam.netdna-ssl.com/static/update/wajam_update.exe?v0.018"
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Wajam.A' [adware] gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
21.01.2014 22:59 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL
"hxxp://staticwajam-wajam.netdna-ssl.com/static/update/wajam_update.exe?v0.018"
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Wajam.A' [adware] gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
21.01.2014 22:32 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL
"hxxp://www.premiumapplicationsdownloads.com/download-manager/ob/adlt/?dl=1&chnl
=21286_ob_lg%3Dde&lg=de&dp=311241342"
wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen7' [adware]
gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
21.01.2014 22:27 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Yvette\AppData\Local\Microsoft\Windows\Temporary Internet
Files\Content.IE5\VH3TNYSP\LollipopInstaller_14762[1].exe'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.A.4682'
[adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5cf77241.qua'
verschoben!
21.01.2014 22:26 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Yvette\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\VH3TNYSP\LollipopInstaller_14762[1].exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.A.4682' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
21.01.2014 22:04 [System-Scanner] Malware gefunden
Die Datei 'c:\users\yvette\appdata\local\lollipop\lollipop.exe'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.A.4699'
[adware].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
Die Datei konnte nicht gelöscht werden!
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
Die Datei konnte nicht gelöscht werden!
Der Registrierungseintrag
<HKEY_USERS\S-1-5-21-3648606511-270508592-4289889798-1000\SOFTWARE\Microsoft\Win
dows\CurrentVersion\Run\lollipop> wurde erfolgreich repariert.
21.01.2014 22:03 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Yvette\AppData\Local\Lollipop\Lollipop.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.A.4699' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2014 01
Ran by Yvette (administrator) on YVETTE-PC on 13-02-2014 16:46:12
Running from C:\Downloads\Software
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
() C:\Program Files (x86)\Mobogenie\MgAssist.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Conduit) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Conduit) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTune\SensorDetector.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\fdm.exe
(Allmyapps) C:\Users\Yvette\AppData\Roaming\Allmyapps\Allmyapps.exe
(Spotify Ltd) C:\Users\Yvette\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Chris Pietschmann (hxxp://pietschsoft.com)) C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [Nvtmru] - "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-11] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [775872 2014-02-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\RunOnce: [SensorDetector] - C:\Program Files (x86)\GIGABYTE\EasyTune\PreSensorDetector.exe [9728 2013-04-09] (GIGA-BYTE TECHNOLOGY CO., LTD.)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-11-12] (Microsoft Corporation)
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\Run: [ISUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\Run: [EADM] - D:\Origin\Origin.exe [3598680 2014-01-29] (Electronic Arts)
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Yvette\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\Run: [lollipop] - lollipop
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\Run: [Free Download Manager] - C:\Program Files (x86)\Free Download Manager\fdm.exe [6860288 2013-01-16] (FreeDownloadManager.ORG)
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\Run: [Allmyapps] - C:\Users\Yvette\AppData\Roaming\Allmyapps\Allmyapps.exe [6781816 2014-02-11] (Allmyapps)
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\Run: [Allmyapps Update] - C:\Users\Yvette\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe [317304 2014-02-11] (Allmyapps)
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\Run: [Spotify Web Helper] - C:\Users\Yvette\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-10] (Spotify Ltd)
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\MountPoints2: {b3ee9c2f-4bd4-11e3-b5d1-806e6f6e6963} - E:\Run.exe
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\MountPoints2: {d482294b-473d-11e3-8bb9-806e6f6e6963} - D:\ASRSetup.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1350944 2014-02-03] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1046816 2014-02-03] (Conduit)
Startup: C:\Users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP1D5E9045-D6DD-44CA-BEC9-79DBEFDC5AEA&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9F662DC74FDBCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385406924&from=cor&uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S617288472884&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztD0BtBzz0E0DyByBtC0FyBtN0D0Tzu0CyBtCyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=648836839&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1385406924&from=cor&uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S617288472884&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385406924&from=cor&uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S617288472884&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztD0BtBzz0E0DyByBtC0FyBtN0D0Tzu0CyBtCyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=648836839&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1385406924&from=cor&uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S617288472884&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://aartemis.com/?type=sc&ts=1385406924&from=cor&uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S617288472884
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385406924&from=cor&uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S617288472884&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztD0BtBzz0E0DyByBtC0FyBtN0D0Tzu0CyBtCyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=648836839&ir=
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385406924&from=cor&uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S617288472884&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385406924&from=cor&uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S617288472884&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385406924&from=cor&uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S617288472884&q={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP1D5E9045-D6DD-44CA-BEC9-79DBEFDC5AEA&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP1D5E9045-D6DD-44CA-BEC9-79DBEFDC5AEA&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztD0BtBzz0E0DyByBtC0FyBtN0D0Tzu0CyBtCyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=648836839&ir=
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Yvette\AppData\Roaming\Mozilla\Firefox\Profiles\f3w8xdpi.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
Chrome:
=======
CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztD0BtBzz0E0DyByBtC0FyBtN0D0Tzu0CyBtCyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=648836839&ir=
CHR RestoreOnStartup: "hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztD0BtBzz0E0DyByBtC0FyBtN0D0Tzu0CyBtCyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=648836839&ir=", "hxxp://youtube.com/"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\gcswf32.dll ()
CHR Plugin: (ChromeUtilPlugin) - C:\Users\Yvette\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\25.62074_0\background/ChromeUtilPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (BonanzaDealsLive Update) - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: ( "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: ( "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Yvette\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2013-11-25]
CHR Extension: (New Tab Page) - C:\Users\Yvette\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl [2014-01-20]
CHR Extension: (Adblock Plus) - C:\Users\Yvette\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-28]
CHR Extension: (Classic Popup Blocker) - C:\Users\Yvette\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp [2013-12-19]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Yvette\AppData\Local\mysearchdial-speeddial.crx [2013-12-16]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Yvette\AppData\Local\mysearchdial-speeddial.crx [2013-12-16]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2013-12-20]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Yvette\AppData\Local\mysearchdial-speeddial.crx [2013-12-16]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-02-06] (Just Develop It)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2317600 2014-02-03] (Conduit)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
R2 MgAssistService; C:\Program Files (x86)\Mobogenie\MgAssist.exe [63168 2014-02-10] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-11-21] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-19] (Realtek Semiconductor)
R2 Virtual Router; C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [12288 2013-02-10] (Chris Pietschmann (hxxp://pietschsoft.com))
==================== Drivers (Whitelisted) ====================
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-17] (Avira Operations GmbH & Co. KG)
S3 etocdrv; C:\Windows\system32\etocdrv.sys [14928 2013-04-09] (Giga-Byte Technology CO., LTD.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-03-14] ()
S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-18] (Qualcomm Atheros Co., Ltd.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21072 2013-03-27] ()
S3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-13 15:42 - 2014-02-13 15:42 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Chris_Pietschmann_(http__
2014-02-13 15:38 - 2014-02-13 15:38 - 01373696 _____ () C:\Users\Yvette\Downloads\VirtualRouterInstaller (1).msi
2014-02-13 15:38 - 2014-02-13 15:38 - 00000000 ____D () C:\Program Files (x86)\Virtual Router
2014-02-13 15:04 - 2014-02-13 16:46 - 00000000 ____D () C:\FRST
2014-02-13 15:01 - 2014-02-13 15:01 - 00614792 _____ (Chip Digital GmbH) C:\Users\Yvette\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-02-13 14:48 - 2014-02-13 14:48 - 01373696 _____ () C:\Users\Yvette\Downloads\VirtualRouterInstaller.msi
2014-02-11 15:30 - 2014-02-11 15:30 - 00000400 _____ () C:\Windows\Tasks\AllmyappsUpdateTask.job
2014-02-11 15:29 - 2014-02-13 15:01 - 00001426 _____ () C:\Users\Yvette\Desktop\Registry kostenlos entrümpeln!.lnk
2014-02-10 22:58 - 2014-02-10 22:58 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Macromedia
2014-02-10 22:52 - 2014-02-13 16:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-10 22:52 - 2014-02-10 22:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-10 22:52 - 2014-02-10 22:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-10 22:52 - 2014-02-10 22:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-10 22:52 - 2014-02-10 22:52 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-02-10 22:52 - 2014-02-10 22:52 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-10 22:51 - 2014-02-10 22:57 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Adobe
2014-02-10 22:48 - 2014-02-10 22:48 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-10 22:48 - 2014-02-10 22:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-10 16:50 - 2014-02-10 16:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-02-10 16:45 - 2014-02-10 16:45 - 00001811 _____ () C:\Users\Yvette\Desktop\Spotify.lnk
2014-02-10 16:45 - 2014-02-10 16:45 - 00001797 _____ () C:\Users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-02-10 16:45 - 2014-02-10 16:45 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-10 16:45 - 2014-02-10 16:45 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Spotify
2014-02-10 16:45 - 2014-02-10 16:45 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Spotify
2014-02-10 16:45 - 2014-02-10 16:45 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-02-10 16:40 - 2014-02-10 16:40 - 00003496 _____ () C:\Windows\System32\Tasks\AllmyappsUpdateTask
2014-02-10 16:40 - 2014-02-10 16:40 - 00003154 _____ () C:\Windows\System32\Tasks\Systweak Support Dock
2014-02-10 16:40 - 2014-02-10 16:40 - 00000947 _____ () C:\Users\Yvette\Desktop\Allmyapps.lnk
2014-02-10 16:40 - 2014-02-10 16:40 - 00000000 ____D () C:\Users\Yvette\AppData\Local\CrashRpt
2014-02-10 16:40 - 2014-02-10 16:40 - 00000000 ____D () C:\Program Files (x86)\Systweak Support Dock
2014-02-10 16:40 - 2014-02-10 16:40 - 00000000 ____D () C:\Program Files (x86)\PC Cleaner
2014-02-10 16:40 - 2014-02-10 16:40 - 00000000 ____D () C:\Program Files (x86)\Advanced Disk Recovery
2014-02-10 16:38 - 2014-02-10 22:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-10 16:38 - 2014-02-10 16:38 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Mozilla
2014-02-10 16:38 - 2014-02-10 16:38 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Mozilla
2014-02-10 16:38 - 2014-02-10 16:38 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-10 16:37 - 2014-02-13 15:01 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-02-10 16:37 - 2014-02-13 15:01 - 00000278 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-02-10 16:37 - 2014-02-12 23:15 - 00000286 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-02-10 16:37 - 2014-02-10 17:00 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-02-10 16:37 - 2014-02-10 16:40 - 00000000 ____D () C:\Program Files (x86)\System Speedup
2014-02-10 16:37 - 2014-02-10 16:37 - 00003032 _____ () C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2014-02-10 16:37 - 2014-02-10 16:37 - 00002876 _____ () C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2014-02-10 16:37 - 2014-02-10 16:37 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-02-10 16:37 - 2014-02-10 16:37 - 00000000 ____D () C:\Users\Yvette\AppData\Local\SearchProtect
2014-02-10 16:37 - 2014-02-10 16:37 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-02-10 16:37 - 2014-02-10 16:37 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-02-07 12:06 - 2014-02-07 12:06 - 00204821 _____ () C:\Users\Yvette\AppData\Roaming\VideoPad.dmp
2014-01-30 16:49 - 2014-01-30 16:49 - 00000382 _____ () C:\Windows\SysWOW64\SystemPreferences.xml
2014-01-29 22:04 - 2013-12-27 19:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-01-29 22:04 - 2013-12-27 19:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-01-29 14:15 - 2014-01-29 14:15 - 00000000 ____D () C:\Users\Yvette\Downloads\Zeug
2014-01-25 20:49 - 2014-01-25 20:49 - 00000000 ____D () C:\Users\Yvette\Documents\VideoPad Projects
2014-01-25 20:43 - 2014-01-25 20:43 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Deshaker
2014-01-24 17:08 - 2014-01-24 17:08 - 00000000 ____D () C:\Users\Yvette\Downloads\MC
2014-01-24 17:07 - 2014-01-24 17:07 - 10351963 _____ () C:\Users\Yvette\Downloads\H.J.C. v.13.0.0.zip
