| |
| |||||||
Log-Analyse und Auswertung: Hijacker lässt sich nicht finden, egal mit welchem ProgrammWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
14.08.2014, 13:16
| #1 |
| |  Hijacker lässt sich nicht finden, egal mit welchem Programm Hallo, ich hatte vorgestern Istarsurf auf dem Rechner gehabt. Hab das Programm direkt gelöscht und alles andere was damit zutun haben könnte. Doch trotzdem öffnet sich bei jedem Browser den ich habe, ein neues Fenster mit nerviger Werbung. Ich habe den Adwcleaner direkt danach installiert aber leider habe ich damit nichts gefunden. danach habe ich auch zahlreich andere Virenprogramme wie z.B. Hijack this, Ad aware usw. installiert in der Hoffnung das ich den Hijacker finde, aber leider auch mit anderen Programmen erfolglos. Ich weis jetzt einfach nicht mehr weiter ich wäre echt froh wenn mir jemand helfen könnte. |
|
14.08.2014, 13:19
| #2 |
| /// the machine /// TB-Ausbilder    | Hijacker lässt sich nicht finden, egal mit welchem Programm hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
14.08.2014, 15:03
| #3 |
| | Hijacker lässt sich nicht finden, egal mit welchem Programm FRST Logfile:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-08-2014 01
Ran by David (administrator) on DAVID on 14-08-2014 14:23:00
Running from C:\Users\David\Downloads
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\stacsv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\AEstSrv.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Razer Inc.) C:\Program Files\Razer\RzWizard\RzWizardService.exe
() C:\Windows\Microsoft\sogr\WindowsUpdater.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Hardware\Game Controllers\Common\SWTrayV4.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Razer Inc.) C:\Program Files\Razer\RzWizard\RzWizard.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
(Samsung) C:\Program Files\SAMSUNG\Kies\Kies.exe
(Samsung) C:\Program Files\SAMSUNG\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\PicRec (x86)\PicRec (x86)\WFP\FilterUsageExample.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKLM\...\Policies\Explorer: [NoToolbarCustomize] 0
HKU\S-1-5-21-886002270-3676093480-2908310277-1001\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-04-23] (Samsung)
HKU\S-1-5-21-886002270-3676093480-2908310277-1001\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-886002270-3676093480-2908310277-1001\...\Policies\Explorer: [NoToolbarCustomize] 0
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD01DDBD3A904CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\9oaaxkgh.default
FF NewTab: chrome://quick_start/content/index.html
FF SearchEngineOrder.1: Amazon
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\9oaaxkgh.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\9oaaxkgh.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\istartsurf.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-12]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-12]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-12]
CHR Extension: (Google-Suche) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-12]
CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-12]
CHR Extension: (Google Mail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-12]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AESTFilters; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [1680088 2013-10-28] (Broadcom Corporation.)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [655352 2014-06-03] ()
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-08-11] (IObit)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RzWizardService; C:\Program Files\Razer\RzWizard\RzWizardService.exe [367616 2014-05-20] (Razer Inc.) [File not signed]
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 sogr; C:\WINDOWS\Microsoft\sogr\WindowsUpdater.exe [19968 2014-07-29] () [File not signed]
R2 STacSV; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279784 2014-03-24] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-03-24] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1210368 2014-04-03] (Microsoft Corporation)
S2 fpvoixdaog32; C:\Program Files\002\fpvoixdaog32.exe run options=01110010020000000000000000000000 sourceguid=106056F7-36E2-4861-97FC-AD47C9832713 [X]
S2 RrFilterService; c:\Program Files\RrFilter\RrFilterService.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [175320 2013-10-28] (Broadcom Corporation.)
R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [78216 2014-04-22] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [93648 2014-04-22] (BitDefender LLC)
S3 btwampfl; C:\WINDOWS\system32\DRIVERS\btwampfl.sys [144600 2013-10-28] (Broadcom Corporation.)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [165744 2014-04-22] (BitDefender LLC)
S3 HtcVCom32; C:\WINDOWS\system32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R1 netfilter; C:\WINDOWS\System32\drivers\netfilter.sys [31744 2014-02-13] (NetFilterSDK.com) [File not signed]
R1 netmon_wfp; C:\WINDOWS\System32\drivers\netmon_wfp.sys [44248 2014-07-29] (Windows (R) Win 7 DDK provider)
R3 NETwNs32; C:\WINDOWS\system32\DRIVERS\NETwNs32.sys [7518208 2013-06-18] (Intel Corporation)
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [360376 2014-04-22] (BitDefender S.R.L.)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [92504 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-05-03] (Microsoft Corporation)
S3 WUDFSensorLP; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-14 14:23 - 2014-08-14 14:24 - 00013963 _____ () C:\Users\David\Downloads\FRST.txt
2014-08-14 14:22 - 2014-08-14 14:23 - 00000000 ____D () C:\FRST
2014-08-14 14:22 - 2014-08-14 14:22 - 01092096 _____ (Farbar) C:\Users\David\Downloads\FRST.exe
2014-08-14 03:20 - 2014-08-14 03:21 - 00000000 ____D () C:\Program Files\Browser Hijack Recover
2014-08-14 03:20 - 2014-08-14 03:20 - 02449338 _____ (Wamasoft,Inc. ) C:\Users\David\Downloads\browser-hijack-recover_4352.exe
2014-08-14 03:20 - 2014-08-14 03:20 - 00001044 _____ () C:\Users\UpdatusUser\Desktop\Browser Hijack Recover(BHR).lnk
2014-08-14 03:20 - 2014-08-14 03:20 - 00001044 _____ () C:\Users\David\Desktop\Browser Hijack Recover(BHR).lnk
2014-08-14 03:20 - 2014-08-14 03:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Hijack Recover(BHR)
2014-08-14 03:20 - 2014-08-14 03:20 - 00000000 _____ () C:\WINDOWS\system32\8104297.jun
2014-08-14 03:04 - 2014-08-14 03:04 - 00001000 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
2014-08-14 03:04 - 2014-08-14 03:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
2014-08-14 03:04 - 2014-08-14 03:04 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree
2014-08-14 03:03 - 2014-08-14 03:03 - 02095808 _____ (Emsi Software GmbH ) C:\Users\David\Downloads\a-squared-hijackfree_27131.exe
2014-08-14 02:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-08-14 02:51 - 2014-08-14 02:51 - 01356107 _____ () C:\Users\David\Downloads\adwcleaner_3.305.exe
2014-08-14 02:32 - 2014-08-14 02:32 - 00304857 _____ () C:\Users\David\Downloads\HijackThis_205.zip
2014-08-14 00:40 - 2014-08-14 00:40 - 00000050 _____ () C:\Users\David\Downloads\ad_companion
2014-08-14 00:27 - 2014-08-14 00:27 - 03736125 _____ () C:\Users\David\Downloads\testdisk-6.14.win.zip
2014-08-12 15:36 - 2014-08-14 03:44 - 00002141 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-12 15:36 - 2014-08-12 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-12 15:35 - 2014-08-14 03:44 - 00001108 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-12 15:35 - 2014-08-14 02:57 - 00001104 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 15:35 - 2014-08-12 15:36 - 00000000 ____D () C:\Users\David\AppData\Local\Google
2014-08-12 15:35 - 2014-08-12 15:35 - 00000000 ____D () C:\Program Files\Google
2014-08-12 15:34 - 2014-08-12 15:34 - 00895120 _____ (Google Inc.) C:\Users\David\Downloads\ChromeSetup.exe
2014-08-12 15:27 - 2014-08-12 15:27 - 00001020 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk
2014-08-12 15:27 - 2014-08-12 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-08-12 15:27 - 2014-08-12 15:27 - 00000000 ____D () C:\Program Files\CHIP Updater
2014-08-12 15:26 - 2014-08-12 15:26 - 01101648 _____ () C:\Users\David\Downloads\CWShredder - CHIP-Installer.exe
2014-08-12 15:05 - 2014-08-12 15:05 - 00001159 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-08-12 15:05 - 2014-08-12 15:05 - 00000000 ____D () C:\Users\David\AppData\Roaming\Nico Mak Computing
2014-08-12 15:05 - 2014-08-12 15:05 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-08-12 15:05 - 2013-03-15 17:01 - 00016384 _____ () C:\WINDOWS\system32\wsusnative32.exe
2014-08-12 15:03 - 2014-08-12 15:03 - 04892480 _____ (WinZip International LLC ) C:\Users\David\Downloads\wzmp_8.exe
2014-08-12 14:58 - 2014-08-12 14:58 - 00001168 _____ () C:\Users\David\Desktop\JRT.txt
2014-08-12 14:56 - 2014-08-12 14:56 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-12 14:54 - 2014-08-12 14:55 - 01016261 _____ (Thisisu) C:\Users\David\Downloads\JRT.exe
2014-08-12 14:40 - 2014-08-12 14:40 - 05569662 _____ (Swearware) C:\Users\David\Downloads\ComboFix.exe
2014-08-12 14:33 - 2014-08-12 14:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-12 00:22 - 2014-08-12 00:22 - 00000000 ____D () C:\ProgramData\BitDefender
2014-08-12 00:13 - 2014-08-12 00:13 - 00000000 ____D () C:\Users\David\AppData\Roaming\Lavasoft
2014-08-12 00:08 - 2014-08-12 00:08 - 00000000 ____D () C:\Users\David\AppData\Roaming\LavasoftStatistics
2014-08-12 00:08 - 2014-04-22 17:29 - 01516488 _____ (Bitdefender) C:\WINDOWS\system32\bdnc.dll
2014-08-12 00:08 - 2014-04-22 17:28 - 00842368 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdsmtpp.dll
2014-08-12 00:08 - 2014-04-22 17:28 - 00179560 _____ (BitDefender) C:\WINDOWS\system32\BdFirewallSDK.dll
2014-08-12 00:08 - 2014-04-22 17:28 - 00161544 _____ (BitDefender) C:\WINDOWS\system32\httproxy.dll
2014-08-12 00:08 - 2014-04-22 17:28 - 00136824 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdpop3p.dll
2014-08-12 00:08 - 2014-04-22 17:28 - 00135288 _____ () C:\WINDOWS\system32\bdfwcore.dll
2014-08-12 00:08 - 2014-04-22 17:28 - 00110568 _____ (BitDefender) C:\WINDOWS\system32\OEMbdpredir.dll
2014-08-12 00:08 - 2014-04-22 17:28 - 00086896 _____ (BitDefender) C:\WINDOWS\system32\bdpredir.dll
2014-08-12 00:07 - 2014-08-14 02:57 - 00002329 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-08-12 00:07 - 2014-08-12 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-08-12 00:04 - 2014-08-12 00:05 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-12 00:03 - 2014-08-12 00:03 - 01707144 _____ () C:\Users\David\Downloads\Adaware112_Installer.exe
2014-08-12 00:03 - 2014-08-12 00:03 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-08-12 00:03 - 2014-08-12 00:03 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-08-11 23:57 - 2014-08-11 23:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-11 23:19 - 2014-08-11 23:19 - 00000000 ____D () C:\Users\David\AppData\Roaming\ProductData
2014-08-11 23:18 - 2014-08-12 00:00 - 00000000 ____D () C:\ProgramData\IObit
2014-08-11 23:18 - 2014-08-11 23:19 - 00000000 ____D () C:\ProgramData\ProductData
2014-08-11 23:18 - 2014-08-11 23:18 - 00001226 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-08-11 23:18 - 2014-08-11 23:18 - 00001202 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-08-11 23:18 - 2014-08-11 23:18 - 00000278 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2014-08-11 23:17 - 2014-08-11 23:18 - 00000000 ____D () C:\Program Files\IObit
2014-08-11 23:17 - 2014-08-11 23:17 - 12906784 _____ (IObit) C:\Users\David\Downloads\iobituninstaller_338.exe
2014-08-11 23:17 - 2014-08-11 23:17 - 00000000 ____D () C:\Users\David\AppData\Roaming\IObit
2014-08-11 22:06 - 2014-06-26 22:55 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-08-11 22:06 - 2014-06-26 22:55 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-08-11 21:57 - 2014-08-11 21:57 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-08-11 21:50 - 2014-08-11 22:14 - 00000000 ____D () C:\Users\David\Desktop\Nature One The Golden Twenty+
2014-08-11 21:47 - 2014-08-11 21:47 - 01234120 _____ () C:\Users\David\Downloads\wrar380.exe
2014-08-11 21:47 - 2014-08-11 21:47 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-11 21:47 - 2014-08-11 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-11 20:38 - 2014-08-11 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery
2014-08-11 20:38 - 2014-08-11 20:38 - 00000000 ____D () C:\ProgramData\Elcomsoft Password Recovery
2014-08-11 20:38 - 2014-08-11 20:38 - 00000000 ____D () C:\Program Files\Elcomsoft Password Recovery
2014-08-11 20:38 - 2014-08-11 20:38 - 00000000 ____D () C:\Program Files\Elcomsoft
2014-08-11 20:37 - 2014-08-11 20:38 - 00000000 ____D () C:\Users\David\AppData\Local\Abelssoft
2014-08-11 20:37 - 2014-08-11 20:37 - 00000000 ____D () C:\Users\David\AppData\Roaming\Abelssoft
2014-08-11 20:37 - 2014-08-11 20:37 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-08-11 20:37 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\system32\dhRichClient3.dll
2014-08-11 20:37 - 2011-03-25 20:42 - 00338432 _____ () C:\WINDOWS\system32\sqlite36_engine.dll
2014-08-11 20:35 - 2014-08-11 20:36 - 01101648 _____ () C:\Users\David\Downloads\Advanced Archive Password Recovery - CHIP-Installer.exe
2014-08-11 20:06 - 2014-08-14 01:57 - 00000000 ____D () C:\Users\David\Desktop\The GoldenTwenty
2014-08-11 20:05 - 2014-08-14 14:23 - 00000000 ____D () C:\http_filter
2014-08-11 20:05 - 2014-08-11 20:05 - 00000000 ____D () C:\ProgramData\PicRec
2014-08-11 20:05 - 2014-08-11 20:05 - 00000000 ____D () C:\Program Files\Common Files\PicRec
2014-08-11 20:05 - 2014-07-29 10:16 - 00044248 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\netmon_wfp.sys
2014-08-11 20:04 - 2014-08-11 20:04 - 00000000 ____D () C:\Program Files\PicRec (x86)
2014-08-03 03:49 - 2014-08-03 03:49 - 00000000 ____D () C:\Users\David\AppData\Local\Razer_Inc
2014-08-02 19:04 - 2014-08-02 19:04 - 00000000 ____D () C:\ProgramData\Razer
2014-08-02 19:03 - 2014-08-02 19:04 - 00000000 ____D () C:\Program Files\Razer
2014-08-02 18:43 - 2014-04-14 04:37 - 00865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-08-02 17:19 - 2014-07-01 00:46 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-08-02 17:19 - 2014-06-28 08:57 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-08-02 17:19 - 2014-06-28 08:27 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-08-02 17:19 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-02 17:19 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-02 17:19 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-02 17:19 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-02 17:19 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-02 17:19 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-02 17:19 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-02 17:19 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-02 17:19 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-02 17:19 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-02 17:19 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-02 17:19 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-02 17:19 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-02 17:19 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-02 17:19 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-08-02 17:19 - 2014-06-06 15:20 - 03497472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-02 17:19 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-08-02 17:19 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-02 17:19 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-02 17:19 - 2014-05-30 05:05 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-08-02 17:19 - 2014-05-29 11:30 - 00481400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-08-02 17:19 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-08-02 17:19 - 2014-05-29 06:38 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-08-02 17:19 - 2014-02-06 12:19 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-08-02 17:19 - 2014-02-06 12:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-08-02 17:19 - 2014-02-06 11:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-02 17:19 - 2014-02-06 11:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-02 17:19 - 2014-02-06 11:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-08-02 17:19 - 2014-02-06 11:47 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-08-02 17:19 - 2014-02-06 11:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-02 17:18 - 2014-05-31 10:38 - 00049552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-08-02 17:18 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-08-02 17:18 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-02 17:18 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-08-02 17:18 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-08-02 17:18 - 2014-05-31 04:39 - 02818048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-08-02 17:18 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-08-02 17:18 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-24 22:51 - 2014-07-24 22:51 - 00000000 ____D () C:\rbtemp
2014-07-24 22:51 - 2012-07-25 12:03 - 00017136 _____ () C:\WINDOWS\system32\sasnative32.exe
