# ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=fd98bd01e27022469d6d410a4cf93155
# engine=20819
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-28 07:57:28
# local_time=2014-10-28 08:57:28 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 67705 18909769 0 0
# scanned=217278
# found=57
# cleaned=56
# scan_time=8587
sh=3F751C1B5A6AFE7B0A768605BC6B5313DAE3AB1D ft=1 fh=383e45d892e24620 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\IObit\ASCDownloader\ASCSetup.exe"
sh=D6E64E17033E6D5B3A39274A908500EF10133805 ft=1 fh=66a249e1dfddf75c vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\AspManager.exe.vir"
sh=B7A60ACF9D832D3FADBE490145009BFF66B8EEF3 ft=1 fh=d92a79d448a51ccc vn="Win32/Systweak.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Communication.dll.vir"
sh=65300E119D5CD84D8619E0739FCCD11AD91746F0 ft=1 fh=0d4f51f4dd946221 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\filetypehelper.exe.vir"
sh=1C6EAEBDF66762FF9FF29EB6B282B18753F16F98 ft=1 fh=fb1fd2e408fbda99 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\scandll.dll.vir"
sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.com.vir"
sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.exe.vir"
sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.pif.vir"
sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.scr.vir"
sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\firefox.com.vir"
sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\iexplore.exe.vir"
sh=E963CEE998203F2118BF0E296546899CB425469E ft=1 fh=f29416d69c269d35 vn="Variante von Win32/Toolbar.Widgi.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Application Updater\ApplicationUpdater.exe.vir"
sh=D74FE7DA2D7334AA800E86B445048A73A080ABDC ft=1 fh=9a72664c3e072311 vn="Variante von Win64/Toolbar.Widgi.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe.vir"
sh=B2670B4FBCC47D2B132C1F00D27838060DD7A3B3 ft=1 fh=75a98821f99ab4b9 vn="Variante von Win32/Toolbar.Widgi.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\wth188.dll.vir"
sh=8F0692EC0FBA8D7EB1397DCE6559DAB602B872B8 ft=1 fh=27f83638c87330c5 vn="Variante von Win64/Toolbar.Widgi.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\wthx188.dll.vir"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=45DE4EC63F718D54CA3A4DCDFB4C888C6E97A302 ft=1 fh=4964fd282f3867c3 vn="Variante von Win64/Toolbar.Widgi.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\IObit Apps Toolbar\IE\9.8\iobitappsToolbarIE64.dll.vir"
sh=068A54F966DB6AC14BCA0E39E2A99E3F0027304D ft=1 fh=39f7a16b0423d981 vn="Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioTotal4\hk64tbRadi.dll.vir"
sh=CC6AF3A384A61C1C621BA5AB43583E82FF281530 ft=1 fh=bbbd034bf7d0bf76 vn="Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioTotal4\hktbRadi.dll.vir"
sh=9B3B44428CC80CC43F085AE514E7E16F7963EACC ft=1 fh=4c03fc1250fa29f9 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioTotal4\ldrtbRadi.dll.vir"
sh=49F05B2770D4CAE7550D8268FDCF50E3BAEBB7CC ft=1 fh=f6f4f0e4f3b1176c vn="Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioTotal4\prxtbRadi.dll.vir"
sh=C58417722C0B741EA8D55D06914E692180900885 ft=1 fh=f4976c33c2ff8570 vn="Win32/Toolbar.Conduit.V evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioTotal4\RadioTotal4ToolbarHelper.exe.vir"