2014-01-23 22:05 - 2014-01-23 22:05 - 00000062 _____ () C:\Users\Yvette\Desktop\YVETT & SOMETHING..url
2014-01-23 16:24 - 2014-01-23 16:24 - 00000000 ____D () C:\ProgramData\Samsung
2014-01-23 16:24 - 2014-01-23 16:24 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-01-22 08:52 - 2014-01-22 08:52 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-01-22 08:52 - 2014-01-22 08:52 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-01-21 23:38 - 2014-02-13 15:05 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Free Download Manager
2014-01-21 23:38 - 2014-01-21 23:38 - 00000000 ____D () C:\ProgramData\Free Download Manager
2014-01-21 23:05 - 2014-01-21 23:05 - 00000000 ____D () C:\Users\Yvette\Documents\Optimizer Pro
2014-01-21 23:01 - 2014-01-23 22:05 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-01-21 23:01 - 2014-01-21 23:01 - 00000000 ____D () C:\Users\Yvette\AppData\Local\AskPartnerNetwork
2014-01-21 23:00 - 2014-01-21 23:00 - 00003100 _____ () C:\Windows\System32\Tasks\{CCC83893-6B9E-4849-955F-F259E6A525FB}
2014-01-21 23:00 - 2014-01-21 23:00 - 00003100 _____ () C:\Windows\System32\Tasks\{31F05655-1E96-46F7-A6D8-5E16AF01FAD2}
2014-01-21 23:00 - 2014-01-21 23:00 - 00003100 _____ () C:\Windows\System32\Tasks\{08DD6E3E-9AA2-4CA7-88A8-6B60B0B8E603}
2014-01-21 22:58 - 2014-01-21 22:58 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\viddyhd
2014-01-21 22:58 - 2014-01-21 22:58 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2014-01-21 22:57 - 2014-01-21 22:57 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\viddyhddownload
2014-01-21 22:57 - 2014-01-21 22:57 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\52deed972356d036750291b7
2014-01-21 22:56 - 2014-01-21 22:56 - 01751600 _____ (Bandoo Media Inc) C:\Users\Yvette\Downloads\iLividSetup-r394-n-bc.exe
2014-01-21 22:41 - 2014-01-21 22:41 - 00000000 ____D () C:\Users\Yvette\Documents\.minecraft
2014-01-21 22:07 - 2014-02-12 21:12 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\.minecraft
2014-01-21 22:07 - 2014-01-21 22:07 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-21 22:07 - 2014-01-21 22:07 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-21 22:07 - 2014-01-21 22:07 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-21 22:07 - 2014-01-21 22:07 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-21 22:07 - 2014-01-21 22:07 - 00000000 ____D () C:\ProgramData\Sun
2014-01-21 22:07 - 2014-01-21 22:07 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-21 22:07 - 2014-01-21 22:07 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-21 22:06 - 2014-01-21 22:06 - 00921000 _____ (Oracle Corporation) C:\Users\Yvette\Downloads\chromeinstall-7u51.exe
2014-01-21 22:05 - 2014-01-21 22:05 - 00675988 _____ () C:\Users\Yvette\Desktop\Minecraft.exe
2014-01-21 14:34 - 2014-01-21 14:34 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-01-21 14:34 - 2014-01-21 14:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-01-20 23:50 - 2014-01-20 23:53 - 00000000 ____D () C:\Windows\Minidump
2014-01-20 23:50 - 2014-01-20 23:50 - 00292880 _____ () C:\Windows\Minidump\012014-14757-01.dmp.old
2014-01-20 23:49 - 2014-01-20 23:49 - 589029714 _____ () C:\Windows\MEMORY.DMP
2014-01-20 23:48 - 2014-01-20 23:48 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\QuickScan
2014-01-20 23:46 - 2014-01-21 22:04 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Lollipop
2014-01-20 23:45 - 2014-02-13 14:32 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\newnext.me
2014-01-20 23:45 - 2014-02-10 16:37 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2014-01-20 23:45 - 2014-02-10 16:37 - 00000000 ____D () C:\Users\Yvette\AppData\Local\genienext
2014-01-20 23:45 - 2014-01-20 23:45 - 00000000 ____D () C:\Users\Yvette\.android
2014-01-20 21:26 - 2014-01-20 21:32 - 412848112 _____ (Prezi.com) C:\Users\Yvette\Downloads\Install_Prezi_5.0.5.exe
2014-01-19 16:35 - 2014-02-06 08:09 - 00000000 ____D () C:\Users\Yvette\Downloads\Sport
2014-01-15 18:07 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 18:07 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 18:07 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 18:07 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 18:07 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 18:07 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 18:07 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 18:07 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 18:07 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
2014-02-13 16:46 - 2014-02-13 15:04 - 00000000 ____D () C:\FRST
2014-02-13 16:41 - 2014-02-10 22:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-13 16:30 - 2013-11-07 01:25 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-13 15:42 - 2014-02-13 15:42 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Chris_Pietschmann_(http__
2014-02-13 15:38 - 2014-02-13 15:38 - 01373696 _____ () C:\Users\Yvette\Downloads\VirtualRouterInstaller (1).msi
2014-02-13 15:38 - 2014-02-13 15:38 - 00000000 ____D () C:\Program Files (x86)\Virtual Router
2014-02-13 15:08 - 2009-07-14 05:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-13 15:08 - 2009-07-14 05:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-13 15:05 - 2014-01-21 23:38 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Free Download Manager
2014-02-13 15:01 - 2014-02-13 15:01 - 00614792 _____ (Chip Digital GmbH) C:\Users\Yvette\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-02-13 15:01 - 2014-02-11 15:29 - 00001426 _____ () C:\Users\Yvette\Desktop\Registry kostenlos entrümpeln!.lnk
2014-02-13 15:01 - 2014-02-10 16:37 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-02-13 15:01 - 2014-02-10 16:37 - 00000278 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-02-13 14:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-13 14:48 - 2014-02-13 14:48 - 01373696 _____ () C:\Users\Yvette\Downloads\VirtualRouterInstaller.msi
2014-02-13 14:47 - 2013-11-07 00:54 - 01513366 _____ () C:\Windows\WindowsUpdate.log
2014-02-13 14:37 - 2009-07-14 18:58 - 00697870 _____ () C:\Windows\system32\perfh007.dat
2014-02-13 14:37 - 2009-07-14 18:58 - 00148664 _____ () C:\Windows\system32\perfc007.dat
2014-02-13 14:37 - 2009-07-14 06:13 - 01616762 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-13 14:32 - 2014-01-20 23:45 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\newnext.me
2014-02-13 14:32 - 2013-12-11 20:26 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Skype
2014-02-13 14:32 - 2013-11-12 20:37 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-02-13 14:31 - 2013-11-07 02:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-13 14:31 - 2013-11-07 01:25 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-13 14:31 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-13 14:31 - 2009-07-14 05:51 - 00077643 _____ () C:\Windows\setupact.log
2014-02-12 23:15 - 2014-02-10 16:37 - 00000286 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-02-12 23:01 - 2013-12-16 18:02 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Mobogenie
2014-02-12 21:59 - 2013-11-27 17:46 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\TS3Client
2014-02-12 21:12 - 2014-01-21 22:07 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\.minecraft
2014-02-12 17:48 - 2013-11-13 13:02 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\vlc
2014-02-11 15:30 - 2014-02-11 15:30 - 00000400 _____ () C:\Windows\Tasks\AllmyappsUpdateTask.job
2014-02-11 15:29 - 2013-11-25 20:15 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Systweak
2014-02-11 15:29 - 2013-11-25 20:15 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-02-11 15:28 - 2013-11-08 14:58 - 00000000 ____D () C:\Program Files\WinRAR
2014-02-11 15:28 - 2013-11-07 02:06 - 00235798 _____ () C:\Windows\PFRO.log
2014-02-10 22:58 - 2014-02-10 22:58 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Macromedia
2014-02-10 22:57 - 2014-02-10 22:51 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Adobe
2014-02-10 22:52 - 2014-02-10 22:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-10 22:52 - 2014-02-10 22:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-10 22:52 - 2014-02-10 22:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-10 22:52 - 2014-02-10 22:52 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-02-10 22:52 - 2014-02-10 22:52 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-10 22:48 - 2014-02-10 22:48 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-10 22:48 - 2014-02-10 22:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-10 22:48 - 2014-02-10 16:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-10 17:00 - 2014-02-10 16:37 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-02-10 16:50 - 2014-02-10 16:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-02-10 16:46 - 2013-12-16 18:02 - 00000000 ____D () C:\Users\Yvette\AppData\Local\cache
2014-02-10 16:45 - 2014-02-10 16:45 - 00001811 _____ () C:\Users\Yvette\Desktop\Spotify.lnk
2014-02-10 16:45 - 2014-02-10 16:45 - 00001797 _____ () C:\Users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-02-10 16:45 - 2014-02-10 16:45 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-10 16:45 - 2014-02-10 16:45 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Spotify
2014-02-10 16:45 - 2014-02-10 16:45 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Spotify
2014-02-10 16:45 - 2014-02-10 16:45 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-02-10 16:44 - 2013-11-08 14:58 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-02-10 16:43 - 2013-12-16 18:02 - 00001725 _____ () C:\Users\Yvette\daemonprocess.txt
2014-02-10 16:40 - 2014-02-10 16:40 - 00003496 _____ () C:\Windows\System32\Tasks\AllmyappsUpdateTask
2014-02-10 16:40 - 2014-02-10 16:40 - 00003154 _____ () C:\Windows\System32\Tasks\Systweak Support Dock
2014-02-10 16:40 - 2014-02-10 16:40 - 00000947 _____ () C:\Users\Yvette\Desktop\Allmyapps.lnk
2014-02-10 16:40 - 2014-02-10 16:40 - 00000000 ____D () C:\Users\Yvette\AppData\Local\CrashRpt
2014-02-10 16:40 - 2014-02-10 16:40 - 00000000 ____D () C:\Program Files (x86)\Systweak Support Dock
2014-02-10 16:40 - 2014-02-10 16:40 - 00000000 ____D () C:\Program Files (x86)\PC Cleaner
2014-02-10 16:40 - 2014-02-10 16:40 - 00000000 ____D () C:\Program Files (x86)\Advanced Disk Recovery
2014-02-10 16:40 - 2014-02-10 16:37 - 00000000 ____D () C:\Program Files (x86)\System Speedup
2014-02-10 16:38 - 2014-02-10 16:38 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Mozilla
2014-02-10 16:38 - 2014-02-10 16:38 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Mozilla
2014-02-10 16:38 - 2014-02-10 16:38 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-10 16:37 - 2014-02-10 16:37 - 00003032 _____ () C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2014-02-10 16:37 - 2014-02-10 16:37 - 00002876 _____ () C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2014-02-10 16:37 - 2014-02-10 16:37 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-02-10 16:37 - 2014-02-10 16:37 - 00000000 ____D () C:\Users\Yvette\AppData\Local\SearchProtect
2014-02-10 16:37 - 2014-02-10 16:37 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-02-10 16:37 - 2014-02-10 16:37 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-02-10 16:37 - 2014-01-20 23:45 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2014-02-10 16:37 - 2014-01-20 23:45 - 00000000 ____D () C:\Users\Yvette\AppData\Local\genienext
2014-02-10 16:37 - 2013-11-07 00:55 - 00000000 ___RD () C:\Users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-07 12:06 - 2014-02-07 12:06 - 00204821 _____ () C:\Users\Yvette\AppData\Roaming\VideoPad.dmp
2014-02-06 08:09 - 2014-01-19 16:35 - 00000000 ____D () C:\Users\Yvette\Downloads\Sport
2014-01-30 16:49 - 2014-01-30 16:49 - 00000382 _____ () C:\Windows\SysWOW64\SystemPreferences.xml
2014-01-29 22:05 - 2013-11-07 02:02 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-01-29 14:15 - 2014-01-29 14:15 - 00000000 ____D () C:\Users\Yvette\Downloads\Zeug
2014-01-25 20:49 - 2014-01-25 20:49 - 00000000 ____D () C:\Users\Yvette\Documents\VideoPad Projects
2014-01-25 20:43 - 2014-01-25 20:43 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Deshaker
2014-01-24 17:08 - 2014-01-24 17:08 - 00000000 ____D () C:\Users\Yvette\Downloads\MC
2014-01-24 17:07 - 2014-01-24 17:07 - 10351963 _____ () C:\Users\Yvette\Downloads\H.J.C. v.13.0.0.zip
2014-01-24 16:27 - 2013-11-28 16:42 - 00000000 ____D () C:\Users\Yvette\Downloads\Inst
2014-01-23 22:05 - 2014-01-23 22:05 - 00000062 _____ () C:\Users\Yvette\Desktop\YVETT & SOMETHING..url
2014-01-23 22:05 - 2014-01-21 23:01 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-01-23 22:04 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-01-23 16:24 - 2014-01-23 16:24 - 00000000 ____D () C:\ProgramData\Samsung
2014-01-23 16:24 - 2014-01-23 16:24 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-01-22 08:52 - 2014-01-22 08:52 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-01-22 08:52 - 2014-01-22 08:52 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-01-21 23:38 - 2014-01-21 23:38 - 00000000 ____D () C:\ProgramData\Free Download Manager
2014-01-21 23:05 - 2014-01-21 23:05 - 00000000 ____D () C:\Users\Yvette\Documents\Optimizer Pro
2014-01-21 23:01 - 2014-01-21 23:01 - 00000000 ____D () C:\Users\Yvette\AppData\Local\AskPartnerNetwork
2014-01-21 23:00 - 2014-01-21 23:00 - 00003100 _____ () C:\Windows\System32\Tasks\{CCC83893-6B9E-4849-955F-F259E6A525FB}
2014-01-21 23:00 - 2014-01-21 23:00 - 00003100 _____ () C:\Windows\System32\Tasks\{31F05655-1E96-46F7-A6D8-5E16AF01FAD2}
2014-01-21 23:00 - 2014-01-21 23:00 - 00003100 _____ () C:\Windows\System32\Tasks\{08DD6E3E-9AA2-4CA7-88A8-6B60B0B8E603}
2014-01-21 22:58 - 2014-01-21 22:58 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\viddyhd
2014-01-21 22:58 - 2014-01-21 22:58 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2014-01-21 22:57 - 2014-01-21 22:57 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\viddyhddownload
2014-01-21 22:57 - 2014-01-21 22:57 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\52deed972356d036750291b7
2014-01-21 22:56 - 2014-01-21 22:56 - 01751600 _____ (Bandoo Media Inc) C:\Users\Yvette\Downloads\iLividSetup-r394-n-bc.exe
2014-01-21 22:41 - 2014-01-21 22:41 - 00000000 ____D () C:\Users\Yvette\Documents\.minecraft
2014-01-21 22:07 - 2014-01-21 22:07 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-21 22:07 - 2014-01-21 22:07 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-21 22:07 - 2014-01-21 22:07 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-21 22:07 - 2014-01-21 22:07 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-21 22:07 - 2014-01-21 22:07 - 00000000 ____D () C:\ProgramData\Sun
2014-01-21 22:07 - 2014-01-21 22:07 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-21 22:07 - 2014-01-21 22:07 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-21 22:06 - 2014-01-21 22:06 - 00921000 _____ (Oracle Corporation) C:\Users\Yvette\Downloads\chromeinstall-7u51.exe