2014-07-24 22:38 - 2014-04-18 15:43 - 00031064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-07-24 22:38 - 2014-04-18 15:29 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-07-24 22:38 - 2014-04-18 10:51 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2014-07-24 22:38 - 2014-04-18 10:01 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-07-24 22:38 - 2014-04-18 09:51 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-07-24 22:38 - 2014-04-18 09:49 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-07-24 22:38 - 2014-04-14 10:01 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2014-07-24 22:38 - 2014-04-11 07:29 - 01016320 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-07-24 22:38 - 2014-04-11 06:23 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-07-24 22:38 - 2014-04-11 05:27 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-07-24 22:38 - 2014-04-09 12:47 - 00294744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-07-24 22:38 - 2014-04-09 07:44 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2014-07-24 22:38 - 2014-04-09 05:22 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2014-07-24 22:38 - 2014-04-08 01:47 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2014-07-24 22:38 - 2014-04-06 17:27 - 00311128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-07-24 22:38 - 2014-04-06 17:27 - 00240472 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2014-07-24 22:38 - 2014-04-06 17:23 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-07-24 22:38 - 2014-04-06 17:22 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-07-24 22:38 - 2014-04-06 17:22 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2014-07-24 22:38 - 2014-04-06 17:18 - 00271192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2014-07-24 22:38 - 2014-04-06 17:16 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 01159520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 00194752 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-07-24 22:38 - 2014-04-06 14:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2014-07-24 22:38 - 2014-04-06 14:00 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2014-07-24 22:38 - 2014-04-06 13:54 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-07-24 22:38 - 2014-04-06 13:47 - 00264704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2014-07-24 22:38 - 2014-04-06 13:40 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2014-07-24 22:38 - 2014-04-06 12:58 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2014-07-24 22:38 - 2014-04-06 12:55 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-07-24 22:38 - 2014-04-06 12:44 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-07-24 22:38 - 2014-04-06 12:37 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-07-24 22:38 - 2014-04-06 12:36 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-07-24 22:38 - 2014-04-06 11:59 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2014-07-24 22:38 - 2014-04-03 06:03 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2014-07-24 22:38 - 2014-04-03 06:03 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2014-07-24 22:38 - 2014-04-03 05:53 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-07-24 22:38 - 2014-04-03 04:46 - 03563008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-07-24 22:38 - 2014-04-03 04:45 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-07-24 22:38 - 2014-04-03 04:44 - 01210368 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-07-24 22:38 - 2014-04-03 04:24 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-07-24 22:38 - 2014-04-03 04:23 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2014-07-24 22:38 - 2014-04-01 07:09 - 00333656 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-07-24 22:38 - 2014-03-31 05:34 - 05786968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-07-24 22:38 - 2014-03-31 02:41 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d8thk.dll
2014-07-24 22:38 - 2014-03-31 01:26 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-07-24 22:38 - 2014-03-31 01:13 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-07-24 22:38 - 2014-03-31 00:37 - 01167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-07-24 22:38 - 2014-03-31 00:35 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-07-24 22:38 - 2014-03-31 00:09 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-07-24 22:38 - 2014-03-30 23:49 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-07-24 22:38 - 2014-03-28 11:04 - 00328984 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2014-07-24 22:38 - 2014-03-27 07:21 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-07-24 22:38 - 2014-03-27 06:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2014-07-24 22:38 - 2014-03-27 06:19 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-07-24 22:38 - 2014-03-27 05:22 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-07-24 22:38 - 2014-03-27 05:03 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-07-24 22:38 - 2014-03-27 04:59 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2014-07-24 22:38 - 2014-03-25 00:57 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-07-24 22:38 - 2014-03-21 05:46 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\tscfgwmi.dll
2014-07-24 22:38 - 2014-03-20 03:20 - 00229344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-07-24 22:38 - 2014-03-20 01:38 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2014-07-24 22:38 - 2014-03-20 01:33 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-07-24 22:38 - 2014-03-19 09:17 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2014-07-24 22:38 - 2014-03-19 09:09 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-07-24 22:38 - 2014-03-19 07:56 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-07-24 22:38 - 2014-03-19 07:00 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-07-24 22:38 - 2014-03-19 06:51 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-07-24 22:38 - 2014-03-19 06:47 - 01309184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-07-24 22:38 - 2014-03-19 06:23 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-07-24 22:38 - 2014-03-19 06:14 - 02130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-07-24 22:38 - 2014-03-18 09:22 - 00069632 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-07-24 22:38 - 2014-03-18 06:52 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2014-07-24 22:38 - 2014-03-17 06:11 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-07-24 22:38 - 2014-03-17 04:45 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-07-24 22:38 - 2014-03-17 04:36 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-07-24 22:38 - 2014-03-14 08:10 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2014-07-24 22:38 - 2014-03-06 12:37 - 00264536 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-07-24 22:38 - 2014-01-27 20:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-07-24 22:37 - 2014-05-19 07:33 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2014-07-24 22:37 - 2014-05-19 07:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2014-07-24 22:37 - 2014-05-10 05:22 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-07-24 22:37 - 2014-05-09 01:08 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2014-07-24 22:37 - 2014-05-05 06:02 - 02826240 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-07-24 22:37 - 2014-05-03 08:36 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-07-24 22:37 - 2014-05-01 13:00 - 02257608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-07-24 22:37 - 2014-05-01 13:00 - 00046512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2014-07-24 22:37 - 2014-05-01 08:51 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-07-24 22:37 - 2014-05-01 08:42 - 02045440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-07-24 22:37 - 2014-05-01 07:31 - 02366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2014-07-24 22:37 - 2014-04-30 12:10 - 01090296 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-07-24 22:37 - 2014-04-30 05:47 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2014-07-24 22:37 - 2014-04-30 05:43 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2014-07-24 22:37 - 2014-04-03 05:46 - 01871704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-07-24 22:37 - 2014-04-03 05:46 - 00286040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-14 14:24 - 2014-08-14 14:23 - 00013963 _____ () C:\Users\David\Downloads\FRST.txt
2014-08-14 14:23 - 2014-08-14 14:22 - 00000000 ____D () C:\FRST
2014-08-14 14:23 - 2014-08-11 20:05 - 00000000 ____D () C:\http_filter
2014-08-14 14:23 - 2014-05-03 00:19 - 01348625 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-14 14:22 - 2014-08-14 14:22 - 01092096 _____ (Farbar) C:\Users\David\Downloads\FRST.exe
2014-08-14 14:00 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-14 03:59 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-08-14 03:44 - 2014-08-12 15:36 - 00002141 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-14 03:44 - 2014-08-12 15:35 - 00001108 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-14 03:21 - 2014-08-14 03:20 - 00000000 ____D () C:\Program Files\Browser Hijack Recover
2014-08-14 03:20 - 2014-08-14 03:20 - 02449338 _____ (Wamasoft,Inc. ) C:\Users\David\Downloads\browser-hijack-recover_4352.exe
2014-08-14 03:20 - 2014-08-14 03:20 - 00001044 _____ () C:\Users\UpdatusUser\Desktop\Browser Hijack Recover(BHR).lnk
2014-08-14 03:20 - 2014-08-14 03:20 - 00001044 _____ () C:\Users\David\Desktop\Browser Hijack Recover(BHR).lnk
2014-08-14 03:20 - 2014-08-14 03:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Hijack Recover(BHR)
2014-08-14 03:20 - 2014-08-14 03:20 - 00000000 _____ () C:\WINDOWS\system32\8104297.jun
2014-08-14 03:16 - 2014-05-05 23:48 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-14 03:13 - 2014-05-03 00:51 - 00000000 __RDO () C:\Users\David\OneDrive
2014-08-14 03:04 - 2014-08-14 03:04 - 00001000 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
2014-08-14 03:04 - 2014-08-14 03:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
2014-08-14 03:04 - 2014-08-14 03:04 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree
2014-08-14 03:03 - 2014-08-14 03:03 - 02095808 _____ (Emsi Software GmbH ) C:\Users\David\Downloads\a-squared-hijackfree_27131.exe
2014-08-14 03:02 - 2014-03-18 10:04 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-14 02:57 - 2014-08-12 15:35 - 00001104 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-14 02:57 - 2014-08-12 00:07 - 00002329 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-08-14 02:56 - 2014-04-01 21:34 - 00000000 ____D () C:\Users\David\AppData\Local\HTC MediaHub
2014-08-14 02:55 - 2014-03-18 01:54 - 00023080 _____ () C:\WINDOWS\PFRO.log
2014-08-14 02:55 - 2013-08-22 09:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-14 02:54 - 2014-05-24 22:46 - 00000000 ____D () C:\AdwCleaner
2014-08-14 02:51 - 2014-08-14 02:51 - 01356107 _____ () C:\Users\David\Downloads\adwcleaner_3.305.exe
2014-08-14 02:32 - 2014-08-14 02:32 - 00304857 _____ () C:\Users\David\Downloads\HijackThis_205.zip
2014-08-14 01:57 - 2014-08-11 20:06 - 00000000 ____D () C:\Users\David\Desktop\The GoldenTwenty
2014-08-14 01:43 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\tracing
2014-08-14 00:40 - 2014-08-14 00:40 - 00000050 _____ () C:\Users\David\Downloads\ad_companion
2014-08-14 00:37 - 2014-05-05 22:15 - 00003973 _____ () C:\WINDOWS\setupact.log
2014-08-14 00:27 - 2014-08-14 00:27 - 03736125 _____ () C:\Users\David\Downloads\testdisk-6.14.win.zip
2014-08-13 00:33 - 2014-05-02 22:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-12 15:36 - 2014-08-12 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-12 15:36 - 2014-08-12 15:35 - 00000000 ____D () C:\Users\David\AppData\Local\Google
2014-08-12 15:35 - 2014-08-12 15:35 - 00000000 ____D () C:\Program Files\Google
2014-08-12 15:34 - 2014-08-12 15:34 - 00895120 _____ (Google Inc.) C:\Users\David\Downloads\ChromeSetup.exe
2014-08-12 15:27 - 2014-08-12 15:27 - 00001020 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk
2014-08-12 15:27 - 2014-08-12 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-08-12 15:27 - 2014-08-12 15:27 - 00000000 ____D () C:\Program Files\CHIP Updater
2014-08-12 15:26 - 2014-08-12 15:26 - 01101648 _____ () C:\Users\David\Downloads\CWShredder - CHIP-Installer.exe
2014-08-12 15:10 - 2014-05-24 21:44 - 00000000 ____D () C:\Users\David\AppData\Local\11030
2014-08-12 15:05 - 2014-08-12 15:05 - 00001159 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-08-12 15:05 - 2014-08-12 15:05 - 00000000 ____D () C:\Users\David\AppData\Roaming\Nico Mak Computing
2014-08-12 15:05 - 2014-08-12 15:05 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-08-12 15:03 - 2014-08-12 15:03 - 04892480 _____ (WinZip International LLC ) C:\Users\David\Downloads\wzmp_8.exe
2014-08-12 14:58 - 2014-08-12 14:58 - 00001168 _____ () C:\Users\David\Desktop\JRT.txt
2014-08-12 14:56 - 2014-08-12 14:56 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-12 14:55 - 2014-08-12 14:54 - 01016261 _____ (Thisisu) C:\Users\David\Downloads\JRT.exe
2014-08-12 14:40 - 2014-08-12 14:40 - 05569662 _____ (Swearware) C:\Users\David\Downloads\ComboFix.exe
2014-08-12 14:33 - 2014-08-12 14:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-12 02:03 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-12 00:45 - 2014-05-03 00:44 - 00001160 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-12 00:45 - 2014-05-02 22:10 - 00001031 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-12 00:45 - 2013-08-22 08:13 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-12 00:22 - 2014-08-12 00:22 - 00000000 ____D () C:\ProgramData\BitDefender
2014-08-12 00:13 - 2014-08-12 00:13 - 00000000 ____D () C:\Users\David\AppData\Roaming\Lavasoft
2014-08-12 00:08 - 2014-08-12 00:08 - 00000000 ____D () C:\Users\David\AppData\Roaming\LavasoftStatistics
2014-08-12 00:07 - 2014-08-12 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-08-12 00:05 - 2014-08-12 00:04 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-12 00:03 - 2014-08-12 00:03 - 01707144 _____ () C:\Users\David\Downloads\Adaware112_Installer.exe
2014-08-12 00:03 - 2014-08-12 00:03 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-08-12 00:03 - 2014-08-12 00:03 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-08-12 00:00 - 2014-08-11 23:18 - 00000000 ____D () C:\ProgramData\IObit
2014-08-12 00:00 - 2013-02-06 22:45 - 00002448 _____ () C:\ProgramData\hpzinstall.log
2014-08-11 23:58 - 2014-08-11 23:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-11 23:19 - 2014-08-11 23:19 - 00000000 ____D () C:\Users\David\AppData\Roaming\ProductData
2014-08-11 23:19 - 2014-08-11 23:18 - 00000000 ____D () C:\ProgramData\ProductData
2014-08-11 23:18 - 2014-08-11 23:18 - 00001226 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-08-11 23:18 - 2014-08-11 23:18 - 00001202 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-08-11 23:18 - 2014-08-11 23:18 - 00000278 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2014-08-11 23:18 - 2014-08-11 23:17 - 00000000 ____D () C:\Program Files\IObit
2014-08-11 23:17 - 2014-08-11 23:17 - 12906784 _____ (IObit) C:\Users\David\Downloads\iobituninstaller_338.exe
2014-08-11 23:17 - 2014-08-11 23:17 - 00000000 ____D () C:\Users\David\AppData\Roaming\IObit
2014-08-11 22:14 - 2014-08-11 21:50 - 00000000 ____D () C:\Users\David\Desktop\Nature One The Golden Twenty+
2014-08-11 22:06 - 2012-07-26 06:17 - 00000304 _____ () C:\WINDOWS\win.ini
2014-08-11 22:03 - 2014-05-03 09:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-11 22:03 - 2013-08-22 09:22 - 00482192 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-11 22:03 - 2013-02-23 18:47 - 00000000 ____D () C:\Program Files\WinRAR
2014-08-11 21:57 - 2014-08-11 21:57 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-08-11 21:57 - 2014-03-18 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-11 21:57 - 2014-03-18 09:30 - 00000000 ____D () C:\WINDOWS\system32\Drivers\de-DE
2014-08-11 21:57 - 2013-08-22 10:17 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-11 21:57 - 2013-08-22 10:17 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-08-11 21:57 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-11 21:57 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-11 21:57 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\WinStore
2014-08-11 21:57 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\de-DE
2014-08-11 21:56 - 2013-09-30 21:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-11 21:47 - 2014-08-11 21:47 - 01234120 _____ () C:\Users\David\Downloads\wrar380.exe
2014-08-11 21:47 - 2014-08-11 21:47 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-11 21:47 - 2014-08-11 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-11 21:25 - 2013-02-06 21:50 - 00000000 ____D () C:\Users\David\AppData\Local\VirtualStore
2014-08-11 20:39 - 2014-08-11 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery
2014-08-11 20:38 - 2014-08-11 20:38 - 00000000 ____D () C:\ProgramData\Elcomsoft Password Recovery
2014-08-11 20:38 - 2014-08-11 20:38 - 00000000 ____D () C:\Program Files\Elcomsoft Password Recovery
2014-08-11 20:38 - 2014-08-11 20:38 - 00000000 ____D () C:\Program Files\Elcomsoft
2014-08-11 20:38 - 2014-08-11 20:37 - 00000000 ____D () C:\Users\David\AppData\Local\Abelssoft
2014-08-11 20:37 - 2014-08-11 20:37 - 00000000 ____D () C:\Users\David\AppData\Roaming\Abelssoft
2014-08-11 20:37 - 2014-08-11 20:37 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-08-11 20:36 - 2014-08-11 20:35 - 01101648 _____ () C:\Users\David\Downloads\Advanced Archive Password Recovery - CHIP-Installer.exe
2014-08-11 20:24 - 2013-02-23 22:37 - 00004608 ___SH () C:\Users\David\Desktop\Thumbs.db
2014-08-11 20:05 - 2014-08-11 20:05 - 00000000 ____D () C:\ProgramData\PicRec
2014-08-11 20:05 - 2014-08-11 20:05 - 00000000 ____D () C:\Program Files\Common Files\PicRec
2014-08-11 20:04 - 2014-08-11 20:04 - 00000000 ____D () C:\Program Files\PicRec (x86)
2014-08-11 18:39 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-03 03:49 - 2014-08-03 03:49 - 00000000 ____D () C:\Users\David\AppData\Local\Razer_Inc
2014-08-02 19:08 - 2012-07-26 08:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-02 19:06 - 2014-05-03 01:23 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-02 19:06 - 2014-05-03 01:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-02 19:04 - 2014-08-02 19:04 - 00000000 ____D () C:\ProgramData\Razer
2014-08-02 19:04 - 2014-08-02 19:03 - 00000000 ____D () C:\Program Files\Razer
2014-08-02 18:40 - 2014-05-03 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-29 10:16 - 2014-08-11 20:05 - 00044248 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\netmon_wfp.sys
2014-07-24 22:51 - 2014-07-24 22:51 - 00000000 ____D () C:\rbtemp
2014-07-24 22:50 - 2013-02-06 22:50 - 00000000 ____D () C:\Users\David\AppData\Roaming\HpUpdate
2014-07-24 22:31 - 2013-08-22 08:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\amt_webssearches.exe
C:\Users\David\AppData\Local\Temp\bitool.dll
C:\Users\David\AppData\Local\Temp\dfbdc01a-1b6d-46f6-9d4a-88472d331ea6.exe
C:\Users\David\AppData\Local\Temp\MsiToExe.picrec_setup.exe
C:\Users\David\AppData\Local\Temp\nsgDCF.exe
C:\Users\David\AppData\Local\Temp\nsh766F.exe
C:\Users\David\AppData\Local\Temp\nsx523.exe
C:\Users\David\AppData\Local\Temp\nsz7CE8.exe
C:\Users\David\AppData\Local\Temp\ose00000.exe
C:\Users\David\AppData\Local\Temp\Quarantine.exe
C:\Users\David\AppData\Local\Temp\setup.exe
C:\Users\David\AppData\Local\Temp\smt_istartsurf.exe
C:\Users\David\AppData\Local\Temp\somoto_w_29_07_2014.exe
C:\Users\David\AppData\Local\Temp\thirdPartyUninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-14 03:58
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:13-08-2014 01
Ran by David at 2014-08-14 14:24:37
Running from C:\Users\David\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Ad-Aware Antivirus (HKLM\...\{CB799B5A-84B8-46A2-BEB5-4FD7D5230361}_AdAwareUpdater) (Version: 11.2.5952.0 - Lavasoft)
AdAwareInstaller (Version: 11.2.5952.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.2.5952.0 - Lavasoft) Hidden
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Advanced Archive Password Recovery (HKLM\...\{01011662-76A8-41E8-B1A8-4F8821570AC5}) (Version: 4.54.48.1338 - Elcomsoft Co. Ltd.)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2.137 - Lavasoft) Hidden
Browser Hijack Recover(BHR) 3.0 (HKLM\...\Browser Hijack Recover_is1) (Version: - Wamasoft,Inc.)
