Den Fixlog.txt[CODEFix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02
Ran by WhiteBull at 2014-05-30 20:49:38 Run:3
Running from C:\Users\WhiteBull\Downloads\Trojaner Board
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
S4 Time; C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [10752 2013-07-26] (Microsoft)
AppInit_DLLs: C:\PROGRA~2\SO_X64~1.BOO => C:\Program Files (x86)\SO_x64.Booster [4210176 2014-05-25] ()
AppInit_DLLs-x32: c:\progra~2\so0cb7~1.boo => C:\Program Files (x86)\SO.Booster [4296192 2014-05-25] ()
C:\ProgramData\Microsoft\Windows\Time
C:\Documents and Settings\All Users\InstallMate
C:\Documents and Settings\All Users\TopApp software\SO.Booster
C:\Documents and Settings\Gast.WhiteBull-PC\Downloads\setup (1).exe
C:\Documents and Settings\WhiteBull\AppData\Roaming\Mozilla\Firefox\Profiles\j1di8db6.default\prefs-3.js
C:\Documents and Settings\WhiteBull\AppData\Roaming\Mozilla\Firefox\Profiles\j1di8db6.default\prefs.js.new
C:\Documents and Settings\WhiteBull\Downloads\cnet2_eu281en_exe.exe
C:\Dokumente und Einstellungen\All Users\InstallMate
C:\Dokumente und Einstellungen\Gast.WhiteBull-PC\Downloads\setup (1).exe
C:\Dokumente und Einstellungen\WhiteBull\Downloads\cnet2_eu281en_exe.ex
C:\Program Files (x86)\SO.Booster
C:\Program Files (x86)\SOSvc.dll
C:\Program Files (x86)\SO_x64.Booster
C:\Program Files (x86)\NCH Software\Components\NCHToolbars\conduit\
C:\Program Files (x86)\SNT\DuQt9Fj.dll
C:\Program Files (x86)\SNT\DuQt9Fj.x64.dll
C:\Program Files (x86)\YoutubeAdblocker\A7y8lHs.dll
C:\Program Files (x86)\YoutubeAdblocker\A7y8lHs.x64.dl
*****************
Time => Service deleted successfully.
"C:\PROGRA~2\SO_X64~1.BOO" => Value Data removed successfully.
"c:\progra~2\so0cb7~1.boo" => Value Data removed successfully.
C:\ProgramData\Microsoft\Windows\Time => Moved successfully.
C:\Documents and Settings\All Users\InstallMate => Moved successfully.
C:\Documents and Settings\All Users\TopApp software\SO.Booster => Moved successfully.
C:\Documents and Settings\Gast.WhiteBull-PC\Downloads\setup (1).exe => Moved successfully.
C:\Documents and Settings\WhiteBull\AppData\Roaming\Mozilla\Firefox\Profiles\j1di8db6.default\prefs-3.js => Moved successfully.
C:\Documents and Settings\WhiteBull\AppData\Roaming\Mozilla\Firefox\Profiles\j1di8db6.default\prefs.js.new => Moved successfully.
C:\Documents and Settings\WhiteBull\Downloads\cnet2_eu281en_exe.exe => Moved successfully.
"C:\Dokumente und Einstellungen\All Users\InstallMate" => File/Directory not found.
"C:\Dokumente und Einstellungen\Gast.WhiteBull-PC\Downloads\setup (1).exe" => File/Directory not found.
"C:\Dokumente und Einstellungen\WhiteBull\Downloads\cnet2_eu281en_exe.ex" => File/Directory not found.
C:\Program Files (x86)\SO.Booster => Moved successfully.
Could not move "C:\Program Files (x86)\SOSvc.dll" => Scheduled to move on reboot.
C:\Program Files (x86)\SO_x64.Booster => Moved successfully.
C:\Program Files (x86)\NCH Software\Components\NCHToolbars\conduit => Moved successfully.
C:\Program Files (x86)\SNT\DuQt9Fj.dll => Moved successfully.
C:\Program Files (x86)\SNT\DuQt9Fj.x64.dll => Moved successfully.
C:\Program Files (x86)\YoutubeAdblocker\A7y8lHs.dll => Moved successfully.
"C:\Program Files (x86)\YoutubeAdblocker\A7y8lHs.x64.dl" => File/Directory not found.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-05-30 20:51:18)<=
C:\Program Files (x86)\SOSvc.dll => Is moved successfully.