2014-01-21 22:05 - 2014-01-21 22:05 - 00675988 _____ () C:\Users\Yvette\Desktop\Minecraft.exe
2014-01-21 22:04 - 2014-01-20 23:46 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Lollipop
2014-01-21 14:34 - 2014-01-21 14:34 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-01-21 14:34 - 2014-01-21 14:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-01-21 03:53 - 2013-11-07 02:03 - 01179576 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-01-21 03:53 - 2013-11-07 02:03 - 01048152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-01-20 23:53 - 2014-01-20 23:50 - 00000000 ____D () C:\Windows\Minidump
2014-01-20 23:50 - 2014-01-20 23:50 - 00292880 _____ () C:\Windows\Minidump\012014-14757-01.dmp.old
2014-01-20 23:49 - 2014-01-20 23:49 - 589029714 _____ () C:\Windows\MEMORY.DMP
2014-01-20 23:48 - 2014-01-20 23:48 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\QuickScan
2014-01-20 23:45 - 2014-01-20 23:45 - 00000000 ____D () C:\Users\Yvette\.android
2014-01-20 23:45 - 2013-11-07 00:55 - 00000000 ____D () C:\Users\Yvette
2014-01-20 21:32 - 2014-01-20 21:26 - 412848112 _____ (Prezi.com) C:\Users\Yvette\Downloads\Install_Prezi_5.0.5.exe
2014-01-16 13:27 - 2009-07-14 05:45 - 00416360 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-16 01:22 - 2013-11-08 16:10 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-16 01:22 - 2013-11-08 16:10 - 00000000 ____D () C:\Windows\system32\MRT
Some content of TEMP:
====================
C:\Users\Yvette\AppData\Local\Temp\4156uninstall.exe
C:\Users\Yvette\AppData\Local\Temp\6_Offer_14.exe
C:\Users\Yvette\AppData\Local\Temp\avgnt.exe
C:\Users\Yvette\AppData\Local\Temp\BackupSetup.exe
C:\Users\Yvette\AppData\Local\Temp\deshaker.exe
C:\Users\Yvette\AppData\Local\Temp\DivXWebPlayerInstaller.exe
C:\Users\Yvette\AppData\Local\Temp\DownloadManager.exe
C:\Users\Yvette\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE
C:\Users\Yvette\AppData\Local\Temp\nsd9EEA.exe
C:\Users\Yvette\AppData\Local\Temp\nse51DC.exe
C:\Users\Yvette\AppData\Local\Temp\nsi68D9.exe
C:\Users\Yvette\AppData\Local\Temp\nsi8485.exe
C:\Users\Yvette\AppData\Local\Temp\nsi857E.exe
C:\Users\Yvette\AppData\Local\Temp\nsiAE30.exe
C:\Users\Yvette\AppData\Local\Temp\nsn6723.exe
C:\Users\Yvette\AppData\Local\Temp\nsn9D53.exe
C:\Users\Yvette\AppData\Local\Temp\nsnAA58.exe
C:\Users\Yvette\AppData\Local\Temp\nssA8A2.exe
C:\Users\Yvette\AppData\Local\Temp\nst82EF.exe
C:\Users\Yvette\AppData\Local\Temp\nsxAFC6.exe
C:\Users\Yvette\AppData\Local\Temp\nsy8715.exe
C:\Users\Yvette\AppData\Local\Temp\nvStInst.exe
C:\Users\Yvette\AppData\Local\Temp\ose00000.exe
C:\Users\Yvette\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\Yvette\AppData\Local\Temp\SETUP_AFTERBURNER.EXE
C:\Users\Yvette\AppData\Local\Temp\Sqlite3.dll
C:\Users\Yvette\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Yvette\AppData\Local\Temp\Uni000.exe
C:\Users\Yvette\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Yvette\AppData\Local\Temp\vlc-2.1.2-win64.exe
C:\Users\Yvette\AppData\Local\Temp\_isF620.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-29 20:32
==================== End Of Log ============================
--- --- --- --- --- --- |
|
13.02.2014, 16:50
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Lollipop Networks! Was nun?Zitat:
 Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.02.2014, 17:12
| #5 |
| | Lollipop Networks! Was nun? Oh!  Davon wusste ich garnichts. Ich habe den Computer so übernommen.Danke für den tipp. Ich werde es entfernen! So.. ich glaube es sollte nun weg sein: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2014 01
Ran by Yvette (administrator) on YVETTE-PC on 13-02-2014 17:10:53
Running from C:\Downloads\Software
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
() C:\Program Files (x86)\Mobogenie\MgAssist.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Chris Pietschmann (hxxp://pietschsoft.com)) C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
(Conduit) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Conduit) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTune\SensorDetector.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\fdm.exe
(Allmyapps) C:\Users\Yvette\AppData\Roaming\Allmyapps\Allmyapps.exe
(Spotify Ltd) C:\Users\Yvette\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Chris Pietschmann (hxxp://pietschsoft.com)) C:\Program Files (x86)\Virtual Router\VirtualRouterClient.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
() C:\Program Files (x86)\RegClean Pro\unins000.exe
() C:\Users\Yvette\AppData\Local\Temp\_iu14D2N.tmp
(Systweak Inc) C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE
(Conduit) C:\Users\Yvette\AppData\Local\Temp\SPSetup.exe
(Conduit) C:\Users\Yvette\AppData\Local\Temp\SPSetup.exe
(Conduit) C:\Windows\TEMP\nsm8653.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [Nvtmru] - "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-11] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [775872 2014-02-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\RunOnce: [SensorDetector] - C:\Program Files (x86)\GIGABYTE\EasyTune\PreSensorDetector.exe [9728 2013-04-09] (GIGA-BYTE TECHNOLOGY CO., LTD.)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-11-12] (Microsoft Corporation)
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\Run: [ISUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\Run: [EADM] - D:\Origin\Origin.exe [3598680 2014-01-29] (Electronic Arts)
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Yvette\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\Run: [lollipop] - lollipop
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\Run: [Free Download Manager] - C:\Program Files (x86)\Free Download Manager\fdm.exe [6860288 2013-01-16] (FreeDownloadManager.ORG)
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\Run: [Allmyapps] - C:\Users\Yvette\AppData\Roaming\Allmyapps\Allmyapps.exe [6781816 2014-02-11] (Allmyapps)
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\Run: [Allmyapps Update] - C:\Users\Yvette\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe [317304 2014-02-11] (Allmyapps)
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\Run: [Spotify Web Helper] - C:\Users\Yvette\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-10] (Spotify Ltd)
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\MountPoints2: {b3ee9c2f-4bd4-11e3-b5d1-806e6f6e6963} - E:\Run.exe
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\MountPoints2: {d482294b-473d-11e3-8bb9-806e6f6e6963} - D:\ASRSetup.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1350944 2014-02-03] (Conduit)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1046816 2014-02-03] (Conduit)
Startup: C:\Users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP1D5E9045-D6DD-44CA-BEC9-79DBEFDC5AEA&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9F662DC74FDBCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385406924&from=cor&uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S617288472884&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztD0BtBzz0E0DyByBtC0FyBtN0D0Tzu0CyBtCyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=648836839&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1385406924&from=cor&uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S617288472884&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385406924&from=cor&uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S617288472884&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztD0BtBzz0E0DyByBtC0FyBtN0D0Tzu0CyBtCyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=648836839&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1385406924&from=cor&uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S617288472884&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://aartemis.com/?type=sc&ts=1385406924&from=cor&uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S617288472884
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385406924&from=cor&uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S617288472884&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztD0BtBzz0E0DyByBtC0FyBtN0D0Tzu0CyBtCyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=648836839&ir=
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385406924&from=cor&uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S617288472884&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385406924&from=cor&uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S617288472884&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385406924&from=cor&uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S617288472884&q={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP1D5E9045-D6DD-44CA-BEC9-79DBEFDC5AEA&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP1D5E9045-D6DD-44CA-BEC9-79DBEFDC5AEA&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztD0BtBzz0E0DyByBtC0FyBtN0D0Tzu0CyBtCyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=648836839&ir=
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Yvette\AppData\Roaming\Mozilla\Firefox\Profiles\f3w8xdpi.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
Chrome:
=======
CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztD0BtBzz0E0DyByBtC0FyBtN0D0Tzu0CyBtCyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=648836839&ir=
CHR RestoreOnStartup: "hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztD0BtBzz0E0DyByBtC0FyBtN0D0Tzu0CyBtCyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=648836839&ir=", "hxxp://youtube.com/"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\gcswf32.dll ()
CHR Plugin: (ChromeUtilPlugin) - C:\Users\Yvette\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\25.62074_0\background/ChromeUtilPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (BonanzaDealsLive Update) - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: ( "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: ( "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Yvette\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2013-11-25]
CHR Extension: (New Tab Page) - C:\Users\Yvette\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl [2014-01-20]
CHR Extension: (Adblock Plus) - C:\Users\Yvette\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-28]
CHR Extension: (Classic Popup Blocker) - C:\Users\Yvette\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp [2013-12-19]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Yvette\AppData\Local\mysearchdial-speeddial.crx [2013-12-16]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Yvette\AppData\Local\mysearchdial-speeddial.crx [2013-12-16]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2013-12-20]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Yvette\AppData\Local\mysearchdial-speeddial.crx [2013-12-16]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-02-06] (Just Develop It)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2360608 2014-02-06] (Conduit)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
R2 MgAssistService; C:\Program Files (x86)\Mobogenie\MgAssist.exe [63168 2014-02-10] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-11-21] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-19] (Realtek Semiconductor)
R2 Virtual Router; C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [12288 2013-02-10] (Chris Pietschmann (hxxp://pietschsoft.com))
==================== Drivers (Whitelisted) ====================
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-17] (Avira Operations GmbH & Co. KG)
S3 etocdrv; C:\Windows\system32\etocdrv.sys [14928 2013-04-09] (Giga-Byte Technology CO., LTD.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-03-14] ()
S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-18] (Qualcomm Atheros Co., Ltd.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21072 2013-03-27] ()
S3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-13 17:10 - 2014-02-13 17:10 - 00000000 ____D () C:\Windows\SysWOW64\SearchProtect
2014-02-13 15:42 - 2014-02-13 15:42 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Chris_Pietschmann_(http__
2014-02-13 15:38 - 2014-02-13 15:38 - 01373696 _____ () C:\Users\Yvette\Downloads\VirtualRouterInstaller (1).msi
2014-02-13 15:38 - 2014-02-13 15:38 - 00000000 ____D () C:\Program Files (x86)\Virtual Router
2014-02-13 15:04 - 2014-02-13 17:10 - 00000000 ____D () C:\FRST
2014-02-13 15:01 - 2014-02-13 15:01 - 00614792 _____ (Chip Digital GmbH) C:\Users\Yvette\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-02-13 14:48 - 2014-02-13 14:48 - 01373696 _____ () C:\Users\Yvette\Downloads\VirtualRouterInstaller.msi
2014-02-11 15:30 - 2014-02-11 15:30 - 00000400 _____ () C:\Windows\Tasks\AllmyappsUpdateTask.job
2014-02-11 15:29 - 2014-02-13 17:08 - 00001426 _____ () C:\Users\Yvette\Desktop\Registry kostenlos entrümpeln!.lnk
2014-02-10 22:58 - 2014-02-10 22:58 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Macromedia
2014-02-10 22:52 - 2014-02-13 16:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-10 22:52 - 2014-02-10 22:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-10 22:52 - 2014-02-10 22:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-10 22:52 - 2014-02-10 22:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-10 22:52 - 2014-02-10 22:52 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-02-10 22:52 - 2014-02-10 22:52 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-10 22:51 - 2014-02-10 22:57 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Adobe
2014-02-10 22:48 - 2014-02-10 22:48 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-10 22:48 - 2014-02-10 22:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-10 16:50 - 2014-02-10 16:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-02-10 16:45 - 2014-02-10 16:45 - 00001811 _____ () C:\Users\Yvette\Desktop\Spotify.lnk
2014-02-10 16:45 - 2014-02-10 16:45 - 00001797 _____ () C:\Users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-02-10 16:45 - 2014-02-10 16:45 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-10 16:45 - 2014-02-10 16:45 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Spotify
2014-02-10 16:45 - 2014-02-10 16:45 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Spotify
2014-02-10 16:45 - 2014-02-10 16:45 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-02-10 16:40 - 2014-02-10 16:40 - 00003496 _____ () C:\Windows\System32\Tasks\AllmyappsUpdateTask
2014-02-10 16:40 - 2014-02-10 16:40 - 00000947 _____ () C:\Users\Yvette\Desktop\Allmyapps.lnk
2014-02-10 16:40 - 2014-02-10 16:40 - 00000000 ____D () C:\Users\Yvette\AppData\Local\CrashRpt
2014-02-10 16:40 - 2014-02-10 16:40 - 00000000 ____D () C:\Program Files (x86)\Systweak Support Dock
2014-02-10 16:40 - 2014-02-10 16:40 - 00000000 ____D () C:\Program Files (x86)\PC Cleaner
2014-02-10 16:40 - 2014-02-10 16:40 - 00000000 ____D () C:\Program Files (x86)\Advanced Disk Recovery
2014-02-10 16:38 - 2014-02-10 22:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-10 16:38 - 2014-02-10 16:38 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Mozilla