BufferChm (Version: 140.0.298.000 - Hewlett-Packard) Hidden
C410 (Version: 140.0.353.000 - Hewlett-Packard) Hidden
CHIP Updater (HKLM\...\CHIP Updater_is1) (Version: 2.28 - Abelssoft)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{65480649-2AA6-4C5C-AAE8-DB35335D98A7}) (Version: - Microsoft)
Destinations (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Electronic Arts Game Updater (HKLM\...\Electronic Arts Game Updater) (Version: - )
Emsisoft HiJackFree 4.5 (HKLM\...\Emsisoft HiJackFree_is1) (Version: 4.5 - Emsi Software GmbH)
Fax (Version: 140.0.307.000 - Hewlett-Packard) Hidden
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
Free M4a to MP3 Converter 8.1 (HKLM\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart Prem C410 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{951AF289-1B6A-44CA-B4F3-259BFC49148F}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPAppStudio (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.297.000 - Hewlett-Packard) Hidden
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - HTC Corporation)
HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.0.52.0 - HTC)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.3.8.2663 - IObit)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java 8 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218000FF}) (Version: 8.0.0 - Oracle Corporation)
Java Auto Updater (Version: 2.8.00.132 - Oracle, Inc.) Hidden
Java SE Development Kit 8 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180000}) (Version: 8.0.0 - Oracle Corporation)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Access MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Monster Truck Madness 2 (HKLM\...\Monster Truck Madness 2.0) (Version: - )
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Word MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
Need For Speed - Porsche (HKLM\...\Need For Speed - Porsche) (Version: - )
Network (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVIDIA Grafiktreiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
Opera Stable 21.0.1432.67 (HKLM\...\Opera 21.0.1432.67) (Version: 21.0.1432.67 - Opera Software ASA)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PS_AIO_07_C410_SW_Min (Version: 140.0.365.000 - Hewlett-Packard) Hidden
QuickTransfer (Version: 140.0.98.000 - Hewlett-Packard) Hidden
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (Version: - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SideWinder Force Feedback Wheel (USB) (HKLM\...\SideWinder Force Feedback Wheel (USB)) (Version: - )
SolutionCenter (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Toolbox (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM\...\{90150000-0018-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM\...\{90150000-001B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2850074) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{968E82F6-FAF7-45E0-BCC0-EF8AA31A4EB3}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{B7EA8070-C37F-4617-82F4-52CF3304595A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{9BC5FF1D-9626-44D7-BC7F-EB44BD8BDB9F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{D27F6360-AE1E-4C8C-8ECD-C0375E20B923}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{06EF2BF7-7351-4D70-A0D5-588FCCF9808D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{07017577-FBD6-45E2-A796-659E8F428057}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{07017577-FBD6-45E2-A796-659E8F428057}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM\...\{90150000-0090-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881074) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{B23AED0C-4813-4B49-9870-2F0968824E87}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition (HKLM\...\{90150000-001F-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{E249DF0B-9318-47AC-A6C2-A860FF1BEC3C}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition (HKLM\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{56962EB1-4DD3-48BB-934B-EA4C4516D89A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.PROPLUSR_{63AED158-0508-4738-A811-840B2053EF3B}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition (HKLM\...\{90150000-001F-0410-0000-0000000FF1CE}_Office15.PROPLUSR_{AE4413A8-4182-4883-B0BB-AC34CDFB56BC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{02DB183E-6F67-4906-A391-325874C5DA87}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM\...\{90150000-00BA-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM\...\{90150000-00A1-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM\...\{90150000-001A-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 32-Bit Edition (HKLM\...\{90150000-0018-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{15033648-0DAB-4BE8-B84B-D1139BD0563F}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{15033648-0DAB-4BE8-B84B-D1139BD0563F}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM\...\{90150000-0019-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{A7CD05CC-CA85-428C-91FD-74A908D126E1}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM\...\{90150000-001A-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM\...\{90150000-001B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version: - Microsoft)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebReg (Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
24-07-2014 20:51:52 RCP Do, Jul 24, 14 22:51
02-08-2014 16:17:40 Windows Update
11-08-2014 18:37:52 Installed Advanced Archive Password Recovery
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:13 - 2013-08-22 08:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {0173EABF-E1B9-471E-BA82-B4728B727C43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-12] (Google Inc.)
Task: {01BCC00A-C6A8-474C-BA2D-3076F3CE544D} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\WINDOWS\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {02B97B27-29F3-4F0D-B9D9-1A218C58AD6F} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {03F00483-DFF0-469F-88A0-E7C9E3D9F4A7} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {049B4931-376F-407A-8DC3-2513C4160B14} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {04F1AF96-16B0-400D-98FB-94A55532D35C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-12] (Google Inc.)
Task: {0700DBBC-1C0F-48A8-93DA-0CD439BF5423} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {2340E23A-7094-4C06-83DE-36247A2BBA13} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {3DC09B78-5F83-49F3-9EDD-7A07FCF46070} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-24] (Adobe Systems Incorporated)
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {6B2E45F5-D46A-4E1B-86BF-9797D5D0E1D5} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files\CHIP Updater\CHIPUpdater.exe [2014-08-07] (CHIP)
Task: {6CF501F0-8E19-4395-A8BA-9DC28958961C} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe
Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7276DEEA-6ED2-4091-AF19-079E9B8C56C7} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {7853A50D-A316-4122-8F68-CD8DEFEB2952} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-06-26] (Microsoft Corporation)
Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {915CDCE5-D3F9-457E-BEBC-E8F35ADFED52} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\WINDOWS\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {AD8E3926-CE62-45BA-967B-A2F3404710A3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {B91E4643-3AB1-4014-A59E-CD2584C277DA} - System32\Tasks\0 => Iexplore.exe
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {EB9E8D9B-494C-41D5-B795-E64881D3AF8C} - System32\Tasks\4669 => Wscript.exe C:\Users\David\AppData\Local\Temp\launchie.vbs //B
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => ?
==================== Loaded Modules (whitelisted) =============
2014-05-03 00:19 - 2013-10-23 09:19 - 00092448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-03-24 11:31 - 2014-03-24 11:31 - 00031080 _____ () C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
2014-03-24 11:32 - 2014-03-24 11:32 - 00607376 _____ () C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
2014-03-24 11:32 - 2014-03-24 11:32 - 00059752 _____ () C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
2014-03-24 11:32 - 2014-03-24 11:32 - 00036216 _____ () C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-03-24 11:32 - 2014-03-24 11:32 - 00080248 _____ () C:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-03-24 11:34 - 2014-03-24 11:34 - 00129376 _____ () C:\Program Files\HTC\HTC Sync Manager\zlib1.dll
2014-03-24 11:36 - 2014-03-24 11:36 - 00223592 _____ () C:\Program Files\HTC\HTC Sync Manager\DevConnMon.dll
2014-06-03 16:12 - 2014-06-03 16:12 - 00655352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
2014-06-03 16:22 - 2014-06-03 16:22 - 00087928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_thread-vc100-mt-1_55.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00022392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_system-vc100-mt-1_55.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00048512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_date_time-vc100-mt-1_55.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00107904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_filesystem-vc100-mt-1_55.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00030072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_chrono-vc100-mt-1_55.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 08386920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareServiceKernel.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00541008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\SQLite.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 02421064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\RCF.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00638328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_regex-vc100-mt-1_55.dll
2014-06-03 16:21 - 2014-06-03 16:21 - 00478056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareActivation.dll
2014-06-03 16:23 - 2014-06-03 16:23 - 00131920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\pugixml.dll
2014-06-03 16:21 - 2014-06-03 16:21 - 00300920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareApplicationUpdater.dll
2014-06-03 16:23 - 2014-06-03 16:23 - 00122704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\libssh2.dll
2014-06-03 16:23 - 2014-06-03 16:23 - 00148808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\zlib.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00119656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareGamingMode.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00087384 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareReset.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00105304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTime.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00248184 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareDefinitionsUpdater.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00170376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00342376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareIgnoreList.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00205160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareQuarantine.dll
2014-06-03 16:21 - 2014-06-03 16:21 - 00277872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiMalwareEngine.dll
2014-06-03 16:21 - 2014-06-03 16:21 - 00174960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiRootkitEngine.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00367472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScannerHistory.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00503648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScanner.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00030584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_timer-vc100-mt-1_55.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00270192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScannerScheduler.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00372600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareRealTimeProtection.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00190824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareIncompatibles.dll
2014-06-03 16:21 - 2014-06-03 16:21 - 00179552 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiSpam.dll
2014-06-03 16:21 - 2014-06-03 16:21 - 00143720 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiPhishing.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00633712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareParentalControl.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 01873768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareWebProtection.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00344944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareEmailProtection.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00513392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareNetworkProtection.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00298840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwarePromo.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00248160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareFeedback.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00313720 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareThreatWorkAlliance.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\SecurityCenter.dll
2014-08-12 00:08 - 2014-04-22 17:28 - 00135288 _____ () C:\WINDOWS\SYSTEM32\bdfwcore.dll
2014-04-22 17:29 - 2014-08-12 02:01 - 00663552 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpbr.mdl
2014-04-22 17:29 - 2014-08-12 02:01 - 00478208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpdsp.mdl
2014-04-22 17:29 - 2014-08-12 02:01 - 02113536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpph.mdl
2014-04-22 17:29 - 2014-08-12 02:01 - 01112064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttprbl.mdl
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2014-08-11 20:05 - 2014-07-29 10:16 - 00019968 _____ () C:\WINDOWS\Microsoft\sogr\WindowsUpdater.exe
2014-08-11 20:05 - 2014-07-29 10:16 - 00007168 _____ () C:\WINDOWS\Microsoft\sogr\ConfigurationData.dll
2014-08-11 20:05 - 2014-07-29 10:16 - 00058880 _____ () C:\WINDOWS\Microsoft\sogr\InstallerLibrary.dll
2014-08-11 20:05 - 2014-07-29 10:16 - 00015360 _____ () C:\WINDOWS\Microsoft\sogr\BaseLibrary.dll
2014-03-24 11:32 - 2014-03-24 11:32 - 00821600 _____ () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
2014-06-03 16:22 - 2014-06-03 16:22 - 06699864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
2014-06-03 16:22 - 2014-06-03 16:22 - 00405880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_locale-vc100-mt-1_55.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00310624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\HtmlFramework.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00056664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\DllStorage.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00804208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTrayDefaultSkin.dll
2014-06-03 16:22 - 2014-06-03 16:22 - 00118104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\Localization.dll
2014-05-03 06:53 - 2014-05-03 06:53 - 00181760 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\ec24c7b048618fff739d9c2ca0e4f261\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-05-03 06:54 - 2014-05-03 06:54 - 17552384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Theme\0fb63039e67db6e9a2900e852385c1c8\Kies.Theme.ni.dll
2014-05-03 06:52 - 2014-05-03 06:52 - 01759744 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.UI\34966f376e9c3b8f4ceec511f257b686\Kies.UI.ni.dll
2014-05-03 06:53 - 2014-05-03 06:53 - 00077824 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\a81e2f6a97b1dc525f0047c9eed8904d\Kies.MVVM.ni.dll
2014-05-03 06:54 - 2014-05-03 06:54 - 00232960 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\6a887773d39c496e6f2d1d9354902e12\ASF_cSharpAPI.ni.dll
2014-08-12 15:36 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-08-12 15:36 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-08-12 15:36 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-08-12 15:36 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-08-12 15:36 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-08-12 15:36 - 2014-07-15 11:24 - 14664008 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
2014-07-29 10:16 - 2014-07-29 10:16 - 00136704 _____ () C:\Program Files\PicRec (x86)\PicRec (x86)\WFP\FilterUsageExample.exe
2014-07-29 10:16 - 2014-07-29 10:16 - 01195008 _____ () C:\Program Files\PicRec (x86)\PicRec (x86)\WFP\http_filter.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\David\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: A309
Description: A309
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/13/2014 04:43:14 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (08/13/2014 04:42:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (08/13/2014 00:20:06 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={7B05BCB6-EF23-42BF-957D-ECD761854F6D}: Der Benutzer "SYSTEM" hat eine Verbindung mit dem Namen "Canada VPN" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 691.
Error: (08/13/2014 00:19:42 AM) (Source: Microsoft-Windows-EapHost) (EventID: 3002) (User: NT-AUTORITÄT)
Description: Die angeforderte EapMethod konnte nicht gefunden werden: Typ-ID(0), Autor-ID(0), Lieferant-ID(0), Lieferant-Typ(0).
System errors:
=============
Error: (08/14/2014 01:35:50 PM) (Source: DCOM) (EventID: 10000) (User: NT-AUTORITÄT)
Description: C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}
Error: (08/14/2014 01:35:50 PM) (Source: DCOM) (EventID: 10000) (User: NT-AUTORITÄT)
Description: C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}
Error: (08/14/2014 00:52:50 PM) (Source: DCOM) (EventID: 10000) (User: NT-AUTORITÄT)
Description: C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}
Error: (08/14/2014 00:52:50 PM) (Source: DCOM) (EventID: 10000) (User: NT-AUTORITÄT)
Description: C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}
Error: (08/14/2014 10:15:45 AM) (Source: DCOM) (EventID: 10000) (User: NT-AUTORITÄT)
Description: C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}
Error: (08/14/2014 10:15:45 AM) (Source: DCOM) (EventID: 10000) (User: NT-AUTORITÄT)
Description: C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}
Error: (08/14/2014 08:38:47 AM) (Source: DCOM) (EventID: 10000) (User: NT-AUTORITÄT)
Description: C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}
Error: (08/14/2014 06:36:14 AM) (Source: DCOM) (EventID: 10000) (User: NT-AUTORITÄT)
Description: C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}
Error: (08/14/2014 06:36:14 AM) (Source: DCOM) (EventID: 10000) (User: NT-AUTORITÄT)
Description: C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}
Error: (08/14/2014 03:50:05 AM) (Source: DCOM) (EventID: 10000) (User: NT-AUTORITÄT)
Description: C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}
Microsoft Office Sessions:
=========================
Error: (08/13/2014 04:43:14 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\HP\digital imaging\{951af289-1b6a-44ca-b4f3-259bfc49148f}\setup\devinstanceeraser40.exe
Error: (08/13/2014 04:42:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"C:\Program Files\HTC\HTC Sync Manager\NOutlookAccessX64.exe
Error: (08/13/2014 00:20:06 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {7B05BCB6-EF23-42BF-957D-ECD761854F6D}SYSTEMCanada VPN691
Error: (08/13/2014 00:19:42 AM) (Source: Microsoft-Windows-EapHost) (EventID: 3002) (User: NT-AUTORITÄT)
Description: 0000
CodeIntegrity Errors:
===================================
Date: 2014-07-24 22:48:35.418
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-07-24 22:48:35.344
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-07-24 22:46:38.481
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-07-24 22:46:38.465
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-07-24 22:46:38.465
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-07-24 22:46:38.403
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-07-24 22:46:38.168
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-07-24 22:39:29.374
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-05-24 22:36:42.156
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-05-24 22:36:42.153
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
Percentage of memory in use: 61%
Total physical RAM: 3039.19 MB
Available physical RAM: 1169.87 MB
Total Pagefile: 3551.19 MB
Available Pagefile: 1158.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1862.13 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.99 GB) (Free:200.3 GB) NTFS
Drive d: (Volume) (Fixed) (Total:298.09 GB) (Free:214.04 GB) NTFS
Drive e: (11 Sep 2013) (CDROM) (Total:2.88 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 6C660C7D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: AB180884)
Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Geändert von davidlehrman (14.08.2014 um 15:09 Uhr) |
|
15.08.2014, 12:54
| #4 |
| /// the machine /// TB-Ausbilder | Hijacker lässt sich nicht finden, egal mit welchem Programm Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.08.2014, 13:50
| #5 |
| | Hijacker lässt sich nicht finden, egal mit welchem ProgrammCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 17.08.2014 Suchlauf-Zeit: 13:49:37 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.17.01 Rootkit Datenbank: v2014.08.16.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 8.1 CPU: x86 Dateisystem: NTFS Benutzer: David Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 334336 Verstrichene Zeit: 15 Min, 27 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.307 - Bericht erstellt am 17/08/2014 um 14:29:21
# Aktualisiert 17/08/2014 von Xplode
# Betriebssystem : Windows 8.1 Pro (32 bits)
# Benutzername : David - DAVID
# Gestartet von : C:\Users\David\Downloads\adwcleaner_3.307.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\9oaaxkgh.default\prefs.js ]
-\\ Google Chrome v36.0.1985.143
[ Datei : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [15612 octets] - [24/05/2014 22:46:16]
AdwCleaner[R1].txt - [15732 octets] - [24/05/2014 22:48:06]
AdwCleaner[R2].txt - [1075 octets] - [24/05/2014 22:52:21]
AdwCleaner[R3].txt - [12558 octets] - [12/08/2014 00:43:49]
AdwCleaner[R4].txt - [1602 octets] - [12/08/2014 00:54:47]
AdwCleaner[R5].txt - [1488 octets] - [12/08/2014 14:07:59]
AdwCleaner[R6].txt - [2500 octets] - [14/08/2014 02:51:57]
AdwCleaner[R7].txt - [2200 octets] - [17/08/2014 14:26:42]
AdwCleaner[S0].txt - [297 octets] - [24/05/2014 22:47:36]
AdwCleaner[S1].txt - [14316 octets] - [24/05/2014 22:48:33]
AdwCleaner[S2].txt - [1137 octets] - [24/05/2014 22:53:29]
AdwCleaner[S3].txt - [11713 octets] - [12/08/2014 00:44:58]
AdwCleaner[S4].txt - [1663 octets] - [12/08/2014 00:56:35]
AdwCleaner[S5].txt - [1549 octets] - [12/08/2014 14:09:25]
AdwCleaner[S6].txt - [2561 octets] - [14/08/2014 02:53:49]
AdwCleaner[S7].txt - [1870 octets] - [17/08/2014 14:29:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [1930 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Pro x86
Ran by David on 17.08.2014 at 14:35:27,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.08.2014 at 14:37:30,77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-08-2014 03
Ran by David (administrator) on DAVID on 17-08-2014 14:41:30
Running from C:\Users\David\Downloads
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\stacsv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\AEstSrv.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Razer Inc.) C:\Program Files\Razer\RzWizard\RzWizardService.exe
() C:\Windows\Microsoft\sogr\WindowsUpdater.exe
() C:\Program Files\PicRec (x86)\PicRec (x86)\WFP\FilterUsageExample.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Hardware\Game Controllers\Common\SWTrayV4.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung) C:\Program Files\SAMSUNG\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Thisisu) C:\Users\David\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKLM\...\Policies\Explorer: [NoToolbarCustomize] 0
HKU\S-1-5-21-886002270-3676093480-2908310277-1001\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-04-23] (Samsung)
HKU\S-1-5-21-886002270-3676093480-2908310277-1001\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-886002270-3676093480-2908310277-1001\...\Policies\Explorer: [NoToolbarCustomize] 0
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD01DDBD3A904CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\9oaaxkgh.default
FF NewTab: chrome://quick_start/content/index.html
FF SearchEngineOrder.1: Amazon
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\9oaaxkgh.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\9oaaxkgh.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-12]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-12]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-12]
CHR Extension: (Google-Suche) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-12]
CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-12]
CHR Extension: (Google Mail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-12]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AESTFilters; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [1680088 2013-10-28] (Broadcom Corporation.)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-08-11] (IObit)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RzWizardService; C:\Program Files\Razer\RzWizard\RzWizardService.exe [367616 2014-05-20] (Razer Inc.) [File not signed]
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 sogr; C:\WINDOWS\Microsoft\sogr\WindowsUpdater.exe [19968 2014-07-29] () [File not signed]
R2 STacSV; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279784 2014-03-24] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-03-24] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1210368 2014-04-03] (Microsoft Corporation)
S2 RrFilterService; c:\Program Files\RrFilter\RrFilterService.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [175320 2013-10-28] (Broadcom Corporation.)