==== End of Fixlog ====][/CODE]
Code:
# AdwCleaner v3.211 - Bericht erstellt am 30/05/2014 um 21:01:26
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : WhiteBull - WHITEBULL-PC
# Gestartet von : C:\Users\WhiteBull\Desktop\PS Brushes,Stock\adwcleaner_3.211.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : 1a34a8e0
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\SNT
Ordner Gelöscht : C:\ProgramData\Webbing
Ordner Gelöscht : C:\ProgramData\YoutubeAdblocker
Ordner Gelöscht : C:\Program Files (x86)\GreenTree Applications
Ordner Gelöscht : C:\Program Files (x86)\SNT
Ordner Gelöscht : C:\Program Files (x86)\YoutubeAdblocker
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : C:\Users\Gast.WhiteBull-PC\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Gast.WhiteBull-PC\AppData\Local\torch
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\torch
Ordner Gelöscht : C:\Users\WhiteBull\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\WhiteBull\AppData\Local\torch
Ordner Gelöscht : C:\Users\WhiteBull\AppData\Roaming\SendSpace
Ordner Gelöscht : C:\Users\WhiteBull\AppData\Roaming\ZoomBrowser EX
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Ordner Gelöscht : C:\Users\Gast.WhiteBull-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafbjdakbjlabiagephcgapbcicpfahm
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafbjdakbjlabiagephcgapbcicpfahm
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafbjdakbjlabiagephcgapbcicpfahm
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnomjfdblhjoopngpdpimcdcnccjlgfh
Ordner Gelöscht : C:\Users\Gast.WhiteBull-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnomjfdblhjoopngpdpimcdcnccjlgfh
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnomjfdblhjoopngpdpimcdcnccjlgfh
Ordner Gelöscht : C:\Users\WhiteBull\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnomjfdblhjoopngpdpimcdcnccjlgfh
Datei Gelöscht : C:\Users\WhiteBull\AppData\Roaming\LiveSupport.exe_log.txt
Datei Gelöscht : C:\Users\WhiteBull\AppData\Roaming\regsvr32.exe_log.txt
Datei Gelöscht : C:\Users\WhiteBull\AppData\Roaming\Mozilla\Firefox\Profiles\j1di8db6.default\searchplugins\WebSearch.xml
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [livesupport]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YoutubeAdblocker.YoutubeAdblocker.1.0
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-603818780
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{1a34a8e0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D00EDD0F-4202-117D-CF03-547C9C69FA57}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D00EDD0F-4202-117D-CF03-547C9C69FA57}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D00EDD0F-4202-117D-CF03-547C9C69FA57}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{D00EDD0F-4202-117D-CF03-547C9C69FA57}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D00EDD0F-4202-117D-CF03-547C9C69FA57}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\RegisteredApplicationsEx
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
***** [ Browser ] *****
-\\ Internet Explorer v0.0.0.0
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Gast.WhiteBull-PC\AppData\Roaming\Mozilla\Firefox\Profiles\xxpcueyj.default\prefs.js ]
[ Datei : C:\Users\WhiteBull\AppData\Roaming\Mozilla\Firefox\Profiles\j1di8db6.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.order.1", "WebSearch");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "WebSearch");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://websearch.searchsun.info/?pid=34&r=2014/05/25&hid=10278482604022251563&lg=EN&cc=DE&unqvl=52");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "WebSearch");
Zeile gelöscht : user_pref("browser.search.order.1,S", "WebSearch");
Zeile gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch");
Zeile gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://websearch.searchsun.info/?pid=34&r=2014/05/25&hid=10278482604022251563&lg=EN&cc=DE&unqvl=52&l=1&q=");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.searchsun.info/?pid=34&r=2014/05/25&hid=10278482604022251563&lg=EN&cc=DE&unqvl=52&l=1&q=");
-\\ Google Chrome v33.0.1750.154
[ Datei : C:\Users\Gast.WhiteBull-PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : mnomjfdblhjoopngpdpimcdcnccjlgfh