2014-02-10 16:38 - 2014-02-10 16:38 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Mozilla
2014-02-10 16:38 - 2014-02-10 16:38 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-10 16:37 - 2014-02-13 17:11 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-02-10 16:37 - 2014-02-13 17:08 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-02-10 16:37 - 2014-02-13 15:01 - 00000278 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-02-10 16:37 - 2014-02-12 23:15 - 00000286 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-02-10 16:37 - 2014-02-10 17:00 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-02-10 16:37 - 2014-02-10 16:40 - 00000000 ____D () C:\Program Files (x86)\System Speedup
2014-02-10 16:37 - 2014-02-10 16:37 - 00003032 _____ () C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2014-02-10 16:37 - 2014-02-10 16:37 - 00002876 _____ () C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2014-02-10 16:37 - 2014-02-10 16:37 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-02-10 16:37 - 2014-02-10 16:37 - 00000000 ____D () C:\Users\Yvette\AppData\Local\SearchProtect
2014-02-10 16:37 - 2014-02-10 16:37 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-02-07 12:06 - 2014-02-07 12:06 - 00204821 _____ () C:\Users\Yvette\AppData\Roaming\VideoPad.dmp
2014-01-30 16:49 - 2014-01-30 16:49 - 00000382 _____ () C:\Windows\SysWOW64\SystemPreferences.xml
2014-01-29 22:04 - 2013-12-27 19:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-01-29 22:04 - 2013-12-27 19:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-01-29 14:15 - 2014-01-29 14:15 - 00000000 ____D () C:\Users\Yvette\Downloads\Zeug
2014-01-25 20:49 - 2014-01-25 20:49 - 00000000 ____D () C:\Users\Yvette\Documents\VideoPad Projects
2014-01-25 20:43 - 2014-01-25 20:43 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Deshaker
2014-01-24 17:08 - 2014-01-24 17:08 - 00000000 ____D () C:\Users\Yvette\Downloads\MC
2014-01-24 17:07 - 2014-01-24 17:07 - 10351963 _____ () C:\Users\Yvette\Downloads\H.J.C. v.13.0.0.zip
2014-01-23 22:05 - 2014-01-23 22:05 - 00000062 _____ () C:\Users\Yvette\Desktop\YVETT & SOMETHING..url
2014-01-23 16:24 - 2014-01-23 16:24 - 00000000 ____D () C:\ProgramData\Samsung
2014-01-23 16:24 - 2014-01-23 16:24 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-01-22 08:52 - 2014-01-22 08:52 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-01-22 08:52 - 2014-01-22 08:52 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-01-21 23:38 - 2014-02-13 16:47 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Free Download Manager
2014-01-21 23:38 - 2014-01-21 23:38 - 00000000 ____D () C:\ProgramData\Free Download Manager
2014-01-21 23:05 - 2014-01-21 23:05 - 00000000 ____D () C:\Users\Yvette\Documents\Optimizer Pro
2014-01-21 23:01 - 2014-01-23 22:05 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-01-21 23:01 - 2014-01-21 23:01 - 00000000 ____D () C:\Users\Yvette\AppData\Local\AskPartnerNetwork
2014-01-21 23:00 - 2014-01-21 23:00 - 00003100 _____ () C:\Windows\System32\Tasks\{CCC83893-6B9E-4849-955F-F259E6A525FB}
2014-01-21 23:00 - 2014-01-21 23:00 - 00003100 _____ () C:\Windows\System32\Tasks\{31F05655-1E96-46F7-A6D8-5E16AF01FAD2}
2014-01-21 23:00 - 2014-01-21 23:00 - 00003100 _____ () C:\Windows\System32\Tasks\{08DD6E3E-9AA2-4CA7-88A8-6B60B0B8E603}
2014-01-21 22:58 - 2014-01-21 22:58 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\viddyhd
2014-01-21 22:58 - 2014-01-21 22:58 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2014-01-21 22:57 - 2014-01-21 22:57 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\viddyhddownload
2014-01-21 22:57 - 2014-01-21 22:57 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\52deed972356d036750291b7
2014-01-21 22:56 - 2014-01-21 22:56 - 01751600 _____ (Bandoo Media Inc) C:\Users\Yvette\Downloads\iLividSetup-r394-n-bc.exe
2014-01-21 22:41 - 2014-01-21 22:41 - 00000000 ____D () C:\Users\Yvette\Documents\.minecraft
2014-01-21 22:07 - 2014-02-12 21:12 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\.minecraft
2014-01-21 22:07 - 2014-01-21 22:07 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-21 22:07 - 2014-01-21 22:07 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-21 22:07 - 2014-01-21 22:07 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-21 22:07 - 2014-01-21 22:07 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-21 22:07 - 2014-01-21 22:07 - 00000000 ____D () C:\ProgramData\Sun
2014-01-21 22:07 - 2014-01-21 22:07 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-21 22:07 - 2014-01-21 22:07 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-21 22:06 - 2014-01-21 22:06 - 00921000 _____ (Oracle Corporation) C:\Users\Yvette\Downloads\chromeinstall-7u51.exe
2014-01-21 22:05 - 2014-01-21 22:05 - 00675988 _____ () C:\Users\Yvette\Desktop\Minecraft.exe
2014-01-21 14:34 - 2014-01-21 14:34 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-01-21 14:34 - 2014-01-21 14:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-01-20 23:50 - 2014-01-20 23:53 - 00000000 ____D () C:\Windows\Minidump
2014-01-20 23:50 - 2014-01-20 23:50 - 00292880 _____ () C:\Windows\Minidump\012014-14757-01.dmp.old
2014-01-20 23:49 - 2014-01-20 23:49 - 589029714 _____ () C:\Windows\MEMORY.DMP
2014-01-20 23:48 - 2014-01-20 23:48 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\QuickScan
2014-01-20 23:46 - 2014-01-21 22:04 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Lollipop
2014-01-20 23:45 - 2014-02-13 17:06 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\newnext.me
2014-01-20 23:45 - 2014-02-10 16:37 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2014-01-20 23:45 - 2014-02-10 16:37 - 00000000 ____D () C:\Users\Yvette\AppData\Local\genienext
2014-01-20 23:45 - 2014-01-20 23:45 - 00000000 ____D () C:\Users\Yvette\.android
2014-01-20 21:26 - 2014-01-20 21:32 - 412848112 _____ (Prezi.com) C:\Users\Yvette\Downloads\Install_Prezi_5.0.5.exe
2014-01-19 16:35 - 2014-02-06 08:09 - 00000000 ____D () C:\Users\Yvette\Downloads\Sport
2014-01-15 18:07 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 18:07 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 18:07 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 18:07 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 18:07 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 18:07 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 18:07 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 18:07 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 18:07 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
2014-02-13 17:11 - 2014-02-10 16:37 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-02-13 17:10 - 2014-02-13 17:10 - 00000000 ____D () C:\Windows\SysWOW64\SearchProtect
2014-02-13 17:10 - 2014-02-13 15:04 - 00000000 ____D () C:\FRST
2014-02-13 17:08 - 2014-02-11 15:29 - 00001426 _____ () C:\Users\Yvette\Desktop\Registry kostenlos entrümpeln!.lnk
2014-02-13 17:08 - 2014-02-10 16:37 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-02-13 17:07 - 2009-07-14 05:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-13 17:07 - 2009-07-14 05:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-13 17:06 - 2014-01-20 23:45 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\newnext.me
2014-02-13 17:06 - 2013-12-11 20:26 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Skype
2014-02-13 17:06 - 2013-11-12 20:37 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-02-13 17:06 - 2013-11-07 01:13 - 00107264 _____ () C:\Users\Yvette\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-13 17:05 - 2013-11-07 02:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-13 17:05 - 2013-11-07 01:25 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-13 17:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-13 17:05 - 2009-07-14 05:51 - 00077811 _____ () C:\Windows\setupact.log
2014-02-13 17:05 - 2009-07-14 05:45 - 00412584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-13 17:04 - 2013-11-07 02:06 - 00236158 _____ () C:\Windows\PFRO.log
2014-02-13 17:04 - 2013-11-07 00:54 - 01548653 _____ () C:\Windows\WindowsUpdate.log
2014-02-13 17:02 - 2013-11-13 12:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-13 17:01 - 2013-11-13 12:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-02-13 17:01 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-02-13 17:00 - 2009-07-14 19:18 - 00000000 ____D () C:\Windows\ShellNew
2014-02-13 17:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-13 17:00 - 2009-07-14 03:34 - 00000387 _____ () C:\Windows\win.ini
2014-02-13 16:47 - 2014-01-21 23:38 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Free Download Manager
2014-02-13 16:41 - 2014-02-10 22:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-13 16:30 - 2013-11-07 01:25 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-13 15:42 - 2014-02-13 15:42 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Chris_Pietschmann_(http__
2014-02-13 15:38 - 2014-02-13 15:38 - 01373696 _____ () C:\Users\Yvette\Downloads\VirtualRouterInstaller (1).msi
2014-02-13 15:38 - 2014-02-13 15:38 - 00000000 ____D () C:\Program Files (x86)\Virtual Router
2014-02-13 15:01 - 2014-02-13 15:01 - 00614792 _____ (Chip Digital GmbH) C:\Users\Yvette\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-02-13 15:01 - 2014-02-10 16:37 - 00000278 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-02-13 14:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-13 14:48 - 2014-02-13 14:48 - 01373696 _____ () C:\Users\Yvette\Downloads\VirtualRouterInstaller.msi
2014-02-13 14:37 - 2009-07-14 18:58 - 00697870 _____ () C:\Windows\system32\perfh007.dat
2014-02-13 14:37 - 2009-07-14 18:58 - 00148664 _____ () C:\Windows\system32\perfc007.dat
2014-02-13 14:37 - 2009-07-14 06:13 - 01616762 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-12 23:15 - 2014-02-10 16:37 - 00000286 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-02-12 23:01 - 2013-12-16 18:02 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Mobogenie
2014-02-12 21:59 - 2013-11-27 17:46 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\TS3Client
2014-02-12 21:12 - 2014-01-21 22:07 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\.minecraft
2014-02-12 17:48 - 2013-11-13 13:02 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\vlc
2014-02-11 15:30 - 2014-02-11 15:30 - 00000400 _____ () C:\Windows\Tasks\AllmyappsUpdateTask.job
2014-02-11 15:29 - 2013-11-25 20:15 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Systweak
2014-02-11 15:29 - 2013-11-25 20:15 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-02-11 15:28 - 2013-11-08 14:58 - 00000000 ____D () C:\Program Files\WinRAR
2014-02-10 22:58 - 2014-02-10 22:58 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Macromedia
2014-02-10 22:57 - 2014-02-10 22:51 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Adobe
2014-02-10 22:52 - 2014-02-10 22:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-10 22:52 - 2014-02-10 22:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-10 22:52 - 2014-02-10 22:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-10 22:52 - 2014-02-10 22:52 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-02-10 22:52 - 2014-02-10 22:52 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-10 22:48 - 2014-02-10 22:48 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-10 22:48 - 2014-02-10 22:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-10 22:48 - 2014-02-10 16:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-10 17:00 - 2014-02-10 16:37 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-02-10 16:50 - 2014-02-10 16:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-02-10 16:46 - 2013-12-16 18:02 - 00000000 ____D () C:\Users\Yvette\AppData\Local\cache
2014-02-10 16:45 - 2014-02-10 16:45 - 00001811 _____ () C:\Users\Yvette\Desktop\Spotify.lnk
2014-02-10 16:45 - 2014-02-10 16:45 - 00001797 _____ () C:\Users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-02-10 16:45 - 2014-02-10 16:45 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-10 16:45 - 2014-02-10 16:45 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Spotify
2014-02-10 16:45 - 2014-02-10 16:45 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Spotify
2014-02-10 16:45 - 2014-02-10 16:45 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-02-10 16:44 - 2013-11-08 14:58 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-02-10 16:43 - 2013-12-16 18:02 - 00001725 _____ () C:\Users\Yvette\daemonprocess.txt
2014-02-10 16:40 - 2014-02-10 16:40 - 00003496 _____ () C:\Windows\System32\Tasks\AllmyappsUpdateTask
2014-02-10 16:40 - 2014-02-10 16:40 - 00000947 _____ () C:\Users\Yvette\Desktop\Allmyapps.lnk
2014-02-10 16:40 - 2014-02-10 16:40 - 00000000 ____D () C:\Users\Yvette\AppData\Local\CrashRpt
2014-02-10 16:40 - 2014-02-10 16:40 - 00000000 ____D () C:\Program Files (x86)\Systweak Support Dock
2014-02-10 16:40 - 2014-02-10 16:40 - 00000000 ____D () C:\Program Files (x86)\PC Cleaner
2014-02-10 16:40 - 2014-02-10 16:40 - 00000000 ____D () C:\Program Files (x86)\Advanced Disk Recovery
2014-02-10 16:40 - 2014-02-10 16:37 - 00000000 ____D () C:\Program Files (x86)\System Speedup
2014-02-10 16:38 - 2014-02-10 16:38 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Mozilla
2014-02-10 16:38 - 2014-02-10 16:38 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Mozilla
2014-02-10 16:38 - 2014-02-10 16:38 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-10 16:37 - 2014-02-10 16:37 - 00003032 _____ () C:\Windows\System32\Tasks\RegClean Pro_UPDATES
2014-02-10 16:37 - 2014-02-10 16:37 - 00002876 _____ () C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
2014-02-10 16:37 - 2014-02-10 16:37 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-02-10 16:37 - 2014-02-10 16:37 - 00000000 ____D () C:\Users\Yvette\AppData\Local\SearchProtect
2014-02-10 16:37 - 2014-02-10 16:37 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-02-10 16:37 - 2014-01-20 23:45 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2014-02-10 16:37 - 2014-01-20 23:45 - 00000000 ____D () C:\Users\Yvette\AppData\Local\genienext
2014-02-10 16:37 - 2013-11-07 00:55 - 00000000 ___RD () C:\Users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-07 12:06 - 2014-02-07 12:06 - 00204821 _____ () C:\Users\Yvette\AppData\Roaming\VideoPad.dmp
2014-02-06 08:09 - 2014-01-19 16:35 - 00000000 ____D () C:\Users\Yvette\Downloads\Sport
2014-01-30 16:49 - 2014-01-30 16:49 - 00000382 _____ () C:\Windows\SysWOW64\SystemPreferences.xml
2014-01-29 22:05 - 2013-11-07 02:02 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-01-29 14:15 - 2014-01-29 14:15 - 00000000 ____D () C:\Users\Yvette\Downloads\Zeug
2014-01-25 20:49 - 2014-01-25 20:49 - 00000000 ____D () C:\Users\Yvette\Documents\VideoPad Projects
2014-01-25 20:43 - 2014-01-25 20:43 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Deshaker
2014-01-24 17:08 - 2014-01-24 17:08 - 00000000 ____D () C:\Users\Yvette\Downloads\MC
2014-01-24 17:07 - 2014-01-24 17:07 - 10351963 _____ () C:\Users\Yvette\Downloads\H.J.C. v.13.0.0.zip