sh=33457E2F2405727124C107D6DEAF24C94E992463 ft=1 fh=e719e166edfd7994 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RadioTotal4\tbRadi.dll.vir"
sh=6F3A3B433459E6773C9FBE8CFB154DB6534EFA86 ft=1 fh=60bff0ff01dbe663 vn="Variante von Win32/InstallCore.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoConverter\VideoConverter.exe.vir"
sh=5FB95D21BE8CF2753FD8A42398ADD26E2B21409F ft=1 fh=0f2c5f177050d203 vn="Variante von Win32/Toolbar.Conduit.AJ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\IE\CT3317893\UninstallerUI.exe.vir"
sh=5FB95D21BE8CF2753FD8A42398ADD26E2B21409F ft=1 fh=0f2c5f177050d203 vn="Variante von Win32/Toolbar.Conduit.AJ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3317893\UninstallerUI.exe.vir"
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir"
sh=D86451022DDD8348105C1D52FBFD2ADB1E2DCC30 ft=1 fh=d3e706a6307522ba vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\wrerzfdhfghh\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir"
sh=314F703F0F190BF70F0386509C10998D4E2BD10B ft=1 fh=2f9f46df1834d950 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\wrerzfdhfghh\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir"
sh=D3CBDD7C6ED2C9D81DA4FCF9AF57CDD5D3711ED3 ft=1 fh=86dbe26399c3d0fa vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\wrerzfdhfghh\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir"
sh=C58417722C0B741EA8D55D06914E692180900885 ft=1 fh=f4976c33c2ff8570 vn="Win32/Toolbar.Conduit.V evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\wrerzfdhfghh\AppData\Local\Conduit\CT3317893\RadioTotal4AutoUpdateHelper.exe.vir"
sh=1426B95F2619E462F812F6807C88694DF9FBECE7 ft=1 fh=a10496de67a69999 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\wrerzfdhfghh\AppData\Local\DownloadGuide\Offers\mconduitinstaller.exe.vir"
sh=46BE0ACE8584C22253C0570B784DEEB03E5F5F63 ft=1 fh=18e45485497b0e7e vn="Win32/Packed.ScrambleWrapper.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\wrerzfdhfghh\AppData\Local\DownloadGuide\Offers\plus-hd-3-8.exe.vir"
sh=C2C35F77505CB8FF70FC312C44E070DBD5834942 ft=1 fh=bf83ea32284cf26c vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\wrerzfdhfghh\AppData\Local\NativeMessaging\CT3317893\1_0_0_2\TBMessagingHost.exe.vir"
sh=7FE8D5A128ADB5FD2A64F0007BDE50CAC7A47D2A ft=1 fh=87c2ef1442b79444 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\wrerzfdhfghh\AppData\Local\NativeMessaging\CT3317893\1_0_0_4\TBMessagingHost.exe.vir"
sh=BB1A5AE5206E9995C35E517ECBA291C30CE4F7B7 ft=1 fh=34cca54ca63a6441 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\wrerzfdhfghh\AppData\Local\NativeMessaging\CT3317893\1_0_0_6\TBMessagingHost.exe.vir"
sh=068A54F966DB6AC14BCA0E39E2A99E3F0027304D ft=1 fh=39f7a16b0423d981 vn="Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\wrerzfdhfghh\AppData\LocalLow\RadioTotal4\hk64tbRadi.dll.vir"
sh=CC6AF3A384A61C1C621BA5AB43583E82FF281530 ft=1 fh=bbbd034bf7d0bf76 vn="Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\wrerzfdhfghh\AppData\LocalLow\RadioTotal4\hktbRadi.dll.vir"
sh=9B3B44428CC80CC43F085AE514E7E16F7963EACC ft=1 fh=4c03fc1250fa29f9 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\wrerzfdhfghh\AppData\LocalLow\RadioTotal4\ldrtbRadi.dll.vir"
sh=33457E2F2405727124C107D6DEAF24C94E992463 ft=1 fh=e719e166edfd7994 vn="Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\wrerzfdhfghh\AppData\LocalLow\RadioTotal4\tbRadi.dll.vir"
sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\wrerzfdhfghh\AppData\LocalLow\RadioTotal4\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir"
sh=D3CD63F8ECE232C1B00528824D066DF1477BA7F7 ft=1 fh=0436b7d7b258cddd vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\wrerzfdhfghh\AppData\Roaming\Betcat\dat\Paladin.dat.vir"
sh=143416AAC4F6000C3A3235EB4EC955B4D0B6955E ft=1 fh=b68409d87b15670c vn="Win32/DealPly.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\wrerzfdhfghh\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe.vir"
sh=B29413922D225A2273610FAA33B03605B70AB3DE ft=0 fh=0000000000000000 vn="JS/Adware.Spigot.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\wrerzfdhfghh\AppData\Roaming\Mozilla\Firefox\Profiles\ud533f1s.default\Extensions\{46eddf51-a4f6-4476-8d6c-31c5187b2a2f}\chrome\content\spigot.js.vir"
sh=37CCAD86409E08816A4C00F1DBEA4604BA36D3A1 ft=1 fh=919a9505016e0e1e vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\wrerzfdhfghh\AppData\Roaming\OpenCandy\9A322297964142F3A04C13CB054489F8\DeltaTB.exe.vir"
sh=985AE5B998513B7D9C2749DF15CAE7C04C3BDC9E ft=1 fh=2f9831d32275f6eb vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=AAA29097B1E5A7098E19A38F1200E636EE1C3A1E ft=1 fh=6b75069f13c3f94c vn="Win64/AdvancedSystemProtector.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\sasnative64.exe.vir"
sh=203413C4F7381B4F112E061B82295ECA11059A48 ft=1 fh=5f1f380437788e1c vn="Variante von Win32/Toolbar.Widgi.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Config.Msi\5ad7c.rbf"
sh=786CB6A87C798F799ED498E84956F052D2977672 ft=1 fh=c7117f7e4751bae7 vn="Variante von Win64/Toolbar.Widgi.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Config.Msi\5ad7d.rbf"
sh=B70380AF3BCB06CF3ADDBE80FD35E405B096A9D0 ft=1 fh=0261f3ef37997a16 vn="Variante von Win32/Toolbar.Widgi.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Config.Msi\efc6780.rbf"
sh=28F1AB13C4BF4A86A4DD93806A7D631D097D424C ft=1 fh=47e05cfff2d6fd27 vn="Variante von Win64/Toolbar.Widgi.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Config.Msi\efc6781.rbf"
sh=3F751C1B5A6AFE7B0A768605BC6B5313DAE3AB1D ft=1 fh=383e45d892e24620 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\IObit\ASCDownloader\ASCSetup.exe"
sh=AF4E37B482DBAA4A7A69352FDFEEE561577BE66C ft=1 fh=a278955adab6ccc5 vn="Variante von Win32/DownloadGuide.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\wrerzfdhfghh\Downloads\60Second-Downloader.exe"
sh=AB36077874F26DA1B3FECA0BCE80EEC886FF333E ft=1 fh=4600290f988467df vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\wrerzfdhfghh\Downloads\advanced-systemcare-setup (1).exe"
sh=A42AB9B7EC889BCD631C33BF69146A7DA3668E56 ft=1 fh=8ab208391af58109 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\wrerzfdhfghh\Downloads\advanced-systemcare-setup.exe"
sh=1789C19DF0B7CD294B3C97CAAC7CCC7D222B44A8 ft=1 fh=7dcb11e9e7fe0c7e vn="Variante von Win32/InstallCore.QW evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\wrerzfdhfghh\Downloads\adwcleaner_4.000_CB-DL-Manager.exe"
sh=605208674BE74711ED9C8736A45B237269D83BBB ft=1 fh=f42c0a5fc098dc77 vn="Variante von Win32/DownloadGuide.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\wrerzfdhfghh\Downloads\freefixersetup-Downloader.exe"
#Results of screen317's Security Check version 0.99.89
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 71
Java version out of Date!