Gelöscht [Extension] : cknebhggccemgcnbidipinkifmmegdel
[ Datei : C:\Users\WhiteBull\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=110824&tt=4812_2&babsrc=SP_ss&mntrId=660e9f76000000000000002710445bf9
Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1398511102&from=cor&uid=SAMSUNGXHM500JI_S29MJDSZ503980&q={searchTerms}
Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3325580&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPDCF5C933-9EEC-4229-812D-083422D33036&q={searchTerms}&SSPV=
Gelöscht [Search Provider] : hxxp://isearch.avg.com/search?cid={F5B6AC37-B802-49F8-B728-7F7BF26B9EB7}&mid=8351a376737e47d1908f150f5f5ed246-eb943acb23274f00721e2af14467ef6e124141d4&lang=de&ds=tt014&pr=sa&d=2012-01-12 22:21:13&v=11.1.0.7&sap=dsp&q={searchTerms}
Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
Gelöscht [Search Provider] : hxxp://websearch.searchsun.info/?l=1&q={searchTerms}&pid=34&r=2014/05/25&hid=10278482604022251563&lg=EN&cc=DE&unqvl=52
Gelöscht [Startup_urls] : hxxp://websearch.searchsun.info/?pid=34&r=2014/05/25&hid=10278482604022251563&lg=EN&cc=DE&unqvl=52
Gelöscht [Homepage] : hxxp://websearch.searchsun.info/?pid=34&r=2014/05/25&hid=10278482604022251563&lg=EN&cc=DE&unqvl=52
Gelöscht [Extension] : mnomjfdblhjoopngpdpimcdcnccjlgfh
*************************
AdwCleaner[R0].txt - [45645 octets] - [15/04/2014 21:09:59]
AdwCleaner[R10].txt - [1896 octets] - [23/04/2014 10:56:52]
AdwCleaner[R11].txt - [6031 octets] - [23/04/2014 11:11:01]
AdwCleaner[R12].txt - [2584 octets] - [23/04/2014 11:54:23]
AdwCleaner[R13].txt - [4754 octets] - [26/04/2014 13:44:41]
AdwCleaner[R14].txt - [4045 octets] - [28/04/2014 18:24:49]
AdwCleaner[R15].txt - [5010 octets] - [28/04/2014 19:29:41]
AdwCleaner[R16].txt - [10920 octets] - [30/05/2014 20:58:56]
AdwCleaner[R1].txt - [1288 octets] - [15/04/2014 21:17:12]
AdwCleaner[R2].txt - [1857 octets] - [16/04/2014 17:31:19]
AdwCleaner[R3].txt - [1546 octets] - [18/04/2014 08:11:11]
AdwCleaner[R4].txt - [2273 octets] - [18/04/2014 10:52:34]
AdwCleaner[R5].txt - [1485 octets] - [18/04/2014 11:00:24]
AdwCleaner[R6].txt - [1577 octets] - [21/04/2014 12:31:01]
AdwCleaner[R7].txt - [1667 octets] - [21/04/2014 12:32:35]
AdwCleaner[R8].txt - [2374 octets] - [23/04/2014 08:21:59]
AdwCleaner[R9].txt - [4731 octets] - [23/04/2014 10:47:37]
AdwCleaner[S0].txt - [43056 octets] - [15/04/2014 21:13:46]
AdwCleaner[S10].txt - [4682 octets] - [26/04/2014 13:47:30]
AdwCleaner[S11].txt - [5706 octets] - [28/04/2014 19:30:58]
AdwCleaner[S12].txt - [9733 octets] - [30/05/2014 21:01:26]
AdwCleaner[S1].txt - [1349 octets] - [15/04/2014 21:19:43]
AdwCleaner[S2].txt - [1361 octets] - [16/04/2014 17:40:11]
AdwCleaner[S3].txt - [1583 octets] - [18/04/2014 10:54:34]
AdwCleaner[S4].txt - [1462 octets] - [18/04/2014 11:07:26]
AdwCleaner[S5].txt - [355 octets] - [21/04/2014 12:31:36]
AdwCleaner[S6].txt - [1739 octets] - [21/04/2014 12:33:16]
AdwCleaner[S7].txt - [4732 octets] - [23/04/2014 10:56:34]
AdwCleaner[S8].txt - [6120 octets] - [23/04/2014 11:14:36]
AdwCleaner[S9].txt - [2601 octets] - [23/04/2014 11:55:55]
########## EOF - C:\AdwCleaner\AdwCleaner[S12].txt - [10333 octets] ##########
FRST Logfile:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by WhiteBull (administrator) on WHITEBULL-PC on 30-05-2014 21:08:43
Running from C:\Users\WhiteBull\Downloads\Trojaner Board
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3771404351-1378321806-3142792130-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [7892864 2013-09-02] (Binary Fortress Software)
HKU\S-1-5-21-3771404351-1378321806-3142792130-1000\...\Policies\system: [EnableLUA] 0
HKU\S-1-5-21-3771404351-1378321806-3142792130-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3771404351-1378321806-3142792130-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3771404351-1378321806-3142792130-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3771404351-1378321806-3142792130-1000\...\MountPoints2: M - M:\start.exe
HKU\S-1-5-21-3771404351-1378321806-3142792130-1000\...\MountPoints2: {cb7fd5f9-5140-11e3-96fb-c44619ba3bb5} - F:\Windows\StartFreeStyle.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF7E9F6A15FD1CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} - No File