2014-01-24 16:27 - 2013-11-28 16:42 - 00000000 ____D () C:\Users\Yvette\Downloads\Inst
2014-01-23 22:05 - 2014-01-23 22:05 - 00000062 _____ () C:\Users\Yvette\Desktop\YVETT & SOMETHING..url
2014-01-23 22:05 - 2014-01-21 23:01 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-01-23 22:04 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-01-23 16:24 - 2014-01-23 16:24 - 00000000 ____D () C:\ProgramData\Samsung
2014-01-23 16:24 - 2014-01-23 16:24 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-01-22 08:52 - 2014-01-22 08:52 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-01-22 08:52 - 2014-01-22 08:52 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-01-21 23:38 - 2014-01-21 23:38 - 00000000 ____D () C:\ProgramData\Free Download Manager
2014-01-21 23:05 - 2014-01-21 23:05 - 00000000 ____D () C:\Users\Yvette\Documents\Optimizer Pro
2014-01-21 23:01 - 2014-01-21 23:01 - 00000000 ____D () C:\Users\Yvette\AppData\Local\AskPartnerNetwork
2014-01-21 23:00 - 2014-01-21 23:00 - 00003100 _____ () C:\Windows\System32\Tasks\{CCC83893-6B9E-4849-955F-F259E6A525FB}
2014-01-21 23:00 - 2014-01-21 23:00 - 00003100 _____ () C:\Windows\System32\Tasks\{31F05655-1E96-46F7-A6D8-5E16AF01FAD2}
2014-01-21 23:00 - 2014-01-21 23:00 - 00003100 _____ () C:\Windows\System32\Tasks\{08DD6E3E-9AA2-4CA7-88A8-6B60B0B8E603}
2014-01-21 22:58 - 2014-01-21 22:58 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\viddyhd
2014-01-21 22:58 - 2014-01-21 22:58 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2014-01-21 22:57 - 2014-01-21 22:57 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\viddyhddownload
2014-01-21 22:57 - 2014-01-21 22:57 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\52deed972356d036750291b7
2014-01-21 22:56 - 2014-01-21 22:56 - 01751600 _____ (Bandoo Media Inc) C:\Users\Yvette\Downloads\iLividSetup-r394-n-bc.exe
2014-01-21 22:41 - 2014-01-21 22:41 - 00000000 ____D () C:\Users\Yvette\Documents\.minecraft
2014-01-21 22:07 - 2014-01-21 22:07 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-21 22:07 - 2014-01-21 22:07 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-21 22:07 - 2014-01-21 22:07 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-21 22:07 - 2014-01-21 22:07 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-21 22:07 - 2014-01-21 22:07 - 00000000 ____D () C:\ProgramData\Sun
2014-01-21 22:07 - 2014-01-21 22:07 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-21 22:07 - 2014-01-21 22:07 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-21 22:06 - 2014-01-21 22:06 - 00921000 _____ (Oracle Corporation) C:\Users\Yvette\Downloads\chromeinstall-7u51.exe
2014-01-21 22:05 - 2014-01-21 22:05 - 00675988 _____ () C:\Users\Yvette\Desktop\Minecraft.exe
2014-01-21 22:04 - 2014-01-20 23:46 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Lollipop
2014-01-21 14:34 - 2014-01-21 14:34 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-01-21 14:34 - 2014-01-21 14:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-01-21 03:53 - 2013-11-07 02:03 - 01179576 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-01-21 03:53 - 2013-11-07 02:03 - 01048152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-01-20 23:53 - 2014-01-20 23:50 - 00000000 ____D () C:\Windows\Minidump
2014-01-20 23:50 - 2014-01-20 23:50 - 00292880 _____ () C:\Windows\Minidump\012014-14757-01.dmp.old
2014-01-20 23:49 - 2014-01-20 23:49 - 589029714 _____ () C:\Windows\MEMORY.DMP
2014-01-20 23:48 - 2014-01-20 23:48 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\QuickScan
2014-01-20 23:45 - 2014-01-20 23:45 - 00000000 ____D () C:\Users\Yvette\.android
2014-01-20 23:45 - 2013-11-07 00:55 - 00000000 ____D () C:\Users\Yvette
2014-01-20 21:32 - 2014-01-20 21:26 - 412848112 _____ (Prezi.com) C:\Users\Yvette\Downloads\Install_Prezi_5.0.5.exe
2014-01-16 01:22 - 2013-11-08 16:10 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-16 01:22 - 2013-11-08 16:10 - 00000000 ____D () C:\Windows\system32\MRT
Some content of TEMP:
====================
C:\Users\Yvette\AppData\Local\Temp\4156uninstall.exe
C:\Users\Yvette\AppData\Local\Temp\6_Offer_14.exe
C:\Users\Yvette\AppData\Local\Temp\avgnt.exe
C:\Users\Yvette\AppData\Local\Temp\BackupSetup.exe
C:\Users\Yvette\AppData\Local\Temp\deshaker.exe
C:\Users\Yvette\AppData\Local\Temp\DivXWebPlayerInstaller.exe
C:\Users\Yvette\AppData\Local\Temp\DownloadManager.exe
C:\Users\Yvette\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE
C:\Users\Yvette\AppData\Local\Temp\nsd9EEA.exe
C:\Users\Yvette\AppData\Local\Temp\nse51DC.exe
C:\Users\Yvette\AppData\Local\Temp\nsi68D9.exe
C:\Users\Yvette\AppData\Local\Temp\nsi8485.exe
C:\Users\Yvette\AppData\Local\Temp\nsi857E.exe
C:\Users\Yvette\AppData\Local\Temp\nsiAE30.exe
C:\Users\Yvette\AppData\Local\Temp\nsn6723.exe
C:\Users\Yvette\AppData\Local\Temp\nsn9D53.exe
C:\Users\Yvette\AppData\Local\Temp\nsnAA58.exe
C:\Users\Yvette\AppData\Local\Temp\nssA8A2.exe
C:\Users\Yvette\AppData\Local\Temp\nst82EF.exe
C:\Users\Yvette\AppData\Local\Temp\nsxAFC6.exe
C:\Users\Yvette\AppData\Local\Temp\nsy8715.exe
C:\Users\Yvette\AppData\Local\Temp\nvStInst.exe
C:\Users\Yvette\AppData\Local\Temp\ose00000.exe
C:\Users\Yvette\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\Yvette\AppData\Local\Temp\SETUP_AFTERBURNER.EXE
C:\Users\Yvette\AppData\Local\Temp\SPSetup.exe
C:\Users\Yvette\AppData\Local\Temp\Sqlite3.dll
C:\Users\Yvette\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Yvette\AppData\Local\Temp\Uni000.exe
C:\Users\Yvette\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Yvette\AppData\Local\Temp\vlc-2.1.2-win64.exe
C:\Users\Yvette\AppData\Local\Temp\_isF620.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-29 20:32
==================== End Of Log ============================
--- --- --- |
|
13.02.2014, 18:38
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Lollipop Networks! Was nun? Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ --> Lollipop Networks! Was nun? |
|
13.02.2014, 19:33
| #7 |
| | Lollipop Networks! Was nun? Okay, alles klar. Ich hab das erhalten: Code:
ATTFilter ComboFix 14-02-12.01 - Yvette 13.02.2014 19:27:41.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.8137.4492 [GMT 1:00]
ausgeführt von:: c:\downloads\Software\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SearchProtect
c:\program files (x86)\SearchProtect\EULA.txt
c:\program files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
c:\program files (x86)\SearchProtect\Main\bin\SPTool.dll
c:\program files (x86)\SearchProtect\Main\bin\uninstall.exe
c:\program files (x86)\SearchProtect\Main\rep\SystemRepository.dat
c:\program files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
c:\program files (x86)\SearchProtect\UI\bin\cltmngui.exe
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\text-field.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\v.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\x.png
c:\program files (x86)\SearchProtect\UI\dialogs\libs\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\main.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js
c:\program files (x86)\SearchProtect\UI\dialogs\protection\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.css
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.html
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.js
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
c:\program files (x86)\SearchProtect\UI\dialogs\settings.html
c:\program files (x86)\SearchProtect\UI\dialogs\settings\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.css
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.html
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.js
c:\program files (x86)\SearchProtect\UI\dialogs\style.css
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js
c:\users\Yvette\AppData\Local\lollipop
c:\users\Yvette\AppData\Local\lollipop\logo.ico
c:\users\Yvette\AppData\Local\lollipop\lollipop.bat
c:\users\Yvette\AppData\Local\lollipop\lollipop.dat
c:\users\Yvette\AppData\Local\lollipop\lollipop.lpd
c:\users\Yvette\AppData\Local\lollipop\lollipop_cfg.lpd
c:\users\Yvette\AppData\Local\lollipop\lollipop_ps.lpd
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-01-13 bis 2014-02-13 ))))))))))))))))))))))))))))))
.
.
2014-02-13 18:30 . 2014-02-13 18:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-13 16:10 . 2014-02-13 16:10 -------- d-----w- c:\windows\SysWow64\SearchProtect
2014-02-13 14:42 . 2014-02-13 14:42 -------- d-----w- c:\users\Yvette\AppData\Local\Chris_Pietschmann_(http__
2014-02-13 14:38 . 2014-02-13 14:38 -------- d-----w- c:\program files (x86)\Virtual Router
2014-02-13 14:04 . 2014-02-13 16:11 -------- d-----w- C:\FRST
2014-02-10 21:58 . 2014-02-10 21:58 -------- d-----w- c:\users\Yvette\AppData\Local\Macromedia
2014-02-10 21:52 . 2014-02-10 21:52 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-10 21:52 . 2014-02-10 21:52 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-10 21:52 . 2014-02-10 21:52 -------- d-----w- c:\windows\SysWow64\Macromed
2014-02-10 21:52 . 2014-02-10 21:52 -------- d-----w- c:\windows\system32\Macromed
2014-02-10 21:51 . 2014-02-13 16:42 -------- d-----w- c:\users\Yvette\AppData\Local\Adobe
2014-02-10 21:48 . 2014-02-10 21:48 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-02-10 15:45 . 2014-02-10 15:45 -------- d-----w- c:\users\Yvette\AppData\Local\Spotify
2014-02-10 15:45 . 2014-02-10 15:45 -------- d-----w- c:\users\Yvette\AppData\Roaming\Spotify
2014-02-10 15:45 . 2014-02-10 15:45 -------- d-----w- c:\program files (x86)\VideoLAN
2014-02-10 15:40 . 2014-02-10 15:40 -------- d-----w- c:\users\Yvette\AppData\Local\CrashRpt
2014-02-10 15:40 . 2014-02-12 15:29 -------- d-----w- c:\programdata\Allmyapps
2014-02-10 15:40 . 2014-02-13 16:21 -------- d-----w- c:\users\Yvette\AppData\Roaming\Allmyapps
2014-02-10 15:40 . 2014-02-10 15:40 -------- d-----w- c:\program files (x86)\Advanced Disk Recovery
2014-02-10 15:40 . 2014-02-10 15:40 -------- d-----w- c:\program files (x86)\PC Cleaner
2014-02-10 15:40 . 2014-02-10 15:40 -------- d-----w- c:\program files (x86)\Systweak Support Dock
2014-02-10 15:38 . 2014-02-10 15:38 -------- d-----w- c:\users\Yvette\AppData\Local\Mozilla
2014-02-10 15:37 . 2014-02-10 16:00 -------- d-----w- c:\program files (x86)\Mobogenie
2014-02-10 15:37 . 2014-02-10 15:40 -------- d-----w- c:\program files (x86)\System Speedup
2014-02-10 15:37 . 2014-02-10 15:37 -------- d-----w- c:\program files (x86)\RegClean Pro
2014-02-10 15:37 . 2014-02-10 15:37 -------- d-----w- c:\users\Yvette\AppData\Local\SearchProtect
2014-01-29 21:04 . 2013-12-27 18:42 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-01-29 21:04 . 2013-12-27 18:42 33056 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-01-25 19:43 . 2014-01-25 19:43 -------- d-----w- c:\users\Yvette\AppData\Local\Deshaker
2014-01-23 21:01 . 2014-01-29 15:33 -------- d-----w- C:\Downloads
2014-01-23 15:24 . 2014-01-23 15:24 -------- d-----w- c:\program files\SAMSUNG
2014-01-23 15:24 . 2014-01-23 15:24 -------- d-----w- c:\programdata\Samsung
2014-01-22 07:52 . 2014-01-22 07:52 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2014-01-22 07:52 . 2014-01-22 07:52 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2014-01-22 07:52 . 2014-01-22 07:52 206080 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2014-01-22 07:52 . 2014-01-22 07:52 108800 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2014-01-21 22:38 . 2014-01-21 22:38 -------- d-----w- c:\programdata\Free Download Manager
2014-01-21 22:38 . 2014-02-13 18:26 -------- d-----w- c:\users\Yvette\AppData\Roaming\Free Download Manager
2014-01-21 22:01 . 2014-01-21 22:01 -------- d-----w- c:\users\Yvette\AppData\Local\AskPartnerNetwork
2014-01-21 22:01 . 2014-01-23 21:05 -------- d-----w- c:\windows\system32\appmgmt
2014-01-21 21:58 . 2014-01-21 21:58 -------- d-----w- c:\program files (x86)\Free Download Manager
2014-01-21 21:58 . 2014-01-21 21:58 -------- d-----w- c:\users\Yvette\AppData\Roaming\viddyhd
2014-01-21 21:57 . 2014-01-21 21:57 -------- d-----w- c:\users\Yvette\AppData\Roaming\52deed972356d036750291b7
2014-01-21 21:07 . 2014-02-12 20:12 -------- d-----w- c:\users\Yvette\AppData\Roaming\.minecraft
2014-01-21 21:07 . 2014-01-21 21:07 -------- d-----w- c:\programdata\Oracle
2014-01-21 21:07 . 2014-01-21 21:07 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-01-21 21:07 . 2014-01-21 21:07 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-21 21:07 . 2014-01-21 21:07 -------- d-----w- c:\program files (x86)\Java
2014-01-21 13:34 . 2014-01-21 13:34 -------- d-----w- c:\program files\Microsoft Silverlight
2014-01-21 13:34 . 2014-01-21 13:34 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-01-20 22:48 . 2014-01-20 22:48 -------- d-----w- c:\users\Yvette\AppData\Roaming\QuickScan
2014-01-20 22:45 . 2014-01-20 22:45 -------- d-----w- c:\users\Yvette\.android
2014-01-20 22:45 . 2014-02-13 16:06 -------- d-----w- c:\users\Yvette\AppData\Roaming\newnext.me
2014-01-20 22:45 . 2014-02-10 15:37 -------- d-----w- c:\users\Yvette\AppData\Local\genienext
2014-01-15 17:07 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 17:07 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 17:07 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 17:07 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 17:07 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 17:07 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 17:07 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 17:07 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 17:07 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-13 16:06 . 2013-11-12 19:37 25640 ----a-w- c:\windows\gdrv.sys
2014-01-21 02:53 . 2013-11-07 01:03 1048152 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-01-21 02:53 . 2013-11-07 01:03 1179576 ----a-w- c:\windows\system32\nvspcap64.dll
2014-01-16 00:22 . 2013-11-08 15:10 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-27 18:42 . 2013-11-07 01:01 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-12-17 14:39 . 2013-11-07 00:34 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-12-17 14:39 . 2013-11-07 00:34 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-12-17 14:39 . 2013-11-07 00:34 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-16 17:05 . 2012-07-17 13:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-12-13 16:53 . 2013-11-25 19:15 19544 ----a-w- c:\windows\system32\roboot64.exe