Google Chrome 37.0.2062.124
Google Chrome 38.0.2125.104
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MpCmdRun.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
#
FRST Logfile:
FRST Logfile:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2014
Ran by wrerzfdhfghh (administrator) on POPISLABEL on 28-10-2014 21:06:20
Running from C:\Users\wrerzfdhfghh\Downloads
Loaded Profile: wrerzfdhfghh (Available profiles: wrerzfdhfghh)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-05-21] (Realtek Semiconductor)
HKLM-x32\...\Run: [BakupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [533056 2012-07-31] (NTI Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-373410565-2624302954-15576294-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-373410565-2624302954-15576294-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-373410565-2624302954-15576294-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-373410565-2624302954-15576294-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Users\wrerzfdhfghh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {1D8F7F6F-A28F-4FF4-A697-3CCD74E59815} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {1D8F7F6F-A28F-4FF4-A697-3CCD74E59815} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {142C0DFC-33A4-48C6-AEE2-A402EF4516A6} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=114576&p={searchTerms}
SearchScopes: HKCU - {1D8F7F6F-A28F-4FF4-A697-3CCD74E59815} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\wrerzfdhfghh\AppData\Roaming\Mozilla\Firefox\Profiles\ud533f1s.default
FF Homepage: user_pref("browser.startup.homepage", );
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=114576&ilc=12&p=
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF SearchPlugin: C:\Users\wrerzfdhfghh\AppData\Roaming\Mozilla\Firefox\Profiles\ud533f1s.default\searchplugins\yahoo_ff.xml
FF Extension: Avira Browser Safety - C:\Users\wrerzfdhfghh\AppData\Roaming\Mozilla\Firefox\Profiles\ud533f1s.default\Extensions\abs@avira.com [2014-10-18]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\wrerzfdhfghh\AppData\Roaming\Mozilla\Firefox\Profiles\ud533f1s.default\Extensions\ascsurfingprotection@iobit.com [2014-09-02]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-04-29]
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor [Not Found]
FF Extension: No Name - C:\Users\wrerzfdhfghh\AppData\Roaming\Mozilla\Firefox\Profiles\ud533f1s.default\extensions\adsremoval@adsremoval.net [Not Found]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://de.search.yahoo.com/?type=114576&fr=spigot-yhp-ch
CHR StartupUrls: Default -> "hxxp://de.search.yahoo.com/?type=114576&fr=spigot-yhp-ch", "about:blank"
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSearchURL: Default -> hxxp://de.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=114576&p={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\wrerzfdhfghh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\wrerzfdhfghh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-02-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\wrerzfdhfghh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (Avira Browser Safety) - C:\Users\wrerzfdhfghh\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-18]
CHR Extension: (AdBlock) - C:\Users\wrerzfdhfghh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-27]
CHR Extension: (Ghostery) - C:\Users\wrerzfdhfghh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-10-26]
CHR Extension: (Google Wallet) - C:\Users\wrerzfdhfghh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2415760 2012-07-27] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [659600 2012-07-31] (Acer Incorporated)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-05-21] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
S3 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-07-31] (NTI Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-27] (Dritek System INC.)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72512 2013-12-09] (IObit)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-07-31] (Atheros)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-05-21] (Intel Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-27] (Dritek System Inc.)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-01-12] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-28 21:06 - 2014-10-28 21:06 - 00018329 _____ () C:\Users\wrerzfdhfghh\Downloads\FRST.txt
2014-10-28 18:32 - 2014-10-28 18:32 - 00000000 _____ () C:\Users\wrerzfdhfghh\Desktop\eset.txt
2014-10-28 18:27 - 2014-10-28 18:27 - 00005200 _____ () C:\WINDOWS\PFRO.log
2014-10-28 18:18 - 2014-10-28 18:18 - 04585472 _____ (Avira Operations GmbH & Co. KG) C:\Users\wrerzfdhfghh\Downloads\avira_de_av___ws.exe
2014-10-28 18:16 - 2014-10-28 18:16 - 02347384 _____ (ESET) C:\Users\wrerzfdhfghh\Desktop\esetsmartinstaller_deu.exe