S3 btwampfl; C:\WINDOWS\system32\DRIVERS\btwampfl.sys [144600 2013-10-28] (Broadcom Corporation.)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
S3 HtcVCom32; C:\WINDOWS\system32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R1 netfilter; C:\WINDOWS\System32\drivers\netfilter.sys [31744 2014-02-13] (NetFilterSDK.com) [File not signed]
R1 netmon_wfp; C:\WINDOWS\System32\drivers\netmon_wfp.sys [44248 2014-07-29] (Windows (R) Win 7 DDK provider)
R3 NETwNs32; C:\WINDOWS\system32\DRIVERS\NETwNs32.sys [7518208 2013-06-18] (Intel Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [92504 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-05-03] (Microsoft Corporation)
R3 WUDFSensorLP; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-17 14:41 - 2014-08-17 14:41 - 00000000 ____D () C:\Users\David\Downloads\FRST-OlderVersion
2014-08-17 14:37 - 2014-08-17 14:37 - 00000618 _____ () C:\Users\David\Desktop\JRT.txt
2014-08-17 14:32 - 2014-08-17 14:32 - 00002010 _____ () C:\Users\David\Desktop\AdwCleaner[S7].txt
2014-08-17 14:25 - 2014-08-17 14:25 - 01361671 _____ () C:\Users\David\Downloads\adwcleaner_3.307.exe
2014-08-17 14:15 - 2014-08-17 14:15 - 00001146 _____ () C:\Users\David\Desktop\mbam.txt
2014-08-17 13:46 - 2014-08-17 13:47 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-17 13:46 - 2014-08-17 13:46 - 00001072 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-17 13:46 - 2014-08-17 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-17 13:46 - 2014-08-17 13:46 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-08-17 13:46 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-08-17 13:46 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-17 13:46 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-17 13:41 - 2014-08-17 13:41 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-14 14:29 - 2014-08-14 14:29 - 00053603 _____ () C:\Users\David\Desktop\FRST.txt
2014-08-14 14:29 - 2014-08-14 14:29 - 00048498 _____ () C:\Users\David\Desktop\Addition.txt
2014-08-14 14:24 - 2014-08-14 14:25 - 00048498 _____ () C:\Users\David\Downloads\Addition.txt
2014-08-14 14:23 - 2014-08-17 14:41 - 00011977 _____ () C:\Users\David\Downloads\FRST.txt
2014-08-14 14:22 - 2014-08-17 14:41 - 01093632 _____ (Farbar) C:\Users\David\Downloads\FRST.exe
2014-08-14 14:22 - 2014-08-17 14:41 - 00000000 ____D () C:\FRST
2014-08-14 03:20 - 2014-08-14 03:21 - 00000000 ____D () C:\Program Files\Browser Hijack Recover
2014-08-14 03:20 - 2014-08-14 03:20 - 02449338 _____ (Wamasoft,Inc. ) C:\Users\David\Downloads\browser-hijack-recover_4352.exe
2014-08-14 03:20 - 2014-08-14 03:20 - 00001044 _____ () C:\Users\UpdatusUser\Desktop\Browser Hijack Recover(BHR).lnk
2014-08-14 03:20 - 2014-08-14 03:20 - 00001044 _____ () C:\Users\David\Desktop\Browser Hijack Recover(BHR).lnk
2014-08-14 03:20 - 2014-08-14 03:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Hijack Recover(BHR)
2014-08-14 03:20 - 2014-08-14 03:20 - 00000000 _____ () C:\WINDOWS\system32\8104297.jun
2014-08-14 03:04 - 2014-08-14 03:04 - 00001000 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
2014-08-14 03:04 - 2014-08-14 03:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
2014-08-14 03:04 - 2014-08-14 03:04 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree
2014-08-14 03:03 - 2014-08-14 03:03 - 02095808 _____ (Emsi Software GmbH ) C:\Users\David\Downloads\a-squared-hijackfree_27131.exe
2014-08-14 02:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-08-14 02:32 - 2014-08-14 02:32 - 00304857 _____ () C:\Users\David\Downloads\HijackThis_205.zip
2014-08-14 00:40 - 2014-08-14 00:40 - 00000050 _____ () C:\Users\David\Downloads\ad_companion
2014-08-14 00:27 - 2014-08-14 00:27 - 03736125 _____ () C:\Users\David\Downloads\testdisk-6.14.win.zip
2014-08-12 15:36 - 2014-08-17 14:34 - 00002141 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-12 15:36 - 2014-08-12 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-12 15:35 - 2014-08-17 14:40 - 00001108 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-12 15:35 - 2014-08-17 14:34 - 00001104 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 15:35 - 2014-08-12 15:36 - 00000000 ____D () C:\Users\David\AppData\Local\Google
2014-08-12 15:35 - 2014-08-12 15:35 - 00000000 ____D () C:\Program Files\Google
2014-08-12 15:34 - 2014-08-12 15:34 - 00895120 _____ (Google Inc.) C:\Users\David\Downloads\ChromeSetup.exe
2014-08-12 15:27 - 2014-08-12 15:27 - 00001020 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk
2014-08-12 15:27 - 2014-08-12 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-08-12 15:27 - 2014-08-12 15:27 - 00000000 ____D () C:\Program Files\CHIP Updater
2014-08-12 15:26 - 2014-08-12 15:26 - 01101648 _____ () C:\Users\David\Downloads\CWShredder - CHIP-Installer.exe
2014-08-12 15:05 - 2014-08-12 15:05 - 00001159 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-08-12 15:05 - 2014-08-12 15:05 - 00000000 ____D () C:\Users\David\AppData\Roaming\Nico Mak Computing
2014-08-12 15:05 - 2014-08-12 15:05 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-08-12 15:05 - 2013-03-15 17:01 - 00016384 _____ () C:\WINDOWS\system32\wsusnative32.exe
2014-08-12 15:03 - 2014-08-12 15:03 - 04892480 _____ (WinZip International LLC ) C:\Users\David\Downloads\wzmp_8.exe
2014-08-12 14:56 - 2014-08-12 14:56 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-12 14:54 - 2014-08-12 14:55 - 01016261 _____ (Thisisu) C:\Users\David\Downloads\JRT.exe
2014-08-12 14:40 - 2014-08-12 14:40 - 05569662 _____ (Swearware) C:\Users\David\Downloads\ComboFix.exe
2014-08-12 14:33 - 2014-08-12 14:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-12 00:22 - 2014-08-12 00:22 - 00000000 ____D () C:\ProgramData\BitDefender
2014-08-12 00:13 - 2014-08-17 13:44 - 00000000 ____D () C:\Users\David\AppData\Roaming\Lavasoft
2014-08-12 00:08 - 2014-08-12 00:08 - 00000000 ____D () C:\Users\David\AppData\Roaming\LavasoftStatistics
2014-08-12 00:04 - 2014-08-12 00:05 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-12 00:03 - 2014-08-12 00:03 - 01707144 _____ () C:\Users\David\Downloads\Adaware112_Installer.exe
2014-08-12 00:03 - 2014-08-12 00:03 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-08-11 23:57 - 2014-08-11 23:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-11 23:19 - 2014-08-11 23:19 - 00000000 ____D () C:\Users\David\AppData\Roaming\ProductData
2014-08-11 23:18 - 2014-08-12 00:00 - 00000000 ____D () C:\ProgramData\IObit
2014-08-11 23:18 - 2014-08-11 23:19 - 00000000 ____D () C:\ProgramData\ProductData
2014-08-11 23:18 - 2014-08-11 23:18 - 00001226 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-08-11 23:18 - 2014-08-11 23:18 - 00001202 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-08-11 23:18 - 2014-08-11 23:18 - 00000278 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2014-08-11 23:17 - 2014-08-11 23:18 - 00000000 ____D () C:\Program Files\IObit
2014-08-11 23:17 - 2014-08-11 23:17 - 12906784 _____ (IObit) C:\Users\David\Downloads\iobituninstaller_338.exe
2014-08-11 23:17 - 2014-08-11 23:17 - 00000000 ____D () C:\Users\David\AppData\Roaming\IObit
2014-08-11 22:06 - 2014-06-26 22:55 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-08-11 22:06 - 2014-06-26 22:55 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-08-11 21:57 - 2014-08-11 21:57 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-08-11 21:50 - 2014-08-11 22:14 - 00000000 ____D () C:\Users\David\Desktop\Nature One The Golden Twenty+
2014-08-11 21:47 - 2014-08-11 21:47 - 01234120 _____ () C:\Users\David\Downloads\wrar380.exe
2014-08-11 21:47 - 2014-08-11 21:47 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-11 21:47 - 2014-08-11 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-11 20:38 - 2014-08-11 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery
2014-08-11 20:38 - 2014-08-11 20:38 - 00000000 ____D () C:\ProgramData\Elcomsoft Password Recovery
2014-08-11 20:38 - 2014-08-11 20:38 - 00000000 ____D () C:\Program Files\Elcomsoft Password Recovery
2014-08-11 20:38 - 2014-08-11 20:38 - 00000000 ____D () C:\Program Files\Elcomsoft
2014-08-11 20:37 - 2014-08-11 20:38 - 00000000 ____D () C:\Users\David\AppData\Local\Abelssoft
2014-08-11 20:37 - 2014-08-11 20:37 - 00000000 ____D () C:\Users\David\AppData\Roaming\Abelssoft
2014-08-11 20:37 - 2014-08-11 20:37 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-08-11 20:37 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\system32\dhRichClient3.dll
2014-08-11 20:37 - 2011-03-25 20:42 - 00338432 _____ () C:\WINDOWS\system32\sqlite36_engine.dll
2014-08-11 20:35 - 2014-08-11 20:36 - 01101648 _____ () C:\Users\David\Downloads\Advanced Archive Password Recovery - CHIP-Installer.exe
2014-08-11 20:06 - 2014-08-14 01:57 - 00000000 ____D () C:\Users\David\Desktop\The GoldenTwenty
2014-08-11 20:05 - 2014-08-17 14:41 - 00000000 ____D () C:\http_filter
2014-08-11 20:05 - 2014-08-11 20:05 - 00000000 ____D () C:\ProgramData\PicRec
2014-08-11 20:05 - 2014-08-11 20:05 - 00000000 ____D () C:\Program Files\Common Files\PicRec
2014-08-11 20:05 - 2014-07-29 10:16 - 00044248 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\netmon_wfp.sys
2014-08-11 20:04 - 2014-08-11 20:04 - 00000000 ____D () C:\Program Files\PicRec (x86)
2014-08-03 03:49 - 2014-08-03 03:49 - 00000000 ____D () C:\Users\David\AppData\Local\Razer_Inc
2014-08-02 19:04 - 2014-08-02 19:04 - 00000000 ____D () C:\ProgramData\Razer
2014-08-02 19:03 - 2014-08-02 19:04 - 00000000 ____D () C:\Program Files\Razer
2014-08-02 18:43 - 2014-04-14 04:37 - 00865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-08-02 17:19 - 2014-07-01 00:46 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-08-02 17:19 - 2014-06-28 08:57 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-08-02 17:19 - 2014-06-28 08:27 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-08-02 17:19 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-02 17:19 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-02 17:19 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-02 17:19 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-02 17:19 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-02 17:19 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-02 17:19 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-02 17:19 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-02 17:19 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-02 17:19 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-02 17:19 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-02 17:19 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-02 17:19 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-02 17:19 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-02 17:19 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-08-02 17:19 - 2014-06-06 15:20 - 03497472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-02 17:19 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-08-02 17:19 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-02 17:19 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-02 17:19 - 2014-05-30 05:05 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-08-02 17:19 - 2014-05-29 11:30 - 00481400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-08-02 17:19 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-08-02 17:19 - 2014-05-29 06:38 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-08-02 17:19 - 2014-02-06 12:19 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-08-02 17:19 - 2014-02-06 12:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-08-02 17:19 - 2014-02-06 11:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-02 17:19 - 2014-02-06 11:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-02 17:19 - 2014-02-06 11:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-08-02 17:19 - 2014-02-06 11:47 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-08-02 17:19 - 2014-02-06 11:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-02 17:18 - 2014-05-31 10:38 - 00049552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-08-02 17:18 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-08-02 17:18 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-02 17:18 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-08-02 17:18 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-08-02 17:18 - 2014-05-31 04:39 - 02818048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-08-02 17:18 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-08-02 17:18 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-24 22:51 - 2014-07-24 22:51 - 00000000 ____D () C:\rbtemp
2014-07-24 22:51 - 2012-07-25 12:03 - 00017136 _____ () C:\WINDOWS\system32\sasnative32.exe
2014-07-24 22:38 - 2014-04-18 15:43 - 00031064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-07-24 22:38 - 2014-04-18 15:29 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-07-24 22:38 - 2014-04-18 10:51 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2014-07-24 22:38 - 2014-04-18 10:01 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-07-24 22:38 - 2014-04-18 09:51 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-07-24 22:38 - 2014-04-18 09:49 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-07-24 22:38 - 2014-04-14 10:01 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2014-07-24 22:38 - 2014-04-11 07:29 - 01016320 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-07-24 22:38 - 2014-04-11 06:23 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-07-24 22:38 - 2014-04-11 05:27 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-07-24 22:38 - 2014-04-09 12:47 - 00294744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-07-24 22:38 - 2014-04-09 07:44 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2014-07-24 22:38 - 2014-04-09 05:22 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2014-07-24 22:38 - 2014-04-08 01:47 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2014-07-24 22:38 - 2014-04-06 17:27 - 00311128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-07-24 22:38 - 2014-04-06 17:27 - 00240472 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2014-07-24 22:38 - 2014-04-06 17:23 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-07-24 22:38 - 2014-04-06 17:22 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-07-24 22:38 - 2014-04-06 17:22 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2014-07-24 22:38 - 2014-04-06 17:18 - 00271192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2014-07-24 22:38 - 2014-04-06 17:16 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 01159520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 00194752 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-07-24 22:38 - 2014-04-06 14:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2014-07-24 22:38 - 2014-04-06 14:00 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2014-07-24 22:38 - 2014-04-06 13:54 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-07-24 22:38 - 2014-04-06 13:47 - 00264704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2014-07-24 22:38 - 2014-04-06 13:40 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2014-07-24 22:38 - 2014-04-06 12:58 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2014-07-24 22:38 - 2014-04-06 12:55 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-07-24 22:38 - 2014-04-06 12:44 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-07-24 22:38 - 2014-04-06 12:37 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-07-24 22:38 - 2014-04-06 12:36 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-07-24 22:38 - 2014-04-06 11:59 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2014-07-24 22:38 - 2014-04-03 06:03 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2014-07-24 22:38 - 2014-04-03 06:03 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2014-07-24 22:38 - 2014-04-03 05:53 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-07-24 22:38 - 2014-04-03 04:46 - 03563008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-07-24 22:38 - 2014-04-03 04:45 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-07-24 22:38 - 2014-04-03 04:44 - 01210368 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-07-24 22:38 - 2014-04-03 04:24 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-07-24 22:38 - 2014-04-03 04:23 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2014-07-24 22:38 - 2014-04-01 07:09 - 00333656 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-07-24 22:38 - 2014-03-31 05:34 - 05786968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-07-24 22:38 - 2014-03-31 02:41 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d8thk.dll
2014-07-24 22:38 - 2014-03-31 01:26 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-07-24 22:38 - 2014-03-31 01:13 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-07-24 22:38 - 2014-03-31 00:37 - 01167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-07-24 22:38 - 2014-03-31 00:35 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-07-24 22:38 - 2014-03-31 00:09 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-07-24 22:38 - 2014-03-30 23:49 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-07-24 22:38 - 2014-03-28 11:04 - 00328984 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2014-07-24 22:38 - 2014-03-27 07:21 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-07-24 22:38 - 2014-03-27 06:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2014-07-24 22:38 - 2014-03-27 06:19 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-07-24 22:38 - 2014-03-27 05:22 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-07-24 22:38 - 2014-03-27 05:03 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-07-24 22:38 - 2014-03-27 04:59 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2014-07-24 22:38 - 2014-03-25 00:57 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-07-24 22:38 - 2014-03-21 05:46 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\tscfgwmi.dll