2013-11-26 18:18 . 2013-11-26 18:18 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-26 18:18 . 2013-11-26 18:18 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-26 18:18 . 2013-11-26 18:18 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-26 18:18 . 2013-11-26 18:18 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-26 18:18 . 2013-11-26 18:18 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-26 18:18 . 2013-11-26 18:18 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-26 18:18 . 2013-11-26 18:18 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-26 18:18 . 2013-11-26 18:18 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-26 18:18 . 2013-11-26 18:18 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-26 18:18 . 2013-11-26 18:18 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-26 18:18 . 2013-11-26 18:18 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-26 18:18 . 2013-11-26 18:18 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-26 18:18 . 2013-11-26 18:18 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-26 18:18 . 2013-11-26 18:18 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-26 18:18 . 2013-11-26 18:18 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-26 18:18 . 2013-11-26 18:18 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-26 18:18 . 2013-11-26 18:18 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-26 18:18 . 2013-11-26 18:18 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-26 18:18 . 2013-11-26 18:18 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-26 18:18 . 2013-11-26 18:18 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-26 18:18 . 2013-11-26 18:18 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-26 18:18 . 2013-11-26 18:18 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-26 18:18 . 2013-11-26 18:18 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-26 18:18 . 2013-11-26 18:18 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-26 18:18 . 2013-11-26 18:18 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-26 18:18 . 2013-11-26 18:18 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-26 18:18 . 2013-11-26 18:18 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-26 18:18 . 2013-11-26 18:18 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-26 18:18 . 2013-11-26 18:18 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-26 18:18 . 2013-11-26 18:18 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-26 18:18 . 2013-11-26 18:18 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-26 18:18 . 2013-11-26 18:18 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-26 18:18 . 2013-11-26 18:18 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-26 18:18 . 2013-11-26 18:18 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-26 18:18 . 2013-11-26 18:18 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-26 18:18 . 2013-11-26 18:18 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-26 18:18 . 2013-11-26 18:18 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-26 18:18 . 2013-11-26 18:18 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-26 18:18 . 2013-11-26 18:18 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-26 18:18 . 2013-11-26 18:18 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-26 18:18 . 2013-11-26 18:18 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-26 18:18 . 2013-11-26 18:18 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-26 18:18 . 2013-11-26 18:18 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-26 18:18 . 2013-11-26 18:18 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-26 18:18 . 2013-11-26 18:18 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-26 18:18 . 2013-11-26 18:18 413696 ----a-w- c:\windows\system32\html.iec
2013-11-26 18:18 . 2013-11-26 18:18 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 18:18 . 2013-11-26 18:18 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-26 18:18 . 2013-11-26 18:18 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-26 18:18 . 2013-11-26 18:18 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-26 18:18 . 2013-11-26 18:18 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-26 18:18 . 2013-11-26 18:18 235520 ----a-w- c:\windows\system32\url.dll
2013-11-26 18:18 . 2013-11-26 18:18 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-26 18:18 . 2013-11-26 18:18 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-26 18:18 . 2013-11-26 18:18 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-26 18:18 . 2013-11-26 18:18 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-26 18:18 . 2013-11-26 18:18 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-26 18:18 . 2013-11-26 18:18 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-26 18:18 . 2013-11-26 18:18 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-26 11:54 . 2013-12-11 15:20 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-11 15:20 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-11 15:20 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-11 15:20 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-11 15:20 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-11 15:20 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-11 15:20 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-11 15:20 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-11 15:20 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-11 15:20 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-11 15:20 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-11 15:20 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-11 15:20 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-11 15:20 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-11 15:20 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-11 15:20 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 15:20 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-11 15:20 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-11 15:20 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-11 15:20 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-11 15:20 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-11 15:20 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-11 15:20 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-11 15:20 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-11 14:37 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 14:37 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-21 12:27 . 2013-11-21 12:27 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-11-21 12:27 . 2013-11-21 12:27 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-11-21 12:11 . 2013-11-21 12:27 3123272 ----a-w- c:\windows\SysWow64\pbsvc.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-12-20 19:28 12240 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-12-20 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lollipop"="lollipop" [X]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"EADM"="d:\origin\Origin.exe" [2014-01-29 3598680]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"NextLive"="c:\users\Yvette\AppData\Roaming\newnext.me\nengine.dll" [2013-11-14 1283584]
"Free Download Manager"="c:\program files (x86)\Free Download Manager\fdm.exe" [2013-01-16 6860288]
"Allmyapps"="c:\users\Yvette\AppData\Roaming\Allmyapps\Allmyapps.exe" [2014-02-11 6781816]
"Allmyapps Update"="c:\users\Yvette\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe" [2014-02-11 317304]
"Spotify Web Helper"="c:\users\Yvette\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-02-10 1171968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-11 292848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-17 684600]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-12-20 1778640]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-03-12 134616]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"mobilegeni daemon"="c:\program files (x86)\Mobogenie\DaemonProcess.exe" [2014-02-10 775872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"SensorDetector"="c:\program files (x86)\GIGABYTE\EasyTune\PreSensorDetector.exe" [2013-04-09 9728]
.
c:\users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe [2014-2-6 2919976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Virtual Router Manager.lnk - c:\windows\Installer\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\_118D1A4EFFA6998C3492EB.exe /min [2014-2-13 22486]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 UsbCharger;UsbCharger;c:\windows\system32\DRIVERS\UsbCharger.sys;c:\windows\SYSNATIVE\DRIVERS\UsbCharger.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 AxtuDrv;AxtuDrv;c:\windows\SysWOW64\Drivers\AxtuDrv.sys;c:\windows\SysWOW64\Drivers\AxtuDrv.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 etocdrv;etocdrv;c:\windows\system32\etocdrv.sys;c:\windows\SYSNATIVE\etocdrv.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe [x]
S2 CltMngSvc;Search Protect by Conduit Service;c:\progra~2\SearchProtect\Main\bin\CltMngSvc.exe;c:\progra~2\SearchProtect\Main\bin\CltMngSvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
S2 MgAssistService;MgAssist Service;c:\program files (x86)\Mobogenie\MgAssist.exe;c:\program files (x86)\Mobogenie\MgAssist.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 Virtual Router;VirtualRouterService;c:\program files (x86)\Virtual Router\VirtualRouterService.exe;c:\program files (x86)\Virtual Router\VirtualRouterService.exe [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - NDISUIO
.
Inhalt des "geplante Tasks" Ordners
.
2014-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-10 21:52]
.
2014-02-11 c:\windows\Tasks\AllmyappsUpdateTask.job
- c:\users\Yvette\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe [2014-02-10 14:30]
.
2014-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-07 00:25]
.
2014-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-07 00:25]
.
2014-02-13 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2014-02-10 17:36]
.
2014-02-12 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2014-02-10 17:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-12-20 19:28 13776 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" [2013-12-20 13776]
.
[HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-02-26 13423688]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-01-21 1179576]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-01-21 2234144]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com/?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP1D5E9045-D6DD-44CA-BEC9-79DBEFDC5AEA&SSPV=
mDefault_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385406924&from=cor&uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S617288472884&q={searchTerms}
mDefault_Page_URL = about:blank
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztD0BtBzz0E0DyByBtC0FyBtN0D0Tzu0CyBtCyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=648836839&ir=
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.aartemis.com/web/?type=ds&ts=1385406924&from=cor&uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S617288472884&q={searchTerms}
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Yvette\AppData\Roaming\Mozilla\Firefox\Profiles\f3w8xdpi.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-SearchProtect - c:\progra~2\SearchProtect\Main\bin\uninstall.exe
AddRemove-lollipop - c:\users\yvette\appdata\local\lollipop\lollipop.bat
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-02-13 19:32:11
ComboFix-quarantined-files.txt 2014-02-13 18:32
.
Vor Suchlauf: 10 Verzeichnis(se), 87.622.201.344 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 91.010.711.552 Bytes frei
.
- - End Of File - - EFB65C32F522A6F65F58F256CD03E810
A36C5E4F47E84449FF07ED3517B43A31
|
|
13.02.2014, 19:34
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Lollipop Networks! Was nun? Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.02.2014, 19:56
| #9 |
| | Lollipop Networks! Was nun? -> 1. Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 13/02/2014 um 19:40:00
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Yvette - YVETTE-PC
# Gestartet von : C:\Users\Yvette\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : BackupStack
Dienst Gelöscht : CltMngSvc
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDealsLive
[#] Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\RegClean Pro
Ordner Gelöscht : C:\Windows\SysWOW64\Searchprotect
Ordner Gelöscht : C:\Users\Yvette\AppData\Local\BonanzaDealsLive
Ordner Gelöscht : C:\Users\Yvette\AppData\Local\Searchprotect
Ordner Gelöscht : C:\Users\Yvette\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Ordner Gelöscht : C:\Users\Yvette\Documents\optimizer pro
Ordner Gelöscht : C:\Users\Yvette\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Datei Gelöscht : C:\Windows\System32\Tasks\RegClean Pro
Datei Gelöscht : C:\Windows\Tasks\RegClean Pro_DEFAULT.job
Datei Gelöscht : C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
Datei Gelöscht : C:\Windows\Tasks\RegClean Pro_UPDATES.job
Datei Gelöscht : C:\Windows\System32\Tasks\RegClean Pro_UPDATES
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [lollipop]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKCU\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v27.0 (de)
[ Datei : C:\Users\Yvette\AppData\Roaming\Mozilla\Firefox\Profiles\f3w8xdpi.default\prefs.js ]
-\\ Google Chrome v18.0.1025.142
[ Datei : C:\Users\Yvette\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
Gelöscht : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [7155 octets] - [13/02/2014 19:39:07]
AdwCleaner[S0].txt - [5633 octets] - [13/02/2014 19:40:00]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5693 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Ultimate x64
Ran by Yvette on 13.02.2014 at 19:46:48,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\free download manager
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?
Value Name Type Value Data
========================================================================================
NextLive REG_SZ C:\Windows\SysWOW64\rundll32.exe "C:\Users\Yvette\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ FireFox
Emptied folder: C:\Users\Yvette\AppData\Roaming\mozilla\firefox\profiles\f3w8xdpi.default\minidumps [2 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Yvette\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Successfully deleted: [Folder] C:\Users\Yvette\appdata\local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.02.2014 at 19:51:19,21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014
Ran by Yvette (administrator) on YVETTE-PC on 13-02-2014 19:55:14
Running from C:\Downloads\Software
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
() C:\Program Files (x86)\Mobogenie\MgAssist.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Chris Pietschmann (hxxp://pietschsoft.com)) C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTune\SensorDetector.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Spotify Ltd) C:\Users\Yvette\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Chris Pietschmann (hxxp://pietschsoft.com)) C:\Program Files (x86)\Virtual Router\VirtualRouterClient.exe
(Allmyapps) C:\Users\Yvette\AppData\Roaming\Allmyapps\Allmyapps.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\fdm.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [Nvtmru] - "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-11] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM-x32\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [775872 2014-02-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\RunOnce: [SensorDetector] - C:\Program Files (x86)\GIGABYTE\EasyTune\PreSensorDetector.exe [9728 2013-04-09] (GIGA-BYTE TECHNOLOGY CO., LTD.)