2014-10-28 18:16 - 2014-10-28 18:16 - 00854448 _____ () C:\Users\wrerzfdhfghh\Desktop\SecurityCheck.exe
2014-10-28 18:14 - 2014-10-28 18:14 - 00000797 _____ () C:\WINDOWS\setupact.log
2014-10-28 18:14 - 2014-10-28 18:14 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-10-28 18:12 - 2014-10-28 18:12 - 00082719 _____ () C:\Users\wrerzfdhfghh\Downloads\MG_Agreement_Details_DEU.PDF2
2014-10-28 18:10 - 2014-10-28 18:10 - 00082719 _____ () C:\Users\wrerzfdhfghh\Downloads\MG_Agreement_Details_DEU.PDF6
2014-10-27 22:12 - 2014-10-27 22:12 - 00003856 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1413663024
2014-10-27 22:12 - 2014-10-27 22:12 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-10-26 15:21 - 2014-10-26 15:35 - 00000000 ____D () C:\Users\wrerzfdhfghh\Desktop\Tor Browser
2014-10-26 15:20 - 2014-10-26 15:21 - 34622984 _____ () C:\Users\wrerzfdhfghh\Downloads\torbrowser-install-4.0_de.exe
2014-10-26 14:46 - 2014-10-26 14:46 - 00044668 _____ () C:\Users\wrerzfdhfghh\Desktop\FRST.txt
2014-10-26 14:43 - 2014-10-26 14:43 - 02113024 _____ (Farbar) C:\Users\wrerzfdhfghh\Downloads\FRST64.exe
2014-10-26 14:43 - 2014-10-26 14:43 - 00000000 ____D () C:\Users\wrerzfdhfghh\Downloads\FRST-OlderVersion
2014-10-26 14:35 - 2014-10-26 14:35 - 00001860 _____ () C:\Users\wrerzfdhfghh\Desktop\JRT.txt
2014-10-26 14:29 - 2014-10-26 14:29 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-10-26 14:28 - 2014-10-26 14:28 - 00001769 _____ () C:\Users\wrerzfdhfghh\Desktop\AdwCleaner[S4].txt
2014-10-26 14:23 - 2014-10-26 14:23 - 00000000 _____ () C:\asc_rdflag
2014-10-26 14:13 - 2014-10-26 14:14 - 01706144 _____ (Thisisu) C:\Users\wrerzfdhfghh\Downloads\JRT.exe
2014-10-26 14:12 - 2014-10-26 14:12 - 01962496 _____ () C:\Users\wrerzfdhfghh\Downloads\adwcleaner_4.001.exe
2014-10-26 14:10 - 2014-10-26 14:10 - 00001197 _____ () C:\Users\wrerzfdhfghh\Desktop\mbam.txt
2014-10-26 13:18 - 2014-10-26 13:18 - 00001298 _____ () C:\Users\wrerzfdhfghh\Desktop\Revo Uninstaller.lnk
2014-10-26 13:18 - 2014-10-26 13:18 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-26 13:17 - 2014-10-26 13:17 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\wrerzfdhfghh\Downloads\revosetup95.exe
2014-10-26 12:25 - 2014-10-26 12:25 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-10-26 12:25 - 2014-10-26 12:25 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-10-26 12:25 - 2014-10-26 12:25 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-10-26 12:25 - 2014-10-26 12:25 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-10-26 12:25 - 2014-10-26 12:25 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-10-26 12:25 - 2014-10-26 12:25 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-10-26 12:25 - 2014-10-26 12:25 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-26 12:25 - 2014-10-26 12:25 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-10-26 12:25 - 2014-10-26 12:25 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-10-26 12:25 - 2014-10-26 12:25 - 01420288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-10-26 12:25 - 2014-10-26 12:25 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-10-26 12:25 - 2014-10-26 12:25 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-10-26 12:25 - 2014-10-26 12:25 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-10-26 12:25 - 2014-10-26 12:25 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-10-26 12:25 - 2014-10-26 12:25 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-10-26 12:25 - 2014-10-26 12:25 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-10-26 12:25 - 2014-10-26 12:25 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2014-10-26 12:25 - 2014-10-26 12:25 - 00561416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-10-26 12:25 - 2014-10-26 12:25 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2014-10-26 12:25 - 2014-10-26 12:25 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2014-10-26 12:25 - 2014-10-26 12:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-10-26 12:25 - 2014-10-26 12:25 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-10-26 12:25 - 2014-10-26 12:25 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-10-26 12:25 - 2014-10-26 12:25 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-10-26 12:25 - 2014-10-26 12:25 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-10-26 12:25 - 2014-10-26 12:25 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-26 12:25 - 2014-10-26 12:25 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-10-26 12:25 - 2014-10-26 12:25 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-10-26 12:25 - 2014-10-26 12:25 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-10-26 12:25 - 2014-10-26 12:25 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2014-10-26 12:25 - 2014-10-26 12:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2014-10-26 