2014-07-24 22:38 - 2014-03-20 03:20 - 00229344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-07-24 22:38 - 2014-03-20 01:38 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2014-07-24 22:38 - 2014-03-20 01:33 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-07-24 22:38 - 2014-03-19 09:17 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2014-07-24 22:38 - 2014-03-19 09:09 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-07-24 22:38 - 2014-03-19 07:56 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-07-24 22:38 - 2014-03-19 07:00 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-07-24 22:38 - 2014-03-19 06:51 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-07-24 22:38 - 2014-03-19 06:47 - 01309184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-07-24 22:38 - 2014-03-19 06:23 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-07-24 22:38 - 2014-03-19 06:14 - 02130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-07-24 22:38 - 2014-03-18 09:22 - 00069632 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-07-24 22:38 - 2014-03-18 06:52 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2014-07-24 22:38 - 2014-03-17 06:11 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-07-24 22:38 - 2014-03-17 04:45 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-07-24 22:38 - 2014-03-17 04:36 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-07-24 22:38 - 2014-03-14 08:10 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2014-07-24 22:38 - 2014-03-06 12:37 - 00264536 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-07-24 22:38 - 2014-01-27 20:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-07-24 22:37 - 2014-05-19 07:33 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2014-07-24 22:37 - 2014-05-19 07:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2014-07-24 22:37 - 2014-05-10 05:22 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-07-24 22:37 - 2014-05-09 01:08 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2014-07-24 22:37 - 2014-05-05 06:02 - 02826240 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-07-24 22:37 - 2014-05-03 08:36 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-07-24 22:37 - 2014-05-01 13:00 - 02257608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-07-24 22:37 - 2014-05-01 13:00 - 00046512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2014-07-24 22:37 - 2014-05-01 08:51 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-07-24 22:37 - 2014-05-01 08:42 - 02045440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-07-24 22:37 - 2014-05-01 07:31 - 02366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2014-07-24 22:37 - 2014-04-30 12:10 - 01090296 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-07-24 22:37 - 2014-04-30 05:47 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2014-07-24 22:37 - 2014-04-30 05:43 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2014-07-24 22:37 - 2014-04-03 05:46 - 01871704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-07-24 22:37 - 2014-04-03 05:46 - 00286040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-17 14:42 - 2014-08-14 14:23 - 00011977 _____ () C:\Users\David\Downloads\FRST.txt
2014-08-17 14:41 - 2014-08-17 14:41 - 00000000 ____D () C:\Users\David\Downloads\FRST-OlderVersion
2014-08-17 14:41 - 2014-08-14 14:22 - 01093632 _____ (Farbar) C:\Users\David\Downloads\FRST.exe
2014-08-17 14:41 - 2014-08-14 14:22 - 00000000 ____D () C:\FRST
2014-08-17 14:41 - 2014-08-11 20:05 - 00000000 ____D () C:\http_filter
2014-08-17 14:40 - 2014-08-12 15:35 - 00001108 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-17 14:37 - 2014-08-17 14:37 - 00000618 _____ () C:\Users\David\Desktop\JRT.txt
2014-08-17 14:34 - 2014-08-12 15:36 - 00002141 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-17 14:34 - 2014-08-12 15:35 - 00001104 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-17 14:34 - 2014-05-03 00:51 - 00000000 __RDO () C:\Users\David\OneDrive
2014-08-17 14:32 - 2014-08-17 14:32 - 00002010 _____ () C:\Users\David\Desktop\AdwCleaner[S7].txt
2014-08-17 14:31 - 2014-04-01 21:34 - 00000000 ____D () C:\Users\David\AppData\Local\HTC MediaHub
2014-08-17 14:30 - 2014-03-18 01:54 - 00260250 _____ () C:\WINDOWS\PFRO.log
2014-08-17 14:30 - 2013-08-22 09:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-17 14:29 - 2014-05-24 22:46 - 00000000 ____D () C:\AdwCleaner
2014-08-17 14:29 - 2014-05-03 00:19 - 01584068 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-17 14:29 - 2013-08-22 08:13 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-17 14:25 - 2014-08-17 14:25 - 01361671 _____ () C:\Users\David\Downloads\adwcleaner_3.307.exe
2014-08-17 14:21 - 2014-03-18 10:04 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-17 14:16 - 2014-03-18 09:45 - 00000000 __SHD () C:\WINDOWS\BitLockerDiscoveryVolumeContents
2014-08-17 14:15 - 2014-08-17 14:15 - 00001146 _____ () C:\Users\David\Desktop\mbam.txt
2014-08-17 14:07 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-08-17 14:00 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-17 13:47 - 2014-08-17 13:46 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-17 13:46 - 2014-08-17 13:46 - 00001072 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-17 13:46 - 2014-08-17 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-17 13:46 - 2014-08-17 13:46 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-08-17 13:45 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-17 13:44 - 2014-08-12 00:13 - 00000000 ____D () C:\Users\David\AppData\Roaming\Lavasoft
2014-08-17 13:41 - 2014-08-17 13:41 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-15 00:07 - 2014-05-03 00:27 - 00000000 ____D () C:\Users\David
2014-08-15 00:07 - 2010-08-25 15:50 - 00000000 ____D () C:\Program Files\Steam
2014-08-14 23:24 - 2013-03-15 19:47 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-08-14 23:16 - 2014-05-05 23:48 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-14 22:49 - 2014-05-05 22:15 - 00004768 _____ () C:\WINDOWS\setupact.log
2014-08-14 14:29 - 2014-08-14 14:29 - 00053603 _____ () C:\Users\David\Desktop\FRST.txt
2014-08-14 14:29 - 2014-08-14 14:29 - 00048498 _____ () C:\Users\David\Desktop\Addition.txt
2014-08-14 14:25 - 2014-08-14 14:24 - 00048498 _____ () C:\Users\David\Downloads\Addition.txt
2014-08-14 03:21 - 2014-08-14 03:20 - 00000000 ____D () C:\Program Files\Browser Hijack Recover
2014-08-14 03:20 - 2014-08-14 03:20 - 02449338 _____ (Wamasoft,Inc. ) C:\Users\David\Downloads\browser-hijack-recover_4352.exe
2014-08-14 03:20 - 2014-08-14 03:20 - 00001044 _____ () C:\Users\UpdatusUser\Desktop\Browser Hijack Recover(BHR).lnk
2014-08-14 03:20 - 2014-08-14 03:20 - 00001044 _____ () C:\Users\David\Desktop\Browser Hijack Recover(BHR).lnk
2014-08-14 03:20 - 2014-08-14 03:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Hijack Recover(BHR)
2014-08-14 03:20 - 2014-08-14 03:20 - 00000000 _____ () C:\WINDOWS\system32\8104297.jun
2014-08-14 03:04 - 2014-08-14 03:04 - 00001000 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
2014-08-14 03:04 - 2014-08-14 03:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
2014-08-14 03:04 - 2014-08-14 03:04 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree
2014-08-14 03:03 - 2014-08-14 03:03 - 02095808 _____ (Emsi Software GmbH ) C:\Users\David\Downloads\a-squared-hijackfree_27131.exe
2014-08-14 02:32 - 2014-08-14 02:32 - 00304857 _____ () C:\Users\David\Downloads\HijackThis_205.zip
2014-08-14 01:57 - 2014-08-11 20:06 - 00000000 ____D () C:\Users\David\Desktop\The GoldenTwenty
2014-08-14 01:43 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\tracing
2014-08-14 00:40 - 2014-08-14 00:40 - 00000050 _____ () C:\Users\David\Downloads\ad_companion
2014-08-14 00:27 - 2014-08-14 00:27 - 03736125 _____ () C:\Users\David\Downloads\testdisk-6.14.win.zip
2014-08-13 00:33 - 2014-05-02 22:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-12 15:36 - 2014-08-12 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-12 15:36 - 2014-08-12 15:35 - 00000000 ____D () C:\Users\David\AppData\Local\Google
2014-08-12 15:35 - 2014-08-12 15:35 - 00000000 ____D () C:\Program Files\Google
2014-08-12 15:34 - 2014-08-12 15:34 - 00895120 _____ (Google Inc.) C:\Users\David\Downloads\ChromeSetup.exe
2014-08-12 15:27 - 2014-08-12 15:27 - 00001020 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk
2014-08-12 15:27 - 2014-08-12 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-08-12 15:27 - 2014-08-12 15:27 - 00000000 ____D () C:\Program Files\CHIP Updater
2014-08-12 15:26 - 2014-08-12 15:26 - 01101648 _____ () C:\Users\David\Downloads\CWShredder - CHIP-Installer.exe
2014-08-12 15:10 - 2014-05-24 21:44 - 00000000 ____D () C:\Users\David\AppData\Local\11030
2014-08-12 15:05 - 2014-08-12 15:05 - 00001159 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-08-12 15:05 - 2014-08-12 15:05 - 00000000 ____D () C:\Users\David\AppData\Roaming\Nico Mak Computing
2014-08-12 15:05 - 2014-08-12 15:05 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-08-12 15:03 - 2014-08-12 15:03 - 04892480 _____ (WinZip International LLC ) C:\Users\David\Downloads\wzmp_8.exe
2014-08-12 14:56 - 2014-08-12 14:56 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-12 14:55 - 2014-08-12 14:54 - 01016261 _____ (Thisisu) C:\Users\David\Downloads\JRT.exe
2014-08-12 14:40 - 2014-08-12 14:40 - 05569662 _____ (Swearware) C:\Users\David\Downloads\ComboFix.exe
2014-08-12 14:33 - 2014-08-12 14:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-12 02:03 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-12 00:45 - 2014-05-03 00:44 - 00001160 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-12 00:45 - 2014-05-02 22:10 - 00001031 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-12 00:22 - 2014-08-12 00:22 - 00000000 ____D () C:\ProgramData\BitDefender
2014-08-12 00:08 - 2014-08-12 00:08 - 00000000 ____D () C:\Users\David\AppData\Roaming\LavasoftStatistics
2014-08-12 00:05 - 2014-08-12 00:04 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-12 00:03 - 2014-08-12 00:03 - 01707144 _____ () C:\Users\David\Downloads\Adaware112_Installer.exe
2014-08-12 00:03 - 2014-08-12 00:03 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-08-12 00:00 - 2014-08-11 23:18 - 00000000 ____D () C:\ProgramData\IObit
2014-08-12 00:00 - 2013-02-06 22:45 - 00002448 _____ () C:\ProgramData\hpzinstall.log
2014-08-11 23:58 - 2014-08-11 23:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-11 23:19 - 2014-08-11 23:19 - 00000000 ____D () C:\Users\David\AppData\Roaming\ProductData
2014-08-11 23:19 - 2014-08-11 23:18 - 00000000 ____D () C:\ProgramData\ProductData
2014-08-11 23:18 - 2014-08-11 23:18 - 00001226 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-08-11 23:18 - 2014-08-11 23:18 - 00001202 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-08-11 23:18 - 2014-08-11 23:18 - 00000278 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2014-08-11 23:18 - 2014-08-11 23:17 - 00000000 ____D () C:\Program Files\IObit
2014-08-11 23:17 - 2014-08-11 23:17 - 12906784 _____ (IObit) C:\Users\David\Downloads\iobituninstaller_338.exe
2014-08-11 23:17 - 2014-08-11 23:17 - 00000000 ____D () C:\Users\David\AppData\Roaming\IObit
2014-08-11 22:14 - 2014-08-11 21:50 - 00000000 ____D () C:\Users\David\Desktop\Nature One The Golden Twenty+
2014-08-11 22:06 - 2012-07-26 06:17 - 00000304 _____ () C:\WINDOWS\win.ini
2014-08-11 22:03 - 2014-05-03 09:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-11 22:03 - 2013-08-22 09:22 - 00482192 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-11 22:03 - 2013-02-23 18:47 - 00000000 ____D () C:\Program Files\WinRAR
2014-08-11 21:57 - 2014-08-11 21:57 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-08-11 21:57 - 2014-03-18 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-11 21:57 - 2014-03-18 09:30 - 00000000 ____D () C:\WINDOWS\system32\Drivers\de-DE
2014-08-11 21:57 - 2013-08-22 10:17 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-11 21:57 - 2013-08-22 10:17 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-08-11 21:57 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-11 21:57 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-11 21:57 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\WinStore
2014-08-11 21:57 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\de-DE
2014-08-11 21:56 - 2013-09-30 21:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-11 21:47 - 2014-08-11 21:47 - 01234120 _____ () C:\Users\David\Downloads\wrar380.exe
2014-08-11 21:47 - 2014-08-11 21:47 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-11 21:47 - 2014-08-11 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-11 21:25 - 2013-02-06 21:50 - 00000000 ____D () C:\Users\David\AppData\Local\VirtualStore
2014-08-11 20:39 - 2014-08-11 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery
2014-08-11 20:38 - 2014-08-11 20:38 - 00000000 ____D () C:\ProgramData\Elcomsoft Password Recovery
2014-08-11 20:38 - 2014-08-11 20:38 - 00000000 ____D () C:\Program Files\Elcomsoft Password Recovery
2014-08-11 20:38 - 2014-08-11 20:38 - 00000000 ____D () C:\Program Files\Elcomsoft
2014-08-11 20:38 - 2014-08-11 20:37 - 00000000 ____D () C:\Users\David\AppData\Local\Abelssoft
2014-08-11 20:37 - 2014-08-11 20:37 - 00000000 ____D () C:\Users\David\AppData\Roaming\Abelssoft
2014-08-11 20:37 - 2014-08-11 20:37 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-08-11 20:36 - 2014-08-11 20:35 - 01101648 _____ () C:\Users\David\Downloads\Advanced Archive Password Recovery - CHIP-Installer.exe
2014-08-11 20:24 - 2013-02-23 22:37 - 00004608 ___SH () C:\Users\David\Desktop\Thumbs.db
2014-08-11 20:05 - 2014-08-11 20:05 - 00000000 ____D () C:\ProgramData\PicRec
2014-08-11 20:05 - 2014-08-11 20:05 - 00000000 ____D () C:\Program Files\Common Files\PicRec
2014-08-11 20:04 - 2014-08-11 20:04 - 00000000 ____D () C:\Program Files\PicRec (x86)
2014-08-03 03:49 - 2014-08-03 03:49 - 00000000 ____D () C:\Users\David\AppData\Local\Razer_Inc
2014-08-02 19:08 - 2012-07-26 08:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-02 19:06 - 2014-05-03 01:23 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-02 19:06 - 2014-05-03 01:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-02 19:04 - 2014-08-02 19:04 - 00000000 ____D () C:\ProgramData\Razer
2014-08-02 19:04 - 2014-08-02 19:03 - 00000000 ____D () C:\Program Files\Razer
2014-08-02 18:40 - 2014-05-03 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-29 10:16 - 2014-08-11 20:05 - 00044248 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\netmon_wfp.sys
2014-07-24 22:51 - 2014-07-24 22:51 - 00000000 ____D () C:\rbtemp
2014-07-24 22:50 - 2013-02-06 22:50 - 00000000 ____D () C:\Users\David\AppData\Roaming\HpUpdate
2014-07-24 22:31 - 2013-08-22 08:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\amt_webssearches.exe
C:\Users\David\AppData\Local\Temp\bitool.dll
C:\Users\David\AppData\Local\Temp\dfbdc01a-1b6d-46f6-9d4a-88472d331ea6.exe
C:\Users\David\AppData\Local\Temp\MsiToExe.picrec_setup.exe
C:\Users\David\AppData\Local\Temp\ose00000.exe
C:\Users\David\AppData\Local\Temp\Quarantine.exe
C:\Users\David\AppData\Local\Temp\somoto_w_29_07_2014.exe
C:\Users\David\AppData\Local\Temp\thirdPartyUninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-17 14:07
==================== End Of Log ============================
Gruß Lehrmann. |
|
18.08.2014, 04:56
| #6 |
| /// the machine /// TB-Ausbilder | Hijacker lässt sich nicht finden, egal mit welchem ProgrammESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Hijacker lässt sich nicht finden, egal mit welchem Programm |
|
18.08.2014, 20:34
| #7 |
| | Hijacker lässt sich nicht finden, egal mit welchem ProgrammCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=608d686cc1664544952112502d13e384
# engine=19712
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-18 05:55:28
# local_time=2014-08-18 07:55:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 103973 12767997 0 0
# scanned=274493
# found=116
# cleaned=0
# scan_time=21723
sh=321FFA63BC10C82EBF9D52BBC8DFAD1635A7D88D ft=1 fh=6345b32e772ed437 vn="Win32/AdWare.Adpeak.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\002\fpvoixdaog32.exe.vir"
sh=A62BEBC1A5E9FC9EEC4552562B6C8C4908431F84 ft=1 fh=c5007086194fcd03 vn="MSIL/AdvancedSystemProtector.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\ASP\AdvancedSystemProtector.exe.vir"
sh=0C9901BB504B8B0B186897503DF7F8E570FF53F9 ft=1 fh=5bbb197ca4951648 vn="Variante von MSIL/AdvancedSystemProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\ASP\AspManager.exe.vir"
sh=6965E24F9D76718431E4740AA7D55E3ABFED527B ft=1 fh=53aa88803e7b2067 vn="Win32/Systweak.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\ASP\Communication.dll.vir"
sh=B3A736455F1FE0B40D585B6BB8E02A700153B008 ft=1 fh=3320d2a9bc3f6d8b vn="Variante von MSIL/AdvancedSystemProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\ASP\filetypehelper.exe.vir"
sh=BFE2580847B94363149D083E02ABB479983477CC ft=1 fh=c50f6c31fb2164d8 vn="Variante von MSIL/AdvancedSystemProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\ASP\scandll.dll.vir"
sh=1A278C9611A807BB4319B4DBC0CC28D5B61139E2 ft=1 fh=dc9029d19ecf454f vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\ASP\SSDPTstub.exe.vir"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir"
sh=F4AD762E751F4C51B3C6456918B4641732E8D637 ft=1 fh=bd2d7da442963507 vn="Win32/SpeedingUpMyPC.O Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptimizerPro.exe.vir"
sh=FA4740B92CBC0F8BC4A7204DCD6E7F30E0B2D946 ft=1 fh=9bc5f6ee44de88e0 vn="Variante von Win32/SProtector.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptProCrash.dll.vir"
sh=2B8D2463F7F4F17B95AE46538E0A74BEF83EC7DF ft=1 fh=b7480fbf8ea403b2 vn="Variante von Win32/AdWare.SpeedingUpMyPC.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptProLauncher.exe.vir"
sh=B0C442CB384DB2FE71FF1DB22B0A0F558C73F043 ft=1 fh=16f0aff03e4dafb2 vn="Variante von Win32/Adware.SpeedingUpMyPC.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro\OptProSmartScan.exe.vir"
sh=820C04787F2C87454FD4DC1FF48F8BEF4F1FE587 ft=0 fh=0000000000000000 vn="JS/Adware.Adpeak.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Rr Savings\bootstrap.js.vir"
sh=1987DCBC42A46EEF3A2C6C6ED862FAE194540003 ft=1 fh=cfdd7eafd709508e vn="Variante von Win32/AdWare.Adpeak.I Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Rr Savings\CustomActionInstall.vir"
sh=9AB220A52F5104F477D555F306FDED62CDD7E949 ft=1 fh=4a5ad1b8a58f3c13 vn="Variante von Win32/AdWare.Adpeak.I Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Rr Savings\CustomActionUninstall.vir"
sh=4DA1CEB2680D3FBE288A9415F0BD600418733E56 ft=1 fh=0e66957c9f48c37b vn="Variante von Win32/AdWare.Adpeak.I Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Rr Savings\RrSavings.dll.vir"
sh=15087CCA54DCBEAD06C36619A6F149241CA27873 ft=1 fh=c71c00111974b402 vn="Win32/AdWare.Adpeak.H Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Rr Savings\SendJson.dll.vir"
sh=0BC47DE01BA10961EE0D7D6C95A9916DA748A5C7 ft=1 fh=39158cfce6f871c9 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=68BF1E0437E11832B4DC5E9923DCA5FFB92914AC ft=1 fh=fe3fcc60a0369b2a vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\SPTool.dll.vir"
sh=74ADF35C3A3456993B5D72F70AE1EDEB28987C80 ft=1 fh=90d7e36e3b85c7e4 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\uninstall.exe.vir"