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\Run: [ISUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\Run: [EADM] - D:\Origin\Origin.exe [3598680 2014-01-29] (Electronic Arts)
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Yvette\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\Run: [Allmyapps] - C:\Users\Yvette\AppData\Roaming\Allmyapps\Allmyapps.exe [6885752 2014-02-13] (Allmyapps)
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\Run: [Allmyapps Update] - C:\Users\Yvette\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe [316280 2014-02-13] (Allmyapps)
HKU\S-1-5-21-3648606511-270508592-4289889798-1000\...\Run: [Spotify Web Helper] - C:\Users\Yvette\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-10] (Spotify Ltd)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9F662DC74FDBCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1385406924&from=cor&uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S617288472884&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.aartemis.com/web/?type=ds&ts=1385406924&from=cor&uid=WDCXWD10EZEX-75ZF5A0_WD-WCC1S617288472884&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzuzyyE0D0EzztD0BtBzz0E0DyByBtC0FyBtN0D0Tzu0CyBtCyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=648836839&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Yvette\AppData\Roaming\Mozilla\Firefox\Profiles\f3w8xdpi.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\gcswf32.dll ()
CHR Plugin: (ChromeUtilPlugin) - C:\Users\Yvette\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\25.62074_0\background/ChromeUtilPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (BonanzaDealsLive Update) - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: ( "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: ( "name": "",) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Extension: (Adblock Plus) - C:\Users\Yvette\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-28]
CHR Extension: (Classic Popup Blocker) - C:\Users\Yvette\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp [2013-12-19]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
R2 MgAssistService; C:\Program Files (x86)\Mobogenie\MgAssist.exe [63168 2014-02-10] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-11-21] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-19] (Realtek Semiconductor)
R2 Virtual Router; C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [12288 2013-02-10] (Chris Pietschmann (hxxp://pietschsoft.com))
==================== Drivers (Whitelisted) ====================
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-17] (Avira Operations GmbH & Co. KG)
S3 etocdrv; C:\Windows\system32\etocdrv.sys [14928 2013-04-09] (Giga-Byte Technology CO., LTD.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-03-14] ()
S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [118504 2012-12-18] (Qualcomm Atheros Co., Ltd.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21072 2013-03-27] ()
S3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-13 19:51 - 2014-02-13 19:51 - 00002405 _____ () C:\Users\Yvette\Desktop\JRT.txt
2014-02-13 19:46 - 2014-02-13 19:46 - 00000000 ____D () C:\Windows\ERUNT
2014-02-13 19:38 - 2014-02-13 19:40 - 00000000 ____D () C:\AdwCleaner
2014-02-13 19:36 - 2014-02-13 19:36 - 01166132 _____ () C:\Users\Yvette\Desktop\adwcleaner.exe
2014-02-13 19:32 - 2014-02-13 19:32 - 00035940 _____ () C:\ComboFix.txt
2014-02-13 19:26 - 2014-02-13 19:32 - 00000000 ____D () C:\Qoobox
2014-02-13 19:26 - 2014-02-13 19:31 - 00000000 ____D () C:\Windows\erdnt
2014-02-13 19:26 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-13 19:26 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-13 19:26 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-13 19:26 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-13 19:26 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-13 19:26 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-13 19:26 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-13 19:26 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-13 15:42 - 2014-02-13 15:42 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Chris_Pietschmann_(http__
2014-02-13 15:38 - 2014-02-13 15:38 - 01373696 _____ () C:\Users\Yvette\Downloads\VirtualRouterInstaller (1).msi
2014-02-13 15:38 - 2014-02-13 15:38 - 00000000 ____D () C:\Program Files (x86)\Virtual Router
2014-02-13 15:04 - 2014-02-13 19:55 - 00000000 ____D () C:\FRST
2014-02-13 15:01 - 2014-02-13 15:01 - 00614792 _____ (Chip Digital GmbH) C:\Users\Yvette\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-02-13 14:48 - 2014-02-13 14:48 - 01373696 _____ () C:\Users\Yvette\Downloads\VirtualRouterInstaller.msi
2014-02-11 15:30 - 2014-02-13 19:42 - 00000400 _____ () C:\Windows\Tasks\AllmyappsUpdateTask.job
2014-02-11 15:29 - 2014-02-13 17:08 - 00001426 _____ () C:\Users\Yvette\Desktop\Registry kostenlos entrümpeln!.lnk
2014-02-10 22:58 - 2014-02-10 22:58 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Macromedia
2014-02-10 22:52 - 2014-02-13 19:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-10 22:52 - 2014-02-10 22:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-10 22:52 - 2014-02-10 22:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-10 22:52 - 2014-02-10 22:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-10 22:52 - 2014-02-10 22:52 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-02-10 22:52 - 2014-02-10 22:52 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-10 22:51 - 2014-02-13 19:38 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Adobe
2014-02-10 22:48 - 2014-02-10 22:48 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-10 22:48 - 2014-02-10 22:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-10 16:50 - 2014-02-10 16:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-02-10 16:45 - 2014-02-10 16:45 - 00001811 _____ () C:\Users\Yvette\Desktop\Spotify.lnk
2014-02-10 16:45 - 2014-02-10 16:45 - 00001797 _____ () C:\Users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-02-10 16:45 - 2014-02-10 16:45 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-10 16:45 - 2014-02-10 16:45 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Spotify
2014-02-10 16:45 - 2014-02-10 16:45 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Spotify
2014-02-10 16:45 - 2014-02-10 16:45 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-02-10 16:40 - 2014-02-10 16:40 - 00003496 _____ () C:\Windows\System32\Tasks\AllmyappsUpdateTask
2014-02-10 16:40 - 2014-02-10 16:40 - 00000947 _____ () C:\Users\Yvette\Desktop\Allmyapps.lnk
2014-02-10 16:40 - 2014-02-10 16:40 - 00000000 ____D () C:\Users\Yvette\AppData\Local\CrashRpt
2014-02-10 16:40 - 2014-02-10 16:40 - 00000000 ____D () C:\Program Files (x86)\Systweak Support Dock
2014-02-10 16:40 - 2014-02-10 16:40 - 00000000 ____D () C:\Program Files (x86)\PC Cleaner
2014-02-10 16:40 - 2014-02-10 16:40 - 00000000 ____D () C:\Program Files (x86)\Advanced Disk Recovery
2014-02-10 16:38 - 2014-02-10 22:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-10 16:38 - 2014-02-10 16:38 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Mozilla
2014-02-10 16:38 - 2014-02-10 16:38 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Mozilla
2014-02-10 16:38 - 2014-02-10 16:38 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-10 16:37 - 2014-02-10 17:00 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-02-10 16:37 - 2014-02-10 16:40 - 00000000 ____D () C:\Program Files (x86)\System Speedup
2014-02-07 12:06 - 2014-02-07 12:06 - 00204821 _____ () C:\Users\Yvette\AppData\Roaming\VideoPad.dmp
2014-01-30 16:49 - 2014-01-30 16:49 - 00000382 _____ () C:\Windows\SysWOW64\SystemPreferences.xml
2014-01-29 22:04 - 2013-12-27 19:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-01-29 22:04 - 2013-12-27 19:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-01-29 14:15 - 2014-01-29 14:15 - 00000000 ____D () C:\Users\Yvette\Downloads\Zeug
2014-01-25 20:49 - 2014-01-25 20:49 - 00000000 ____D () C:\Users\Yvette\Documents\VideoPad Projects
2014-01-25 20:43 - 2014-01-25 20:43 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Deshaker
2014-01-24 17:08 - 2014-01-24 17:08 - 00000000 ____D () C:\Users\Yvette\Downloads\MC
2014-01-24 17:07 - 2014-01-24 17:07 - 10351963 _____ () C:\Users\Yvette\Downloads\H.J.C. v.13.0.0.zip
2014-01-23 22:05 - 2014-01-23 22:05 - 00000062 _____ () C:\Users\Yvette\Desktop\YVETT & SOMETHING..url
2014-01-23 16:24 - 2014-01-23 16:24 - 00000000 ____D () C:\ProgramData\Samsung
2014-01-23 16:24 - 2014-01-23 16:24 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-01-22 08:52 - 2014-01-22 08:52 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-01-22 08:52 - 2014-01-22 08:52 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-01-21 23:38 - 2014-02-13 19:26 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Free Download Manager
2014-01-21 23:38 - 2014-01-21 23:38 - 00000000 ____D () C:\ProgramData\Free Download Manager
2014-01-21 23:01 - 2014-01-23 22:05 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-01-21 23:01 - 2014-01-21 23:01 - 00000000 ____D () C:\Users\Yvette\AppData\Local\AskPartnerNetwork
2014-01-21 23:00 - 2014-01-21 23:00 - 00003100 _____ () C:\Windows\System32\Tasks\{CCC83893-6B9E-4849-955F-F259E6A525FB}
2014-01-21 23:00 - 2014-01-21 23:00 - 00003100 _____ () C:\Windows\System32\Tasks\{31F05655-1E96-46F7-A6D8-5E16AF01FAD2}
2014-01-21 23:00 - 2014-01-21 23:00 - 00003100 _____ () C:\Windows\System32\Tasks\{08DD6E3E-9AA2-4CA7-88A8-6B60B0B8E603}
2014-01-21 22:58 - 2014-01-21 22:58 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\viddyhd
2014-01-21 22:58 - 2014-01-21 22:58 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2014-01-21 22:57 - 2014-01-21 22:57 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\viddyhddownload
2014-01-21 22:57 - 2014-01-21 22:57 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\52deed972356d036750291b7
2014-01-21 22:56 - 2014-01-21 22:56 - 01751600 _____ (Bandoo Media Inc) C:\Users\Yvette\Downloads\iLividSetup-r394-n-bc.exe
2014-01-21 22:41 - 2014-01-21 22:41 - 00000000 ____D () C:\Users\Yvette\Documents\.minecraft
2014-01-21 22:07 - 2014-02-12 21:12 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\.minecraft
2014-01-21 22:07 - 2014-01-21 22:07 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-21 22:07 - 2014-01-21 22:07 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-21 22:07 - 2014-01-21 22:07 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-21 22:07 - 2014-01-21 22:07 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-21 22:07 - 2014-01-21 22:07 - 00000000 ____D () C:\ProgramData\Sun
2014-01-21 22:07 - 2014-01-21 22:07 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-21 22:07 - 2014-01-21 22:07 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-21 22:06 - 2014-01-21 22:06 - 00921000 _____ (Oracle Corporation) C:\Users\Yvette\Downloads\chromeinstall-7u51.exe
2014-01-21 22:05 - 2014-01-21 22:05 - 00675988 _____ () C:\Users\Yvette\Desktop\Minecraft.exe
2014-01-21 14:34 - 2014-01-21 14:34 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-01-21 14:34 - 2014-01-21 14:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-01-20 23:50 - 2014-01-20 23:53 - 00000000 ____D () C:\Windows\Minidump
2014-01-20 23:50 - 2014-01-20 23:50 - 00292880 _____ () C:\Windows\Minidump\012014-14757-01.dmp.old
2014-01-20 23:49 - 2014-01-20 23:49 - 589029714 _____ () C:\Windows\MEMORY.DMP
2014-01-20 23:48 - 2014-01-20 23:48 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\QuickScan
2014-01-20 23:45 - 2014-02-13 19:42 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\newnext.me
2014-01-20 23:45 - 2014-02-10 16:37 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2014-01-20 23:45 - 2014-02-10 16:37 - 00000000 ____D () C:\Users\Yvette\AppData\Local\genienext
2014-01-20 23:45 - 2014-01-20 23:45 - 00000000 ____D () C:\Users\Yvette\.android
2014-01-20 21:26 - 2014-01-20 21:32 - 412848112 _____ (Prezi.com) C:\Users\Yvette\Downloads\Install_Prezi_5.0.5.exe
2014-01-19 16:35 - 2014-02-06 08:09 - 00000000 ____D () C:\Users\Yvette\Downloads\Sport
2014-01-15 18:07 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 18:07 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 18:07 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 18:07 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 18:07 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 18:07 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 18:07 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 18:07 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 18:07 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
2014-02-13 19:55 - 2014-02-13 15:04 - 00000000 ____D () C:\FRST
2014-02-13 19:51 - 2014-02-13 19:51 - 00002405 _____ () C:\Users\Yvette\Desktop\JRT.txt
2014-02-13 19:49 - 2009-07-14 05:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-13 19:49 - 2009-07-14 05:45 - 00014192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-13 19:47 - 2009-07-14 18:58 - 00697870 _____ () C:\Windows\system32\perfh007.dat
2014-02-13 19:47 - 2009-07-14 18:58 - 00148664 _____ () C:\Windows\system32\perfc007.dat
2014-02-13 19:47 - 2009-07-14 06:13 - 01616762 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-13 19:46 - 2014-02-13 19:46 - 00000000 ____D () C:\Windows\ERUNT
2014-02-13 19:43 - 2013-12-11 20:26 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Skype
2014-02-13 19:42 - 2014-02-11 15:30 - 00000400 _____ () C:\Windows\Tasks\AllmyappsUpdateTask.job
2014-02-13 19:42 - 2014-01-20 23:45 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\newnext.me
2014-02-13 19:42 - 2013-11-12 20:37 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-02-13 19:41 - 2014-02-10 22:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-13 19:41 - 2013-11-07 02:06 - 00237736 _____ () C:\Windows\PFRO.log
2014-02-13 19:41 - 2013-11-07 02:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-13 19:41 - 2013-11-07 01:25 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-13 19:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-13 19:41 - 2009-07-14 05:51 - 00077979 _____ () C:\Windows\setupact.log
2014-02-13 19:40 - 2014-02-13 19:38 - 00000000 ____D () C:\AdwCleaner
2014-02-13 19:40 - 2013-11-07 00:55 - 00000000 ___RD () C:\Users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-13 19:40 - 2013-11-07 00:54 - 01586207 _____ () C:\Windows\WindowsUpdate.log
2014-02-13 19:38 - 2014-02-10 22:51 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Adobe