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: SNT - {B6E70066-97FD-5A00-1C68-A8D7288FCB31} - C:\Program Files (x86)\SNT\DuQt9Fj.x64.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: SNT - {B6E70066-97FD-5A00-1C68-A8D7288FCB31} - C:\Program Files (x86)\SNT\DuQt9Fj.dll No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\WhiteBull\AppData\Roaming\Mozilla\Firefox\Profiles\j1di8db6.default
FF NewTab: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: adobe.com/AdobeExManCCDetect32 - C:\Program Files (x86)\Adobe\Adobe Extension Manager CC\npAdobeExManCCDetect32.dll (Adobe Systems)
FF Plugin HKCU: adobe.com/AdobeExManCCDetect64 - C:\Program Files (x86)\Adobe\Adobe Extension Manager CC\npAdobeExManCCDetect64.dll (Adobe Systems)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\WhiteBull\AppData\Roaming\Mozilla\Firefox\Profiles\j1di8db6.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\WhiteBull\AppData\Roaming\Mozilla\Firefox\Profiles\j1di8db6.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\WhiteBull\AppData\Roaming\Mozilla\Firefox\Profiles\j1di8db6.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\WhiteBull\AppData\Roaming\Mozilla\Firefox\Profiles\j1di8db6.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\WhiteBull\AppData\Roaming\Mozilla\Firefox\Profiles\j1di8db6.default\Extensions\staged [2014-05-25]
FF Extension: MEGA - C:\Users\WhiteBull\AppData\Roaming\Mozilla\Firefox\Profiles\j1di8db6.default\Extensions\firefox@mega.co.nz.xpi [2013-12-12]
FF Extension: Personas Plus - C:\Users\WhiteBull\AppData\Roaming\Mozilla\Firefox\Profiles\j1di8db6.default\Extensions\personas@christopher.beard.xpi [2012-06-20]
FF Extension: GMX MailCheck - C:\Users\WhiteBull\AppData\Roaming\Mozilla\Firefox\Profiles\j1di8db6.default\Extensions\toolbar@gmx.net.xpi [2013-09-14]
FF Extension: Facebook Photo Zoom - C:\Users\WhiteBull\AppData\Roaming\Mozilla\Firefox\Profiles\j1di8db6.default\Extensions\{7c6cdf7c-8ea8-4be7-ae5a-0b3effe14d66}.xpi [2014-04-24]
FF Extension: Adblock Plus - C:\Users\WhiteBull\AppData\Roaming\Mozilla\Firefox\Profiles\j1di8db6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-23]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-01-13]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: websearch
CHR DefaultSearchProvider: WebSearch
CHR DefaultSearchURL: hxxp://websearch.searchsun.info/?l=1&q={searchTerms}&pid=34&r=2014/05/25&hid=10278482604022251563&lg=EN&cc=DE&unqvl=52
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\WhiteBull\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-29]
CHR Extension: (Google Drive) - C:\Users\WhiteBull\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-05]
CHR Extension: (YouTube) - C:\Users\WhiteBull\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-12]
CHR Extension: (GMX MailCheck) - C:\Users\WhiteBull\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2014-04-26]
CHR Extension: (Google-Suche) - C:\Users\WhiteBull\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-12]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\WhiteBull\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-04-26]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\WhiteBull\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-04-26]
CHR Extension: (Type Scout) - C:\Users\WhiteBull\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedokkaolmkkoeedicihicdeppjjeamj [2014-04-26]
CHR Extension: (Zoom For Facebook™) - C:\Users\WhiteBull\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngbeoiabhpolojnejkbnbflcfcchmaj [2014-04-26]
CHR Extension: (No Name) - C:\Users\WhiteBull\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnomjfdblhjoopngpdpimcdcnccjlgfh [2014-05-25]
CHR Extension: (Google Wallet) - C:\Users\WhiteBull\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-05]
CHR Extension: (Google Mail) - C:\Users\WhiteBull\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-12]
CHR Extension: (Facebook Likes und Fans Börse) - C:\Users\WhiteBull\AppData\Local\Google\Chrome\User Data\Default\Extensions\pofmbenoongnpfnlbophjclcmdkmjmpf [2014-04-26]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44736 2013-10-24] (ArcSoft, Inc.)