12:25 - 2014-10-26 12:25 - 00236864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-10-26 12:25 - 2014-10-26 12:25 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-10-26 12:25 - 2014-10-26 12:25 - 00148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-10-25 17:51 - 2014-10-25 17:51 - 00001867 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-10-25 17:51 - 2014-10-25 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-25 17:51 - 2014-10-25 17:51 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-25 17:50 - 2014-10-25 17:50 - 00001799 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-25 17:50 - 2014-10-25 17:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-25 17:48 - 2014-10-25 17:49 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-25 17:48 - 2014-10-25 17:49 - 00000000 ____D () C:\Program Files\iTunes
2014-10-25 17:48 - 2014-10-25 17:49 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-25 17:48 - 2014-10-25 17:48 - 00000000 ____D () C:\Program Files\iPod
2014-10-25 17:41 - 2014-10-25 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-10-24 20:36 - 2014-10-24 20:36 - 02983132 _____ () C:\Users\wrerzfdhfghh\Downloads\bilder.zip
2014-10-23 23:10 - 2014-10-23 23:10 - 03478870 _____ () C:\Users\wrerzfdhfghh\Downloads\fenster-neu groß.zip
2014-10-23 22:53 - 2014-10-23 22:53 - 00018526 _____ () C:\Users\wrerzfdhfghh\Downloads\Kaufvertrag 2 überweisung.odt
2014-10-23 22:42 - 2014-10-23 22:42 - 07507567 _____ () C:\Users\wrerzfdhfghh\Downloads\Pita Bar (1).zip
2014-10-23 22:42 - 2014-10-23 13:42 - 00000467 ____N () C:\Users\wrerzfdhfghh\Desktop\ATT00002
2014-10-23 22:42 - 2014-10-23 13:42 - 00000004 ____N () C:\Users\wrerzfdhfghh\Desktop\ATT00001
2014-10-23 22:41 - 2014-10-23 22:41 - 00833771 _____ () C:\Users\wrerzfdhfghh\Downloads\Pita Bar.zip
2014-10-20 12:52 - 2014-10-20 12:52 - 00043608 _____ () C:\Users\wrerzfdhfghh\Downloads\FRST (1).txt
2014-10-20 12:46 - 2014-10-20 12:47 - 00042589 _____ () C:\Users\wrerzfdhfghh\Downloads\Addition.txt
2014-10-20 12:44 - 2014-10-28 21:06 - 00000000 ____D () C:\FRST
2014-10-20 12:39 - 2014-10-26 13:24 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-20 12:39 - 2014-10-20 12:39 - 00001130 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-20 12:39 - 2014-10-20 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-20 12:39 - 2014-10-20 12:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-20 12:39 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-20 12:39 - 2014-10-01 10:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-10-20 12:39 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-10-20 12:33 - 2014-10-20 12:34 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\wrerzfdhfghh\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-20 12:26 - 2014-10-20 12:26 - 00026040 _____ () C:\Users\wrerzfdhfghh\Desktop\AVSCAN-20141018-215729-4DF15FE2.LOG
2014-10-20 11:32 - 2014-10-20 11:32 - 53039104 _____ () C:\Users\wrerzfdhfghh\Downloads\comodo_rescue_disk_2.0.261647.1.iso
2014-10-20 11:08 - 2012-02-11 20:17 - 1995483700 _____ () C:\Users\wrerzfdhfghh\Downloads\hdv1-final53d-720p.mpg
2014-10-20 11:06 - 2014-10-20 11:06 - 00896504 _____ (Microsoft Corporation) C:\Users\wrerzfdhfghh\Downloads\mssstool64.exe
2014-10-20 11:01 - 2014-10-20 11:01 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-20 11:01 - 2014-10-20 11:01 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-18 21:17 - 2014-10-18 21:17 - 00000000 ____D () C:\Users\wrerzfdhfghh\AppData\Roaming\Opera Software
2014-10-18 21:17 - 2014-10-18 21:17 - 00000000 ____D () C:\Users\wrerzfdhfghh\AppData\Local\Opera Software
2014-10-18 21:10 - 2014-10-27 22:12 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-10-18 21:10 - 2014-10-18 21:10 - 00001147 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-10-18 21:10 - 2014-10-18 21:10 - 00001147 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk.1414444352.old
2014-10-18 20:52 - 2014-10-18 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-18 20:52 - 2014-10-18 20:51 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-10-18 20:52 - 2014-10-18 20:51 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-10-18 20:52 - 2014-10-18 20:51 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-10-18 20:52 - 2014-10-18 20:51 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-10-18 20:51 - 2014-10-18 20:51 - 00000000 ____D () C:\Users\wrerzfdhfghh\antivirupdate
2014-10-18 20:51 - 2014-10-18 20:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-18 20:50 - 2014-10-18 20:51 - 357214905 _____ () C:\Users\wrerzfdhfghh\Downloads\avira_fusebundlegen-07win32-en.zip
2014-10-18 20:40 - 2014-10-24 20:37 - 00000000 ____D () C:\Users\wrerzfdhfghh\Desktop\Pita Bar
2014-10-18 20:22 - 2014-10-18 20:22 - 00454416 _____ (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\IntcDAud.sys