2014-02-13 19:36 - 2014-02-13 19:36 - 01166132 _____ () C:\Users\Yvette\Desktop\adwcleaner.exe
2014-02-13 19:32 - 2014-02-13 19:32 - 00035940 _____ () C:\ComboFix.txt
2014-02-13 19:32 - 2014-02-13 19:26 - 00000000 ____D () C:\Qoobox
2014-02-13 19:32 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-02-13 19:31 - 2014-02-13 19:26 - 00000000 ____D () C:\Windows\erdnt
2014-02-13 19:31 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-13 19:30 - 2013-11-07 01:25 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-13 19:26 - 2014-01-21 23:38 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Free Download Manager
2014-02-13 17:43 - 2013-11-12 15:45 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-13 17:42 - 2013-11-07 01:26 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Adobe
2014-02-13 17:08 - 2014-02-11 15:29 - 00001426 _____ () C:\Users\Yvette\Desktop\Registry kostenlos entrümpeln!.lnk
2014-02-13 17:06 - 2013-11-07 01:13 - 00107264 _____ () C:\Users\Yvette\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-13 17:05 - 2009-07-14 05:45 - 00412584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-13 17:02 - 2013-11-13 12:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-13 17:01 - 2013-11-13 12:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-02-13 17:01 - 2009-07-14 19:18 - 00000000 ____D () C:\Windows\ShellNew
2014-02-13 17:01 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-02-13 17:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-13 17:00 - 2009-07-14 03:34 - 00000387 _____ () C:\Windows\win.ini
2014-02-13 15:42 - 2014-02-13 15:42 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Chris_Pietschmann_(http__
2014-02-13 15:38 - 2014-02-13 15:38 - 01373696 _____ () C:\Users\Yvette\Downloads\VirtualRouterInstaller (1).msi
2014-02-13 15:38 - 2014-02-13 15:38 - 00000000 ____D () C:\Program Files (x86)\Virtual Router
2014-02-13 15:01 - 2014-02-13 15:01 - 00614792 _____ (Chip Digital GmbH) C:\Users\Yvette\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-02-13 14:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-13 14:48 - 2014-02-13 14:48 - 01373696 _____ () C:\Users\Yvette\Downloads\VirtualRouterInstaller.msi
2014-02-12 23:01 - 2013-12-16 18:02 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Mobogenie
2014-02-12 21:59 - 2013-11-27 17:46 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\TS3Client
2014-02-12 21:12 - 2014-01-21 22:07 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\.minecraft
2014-02-12 17:48 - 2013-11-13 13:02 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\vlc
2014-02-11 15:28 - 2013-11-08 14:58 - 00000000 ____D () C:\Program Files\WinRAR
2014-02-10 22:58 - 2014-02-10 22:58 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Macromedia
2014-02-10 22:52 - 2014-02-10 22:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-10 22:52 - 2014-02-10 22:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-10 22:52 - 2014-02-10 22:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-10 22:52 - 2014-02-10 22:52 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-02-10 22:52 - 2014-02-10 22:52 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-10 22:48 - 2014-02-10 22:48 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-10 22:48 - 2014-02-10 22:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-10 22:48 - 2014-02-10 16:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-10 17:00 - 2014-02-10 16:37 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-02-10 16:50 - 2014-02-10 16:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-02-10 16:46 - 2013-12-16 18:02 - 00000000 ____D () C:\Users\Yvette\AppData\Local\cache
2014-02-10 16:45 - 2014-02-10 16:45 - 00001811 _____ () C:\Users\Yvette\Desktop\Spotify.lnk
2014-02-10 16:45 - 2014-02-10 16:45 - 00001797 _____ () C:\Users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-02-10 16:45 - 2014-02-10 16:45 - 00001066 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-10 16:45 - 2014-02-10 16:45 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Spotify
2014-02-10 16:45 - 2014-02-10 16:45 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Spotify
2014-02-10 16:45 - 2014-02-10 16:45 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-02-10 16:44 - 2013-11-08 14:58 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-02-10 16:43 - 2013-12-16 18:02 - 00001725 _____ () C:\Users\Yvette\daemonprocess.txt
2014-02-10 16:40 - 2014-02-10 16:40 - 00003496 _____ () C:\Windows\System32\Tasks\AllmyappsUpdateTask
2014-02-10 16:40 - 2014-02-10 16:40 - 00000947 _____ () C:\Users\Yvette\Desktop\Allmyapps.lnk
2014-02-10 16:40 - 2014-02-10 16:40 - 00000000 ____D () C:\Users\Yvette\AppData\Local\CrashRpt
2014-02-10 16:40 - 2014-02-10 16:40 - 00000000 ____D () C:\Program Files (x86)\Systweak Support Dock
2014-02-10 16:40 - 2014-02-10 16:40 - 00000000 ____D () C:\Program Files (x86)\PC Cleaner
2014-02-10 16:40 - 2014-02-10 16:40 - 00000000 ____D () C:\Program Files (x86)\Advanced Disk Recovery
2014-02-10 16:40 - 2014-02-10 16:37 - 00000000 ____D () C:\Program Files (x86)\System Speedup
2014-02-10 16:38 - 2014-02-10 16:38 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Mozilla
2014-02-10 16:38 - 2014-02-10 16:38 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Mozilla
2014-02-10 16:38 - 2014-02-10 16:38 - 00000000 ____D () C:\ProgramData\Mozilla
2014-02-10 16:37 - 2014-01-20 23:45 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2014-02-10 16:37 - 2014-01-20 23:45 - 00000000 ____D () C:\Users\Yvette\AppData\Local\genienext
2014-02-07 12:06 - 2014-02-07 12:06 - 00204821 _____ () C:\Users\Yvette\AppData\Roaming\VideoPad.dmp
2014-02-06 08:09 - 2014-01-19 16:35 - 00000000 ____D () C:\Users\Yvette\Downloads\Sport
2014-01-30 16:49 - 2014-01-30 16:49 - 00000382 _____ () C:\Windows\SysWOW64\SystemPreferences.xml
2014-01-29 22:05 - 2013-11-07 02:02 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-01-29 14:15 - 2014-01-29 14:15 - 00000000 ____D () C:\Users\Yvette\Downloads\Zeug
2014-01-25 20:49 - 2014-01-25 20:49 - 00000000 ____D () C:\Users\Yvette\Documents\VideoPad Projects
2014-01-25 20:43 - 2014-01-25 20:43 - 00000000 ____D () C:\Users\Yvette\AppData\Local\Deshaker
2014-01-24 17:08 - 2014-01-24 17:08 - 00000000 ____D () C:\Users\Yvette\Downloads\MC
2014-01-24 17:07 - 2014-01-24 17:07 - 10351963 _____ () C:\Users\Yvette\Downloads\H.J.C. v.13.0.0.zip
2014-01-24 16:27 - 2013-11-28 16:42 - 00000000 ____D () C:\Users\Yvette\Downloads\Inst
2014-01-23 22:05 - 2014-01-23 22:05 - 00000062 _____ () C:\Users\Yvette\Desktop\YVETT & SOMETHING..url
2014-01-23 22:05 - 2014-01-21 23:01 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-01-23 22:04 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-01-23 16:24 - 2014-01-23 16:24 - 00000000 ____D () C:\ProgramData\Samsung
2014-01-23 16:24 - 2014-01-23 16:24 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-01-22 08:52 - 2014-01-22 08:52 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-01-22 08:52 - 2014-01-22 08:52 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-01-21 23:38 - 2014-01-21 23:38 - 00000000 ____D () C:\ProgramData\Free Download Manager
2014-01-21 23:01 - 2014-01-21 23:01 - 00000000 ____D () C:\Users\Yvette\AppData\Local\AskPartnerNetwork
2014-01-21 23:00 - 2014-01-21 23:00 - 00003100 _____ () C:\Windows\System32\Tasks\{CCC83893-6B9E-4849-955F-F259E6A525FB}
2014-01-21 23:00 - 2014-01-21 23:00 - 00003100 _____ () C:\Windows\System32\Tasks\{31F05655-1E96-46F7-A6D8-5E16AF01FAD2}
2014-01-21 23:00 - 2014-01-21 23:00 - 00003100 _____ () C:\Windows\System32\Tasks\{08DD6E3E-9AA2-4CA7-88A8-6B60B0B8E603}
2014-01-21 22:58 - 2014-01-21 22:58 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\viddyhd
2014-01-21 22:58 - 2014-01-21 22:58 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2014-01-21 22:57 - 2014-01-21 22:57 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\viddyhddownload
2014-01-21 22:57 - 2014-01-21 22:57 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\52deed972356d036750291b7
2014-01-21 22:56 - 2014-01-21 22:56 - 01751600 _____ (Bandoo Media Inc) C:\Users\Yvette\Downloads\iLividSetup-r394-n-bc.exe
2014-01-21 22:41 - 2014-01-21 22:41 - 00000000 ____D () C:\Users\Yvette\Documents\.minecraft
2014-01-21 22:07 - 2014-01-21 22:07 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-21 22:07 - 2014-01-21 22:07 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-21 22:07 - 2014-01-21 22:07 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-21 22:07 - 2014-01-21 22:07 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-21 22:07 - 2014-01-21 22:07 - 00000000 ____D () C:\ProgramData\Sun
2014-01-21 22:07 - 2014-01-21 22:07 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-21 22:07 - 2014-01-21 22:07 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-21 22:06 - 2014-01-21 22:06 - 00921000 _____ (Oracle Corporation) C:\Users\Yvette\Downloads\chromeinstall-7u51.exe
2014-01-21 22:05 - 2014-01-21 22:05 - 00675988 _____ () C:\Users\Yvette\Desktop\Minecraft.exe
2014-01-21 14:34 - 2014-01-21 14:34 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-01-21 14:34 - 2014-01-21 14:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-01-21 03:53 - 2013-11-07 02:03 - 01179576 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-01-21 03:53 - 2013-11-07 02:03 - 01048152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-01-20 23:53 - 2014-01-20 23:50 - 00000000 ____D () C:\Windows\Minidump
2014-01-20 23:50 - 2014-01-20 23:50 - 00292880 _____ () C:\Windows\Minidump\012014-14757-01.dmp.old
2014-01-20 23:49 - 2014-01-20 23:49 - 589029714 _____ () C:\Windows\MEMORY.DMP
2014-01-20 23:48 - 2014-01-20 23:48 - 00000000 ____D () C:\Users\Yvette\AppData\Roaming\QuickScan
2014-01-20 23:45 - 2014-01-20 23:45 - 00000000 ____D () C:\Users\Yvette\.android
2014-01-20 23:45 - 2013-11-07 00:55 - 00000000 ____D () C:\Users\Yvette
2014-01-20 21:32 - 2014-01-20 21:26 - 412848112 _____ (Prezi.com) C:\Users\Yvette\Downloads\Install_Prezi_5.0.5.exe
2014-01-16 01:22 - 2013-11-08 16:10 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-16 01:22 - 2013-11-08 16:10 - 00000000 ____D () C:\Windows\system32\MRT
Some content of TEMP:
====================
C:\Users\Yvette\AppData\Local\Temp\avgnt.exe
C:\Users\Yvette\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-29 20:32
==================== End Of Log ============================
|
|
13.02.2014, 20:37
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Lollipop Networks! Was nun? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.02.2014, 22:01
| #11 |
| | Lollipop Networks! Was nun? Hier ist schonmal das erste Ergebnis: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.13.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Yvette :: YVETTE-PC [Administrator] Schutz: Aktiviert 13.02.2014 20:53:08 mbam-log-2014-02-13 (20-53-08).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 229395 Laufzeit: 3 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 2248 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 7 HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Typelib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.OutBrowse) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.OutBrowse) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\SEARCHPROTECTINT (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\SEARCHPROTECTINT2 (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\aartemisSoftware\aartemishp (PUP.Optional.Aartemis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Daten: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Yvette\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\SearchProtectINT|Install (PUP.Optional.SearchProtect.A) -> Daten: 1 -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\SearchProtectINT2|Install (PUP.Optional.SearchProtect.A) -> Daten: 1 -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\Users\Yvette\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Yvette\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 10 C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Löschen bei Neustart. C:\Users\Yvette\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Yvette\AppData\Roaming\52deed972356d036750291b7\52deed972356d036750291b7.exe (PUP.Optional.ViddyHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Downloads\Setup.exe (PUP.Optional.Domalq) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Yvette\Downloads\iLividSetup-r394-n-bc.exe (PUP.Optional.Bandoo) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Yvette\AppData\Local\genienext\nengine.dll (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Yvette\AppData\Local\mysearchdial-speeddial.crx (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Yvette\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Yvette\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Yvette\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bac8867305873a4bb499f76cdc4051fa
# engine=17063
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-13 08:58:47
# local_time=2014-02-13 09:58:47 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 3554 10896285 1301 0
# compatibility_mode=5893 16776574 66 85 8054138 143954977 0 0
# scanned=157603
# found=0
# cleaned=0
# scan_time=2626
|
|
14.02.2014, 00:24
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Lollipop Networks! Was nun? Ok, neues MBAM Log bitte
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.02.2014, 22:03
| #13 |
| | Lollipop Networks! Was nun? Ok. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.04.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16518 Yvette :: YVETTE-PC [Administrator] Schutz: Deaktiviert 14.02.2014 22:00:19 mbam-log-2014-02-14 (22-00-19).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 229024 Laufzeit: 2 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
15.02.2014, 15:17
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Lollipop Networks! Was nun? TFC - Temp File Cleaner Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.02.2014, 20:04
| #15 |
| | Lollipop Networks! Was nun? Vielen vielen Dank!! Es gab nun keine weiteren Funde mehr. |
|
| Themen zu Lollipop Networks! Was nun? |
| aartemis, aartemis entfernen, adware/adware.a.4682, adware/adware.a.4699, adware/installcore.gen7, adware/wajam.a, alter, alternative, alternativen, compu, computer, daten, deinstalliere, entdeckt, hacker, mobogenie, mobogenie entfernen, natürlich, problem, schön, seite, trojan:js/medfos.b?, vorgehen, warum, works |
Linear-Darstellung