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\DfSdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [1315728 2013-09-02] (Binary Fortress Software)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [621336 2013-12-04] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-25] (Disc Soft Ltd)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104560 2012-04-25] (Qualcomm Atheros Co., Ltd.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-04-25] (Duplex Secure Ltd.)
R2 UI5IFS; C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\IFS64.sys [30120 2012-09-18] ()
U3 a6qul7xl; C:\Windows\System32\Drivers\a6qul7xl.sys [0 ] (Microsoft Corporation)
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-29 20:01 - 2014-05-29 20:01 - 00000000 ____D () C:\Users\WhiteBull\AppData\Roaming\DropboxMaster
2014-05-29 12:26 - 2014-05-30 20:58 - 00000000 ____D () C:\Users\WhiteBull\Desktop\PS Brushes,Stock
2014-05-27 21:52 - 2014-05-27 21:52 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-25 15:52 - 2014-05-30 21:03 - 00000476 ____H () C:\Windows\Tasks\SO.Booster-S-603818780.job
2014-05-25 15:52 - 2014-05-30 20:49 - 00000000 ____D () C:\ProgramData\TopApp software
2014-05-25 15:52 - 2014-05-25 15:56 - 00000000 ____D () C:\ProgramData\savE on
2014-05-25 15:52 - 2014-05-25 15:54 - 00000000 ____D () C:\Program Files (x86)\savE on
2014-05-25 15:52 - 2014-05-25 15:52 - 00002722 _____ () C:\Windows\System32\Tasks\SO.Booster-S-603818780
2014-05-24 16:24 - 2014-05-30 20:31 - 00002268 _____ () C:\Windows\LkmdfCoInst.log
2014-05-18 23:08 - 2014-05-18 23:08 - 00000000 ____D () C:\Users\WhiteBull\Desktop\Automatisch zu iTunes hinzufügen
2014-05-18 10:54 - 2014-05-18 10:54 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-18 10:54 - 2014-05-18 10:54 - 00000305 ____H () C:\Users\WhiteBull\Desktop\.iTunes Preferences.plist
2014-05-18 10:54 - 2014-05-18 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-18 10:53 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-05-18 10:52 - 2014-05-18 10:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-18 10:52 - 2014-05-18 10:53 - 00000000 ____D () C:\Program Files\iTunes
2014-05-18 10:52 - 2014-05-18 10:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-18 10:52 - 2014-05-18 10:52 - 00000000 ____D () C:\Program Files\iPod
2014-05-17 23:40 - 2008-07-03 14:27 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70.dll
2014-05-17 22:59 - 2014-05-24 17:05 - 00000000 ____D () C:\Users\WhiteBull\Desktop\MP3
2014-05-17 19:32 - 2014-05-17 19:33 - 179031009 _____ () C:\Users\WhiteBull\Desktop\IMG_5799.psd
2014-05-17 18:22 - 2006-03-03 10:02 - 00658432 _____ (Borland Corporation) C:\Windows\SysWOW64\cc3270mt.dll
2014-05-17 18:22 - 2002-01-05 15:40 - 00487424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp70.dll
2014-05-17 18:22 - 2002-01-05 03:37 - 00344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
2014-05-17 11:41 - 2014-05-17 11:41 - 00000000 ____D () C:\Program Files\Bonjour
2014-05-17 11:41 - 2014-05-17 11:41 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-05-14 21:08 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 21:08 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 21:08 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 21:08 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 21:08 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 21:08 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 21:08 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 21:07 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 21:07 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 21:07 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 21:07 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 21:07 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 21:07 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 21:07 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 21:07 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 21:07 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 21:07 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 21:07 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 21:07 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 21:07 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 21:07 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 21:07 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 21:07 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 21:07 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 21:07 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 21:07 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 21:07 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 21:07 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 21:07 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 21:07 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 21:07 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 21:07 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 21:07 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 