Hallo,
also hier der mbam log: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 29.11.2014
Suchlauf-Zeit: 13:42:55
Logdatei: MBAM Suchlauf.txt
Administrator: Ja
Version: 2.00.3.1025
Malware Datenbank: v2014.11.29.02
Rootkit Datenbank: v2014.11.22.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Admin
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 396830
Verstrichene Zeit: 8 Min, 57 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 1
Trojan.Downloader, C:\ProgramData\Trusted Publisher\BrickBuilder\BrickProvider.exe, 2668, Löschen bei Neustart, [196d350cdba15ed8bd8a922a2bd77c84]
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 5
Trojan.Downloader, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\S-4019021097, In Quarantäne, [196d350cdba15ed8bd8a922a2bd77c84],
PUP.Optional.FastSearchings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [d4b2043d1f5dd95d2923c6f1dd27b947],
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\S-4019021097, In Quarantäne, [d9ad1c25a5d7f83eddc594c72ad93cc4],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, In Quarantäne, [7c0aa59cfc80290d3529f45a6b98bd43],
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-894033733-1469534155-2011522179-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [ccba8ab7bebe0e288263a201867ea957],
Registrierungswerte: 0
(Keine schädliche Elemente erkannt)
Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)
Ordner: 4
PUP.Optional.BestBuy.A, C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp, In Quarantäne, [9fe758e91468f93d4cd0051b23e0b947],
PUP.Optional.BestBuy.A, C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\102, In Quarantäne, [9fe758e91468f93d4cd0051b23e0b947],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\YoutubeAdBlocke, In Quarantäne, [5432231efe7e092dc6ddd45462a1d030],
PUP.Optional.BuyNSave.A, C:\Program Files (x86)\BuyNsave, In Quarantäne, [d2b41d247efe191d58f15ee160a3eb15],
Dateien: 9
Trojan.Downloader, C:\ProgramData\Trusted Publisher\BrickBuilder\BrickProvider.exe, Löschen bei Neustart, [196d350cdba15ed8bd8a922a2bd77c84],
PUP.Optional.Unizeto, C:\Users\Admin\AppData\Local\Temp\b420123544\temp\- (VotOno Dj's - Russian Dance Mix).mp3.exe, In Quarantäne, [a2e489b8205c35017b535398798824dc],
PUP.Optional.MultiPlug.A, C:\Users\Admin\AppData\Local\Temp\b420123544\temp\hpds_setup.exe, In Quarantäne, [84024001f78558decf71c33942bfbb45],
Trojan.Downloader, C:\Users\Admin\AppData\Local\Temp\b420123544\temp\usetup.exe, In Quarantäne, [176f9ba6e59770c695b2d8e445bdfb05],
PUP.Optional.BestBuy.A, C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\102\background.html, In Quarantäne, [9fe758e91468f93d4cd0051b23e0b947],
PUP.Optional.BestBuy.A, C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\102\content.js, In Quarantäne, [9fe758e91468f93d4cd0051b23e0b947],
PUP.Optional.BestBuy.A, C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\102\lsdb.js, In Quarantäne, [9fe758e91468f93d4cd0051b23e0b947],
PUP.Optional.BestBuy.A, C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\102\manifest.json, In Quarantäne, [9fe758e91468f93d4cd0051b23e0b947],
PUP.Optional.BestBuy.A, C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\102\pFbwk5ui.js, In Quarantäne, [9fe758e91468f93d4cd0051b23e0b947],
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end) Adwcleaner hatte nichts gefunden gab auch kein log.
JRT.txt Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8 x64
Ran by Admin on 29.11.2014 at 14:14:42,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\trusted publisher"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.11.2014 at 14:18:39,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und der frische FRST log: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Admin (administrator) on MHFZRS on 29-11-2014 14:29:00
Running from C:\Users\Internet\Downloads\Musik richy
Loaded Profiles: Internet & Admin (Available profiles: Richard & Internet & Admin)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmtray.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-22] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [cmsc] => c:\program files (x86)\cmcm\Clean Master\cmtray.exe [468328 2014-11-22] (Kingsoft Corporation)
HKLM\...\RunOnce: [MSPCLOCK] => rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\RunOnce: [MSPQM] => rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\RunOnce: [MSKSSRV] => rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\RunOnce: [MSTEE.CxTransform] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).
HKLM\...\RunOnce: [MSTEE.Splitter] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).
HKLM\...\RunOnce: [WDM_DRMKAUD] => rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD. (the data entry has 17 more characters).