sh=4929EB5864840E7F5A0ACA7FA5723D703F4B5E73 ft=1 fh=ce188f0b56e64136 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=C1C4A9783C1F509E37A328A0C16F556C2F8DDFA2 ft=1 fh=afa1bf8c8fc4ffe1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=8A0819C25BB2568FF451BED451955B4E69E724D7 ft=1 fh=7bc6a5dd57c41934 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=53BD46E5463C07C3BBDFD087401F2E08A08688A3 ft=1 fh=d7610d97dff53ad1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=D0A19C8A6E8262E5A49AD278DB110F8521CA6BD9 ft=1 fh=b7d04a9494a7c178 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=01E8A066B023DAACD6FE9CBC35372A56BE6EC5B1 ft=1 fh=832dcd421f4cfd2d vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=FB7948E63D42672E50D4A521CDB6DBACD615D773 ft=1 fh=fc81cec60cf9c6da vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=15ED5B6C5946E85E7A5C77F4A7689E4E76CCBAFB ft=1 fh=c71c0011fe889422 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface32.dll.vir"
sh=8FF07C7F0E7320A1EB53CADD4D30D3154FF33BBA ft=1 fh=f622fe8cae001c0b vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface64.dll.vir"
sh=8E85792765D0E0BF52107CFF4A6620995DB19BB0 ft=1 fh=627da500ea2e265f vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterfacef32.dll.vir"
sh=532A232C336AB1E5D65E829DFA191A71B96E2CC6 ft=1 fh=c71c001152b88659 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\HpUI.exe.vir"
sh=12EBF6FC8AD543662053CA101C2D5DA175137EB2 ft=1 fh=c71c00119e5c1a87 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\Loader32.exe.vir"
sh=8F0ABE23DDA3F9DC04497B1A4F455AF8CE9D45B8 ft=1 fh=787e176d56997de7 vn="Win64/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\Loader64.exe.vir"
sh=9E99BBE4E9F6026A66DB442D589FF049D44E43E9 ft=1 fh=c71c001149569c6f vn="Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\RSHP.exe.vir"
sh=55B49E6175EC153F5F6D595F7E36CF04D61C70AC ft=1 fh=c71c0011122aac36 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect32.dll.vir"
sh=B1740CE6528491D6914E0015C836A3A8E31A28E9 ft=1 fh=667e6cf17acea18e vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect64.dll.vir"
sh=5836A5DF3860241F6B69F2292ABCE592A13689B6 ft=1 fh=a3db04555f559ea8 vn="Variante von Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv32.dll.vir"
sh=E97CBDBD7CFED2C58464C1ABF186520022DE5666 ft=1 fh=7a2ea5ecc33ad0e3 vn="Variante von Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv64.dll.vir"
sh=6148DAB05D76E4FCEF4B394B0F60D9ADB2E2AB1E ft=1 fh=c71c0011346812ac vn="Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupIePluginServiceUpdate.exe.vir"
sh=9DC13DB9C123270C2356ED410128E11D5ADF7C6E ft=1 fh=023ab782f0a9b07d vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupTab.dll.vir"
sh=E9BEAFD5EF09360852ECDCC4312188064742E51A ft=1 fh=c71c0011421e8e27 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\uninstall.exe.vir"
sh=E3C659B9CAA4B5CFF2906CA02EB3F178906A2416 ft=1 fh=c71c00117f5fd915 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\WindowsSupportDll32.dll.vir"
sh=8B488C388E304F78CA88312A651D07494469D292 ft=1 fh=8013085d4e45f122 vn="Win64/Thinknice.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\WindowsSupportDll64.dll.vir"
sh=7560ADB6881D658A46F52AD1DCDF667B615F6EDE ft=1 fh=19f14dde2ee67322 vn="Variante von MSIL/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\WinZip Malware Protector\WinZipMalwareProtector.exe.vir"
sh=6148DAB05D76E4FCEF4B394B0F60D9ADB2E2AB1E ft=1 fh=c71c0011346812ac vn="Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=A70C63312CBCD0D975236E48372A5F3275A01554 ft=1 fh=b3500ac9ac48c1c9 vn="Variante von Win32/ELEX.AE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WPM\wprotectmanager.exe.vir"
sh=6FC4AAE869F2F76A974E8936FFFF96C7F4B1EA8D ft=0 fh=0000000000000000 vn="JS/Adware.Adpeak.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\9oaaxkgh.default\Extensions\RrSavings@jetpack\resources\RrSavings\lib\main.js.vir"
sh=1A278C9611A807BB4319B4DBC0CC28D5B61139E2 ft=1 fh=dc9029d19ecf454f vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\David\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=D10C0EE708B841AEA0256344DDE81B1640714115 ft=1 fh=0cbfa083b0d199a9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Config.Msi\222b1f.rbf"
sh=EEFB8F9EF9B851FC2F5FE0E0BE07057E5E3BEEA9 ft=1 fh=9d490b3d608ec5af vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Config.Msi\2b1bd.rbf"
sh=395EFA475333AD69CAA9B3C936077F19C18E9D8D ft=1 fh=e04f965664c1032e vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll"
sh=3519A17B76B6113C56EAFA45761AFDC404D3FDB1 ft=1 fh=b32fdf6a2c32fa5c vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll"
sh=66362D70954A79040858B9C743EBAAD8CD218D50 ft=1 fh=ba9c22da21ab1c66 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe"
sh=3291726385F383BD7BD094DBFEA7EEB3AD26AB58 ft=1 fh=5f0bd254c29adbeb vn="Variante von MSIL/Adware.Proxomoto.A Anwendung" ac=I fn="C:\Program Files\PicRec (x86)\PicRec (x86)\Installer.dll"
sh=4C7B2FE409BB077A4A2101A14DBF84682EEE06F5 ft=1 fh=79deafc8c1198b9e vn="Variante von MSIL/Adware.Proxomoto.A Anwendung" ac=I fn="C:\Program Files\PicRec (x86)\PicRec (x86)\InstallerLibrary.dll"
sh=6D7B4EAABBA923E63A16EEC202D68E8F447969EB ft=1 fh=e749c10e09ab4ead vn="Variante von MSIL/Adware.Proxomoto.G Anwendung" ac=I fn="C:\Program Files\PicRec (x86)\PicRec (x86)\WindowsUpdater.exe"
sh=3F8CCD9279F8D950622F536D3202CC0E44134A8E ft=1 fh=4cb693d7b46c457f vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\sweetpacks bundle uninstaller_AdwCleaner_1549035\uninstaller.exe"
sh=0541B9683E2C0FE8FA316A14FBFE39F8B6B25340 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\IE\SMOM0KRL\91[1].js"
sh=43AF91DC5DEE0C6EBD3896493BD21C2A695B37CB ft=1 fh=39261060eb4f8e5f vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\IE\SMOM0KRL\SPDetector[1].exe"
sh=3B29C36CCB0FD00A0812896E61D3AE6CE18E5EEE ft=1 fh=5ce1e22016c2ce7d vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\IE\SMOM0KRL\spstub[1].exe"
sh=6D8DEB6A0C5052D5C2DE108B4DD18103F8561432 ft=1 fh=d429baf8742ea515 vn="Win32/Somoto.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\IE\YGEV8PF1\BiTool[1].dll"
sh=F7955CC1890B827C92E1562BE8AFB578478DB54D ft=1 fh=521d389ae79862da vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\IE\ZB3K86JA\Setup[2].exe"
sh=E1072D062AE32BF8B09EE3BF9C3AF309D6BB1447 ft=1 fh=2950b75c4a574f40 vn="Variante von Win32/ELEX.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\AppData\Local\Temp\amt_webssearches.exe"
sh=CA422851421ADC99403249CC7203DEDCA0B4B3F3 ft=1 fh=7524831eeb94e3ff vn="Win32/RiskWare.Astori.A Anwendung" ac=I fn="C:\Users\David\AppData\Local\Temp\awh6B1D.tmp"
sh=38FE09F9D0A4BCB78A6C67E724001C916CCB53DF ft=1 fh=1e19973d24de52ff vn="Variante von Win32/EasyInstaller.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\AppData\Local\Temp\awh6B6C.tmp"
sh=DD4F5473C1D9274184DABA69D427BE1AF4D85D8D ft=1 fh=4a56dccdcb7e6102 vn="Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\AppData\Local\Temp\awh82ED.tmp"
sh=6D8DEB6A0C5052D5C2DE108B4DD18103F8561432 ft=1 fh=d429baf8742ea515 vn="Win32/Somoto.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\AppData\Local\Temp\bitool.dll"
sh=ECCB27329433180317656DE2A856EBDA18D7B95A ft=1 fh=375f8f154310f307 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\AppData\Local\Temp\dfbdc01a-1b6d-46f6-9d4a-88472d331ea6.exe"
sh=FE9D72952D22E5932F172478AAB828614B5552AD ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\David\AppData\Local\Temp\MsiToExe.SetupExtension.msi"
sh=43AF91DC5DEE0C6EBD3896493BD21C2A695B37CB ft=1 fh=39261060eb4f8e5f vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\AppData\Local\Temp\nsc8515.tmp"
sh=4F75724274AC38ABCA55F0C6878A691A4D507F9D ft=0 fh=0000000000000000 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\AppData\Local\Temp\rpc412.zip"
sh=9DF97B417C53958902D1876867B1B5233E107868 ft=1 fh=b6fea5969f17fc17 vn="Win32/Somoto.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Downloads\m4a-to-mp3-81converter.exe"
sh=A981E3D6F03D3BD57D1472F33A4093A01533F8A8 ft=1 fh=7aaf7b3d0491af48 vn="Variante von MSIL/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Downloads\wzmp_8.exe"
sh=A823D4D557D4DEAFBE264CC8760DBFE85C24C4A0 ft=1 fh=c71c001189d1b3db vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Pictures\C\Users\User\AppData\Local\Babylon\Setup\BExternal.dll"
sh=E9966958672AFC5363CD47F153CA2ED0C87112DF ft=1 fh=a2f67e8360868780 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Pictures\C\Users\User\AppData\Local\Babylon\Setup\IECookieLow.dll"
sh=45D1104CA6BE51EDA80B5994403E9ABD523082A3 ft=1 fh=dc60180b3d8151a5 vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Pictures\C\Users\User\AppData\Local\Babylon\Setup\Setup.exe"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Pictures\C\Users\User\AppData\Local\Conduit\CT2801948\NCH_ENAutoUpdateHelper.exe"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Pictures\C\Users\User\AppData\LocalLow\MessengerPlusLive_Germany_TB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Pictures\C\Users\User\AppData\LocalLow\NCH_EN\ldrtbNCH_.dll"
sh=4C5834A9F0D646B35A7719A4E352093C0240BA5F ft=1 fh=f68058267a38e609 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Pictures\C\Users\User\AppData\LocalLow\NCH_EN\tbNCH_.dll"
sh=D3B261347DEA979D9F42B85B7CCED6741CCD8AE6 ft=1 fh=a72bb79d4905971b vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Pictures\C\Users\User\AppData\Roaming\OpenCandy\FE2FD6BE9C6A44FDA1D61AD5A3AA5596\pcspeedup_oc.exe"
sh=BFCA418A5B6C46CB387A0FA688BBFE76CDC0E91B ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\David\Pictures\C\Users\User\Documents\JB\Android_2_3_5_und_co\KitchenPro.apk"
sh=2FAB1594B81ED6C7AF3873EAA710AD463AEE53B1 ft=1 fh=56c6ff70980b4c07 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Pictures\C\Users\User\Downloads\BandooV7.exe"
sh=0635754C14682B94AA158764E84A662750F37FE7 ft=1 fh=1c758bc08e735a24 vn="Variante von Win32/MediaGet evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Pictures\C\Users\User\Downloads\eko_fresh__ekrem.exe"
sh=13DDFB00567A8F5FB6EA6509A272B24018D22B1C ft=1 fh=b8d1396863c48d65 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Pictures\C\Users\User\Downloads\Elf_1.exe"
sh=9EDF9F86CC2AD1E17D316782669596A53030FF00 ft=1 fh=9099cd3da17ae047 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Pictures\C\Users\User\Downloads\FreeVideoToiPodConverter.exe"
sh=5D14440FA08C1B56871C23EAF7331A118FC09B9C ft=1 fh=4e6ecb2a4b68e9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Pictures\C\Users\User\Downloads\FreeVideoToiPodConverter42(2).exe"
sh=5D14440FA08C1B56871C23EAF7331A118FC09B9C ft=1 fh=4e6ecb2a4b68e9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Pictures\C\Users\User\Downloads\FreeVideoToiPodConverter42.exe"
sh=B25DFC38B84D9E21F4ECE88E942AAF3CC22EAB8E ft=1 fh=cda1cbd4b2e6ebee vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Pictures\C\Users\User\Downloads\FreeYouTubeToMP333Converter.exe"
sh=8547D1E5EACE099ECFE5EDBF6958FA077650894B ft=1 fh=61435738673b6524 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Pictures\C\Users\User\Downloads\FreeYouTubeToMP3Converter.exe"
sh=A0CDEA3BC17837F2E0A861FFF6207B16839612B6 ft=1 fh=68ff0794a879d4a5 vn="Win32/Toggle evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Pictures\C\Users\User\Downloads\installer_aircrack-ng_1_1_Deutsch.exe"
sh=6A4F558B7157DE07CAC08311D842C26754AC38BD ft=1 fh=639c288a0bd481d5 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\David\Pictures\C\Users\User\Downloads\PageRage-SilentInstaller.exe"
sh=82FD03D90E8A69AB6D0E20FDEAB5500FF8D6FEFC ft=1 fh=2fc3062b1d510bb8 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Pictures\C\Users\User\Downloads\SoftonicDownloader_fuer_avira-antivir-professional.exe"
sh=F38B1F6D5AC07B9FF878AA41341C92CF064A7D65 ft=1 fh=a480a3b04a0f34fc vn="Win32/SoftonicDownloader evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Pictures\C\Users\User\Downloads\SoftonicDownloader_fuer_samsung-kies.exe"
sh=845399D695929867A7877A1D7D9E385D77B8385D ft=1 fh=20f13d39f12df8a4 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Pictures\C\Users\User\Downloads\SoftonicDownloader_fuer_snow-transformation-pack.exe"
sh=D68FD4451546A9E21E1067D3F3898B091AC85DF3 ft=1 fh=5f905793c1e09aa3 vn="Win32/SoftonicDownloader evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Pictures\C\Users\User\Downloads\SoftonicDownloader_fuer_switch-audio-file-converter.exe"
sh=AEA202E75EB4A7B17250E6DCA3B2470D83247036 ft=1 fh=67bcb2b84dcf5931 vn="Variante von Win32/SweetIM.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Pictures\C\Users\User\Downloads\SweetImSetup-1.exe"
sh=C8E5AD9D42414D2AB626106E299C1D1D134F2214 ft=1 fh=cbf816bf4b628327 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\David\Pictures\C\Users\User\Downloads\switchsetup_4.21.exe"
sh=FE9D72952D22E5932F172478AAB828614B5552AD ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows\Installer\963bab44.msi"
sh=3291726385F383BD7BD094DBFEA7EEB3AD26AB58 ft=1 fh=5f0bd254c29adbeb vn="Variante von MSIL/Adware.Proxomoto.A Anwendung" ac=I fn="C:\Windows\Microsoft\sogr\Installer.dll"
sh=4C7B2FE409BB077A4A2101A14DBF84682EEE06F5 ft=1 fh=79deafc8c1198b9e vn="Variante von MSIL/Adware.Proxomoto.A Anwendung" ac=I fn="C:\Windows\Microsoft\sogr\InstallerLibrary.dll"
sh=6D7B4EAABBA923E63A16EEC202D68E8F447969EB ft=1 fh=e749c10e09ab4ead vn="Variante von MSIL/Adware.Proxomoto.G Anwendung" ac=I fn="C:\Windows\Microsoft\sogr\WindowsUpdater.exe"
sh=7F29C65D27184E6C1E65253A19154568335D994C ft=1 fh=8dfecc9f0b4d34d4 vn="Win32/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\sasnative32.exe"
sh=FE6FE35440252ED67CCCADFFA759CDF4A6DD5A4F ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\HDX-PREMIUM\Backup Set 2012-10-29 214544\Backup Files 2012-10-29 214544\Backup files 1.zip"
sh=147A7C3E0E4FA70FFB7AA6657CEF80EBA7969021 ft=0 fh=0000000000000000 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung" ac=I fn="D:\HDX-PREMIUM\Backup Set 2012-10-29 214544\Backup Files 2012-10-29 214544\Backup files 54.zip"
sh=215E0A85A6832EE73DF4A7D479480404C36ED874 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="D:\HDX-PREMIUM\Backup Set 2012-10-29 214544\Backup Files 2012-10-29 214544\Backup files 60.zip"
sh=CA1B0DAA04B9B229C2F5204BC335420F55C6317D ft=0 fh=0000000000000000 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="D:\HDX-PREMIUM\Backup Set 2012-10-29 214544\Backup Files 2012-10-29 214544\Backup files 75.zip"
sh=E4E2A58A2BB5F96A113421A42EE3D9112C6293A1 ft=0 fh=0000000000000000 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="D:\HDX-PREMIUM\Backup Set 2012-10-29 214544\Backup Files 2012-10-29 214544\Backup files 76.zip"
sh=CBC89D76284C7A6571052961EE223527B2CB10D8 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\HDX-PREMIUM\Backup Set 2012-10-29 214544\Backup Files 2012-10-29 214544\Backup files 77.zip"
sh=64507E683A2CEE6FB1CDA09600C672079ECBD3C0 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\HDX-PREMIUM\Backup Set 2012-10-29 214544\Backup Files 2012-10-29 214544\Backup files 78.zip"
sh=0C6F33F59FD85CC915DD2C2DFE4DAAF334B8151A ft=0 fh=0000000000000000 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="D:\HDX-PREMIUM\Backup Set 2012-10-29 214544\Backup Files 2012-10-29 214544\Backup files 79.zip"
sh=CD323C1F610D1BCFCD094FBDB89DF241BE2B1B36 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.B evtl. unerwünschte Anwendung" ac=I fn="D:\HDX-PREMIUM\Backup Set 2012-10-29 214544\Backup Files 2012-10-29 214544\Backup files 80.zip"
sh=BECA8C6D4E70F6F33AD29F5365E89A87EAF33C74 ft=0 fh=0000000000000000 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="D:\HDX-PREMIUM\Backup Set 2012-10-29 214544\Backup Files 2012-10-29 214544\Backup files 86.zip"
sh=ADF6D2E1A8C1873F09ACDF58ABA6C8D8C2133BBE ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo Anwendung" ac=I fn="D:\HDX-PREMIUM\Backup Set 2012-10-29 214544\Backup Files 2012-12-26 191858\Backup files 1.zip"
sh=37FEF24705FAF42ADB90AEEC6503233AAB7E1CD6 ft=0 fh=0000000000000000 vn="Win32/Adware.Yontoo.D Anwendung" ac=I fn="D:\HDX-PREMIUM\Backup Set 2012-10-29 214544\Backup Files 2013-01-09 104722\Backup files 10.zip"
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-08-2014 03
Ran by David (administrator) on DAVID on 18-08-2014 21:23:34
Running from C:\Users\David\Downloads
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\stacsv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\AEstSrv.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Razer Inc.) C:\Program Files\Razer\RzWizard\RzWizardService.exe
() C:\Windows\Microsoft\sogr\WindowsUpdater.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Hardware\Game Controllers\Common\SWTrayV4.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung) C:\Program Files\SAMSUNG\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
() C:\Program Files\WinRAR\WinRAR.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
() C:\Program Files\PicRec (x86)\PicRec (x86)\WFP\FilterUsageExample.exe
() C:\Users\David\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Policies\Explorer: [NoBandCustomize] 0
HKLM\...\Policies\Explorer: [NoToolbarCustomize] 0
HKU\S-1-5-21-886002270-3676093480-2908310277-1001\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-04-23] (Samsung)
HKU\S-1-5-21-886002270-3676093480-2908310277-1001\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-886002270-3676093480-2908310277-1001\...\Policies\Explorer: [NoToolbarCustomize] 0
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD01DDBD3A904CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\9oaaxkgh.default
FF NewTab: chrome://quick_start/content/index.html
FF SearchEngineOrder.1: Amazon
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\9oaaxkgh.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\9oaaxkgh.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-12]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-12]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-12]
CHR Extension: (Google-Suche) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-12]
CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-12]
CHR Extension: (Google Mail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-12]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AESTFilters; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [1680088 2013-10-28] (Broadcom Corporation.)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-08-11] (IObit)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RzWizardService; C:\Program Files\Razer\RzWizard\RzWizardService.exe [367616 2014-05-20] (Razer Inc.) [File not signed]
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R2 sogr; C:\WINDOWS\Microsoft\sogr\WindowsUpdater.exe [19968 2014-07-29] () [File not signed]
R2 STacSV; C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_x86_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279784 2014-03-24] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-03-24] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1210368 2014-04-03] (Microsoft Corporation)
S2 RrFilterService; c:\Program Files\RrFilter\RrFilterService.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [175320 2013-10-28] (Broadcom Corporation.)