2014-10-18 19:36 - 2014-10-18 20:41 - 00002868 _____ () C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (wrerzfdhfghh)
2014-10-18 19:36 - 2014-10-18 19:36 - 00002170 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2014-10-18 19:36 - 2014-10-18 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2014-10-18 19:13 - 2014-10-18 19:13 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2014-10-18 19:11 - 2014-10-18 19:11 - 10008840 _____ (IObit ) C:\Users\wrerzfdhfghh\Downloads\driver_booster_setup (2).exe
2014-10-18 19:07 - 2014-10-09 23:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-10-18 19:07 - 2014-10-08 23:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-10-18 19:07 - 2014-09-19 02:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-10-18 19:07 - 2014-09-13 07:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-18 19:07 - 2014-09-13 06:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-18 19:07 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-10-18 19:07 - 2014-09-04 00:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-10-18 19:07 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-18 15:43 - 2014-09-29 23:45 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-10-18 15:43 - 2014-09-29 23:45 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-18 15:35 - 2014-09-27 23:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-18 15:34 - 2014-09-08 04:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-10-18 15:34 - 2014-09-08 02:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-10-18 15:34 - 2014-09-08 02:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-10-18 15:34 - 2014-09-08 01:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-10-18 15:34 - 2014-09-08 01:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-10-18 15:34 - 2014-09-08 01:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-10-18 15:34 - 2014-09-08 01:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-10-18 15:34 - 2014-09-08 01:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-10-18 15:34 - 2014-09-08 01:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-10-18 15:34 - 2014-09-08 01:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-10-18 15:34 - 2014-09-08 00:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-18 15:34 - 2014-09-08 00:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-18 15:34 - 2014-09-08 00:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-18 15:34 - 2014-09-08 00:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-18 15:33 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-18 15:33 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-18 15:33 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-18 15:33 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-18 15:33 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-18 15:33 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-18 15:33 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-18 15:33 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-18 15:32 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-18 15:32 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-18 15:32 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-18 15:32 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-18 15:32 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-10-18 15:32 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-10-18 15:32 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-10-18 15:32 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-18 15:32 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-18 15:32 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-18 15:32 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-18 15:32 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-18 15:32 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-18 15:32 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-18 15:32 - 2014-09-19 01:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-18 15:32 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-18 15:32 - 2014-09-19 01:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-18 15:32 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-18 15:32 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-18 15:32 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-10-18 15:32 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-18 15:32 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-18 15:31 - 2014-09-13 07:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-18 15:31 - 2014-09-13 06:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-18 15:31 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-18 15:31 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-18 15:31 - 2014-08-29 02:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-10-18 15:31 - 2014-08-29 00:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-18 15:31 - 2014-08-29 00:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-14 18:41 - 2014-10-18 19:27 - 00000000 ____D () C:\Users\wrerzfdhfghh\AppData\Roaming\Corel