HKLM\...\RunOnce: [BrowserChoice] => C:\Windows\BrowserChoice\browserchoice.exe [86696 2012-08-15] (Microsoft Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [439488 2013-07-09] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133760 2014-01-07] ( (Atheros Communications))
HKU\S-1-5-21-894033733-1469534155-2011522179-1004\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-10-03] (Siber Systems)
HKU\S-1-5-21-894033733-1469534155-2011522179-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-894033733-1469534155-2011522179-1004\...\Run: [EPSONCF0E53 (Epson Stylus Office BX305 Plus)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHRE.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-894033733-1469534155-2011522179-1004\...\MountPoints2: {7159ae3b-4b0c-11e4-be66-806e6f6e6963} - "G:\sources\setup.exe"
HKU\S-1-5-21-894033733-1469534155-2011522179-1005\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-10-03] (Siber Systems)
HKU\S-1-5-21-894033733-1469534155-2011522179-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-894033733-1469534155-2011522179-1005\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-894033733-1469534155-2011522179-1005\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [39712 2014-10-22] (Overwolf LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-894033733-1469534155-2011522179-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-894033733-1469534155-2011522179-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x768488642204D001
HKU\S-1-5-21-894033733-1469534155-2011522179-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKU\S-1-5-21-894033733-1469534155-2011522179-1005\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-894033733-1469534155-2011522179-1005\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?q={searchTerms}
HKU\S-1-5-21-894033733-1469534155-2011522179-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-894033733-1469534155-2011522179-1005 -> DefaultScope {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-894033733-1469534155-2011522179-1005 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-894033733-1469534155-2011522179-1005 -> {EFE522B3-7ABD-49CB-A5C3-A2AFBBA83B9D} URL = https://www.google.com/search?q={searchTerms}
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-894033733-1469534155-2011522179-1004 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-894033733-1469534155-2011522179-1005 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-03]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014-10-03]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-10-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-10-03]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2014-01-07] (Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-22] (Avast Software)
R2 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315240 2014-11-22] (Kingsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-11-05] (EasyAntiCheat Ltd)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [997664 2014-10-22] (Overwolf LTD)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2014-10-21] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-01-07] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-22] ()
S3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2014-01-07] (Qualcomm Atheros)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [34056 2014-01-23] (Paragon Software Group)
S3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2014-11-22] (Kingsoft Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-29] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-01-23] ()
R1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-01-23] ()
R1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700680 2014-01-23] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-22] (Avast Software)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-29 14:23 - 2014-11-29 14:23 - 00000197 _____ () C:\Windows\system32\2014-11-29-13-23-52.086-AvastVBoxSVC.exe-3520.log
2014-11-29 14:19 - 2014-11-29 14:19 - 00000885 _____ () C:\Users\Admin\Documents\JRT.txt
2014-11-29 14:18 - 2014-11-29 14:18 - 00000885 _____ () C:\Users\Admin\Desktop\JRT.txt
2014-11-29 14:16 - 2014-11-29 14:16 - 00001438 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-29 14:16 - 2014-11-29 14:16 - 00000000 ____D () C:\Users\Admin\AppData\Local\Packages
2014-11-29 14:16 - 2014-11-29 14:16 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2014-11-29 14:14 - 2014-11-29 14:14 - 00000000 ____D () C:\Windows\ERUNT
2014-11-29 14:09 - 2014-11-29 14:10 - 00000000 ____D () C:\AdwCleaner
2014-11-29 14:08 - 2014-11-29 14:08 - 00004353 _____ () C:\Users\Internet\Documents\MBAM Suchlauf.txt
2014-11-29 14:02 - 2014-11-29 14:02 - 00000197 _____ () C:\Windows\system32\2014-11-29-13-02-43.083-AvastVBoxSVC.exe-4488.log
2014-11-29 13:59 - 2014-11-29 13:59 - 00307896 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-29 13:59 - 2014-11-29 13:59 - 00297920 _____ () C:\Windows\Minidump\112914-26984-01.dmp
2014-11-29 13:58 - 2014-11-29 13:58 - 719563802 _____ () C:\Windows\MEMORY.DMP