S3 btwampfl; C:\WINDOWS\system32\DRIVERS\btwampfl.sys [144600 2013-10-28] (Broadcom Corporation.)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
S3 HtcVCom32; C:\WINDOWS\system32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)
R1 MpKsl1e127c4a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4391D9D8-31A3-41FF-B714-467DB8D0E0A8}\MpKsl1e127c4a.sys [39464 2014-08-17] (Microsoft Corporation)
R1 netfilter; C:\WINDOWS\System32\drivers\netfilter.sys [31744 2014-02-13] (NetFilterSDK.com) [File not signed]
R1 netmon_wfp; C:\WINDOWS\System32\drivers\netmon_wfp.sys [44248 2014-07-29] (Windows (R) Win 7 DDK provider)
R3 NETwNs32; C:\WINDOWS\system32\DRIVERS\NETwNs32.sys [7518208 2013-06-18] (Intel Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [92504 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-05-03] (Microsoft Corporation)
R3 WUDFSensorLP; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-18 21:21 - 2014-08-18 21:21 - 00854417 _____ () C:\Users\David\Downloads\SecurityCheck.exe
2014-08-18 13:50 - 2014-08-18 13:50 - 00000000 ____D () C:\Program Files\ESET
2014-08-18 13:43 - 2014-08-18 13:43 - 02347384 _____ (ESET) C:\Users\David\Downloads\esetsmartinstaller_deu.exe
2014-08-17 14:47 - 2014-08-17 14:47 - 00000193 _____ () C:\WINDOWS\WORDPAD.INI
2014-08-17 14:44 - 2014-08-17 14:44 - 00052920 _____ () C:\Users\David\Downloads\FRST.txt 2.txt
2014-08-17 14:41 - 2014-08-17 14:41 - 00000000 ____D () C:\Users\David\Downloads\FRST-OlderVersion
2014-08-17 14:37 - 2014-08-17 14:37 - 00000618 _____ () C:\Users\David\Desktop\JRT.txt
2014-08-17 14:32 - 2014-08-17 14:32 - 00002010 _____ () C:\Users\David\Desktop\AdwCleaner[S7].txt
2014-08-17 14:25 - 2014-08-17 14:25 - 01361671 _____ () C:\Users\David\Downloads\adwcleaner_3.307.exe
2014-08-17 14:15 - 2014-08-18 13:42 - 00000000 _____ () C:\Users\David\Desktop\mbam.txt
2014-08-17 13:46 - 2014-08-17 13:47 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-17 13:46 - 2014-08-17 13:46 - 00001072 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-17 13:46 - 2014-08-17 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-17 13:46 - 2014-08-17 13:46 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-08-17 13:46 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-08-17 13:46 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-17 13:46 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-17 13:41 - 2014-08-17 13:41 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-14 14:29 - 2014-08-14 14:29 - 00053603 _____ () C:\Users\David\Desktop\FRST.txt
2014-08-14 14:29 - 2014-08-14 14:29 - 00048498 _____ () C:\Users\David\Desktop\Addition.txt
2014-08-14 14:24 - 2014-08-14 14:25 - 00048498 _____ () C:\Users\David\Downloads\Addition.txt
2014-08-14 14:23 - 2014-08-18 21:23 - 00012084 _____ () C:\Users\David\Downloads\FRST.txt
2014-08-14 14:22 - 2014-08-18 21:23 - 00000000 ____D () C:\FRST
2014-08-14 14:22 - 2014-08-17 14:41 - 01093632 _____ (Farbar) C:\Users\David\Downloads\FRST.exe
2014-08-14 03:20 - 2014-08-14 03:21 - 00000000 ____D () C:\Program Files\Browser Hijack Recover
2014-08-14 03:20 - 2014-08-14 03:20 - 02449338 _____ (Wamasoft,Inc. ) C:\Users\David\Downloads\browser-hijack-recover_4352.exe
2014-08-14 03:20 - 2014-08-14 03:20 - 00001044 _____ () C:\Users\UpdatusUser\Desktop\Browser Hijack Recover(BHR).lnk
2014-08-14 03:20 - 2014-08-14 03:20 - 00001044 _____ () C:\Users\David\Desktop\Browser Hijack Recover(BHR).lnk
2014-08-14 03:20 - 2014-08-14 03:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Hijack Recover(BHR)
2014-08-14 03:20 - 2014-08-14 03:20 - 00000000 _____ () C:\WINDOWS\system32\8104297.jun
2014-08-14 03:04 - 2014-08-14 03:04 - 00001000 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
2014-08-14 03:04 - 2014-08-14 03:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
2014-08-14 03:04 - 2014-08-14 03:04 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree
2014-08-14 03:03 - 2014-08-14 03:03 - 02095808 _____ (Emsi Software GmbH ) C:\Users\David\Downloads\a-squared-hijackfree_27131.exe
2014-08-14 02:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-08-14 02:32 - 2014-08-14 02:32 - 00304857 _____ () C:\Users\David\Downloads\HijackThis_205.zip
2014-08-14 00:40 - 2014-08-14 00:40 - 00000050 _____ () C:\Users\David\Downloads\ad_companion
2014-08-14 00:27 - 2014-08-14 00:27 - 03736125 _____ () C:\Users\David\Downloads\testdisk-6.14.win.zip
2014-08-12 15:36 - 2014-08-18 15:40 - 00002141 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-12 15:36 - 2014-08-12 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-12 15:35 - 2014-08-18 20:40 - 00001108 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-12 15:35 - 2014-08-18 15:40 - 00001104 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 15:35 - 2014-08-12 15:36 - 00000000 ____D () C:\Users\David\AppData\Local\Google
2014-08-12 15:35 - 2014-08-12 15:35 - 00000000 ____D () C:\Program Files\Google
2014-08-12 15:34 - 2014-08-12 15:34 - 00895120 _____ (Google Inc.) C:\Users\David\Downloads\ChromeSetup.exe
2014-08-12 15:27 - 2014-08-12 15:27 - 00001020 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk
2014-08-12 15:27 - 2014-08-12 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-08-12 15:27 - 2014-08-12 15:27 - 00000000 ____D () C:\Program Files\CHIP Updater
2014-08-12 15:26 - 2014-08-12 15:26 - 01101648 _____ () C:\Users\David\Downloads\CWShredder - CHIP-Installer.exe
2014-08-12 15:05 - 2014-08-12 15:05 - 00001159 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-08-12 15:05 - 2014-08-12 15:05 - 00000000 ____D () C:\Users\David\AppData\Roaming\Nico Mak Computing
2014-08-12 15:05 - 2014-08-12 15:05 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-08-12 15:05 - 2013-03-15 17:01 - 00016384 _____ () C:\WINDOWS\system32\wsusnative32.exe
2014-08-12 15:03 - 2014-08-12 15:03 - 04892480 _____ (WinZip International LLC ) C:\Users\David\Downloads\wzmp_8.exe
2014-08-12 14:56 - 2014-08-12 14:56 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-12 14:54 - 2014-08-12 14:55 - 01016261 _____ (Thisisu) C:\Users\David\Downloads\JRT.exe
2014-08-12 14:40 - 2014-08-12 14:40 - 05569662 _____ (Swearware) C:\Users\David\Downloads\ComboFix.exe
2014-08-12 14:33 - 2014-08-12 14:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-12 00:22 - 2014-08-12 00:22 - 00000000 ____D () C:\ProgramData\BitDefender
2014-08-12 00:13 - 2014-08-17 13:44 - 00000000 ____D () C:\Users\David\AppData\Roaming\Lavasoft
2014-08-12 00:08 - 2014-08-12 00:08 - 00000000 ____D () C:\Users\David\AppData\Roaming\LavasoftStatistics
2014-08-12 00:04 - 2014-08-12 00:05 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-12 00:03 - 2014-08-12 00:03 - 01707144 _____ () C:\Users\David\Downloads\Adaware112_Installer.exe
2014-08-12 00:03 - 2014-08-12 00:03 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-08-11 23:57 - 2014-08-11 23:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-11 23:19 - 2014-08-11 23:19 - 00000000 ____D () C:\Users\David\AppData\Roaming\ProductData
2014-08-11 23:18 - 2014-08-12 00:00 - 00000000 ____D () C:\ProgramData\IObit
2014-08-11 23:18 - 2014-08-11 23:19 - 00000000 ____D () C:\ProgramData\ProductData
2014-08-11 23:18 - 2014-08-11 23:18 - 00001226 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-08-11 23:18 - 2014-08-11 23:18 - 00001202 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-08-11 23:18 - 2014-08-11 23:18 - 00000278 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2014-08-11 23:17 - 2014-08-11 23:18 - 00000000 ____D () C:\Program Files\IObit
2014-08-11 23:17 - 2014-08-11 23:17 - 12906784 _____ (IObit) C:\Users\David\Downloads\iobituninstaller_338.exe
2014-08-11 23:17 - 2014-08-11 23:17 - 00000000 ____D () C:\Users\David\AppData\Roaming\IObit
2014-08-11 22:06 - 2014-06-26 22:55 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-08-11 22:06 - 2014-06-26 22:55 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-08-11 21:57 - 2014-08-11 21:57 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-08-11 21:50 - 2014-08-11 22:14 - 00000000 ____D () C:\Users\David\Desktop\Nature One The Golden Twenty+
2014-08-11 21:47 - 2014-08-11 21:47 - 01234120 _____ () C:\Users\David\Downloads\wrar380.exe
2014-08-11 21:47 - 2014-08-11 21:47 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-11 21:47 - 2014-08-11 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-11 20:38 - 2014-08-11 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery
2014-08-11 20:38 - 2014-08-11 20:38 - 00000000 ____D () C:\ProgramData\Elcomsoft Password Recovery
2014-08-11 20:38 - 2014-08-11 20:38 - 00000000 ____D () C:\Program Files\Elcomsoft Password Recovery
2014-08-11 20:38 - 2014-08-11 20:38 - 00000000 ____D () C:\Program Files\Elcomsoft
2014-08-11 20:37 - 2014-08-11 20:38 - 00000000 ____D () C:\Users\David\AppData\Local\Abelssoft
2014-08-11 20:37 - 2014-08-11 20:37 - 00000000 ____D () C:\Users\David\AppData\Roaming\Abelssoft
2014-08-11 20:37 - 2014-08-11 20:37 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-08-11 20:37 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\WINDOWS\system32\dhRichClient3.dll
2014-08-11 20:37 - 2011-03-25 20:42 - 00338432 _____ () C:\WINDOWS\system32\sqlite36_engine.dll
2014-08-11 20:35 - 2014-08-11 20:36 - 01101648 _____ () C:\Users\David\Downloads\Advanced Archive Password Recovery - CHIP-Installer.exe
2014-08-11 20:06 - 2014-08-14 01:57 - 00000000 ____D () C:\Users\David\Desktop\The GoldenTwenty
2014-08-11 20:05 - 2014-08-18 21:23 - 00000000 ____D () C:\http_filter
2014-08-11 20:05 - 2014-08-11 20:05 - 00000000 ____D () C:\ProgramData\PicRec
2014-08-11 20:05 - 2014-08-11 20:05 - 00000000 ____D () C:\Program Files\Common Files\PicRec
2014-08-11 20:05 - 2014-07-29 10:16 - 00044248 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\netmon_wfp.sys
2014-08-11 20:04 - 2014-08-11 20:04 - 00000000 ____D () C:\Program Files\PicRec (x86)
2014-08-03 03:49 - 2014-08-03 03:49 - 00000000 ____D () C:\Users\David\AppData\Local\Razer_Inc
2014-08-02 19:04 - 2014-08-02 19:04 - 00000000 ____D () C:\ProgramData\Razer
2014-08-02 19:03 - 2014-08-02 19:04 - 00000000 ____D () C:\Program Files\Razer
2014-08-02 18:43 - 2014-04-14 04:37 - 00865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-08-02 17:19 - 2014-07-01 00:46 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-08-02 17:19 - 2014-06-28 08:57 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-08-02 17:19 - 2014-06-28 08:27 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-08-02 17:19 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-02 17:19 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-02 17:19 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-02 17:19 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-02 17:19 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-02 17:19 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-02 17:19 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-02 17:19 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-02 17:19 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-02 17:19 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-02 17:19 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-02 17:19 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-02 17:19 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-02 17:19 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-02 17:19 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-08-02 17:19 - 2014-06-06 15:20 - 03497472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-02 17:19 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-08-02 17:19 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-02 17:19 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-02 17:19 - 2014-05-30 05:05 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-08-02 17:19 - 2014-05-29 11:30 - 00481400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-08-02 17:19 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-08-02 17:19 - 2014-05-29 06:38 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-08-02 17:19 - 2014-02-06 12:19 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-08-02 17:19 - 2014-02-06 12:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-08-02 17:19 - 2014-02-06 11:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-02 17:19 - 2014-02-06 11:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-02 17:19 - 2014-02-06 11:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-08-02 17:19 - 2014-02-06 11:47 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-08-02 17:19 - 2014-02-06 11:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-02 17:18 - 2014-05-31 10:38 - 00049552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-08-02 17:18 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-08-02 17:18 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-02 17:18 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-08-02 17:18 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-08-02 17:18 - 2014-05-31 04:39 - 02818048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-08-02 17:18 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-08-02 17:18 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-24 22:51 - 2014-07-24 22:51 - 00000000 ____D () C:\rbtemp
2014-07-24 22:51 - 2012-07-25 12:03 - 00017136 _____ () C:\WINDOWS\system32\sasnative32.exe
2014-07-24 22:38 - 2014-04-18 15:43 - 00031064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-07-24 22:38 - 2014-04-18 15:29 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-07-24 22:38 - 2014-04-18 10:51 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2014-07-24 22:38 - 2014-04-18 10:01 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-07-24 22:38 - 2014-04-18 09:51 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-07-24 22:38 - 2014-04-18 09:49 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-07-24 22:38 - 2014-04-14 10:01 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2014-07-24 22:38 - 2014-04-11 07:29 - 01016320 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-07-24 22:38 - 2014-04-11 06:23 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-07-24 22:38 - 2014-04-11 05:27 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-07-24 22:38 - 2014-04-09 12:47 - 00294744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-07-24 22:38 - 2014-04-09 07:44 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2014-07-24 22:38 - 2014-04-09 05:22 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2014-07-24 22:38 - 2014-04-08 01:47 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2014-07-24 22:38 - 2014-04-06 17:27 - 00311128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-07-24 22:38 - 2014-04-06 17:27 - 00240472 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2014-07-24 22:38 - 2014-04-06 17:23 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-07-24 22:38 - 2014-04-06 17:22 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-07-24 22:38 - 2014-04-06 17:22 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2014-07-24 22:38 - 2014-04-06 17:18 - 00271192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2014-07-24 22:38 - 2014-04-06 17:16 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 01159520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-07-24 22:38 - 2014-04-06 17:16 - 00194752 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-07-24 22:38 - 2014-04-06 14:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2014-07-24 22:38 - 2014-04-06 14:00 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2014-07-24 22:38 - 2014-04-06 13:54 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-07-24 22:38 - 2014-04-06 13:47 - 00264704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2014-07-24 22:38 - 2014-04-06 13:40 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2014-07-24 22:38 - 2014-04-06 12:58 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2014-07-24 22:38 - 2014-04-06 12:55 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-07-24 22:38 - 2014-04-06 12:44 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-07-24 22:38 - 2014-04-06 12:37 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-07-24 22:38 - 2014-04-06 12:36 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-07-24 22:38 - 2014-04-06 11:59 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2014-07-24 22:38 - 2014-04-03 06:03 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2014-07-24 22:38 - 2014-04-03 06:03 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2014-07-24 22:38 - 2014-04-03 05:53 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-07-24 22:38 - 2014-04-03 04:46 - 03563008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-07-24 22:38 - 2014-04-03 04:45 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-07-24 22:38 - 2014-04-03 04:44 - 01210368 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-07-24 22:38 - 2014-04-03 04:24 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-07-24 22:38 - 2014-04-03 04:23 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2014-07-24 22:38 - 2014-04-01 07:09 - 00333656 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-07-24 22:38 - 2014-03-31 05:34 - 05786968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-07-24 22:38 - 2014-03-31 02:41 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d8thk.dll