2014-10-14 18:41 - 2014-10-14 18:41 - 00000000 ____D () C:\ProgramData\Protexis64
2014-10-14 18:29 - 2014-10-28 18:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-14 18:28 - 2014-10-14 18:28 - 00000000 ____D () C:\Program Files\Common Files\Corel
2014-10-14 18:27 - 2014-10-14 18:27 - 00000000 ____D () C:\Program Files\Common Files\Protexis
2014-10-14 18:18 - 2014-10-14 18:41 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X7 x64
2014-10-14 18:15 - 2014-10-14 18:17 - 549958752 _____ (Acresso Software Inc. ) C:\Users\wrerzfdhfghh\Downloads\CorelDRAWGraphicsSuiteX7Installer_DE64Bit.exe
2014-10-02 13:23 - 2014-10-02 13:23 - 00094208 _____ (Apple Inc.) C:\WINDOWS\SysWOW64\QuickTimeVR.qtx
2014-10-02 13:23 - 2014-10-02 13:23 - 00069632 _____ (Apple Inc.) C:\WINDOWS\SysWOW64\QuickTime.qts
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-28 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-28 19:54 - 2014-01-10 14:51 - 01272070 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-28 18:33 - 2013-09-30 05:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-28 18:33 - 2013-09-30 04:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-10-28 18:33 - 2013-09-30 04:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-10-28 18:33 - 2012-11-02 21:46 - 00003592 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-373410565-2624302954-15576294-1001
2014-10-28 18:29 - 2014-01-12 18:23 - 00000000 ____D () C:\ProgramData\ProductData
2014-10-28 18:29 - 2013-12-04 08:48 - 00000000 ___DO () C:\Users\wrerzfdhfghh\SkyDrive
2014-10-28 18:28 - 2014-09-02 18:27 - 00002221 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-10-28 18:28 - 2014-01-22 00:32 - 00165659 _____ () C:\MyXML.xml
2014-10-28 18:28 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-28 18:09 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-28 15:48 - 2012-11-07 18:25 - 00003966 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{63D600E7-756E-4E5F-915A-9D8D42F71923}
2014-10-26 15:40 - 2014-09-02 18:27 - 00000278 _____ () C:\WINDOWS\Tasks\ASC7_SkipUac_wrerzfdhfghh.job
2014-10-26 14:24 - 2014-01-13 09:37 - 79806464 _____ () C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2014-10-26 14:24 - 2014-01-13 09:37 - 00802816 _____ () C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2014-10-26 14:24 - 2014-01-13 09:37 - 00061440 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak
2014-10-26 14:24 - 2014-01-13 09:37 - 00032768 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2014-10-26 14:24 - 2013-12-04 02:10 - 00000000 ____D () C:\Users\wrerzfdhfghh
2014-10-26 14:23 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-26 14:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-26 14:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-10-26 14:20 - 2014-01-22 01:00 - 00000000 ____D () C:\AdwCleaner
2014-10-26 13:22 - 2014-01-12 18:22 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-10-26 12:31 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-25 17:48 - 2014-09-02 18:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-25 17:48 - 2012-11-02 23:35 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-20 13:44 - 2013-09-30 04:59 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-10-20 13:43 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-10-20 13:43 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-10-20 13:43 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-20 13:17 - 2013-09-09 19:05 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-20 13:08 - 2012-12-16 15:05 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-20 13:06 - 2014-07-27 22:46 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-10-20 12:39 - 2013-11-30 08:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-20 11:01 - 2012-11-06 21:10 - 00004112 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-20 11:01 - 2012-11-06 21:10 - 00003876 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-18 21:24 - 2014-01-06 19:23 - 00000000 ____D () C:\WINDOWS\system32\log
2014-10-18 20:52 - 2014-03-27 21:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-18 20:30 - 2013-08-22 15:44 - 00459400 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-18 20:28 - 2014-01-14 14:20 - 43454464 _____ () C:\WINDOWS\system32\config\COMPONENTS.iodefrag.bak
2014-10-18 19:26 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
Some content of TEMP:
====================
C:\Users\wrerzfdhfghh\AppData\Local\Temp\avgnt.exe
C:\Users\wrerzfdhfghh\AppData\Local\Temp\Quarantine.exe
C:\Users\wrerzfdhfghh\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-21 17:04
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---