21:07 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 21:07 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 21:07 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 21:07 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 21:07 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 21:07 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 21:07 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 21:07 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 21:07 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 21:07 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 21:07 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 21:07 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 20:55 - 2014-05-14 20:55 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-13 19:05 - 2014-05-13 19:13 - 00000000 ____D () C:\Users\WhiteBull\Desktop\Photoshop Digital
2014-05-10 15:23 - 2014-05-10 15:23 - 00004899 _____ () C:\Users\WhiteBull\Downloads\Actions.zip
2014-05-10 10:39 - 2014-05-10 16:53 - 00000132 _____ () C:\Users\WhiteBull\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen
2014-05-07 12:10 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-07 12:10 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-07 12:10 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-07 12:10 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 19:01 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-06 19:01 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-06 19:01 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-06 19:01 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-06 19:01 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-06 19:01 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-06 19:01 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-06 19:01 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-06 19:01 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-06 19:01 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-06 19:01 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-06 19:01 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-06 19:01 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-06 19:01 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-06 19:01 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-06 19:01 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-06 19:01 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-06 19:01 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-06 19:01 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-06 19:01 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-06 19:01 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-06 19:01 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-06 19:01 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-06 19:01 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-06 19:01 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-06 19:00 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-06 19:00 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-06 19:00 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-06 19:00 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-06 19:00 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-06 19:00 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-06 19:00 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-06 19:00 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-06 19:00 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-06 19:00 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-06 19:00 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-06 19:00 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-06 19:00 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-06 19:00 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-06 19:00 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-06 19:00 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-06 19:00 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-06 19:00 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-06 19:00 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-03 08:11 - 2014-05-03 08:11 - 00001228 _____ () C:\Users\WhiteBull\Desktop\Revo Uninstaller.lnk
2014-05-03 08:11 - 2014-05-03 08:11 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-03 08:10 - 2014-05-03 08:10 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\WhiteBull\Downloads\revosetup95.exe
2014-05-02 14:29 - 2014-05-02 14:29 - 01110476 _____ () C:\Users\WhiteBull\Downloads\7z920.exe
2014-05-02 14:29 - 2014-05-02 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-02 14:29 - 2014-05-02 14:29 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-05-02 13:45 - 2014-05-30 21:08 - 00000000 ____D () C:\Users\WhiteBull\Downloads\Trojaner Board
2014-05-01 20:37 - 2014-05-30 21:08 - 00000000 ____D () C:\FRST
2014-05-01 19:50 - 2014-05-01 19:53 - 00052608 _____ () C:\Users\WhiteBull\Adobe Creative Suite Cleaner Tool.log