2014-07-24 22:38 - 2014-03-31 01:26 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-07-24 22:38 - 2014-03-31 01:13 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-07-24 22:38 - 2014-03-31 00:37 - 01167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-07-24 22:38 - 2014-03-31 00:35 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-07-24 22:38 - 2014-03-31 00:09 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-07-24 22:38 - 2014-03-30 23:49 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-07-24 22:38 - 2014-03-28 11:04 - 00328984 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2014-07-24 22:38 - 2014-03-27 07:21 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-07-24 22:38 - 2014-03-27 06:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2014-07-24 22:38 - 2014-03-27 06:19 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-07-24 22:38 - 2014-03-27 05:22 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-07-24 22:38 - 2014-03-27 05:03 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-07-24 22:38 - 2014-03-27 04:59 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2014-07-24 22:38 - 2014-03-25 00:57 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-07-24 22:38 - 2014-03-21 05:46 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\tscfgwmi.dll
2014-07-24 22:38 - 2014-03-20 03:20 - 00229344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-07-24 22:38 - 2014-03-20 01:38 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2014-07-24 22:38 - 2014-03-20 01:33 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-07-24 22:38 - 2014-03-19 09:17 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2014-07-24 22:38 - 2014-03-19 09:09 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-07-24 22:38 - 2014-03-19 07:56 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-07-24 22:38 - 2014-03-19 07:00 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-07-24 22:38 - 2014-03-19 06:51 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-07-24 22:38 - 2014-03-19 06:47 - 01309184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-07-24 22:38 - 2014-03-19 06:23 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-07-24 22:38 - 2014-03-19 06:14 - 02130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-07-24 22:38 - 2014-03-18 09:22 - 00069632 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-07-24 22:38 - 2014-03-18 06:52 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2014-07-24 22:38 - 2014-03-17 06:11 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-07-24 22:38 - 2014-03-17 04:45 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-07-24 22:38 - 2014-03-17 04:36 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-07-24 22:38 - 2014-03-14 08:10 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2014-07-24 22:38 - 2014-03-06 12:37 - 00264536 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-07-24 22:38 - 2014-01-27 20:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-07-24 22:37 - 2014-05-19 07:33 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2014-07-24 22:37 - 2014-05-19 07:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2014-07-24 22:37 - 2014-05-10 05:22 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-07-24 22:37 - 2014-05-09 01:08 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2014-07-24 22:37 - 2014-05-05 06:02 - 02826240 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-07-24 22:37 - 2014-05-03 08:36 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-07-24 22:37 - 2014-05-01 13:00 - 02257608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-07-24 22:37 - 2014-05-01 13:00 - 00046512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2014-07-24 22:37 - 2014-05-01 08:51 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-07-24 22:37 - 2014-05-01 08:42 - 02045440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-07-24 22:37 - 2014-05-01 07:31 - 02366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2014-07-24 22:37 - 2014-04-30 12:10 - 01090296 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-07-24 22:37 - 2014-04-30 05:47 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2014-07-24 22:37 - 2014-04-30 05:43 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2014-07-24 22:37 - 2014-04-03 05:46 - 01871704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-07-24 22:37 - 2014-04-03 05:46 - 00286040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-18 21:24 - 2014-08-14 14:23 - 00012084 _____ () C:\Users\David\Downloads\FRST.txt
2014-08-18 21:23 - 2014-08-14 14:22 - 00000000 ____D () C:\FRST
2014-08-18 21:23 - 2014-08-11 20:05 - 00000000 ____D () C:\http_filter
2014-08-18 21:21 - 2014-08-18 21:21 - 00854417 _____ () C:\Users\David\Downloads\SecurityCheck.exe
2014-08-18 21:16 - 2014-05-05 23:48 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-18 21:00 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-18 20:40 - 2014-08-12 15:35 - 00001108 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-18 19:42 - 2014-05-03 00:19 - 01879765 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-18 17:59 - 2014-03-18 10:04 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-18 15:40 - 2014-08-12 15:36 - 00002141 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-18 15:40 - 2014-08-12 15:35 - 00001104 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-18 13:50 - 2014-08-18 13:50 - 00000000 ____D () C:\Program Files\ESET
2014-08-18 13:43 - 2014-08-18 13:43 - 02347384 _____ (ESET) C:\Users\David\Downloads\esetsmartinstaller_deu.exe
2014-08-18 13:42 - 2014-08-17 14:15 - 00000000 _____ () C:\Users\David\Desktop\mbam.txt
2014-08-18 05:47 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-08-17 14:47 - 2014-08-17 14:47 - 00000193 _____ () C:\WINDOWS\WORDPAD.INI
2014-08-17 14:44 - 2014-08-17 14:44 - 00052920 _____ () C:\Users\David\Downloads\FRST.txt 2.txt
2014-08-17 14:41 - 2014-08-17 14:41 - 00000000 ____D () C:\Users\David\Downloads\FRST-OlderVersion
2014-08-17 14:41 - 2014-08-14 14:22 - 01093632 _____ (Farbar) C:\Users\David\Downloads\FRST.exe
2014-08-17 14:37 - 2014-08-17 14:37 - 00000618 _____ () C:\Users\David\Desktop\JRT.txt
2014-08-17 14:34 - 2014-05-03 00:51 - 00000000 __RDO () C:\Users\David\OneDrive
2014-08-17 14:32 - 2014-08-17 14:32 - 00002010 _____ () C:\Users\David\Desktop\AdwCleaner[S7].txt
2014-08-17 14:31 - 2014-04-01 21:34 - 00000000 ____D () C:\Users\David\AppData\Local\HTC MediaHub
2014-08-17 14:30 - 2014-03-18 01:54 - 00260250 _____ () C:\WINDOWS\PFRO.log
2014-08-17 14:30 - 2013-08-22 09:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-17 14:29 - 2014-05-24 22:46 - 00000000 ____D () C:\AdwCleaner
2014-08-17 14:29 - 2013-08-22 08:13 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-17 14:25 - 2014-08-17 14:25 - 01361671 _____ () C:\Users\David\Downloads\adwcleaner_3.307.exe
2014-08-17 14:16 - 2014-03-18 09:45 - 00000000 __SHD () C:\WINDOWS\BitLockerDiscoveryVolumeContents
2014-08-17 13:47 - 2014-08-17 13:46 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-17 13:46 - 2014-08-17 13:46 - 00001072 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-17 13:46 - 2014-08-17 13:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-17 13:46 - 2014-08-17 13:46 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-08-17 13:45 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-17 13:44 - 2014-08-12 00:13 - 00000000 ____D () C:\Users\David\AppData\Roaming\Lavasoft
2014-08-17 13:41 - 2014-08-17 13:41 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-08-15 00:07 - 2014-05-03 00:27 - 00000000 ____D () C:\Users\David
2014-08-15 00:07 - 2010-08-25 15:50 - 00000000 ____D () C:\Program Files\Steam
2014-08-14 23:24 - 2013-03-15 19:47 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-08-14 22:49 - 2014-05-05 22:15 - 00004768 _____ () C:\WINDOWS\setupact.log
2014-08-14 14:29 - 2014-08-14 14:29 - 00053603 _____ () C:\Users\David\Desktop\FRST.txt
2014-08-14 14:29 - 2014-08-14 14:29 - 00048498 _____ () C:\Users\David\Desktop\Addition.txt
2014-08-14 14:25 - 2014-08-14 14:24 - 00048498 _____ () C:\Users\David\Downloads\Addition.txt
2014-08-14 03:21 - 2014-08-14 03:20 - 00000000 ____D () C:\Program Files\Browser Hijack Recover
2014-08-14 03:20 - 2014-08-14 03:20 - 02449338 _____ (Wamasoft,Inc. ) C:\Users\David\Downloads\browser-hijack-recover_4352.exe
2014-08-14 03:20 - 2014-08-14 03:20 - 00001044 _____ () C:\Users\UpdatusUser\Desktop\Browser Hijack Recover(BHR).lnk
2014-08-14 03:20 - 2014-08-14 03:20 - 00001044 _____ () C:\Users\David\Desktop\Browser Hijack Recover(BHR).lnk
2014-08-14 03:20 - 2014-08-14 03:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Hijack Recover(BHR)
2014-08-14 03:20 - 2014-08-14 03:20 - 00000000 _____ () C:\WINDOWS\system32\8104297.jun
2014-08-14 03:04 - 2014-08-14 03:04 - 00001000 _____ () C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
2014-08-14 03:04 - 2014-08-14 03:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
2014-08-14 03:04 - 2014-08-14 03:04 - 00000000 ____D () C:\Program Files\Emsisoft HiJackFree
2014-08-14 03:03 - 2014-08-14 03:03 - 02095808 _____ (Emsi Software GmbH ) C:\Users\David\Downloads\a-squared-hijackfree_27131.exe
2014-08-14 02:32 - 2014-08-14 02:32 - 00304857 _____ () C:\Users\David\Downloads\HijackThis_205.zip
2014-08-14 01:57 - 2014-08-11 20:06 - 00000000 ____D () C:\Users\David\Desktop\The GoldenTwenty
2014-08-14 01:43 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\tracing
2014-08-14 00:40 - 2014-08-14 00:40 - 00000050 _____ () C:\Users\David\Downloads\ad_companion
2014-08-14 00:27 - 2014-08-14 00:27 - 03736125 _____ () C:\Users\David\Downloads\testdisk-6.14.win.zip
2014-08-13 00:33 - 2014-05-02 22:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-12 15:36 - 2014-08-12 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-12 15:36 - 2014-08-12 15:35 - 00000000 ____D () C:\Users\David\AppData\Local\Google
2014-08-12 15:35 - 2014-08-12 15:35 - 00000000 ____D () C:\Program Files\Google
2014-08-12 15:34 - 2014-08-12 15:34 - 00895120 _____ (Google Inc.) C:\Users\David\Downloads\ChromeSetup.exe
2014-08-12 15:27 - 2014-08-12 15:27 - 00001020 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk
2014-08-12 15:27 - 2014-08-12 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-08-12 15:27 - 2014-08-12 15:27 - 00000000 ____D () C:\Program Files\CHIP Updater
2014-08-12 15:26 - 2014-08-12 15:26 - 01101648 _____ () C:\Users\David\Downloads\CWShredder - CHIP-Installer.exe
2014-08-12 15:10 - 2014-05-24 21:44 - 00000000 ____D () C:\Users\David\AppData\Local\11030
2014-08-12 15:05 - 2014-08-12 15:05 - 00001159 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-08-12 15:05 - 2014-08-12 15:05 - 00000000 ____D () C:\Users\David\AppData\Roaming\Nico Mak Computing
2014-08-12 15:05 - 2014-08-12 15:05 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-08-12 15:03 - 2014-08-12 15:03 - 04892480 _____ (WinZip International LLC ) C:\Users\David\Downloads\wzmp_8.exe
2014-08-12 14:56 - 2014-08-12 14:56 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-12 14:55 - 2014-08-12 14:54 - 01016261 _____ (Thisisu) C:\Users\David\Downloads\JRT.exe
2014-08-12 14:40 - 2014-08-12 14:40 - 05569662 _____ (Swearware) C:\Users\David\Downloads\ComboFix.exe
2014-08-12 14:33 - 2014-08-12 14:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-12 02:03 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-12 00:45 - 2014-05-03 00:44 - 00001160 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-12 00:45 - 2014-05-02 22:10 - 00001031 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-12 00:22 - 2014-08-12 00:22 - 00000000 ____D () C:\ProgramData\BitDefender
2014-08-12 00:08 - 2014-08-12 00:08 - 00000000 ____D () C:\Users\David\AppData\Roaming\LavasoftStatistics
2014-08-12 00:05 - 2014-08-12 00:04 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-12 00:03 - 2014-08-12 00:03 - 01707144 _____ () C:\Users\David\Downloads\Adaware112_Installer.exe
2014-08-12 00:03 - 2014-08-12 00:03 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-08-12 00:00 - 2014-08-11 23:18 - 00000000 ____D () C:\ProgramData\IObit
2014-08-12 00:00 - 2013-02-06 22:45 - 00002448 _____ () C:\ProgramData\hpzinstall.log
2014-08-11 23:58 - 2014-08-11 23:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-11 23:19 - 2014-08-11 23:19 - 00000000 ____D () C:\Users\David\AppData\Roaming\ProductData
2014-08-11 23:19 - 2014-08-11 23:18 - 00000000 ____D () C:\ProgramData\ProductData
2014-08-11 23:18 - 2014-08-11 23:18 - 00001226 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-08-11 23:18 - 2014-08-11 23:18 - 00001202 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-08-11 23:18 - 2014-08-11 23:18 - 00000278 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2014-08-11 23:18 - 2014-08-11 23:17 - 00000000 ____D () C:\Program Files\IObit
2014-08-11 23:17 - 2014-08-11 23:17 - 12906784 _____ (IObit) C:\Users\David\Downloads\iobituninstaller_338.exe
2014-08-11 23:17 - 2014-08-11 23:17 - 00000000 ____D () C:\Users\David\AppData\Roaming\IObit
2014-08-11 22:14 - 2014-08-11 21:50 - 00000000 ____D () C:\Users\David\Desktop\Nature One The Golden Twenty+
2014-08-11 22:06 - 2012-07-26 06:17 - 00000304 _____ () C:\WINDOWS\win.ini
2014-08-11 22:03 - 2014-05-03 09:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-11 22:03 - 2013-08-22 09:22 - 00482192 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-11 22:03 - 2013-02-23 18:47 - 00000000 ____D () C:\Program Files\WinRAR
2014-08-11 21:57 - 2014-08-11 21:57 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-08-11 21:57 - 2014-03-18 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-11 21:57 - 2014-03-18 09:30 - 00000000 ____D () C:\WINDOWS\system32\Drivers\de-DE
2014-08-11 21:57 - 2013-08-22 10:17 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-11 21:57 - 2013-08-22 10:17 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-08-11 21:57 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-11 21:57 - 2013-08-22 10:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-11 21:57 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\WinStore
2014-08-11 21:57 - 2013-08-22 10:17 - 00000000 ____D () C:\WINDOWS\system32\de-DE
2014-08-11 21:56 - 2013-09-30 21:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-11 21:47 - 2014-08-11 21:47 - 01234120 _____ () C:\Users\David\Downloads\wrar380.exe
2014-08-11 21:47 - 2014-08-11 21:47 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-11 21:47 - 2014-08-11 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-11 21:25 - 2013-02-06 21:50 - 00000000 ____D () C:\Users\David\AppData\Local\VirtualStore
2014-08-11 20:39 - 2014-08-11 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery
2014-08-11 20:38 - 2014-08-11 20:38 - 00000000 ____D () C:\ProgramData\Elcomsoft Password Recovery
2014-08-11 20:38 - 2014-08-11 20:38 - 00000000 ____D () C:\Program Files\Elcomsoft Password Recovery
2014-08-11 20:38 - 2014-08-11 20:38 - 00000000 ____D () C:\Program Files\Elcomsoft
2014-08-11 20:38 - 2014-08-11 20:37 - 00000000 ____D () C:\Users\David\AppData\Local\Abelssoft
2014-08-11 20:37 - 2014-08-11 20:37 - 00000000 ____D () C:\Users\David\AppData\Roaming\Abelssoft
2014-08-11 20:37 - 2014-08-11 20:37 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-08-11 20:36 - 2014-08-11 20:35 - 01101648 _____ () C:\Users\David\Downloads\Advanced Archive Password Recovery - CHIP-Installer.exe
2014-08-11 20:24 - 2013-02-23 22:37 - 00004608 ___SH () C:\Users\David\Desktop\Thumbs.db
2014-08-11 20:05 - 2014-08-11 20:05 - 00000000 ____D () C:\ProgramData\PicRec
2014-08-11 20:05 - 2014-08-11 20:05 - 00000000 ____D () C:\Program Files\Common Files\PicRec
2014-08-11 20:04 - 2014-08-11 20:04 - 00000000 ____D () C:\Program Files\PicRec (x86)
2014-08-03 03:49 - 2014-08-03 03:49 - 00000000 ____D () C:\Users\David\AppData\Local\Razer_Inc
2014-08-02 19:08 - 2012-07-26 08:43 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-02 19:06 - 2014-05-03 01:23 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-02 19:06 - 2014-05-03 01:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-02 19:04 - 2014-08-02 19:04 - 00000000 ____D () C:\ProgramData\Razer
2014-08-02 19:04 - 2014-08-02 19:03 - 00000000 ____D () C:\Program Files\Razer
2014-08-02 18:40 - 2014-05-03 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-29 10:16 - 2014-08-11 20:05 - 00044248 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\netmon_wfp.sys
2014-07-24 22:51 - 2014-07-24 22:51 - 00000000 ____D () C:\rbtemp
2014-07-24 22:50 - 2013-02-06 22:50 - 00000000 ____D () C:\Users\David\AppData\Roaming\HpUpdate
2014-07-24 22:31 - 2013-08-22 08:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\amt_webssearches.exe
C:\Users\David\AppData\Local\Temp\bitool.dll
C:\Users\David\AppData\Local\Temp\dfbdc01a-1b6d-46f6-9d4a-88472d331ea6.exe
C:\Users\David\AppData\Local\Temp\MsiToExe.picrec_setup.exe
C:\Users\David\AppData\Local\Temp\ose00000.exe
C:\Users\David\AppData\Local\Temp\Quarantine.exe
C:\Users\David\AppData\Local\Temp\somoto_w_29_07_2014.exe
C:\Users\David\AppData\Local\Temp\thirdPartyUninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-17 14:57
==================== End Of Log ============================
Von Security check konnte ich leider kein log erstellen. Weil beim Start die Fehlermeldung: Unsupprted Operating System! Aborted! kam. Und es hat sich leider noch nichts getan alles wie vorher. Dauernd Werbung von Binnary Cash Creater und die ganzen anderen Werbung die es da gibt. Gruß Lehrmann. |
|
19.08.2014, 12:02
| #8 | |
| /// the machine /// TB-Ausbilder | Hijacker lässt sich nicht finden, egal mit welchem Programm In welchem Browser? Oder in mehreren? Backups auf D löschen, Ordner Downloads komplett leeren. Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