2014-05-01 19:49 - 2011-05-27 17:05 - 07767944 _____ (Adobe System Incorporated.) C:\Users\WhiteBull\Downloads\AdobeCreativeSuiteCleanerTool.exe
2014-05-01 11:08 - 2014-05-01 11:09 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-05-01 08:37 - 2014-05-01 08:37 - 00000000 ____D () C:\Users\WhiteBull\Documents\HDR Expose 3
2014-05-01 08:36 - 2014-05-03 08:17 - 00000000 ____D () C:\Program Files\UCT
2014-05-01 08:33 - 2014-05-01 08:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photomatix Pro 4.1
==================== One Month Modified Files and Folders =======
2014-05-30 21:08 - 2014-05-02 13:45 - 00000000 ____D () C:\Users\WhiteBull\Downloads\Trojaner Board
2014-05-30 21:08 - 2014-05-01 20:37 - 00000000 ____D () C:\FRST
2014-05-30 21:07 - 2010-11-21 08:50 - 00703214 _____ () C:\Windows\system32\perfh007.dat
2014-05-30 21:07 - 2010-11-21 08:50 - 00150822 _____ () C:\Windows\system32\perfc007.dat
2014-05-30 21:07 - 2009-07-14 07:13 - 01629372 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-30 21:04 - 2012-08-18 08:52 - 00000439 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-05-30 21:03 - 2014-05-25 15:52 - 00000476 ____H () C:\Windows\Tasks\SO.Booster-S-603818780.job
2014-05-30 21:03 - 2014-04-26 13:40 - 00013518 _____ () C:\Windows\PFRO.log
2014-05-30 21:03 - 2014-04-26 08:13 - 00012591 _____ () C:\Windows\setupact.log
2014-05-30 21:03 - 2012-01-12 21:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-30 21:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-30 21:02 - 2014-04-15 21:09 - 00000000 ____D () C:\AdwCleaner
2014-05-30 21:02 - 2012-01-12 20:10 - 01544940 _____ () C:\Windows\WindowsUpdate.log
2014-05-30 21:00 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-30 21:00 - 2009-07-14 06:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-30 20:58 - 2014-05-29 12:26 - 00000000 ____D () C:\Users\WhiteBull\Desktop\PS Brushes,Stock
2014-05-30 20:55 - 2012-01-12 22:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-30 20:49 - 2014-05-25 15:52 - 00000000 ____D () C:\ProgramData\TopApp software
2014-05-30 20:36 - 2012-01-13 17:39 - 00000000 ____D () C:\Users\WhiteBull\AppData\Local\Adobe
2014-05-30 20:31 - 2014-05-24 16:24 - 00002268 _____ () C:\Windows\LkmdfCoInst.log
2014-05-30 20:31 - 2012-06-30 07:45 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-05-29 23:18 - 2012-01-13 17:31 - 00000000 ___RD () C:\Users\WhiteBull\Dropbox
2014-05-29 22:36 - 2012-01-12 21:09 - 00000000 ____D () C:\Users\WhiteBull\AppData\Roaming\DisplayFusion
2014-05-29 20:01 - 2014-05-29 20:01 - 00000000 ____D () C:\Users\WhiteBull\AppData\Roaming\DropboxMaster
2014-05-29 20:01 - 2012-01-13 17:28 - 00000000 ____D () C:\Users\WhiteBull\AppData\Roaming\Dropbox
2014-05-29 20:00 - 2012-01-13 17:29 - 00000000 ____D () C:\Users\WhiteBull\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-29 19:57 - 2013-03-05 21:17 - 00001456 _____ () C:\Users\WhiteBull\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-05-29 17:37 - 2012-08-17 22:52 - 00070656 ___SH () C:\Users\WhiteBull\Desktop\Thumbs.db
2014-05-29 14:19 - 2012-10-02 21:03 - 00000000 ____D () C:\Users\WhiteBull\AppData\Roaming\UseNeXT
2014-05-29 10:53 - 2012-06-30 07:12 - 00000000 ____D () C:\Users\WhiteBull\AppData\Roaming\vlc
2014-05-27 21:52 - 2014-05-27 21:52 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-27 20:55 - 2013-09-28 23:50 - 00028468 _____ () C:\Users\WhiteBull\Documents\DxO Logging Name.log
2014-05-26 19:08 - 2012-01-13 17:53 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-25 15:59 - 2013-01-06 13:00 - 00000000 ____D () C:\Users\WhiteBull\AppData\Roaming\NCH Software
2014-05-25 15:59 - 2013-01-06 13:00 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-05-25 15:56 - 2014-05-25 15:52 - 00000000 ____D () C:\ProgramData\savE on
2014-05-25 15:54 - 2014-05-25 15:52 - 00000000 ____D () C:\Program Files (x86)\savE on
2014-05-25 15:54 - 2014-03-16 15:16 - 00000000 ____D () C:\ProgramData\4771994fd3ae8c18
2014-05-25 15:52 - 2014-05-25 15:52 - 00002722 _____ () C:\Windows\System32\Tasks\SO.Booster-S-603818780
2014-05-24 17:05 - 2014-05-17 22:59 - 00000000 ____D () C:\Users\WhiteBull\Desktop\MP3
2014-05-24 17:01 - 2012-01-12 20:20 - 00000000 ____D () C:\Users\WhiteBull
2014-05-20 18:43 - 2012-06-17 08:05 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2014-05-19 18:08 - 2012-11-11 13:06 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-05-18 23:08 - 2014-05-18 23:08 - 00000000 ____D () C:\Users\WhiteBull\Desktop\Automatisch zu iTunes hinzufügen
2014-05-18 12:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-18 10:54 - 2014-05-18 10:54 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-18 10:54 - 2014-05-18 10:54 - 00000305 ____H () C:\Users\WhiteBull\Desktop\.iTunes Preferences.plist
2014-05-18 10:54 - 2014-05-18 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-18 10:53 - 2014-05-18 10:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-18 10:53 - 2014-05-18 10:52 - 00000000 ____D () C:\Program Files\iTunes
2014-05-18 10:53 - 2014-05-18 10:52 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-18 10:52 - 2014-05-18 10:52 - 00000000 ____D () C:\Program Files\iPod
2014-05-17 23:54 - 2013-01-06 13:00 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-05-17 22:59 - 2013-01-06 13:00 - 00000000 ____D () C:\ProgramData\NCH Software
2014-05-17 19:33 - 2014-05-17 19:32 - 179031009 _____ () C:\Users\WhiteBull\Desktop\IMG_5799.psd
2014-05-17 18:24 - 2012-06-17 08:07 - 00000000 ____D () C:\Users\WhiteBull\AppData\Roaming\AVS4YOU
2014-05-17 12:33 - 2012-11-08 15:37 - 00297128 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-05-17 12:31 - 2012-11-05 20:46 - 00000000 ____D () C:\Users\WhiteBull\Documents\Outlook-Dateien
2014-05-17 11:54 - 2012-12-02 11:49 - 00000000 ____D () C:\Users\WhiteBull\AppData\Local\2741EED0-6DC1-4A26-87E7-B9D4EB9170DE.aplzod
2014-05-17 11:41 - 2014-05-17 11:41 - 00000000 ____D () C:\Program Files\Bonjour
2014-05-17 11:41 - 2014-05-17 11:41 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-05-17 11:40 - 2012-08-25 09:56 - 00000000 ____D () C:\ProgramData\Apple
2014-05-16 22:40 - 2012-01-12 20:21 - 00000000 ___RD () C:\Users\WhiteBull\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 22:40 - 2012-01-12 20:21 - 00000000 ___RD () C:\Users\WhiteBull\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 22:33 - 2014-04-26 12:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 22:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 21:11 - 2013-07-25 16:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 21:09 - 2012-06-16 09:25 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 20:55 - 2014-05-14 20:55 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-14 20:55 - 2012-01-12 22:40 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 20:55 - 2012-01-12 22:40 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 20:55 - 2012-01-12 22:40 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 19:13 - 2014-05-13 19:05 - 00000000 ____D () C:\Users\WhiteBull\Desktop\Photoshop Digital
2014-05-10 16:53 - 2014-05-10 10:39 - 00000132 _____ () C:\Users\WhiteBull\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen
2014-05-10 15:23 - 2014-05-10 15:23 - 00004899 _____ () C:\Users\WhiteBull\Downloads\Actions.zip
2014-05-10 07:46 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-09 08:14 - 2014-05-14 21:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 21:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-03 09:54 - 2012-01-13 17:48 - 00000000 ____D () C:\Program Files\Adobe
2014-05-03 08:44 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-03 08:17 - 2014-05-01 08:36 - 00000000 ____D () C:\Program Files\UCT
2014-05-03 08:11 - 2014-05-03 08:11 - 00001228 _____ () C:\Users\WhiteBull\Desktop\Revo Uninstaller.lnk
2014-05-03 08:11 - 2014-05-03 08:11 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-03 08:10 - 2014-05-03 08:10 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\WhiteBull\Downloads\revosetup95.exe
2014-05-03 07:58 - 2014-04-25 18:16 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-03 07:42 - 2012-01-12 21:09 - 00205352 _____ () C:\Users\WhiteBull\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-03 07:40 - 2009-07-14 06:45 - 05336792 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-02 14:29 - 2014-05-02 14:29 - 01110476 _____ () C:\Users\WhiteBull\Downloads\7z920.exe
2014-05-02 14:29 - 2014-05-02 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-02 14:29 - 2014-05-02 14:29 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-05-02 14:17 - 2014-03-29 19:36 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-05-01 20:19 - 2012-12-12 13:58 - 00000000 ____D () C:\Users\WhiteBull\Documents\My Digital Editions
2014-05-01 20:19 - 2012-01-13 17:46 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-01 19:53 - 2014-05-01 19:50 - 00052608 _____ () C:\Users\WhiteBull\Adobe Creative Suite Cleaner Tool.log
2014-05-01 15:44 - 2012-06-16 19:04 - 00007680 _____ () C:\Users\WhiteBull\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-01 11:09 - 2014-05-01 11:08 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-05-01 08:37 - 2014-05-01 08:37 - 00000000 ____D () C:\Users\WhiteBull\Documents\HDR Expose 3
2014-05-01 08:33 - 2014-05-01 08:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photomatix Pro 4.1
2014-05-01 08:33 - 2012-06-16 08:24 - 00000000 ____D () C:\Program Files\PhotomatixPro4
Some content of TEMP:
====================
C:\Users\WhiteBull\AppData\Local\Temp\aacdec.exe
C:\Users\WhiteBull\AppData\Local\Temp\aacenc.exe
C:\Users\WhiteBull\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph_oguv.dll
C:\Users\WhiteBull\AppData\Local\Temp\FastDownload.exe
C:\Users\WhiteBull\AppData\Local\Temp\ICReinstall_nsvFA3.tmp.exe
C:\Users\WhiteBull\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\WhiteBull\AppData\Local\Temp\mp3el.exe
C:\Users\WhiteBull\AppData\Local\Temp\procexp64.exe
C:\Users\WhiteBull\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-29 12:55
==================== End Of Log ============================
--- --- ---
--- --- ---