2014-11-29 13:58 - 2014-11-29 13:58 - 00004608 _____ () C:\Windows\PFRO.log
2014-11-29 13:42 - 2014-11-29 13:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-29 13:42 - 2014-11-29 13:42 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-29 13:42 - 2014-11-29 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-29 13:42 - 2014-11-29 13:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-29 13:42 - 2014-11-29 13:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-29 13:42 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-29 13:42 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-29 13:42 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-29 12:46 - 2014-11-29 12:46 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2014-11-29 12:41 - 2014-11-29 12:41 - 00016792 _____ () C:\Users\Internet\Desktop\GMER.zip
2014-11-29 12:40 - 2014-11-29 12:40 - 00484299 _____ () C:\Users\Internet\Desktop\GMER.txt
2014-11-29 12:40 - 2014-11-29 12:40 - 00006172 _____ () C:\Users\Internet\Desktop\GMER.7z
2014-11-29 12:31 - 2014-11-29 12:31 - 00000000 ___RD () C:\Users\Internet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-11-29 12:31 - 2014-11-29 12:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-29 12:31 - 2014-11-29 12:31 - 00000000 _____ () C:\Windows\setupact.log
2014-11-29 12:25 - 2014-11-29 14:29 - 00000000 ____D () C:\FRST
2014-11-29 10:25 - 2014-11-29 10:25 - 00000197 _____ () C:\Windows\system32\2014-11-29-09-25-17.036-AvastVBoxSVC.exe-3516.log
2014-11-26 18:43 - 2014-11-19 08:29 - 00582552 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2014-11-26 18:43 - 2014-11-19 08:29 - 00462760 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-11-24 21:02 - 2014-11-24 21:02 - 00000280 _____ () C:\Windows\system32\2014-11-24-20-02-33.066-aswFe.exe-5968.log
2014-11-24 20:54 - 2014-11-24 20:54 - 00000280 _____ () C:\Windows\system32\2014-11-24-19-54-35.012-aswFe.exe-6552.log
2014-11-24 20:49 - 2014-11-24 20:49 - 00000280 _____ () C:\Windows\system32\2014-11-24-19-49-36.034-aswFe.exe-7156.log
2014-11-24 20:48 - 2014-11-24 20:48 - 00000280 _____ () C:\Windows\system32\2014-11-24-19-48-55.087-aswFe.exe-4204.log
2014-11-24 20:08 - 2014-11-24 20:20 - 00000000 ____D () C:\Users\Internet\Desktop\Tina
2014-11-23 22:58 - 2014-11-29 14:20 - 00000514 ____H () C:\Windows\Tasks\BrickProvider-S-4019021097.job
2014-11-23 22:58 - 2014-11-23 22:58 - 00002752 _____ () C:\Windows\System32\Tasks\BrickProvider-S-4019021097
2014-11-23 22:56 - 2014-11-23 22:56 - 00000000 ____D () C:\ProgramData\dihghonibfgkehfjddekpajkmdlfdghb
2014-11-23 22:56 - 2014-11-23 22:56 - 00000000 ____D () C:\ProgramData\819289042330388106
2014-11-23 22:55 - 2014-11-23 22:55 - 00002308 _____ () C:\Users\Admin\Desktop\- (VotOno Dj's - Russian Dance Mix).mp3.lnk
2014-11-23 22:47 - 2014-11-29 14:29 - 00000000 ____D () C:\Users\Internet\Downloads\Musik richy
2014-11-23 13:15 - 2014-11-23 13:17 - 00000197 _____ () C:\Windows\system32\2014-11-23-12-15-43.019-AvastVBoxSVC.exe-3948.log
2014-11-22 21:10 - 2014-11-22 21:10 - 00000247 _____ () C:\Windows\system32\2014-11-22-20-10-55.063-aswFe.exe-1084.log
2014-11-22 21:06 - 2014-11-22 21:10 - 00000247 _____ () C:\Windows\system32\2014-11-22-20-06-58.010-aswFe.exe-6436.log
2014-11-22 21:06 - 2014-11-22 21:06 - 00000197 _____ () C:\Windows\system32\2014-11-22-20-06-56.008-AvastVBoxSVC.exe-4984.log
2014-11-22 15:29 - 2014-11-22 15:29 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Macromedia
2014-11-22 15:26 - 2014-11-22 15:26 - 05767200 _____ (Kingsoft Corporation) C:\Users\Internet\Downloads\cleanmaster3010_12_1.exe
2014-11-22 15:26 - 2014-11-22 15:26 - 00081768 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi.sys
2014-11-22 15:26 - 2014-11-22 15:26 - 00056680 _____ (Kingsoft Corporation) C:\Windows\system32\Drivers\ksapi64.sys
2014-11-22 15:26 - 2014-11-22 15:26 - 00001066 _____ () C:\Users\Public\Desktop\Clean Master.lnk
2014-11-22 15:26 - 2014-11-22 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clean Master
2014-11-22 15:26 - 2014-11-22 15:26 - 00000000 ____D () C:\ProgramData\Kingsoft
2014-11-22 15:26 - 2014-11-22 15:26 - 00000000 ____D () C:\ProgramData\cmcm
2014-11-22 15:26 - 2014-11-22 15:26 - 00000000 ____D () C:\Program Files (x86)\cmcm
2014-11-22 15:25 - 2014-11-22 15:25 - 01376768 _____ () C:\Users\Internet\Downloads\7z920-x64 (2).msi
2014-11-22 15:25 - 2014-11-22 15:25 - 01376768 _____ () C:\Users\Internet\Downloads\7z920-x64 (1).msi
2014-11-22 15:22 - 2014-11-22 15:24 - 00000197 _____ () C:\Windows\system32\2014-11-22-14-22-44.046-AvastVBoxSVC.exe-3968.log
2014-11-22 13:07 - 2014-11-22 13:07 - 00001168 _____ () C:\Users\Internet\Documents\cc_20141122_130727.reg
2014-11-22 10:52 - 2014-11-22 10:52 - 00000247 _____ () C:\Windows\system32\2014-11-22-09-52-14.086-aswFe.exe-4040.log
2014-11-22 10:47 - 2014-11-22 10:52 - 00000247 _____ () C:\Windows\system32\2014-11-22-09-47-40.080-aswFe.exe-5108.log
2014-11-22 10:47 - 2014-11-22 10:47 - 00000197 _____ () C:\Windows\system32\2014-11-22-09-47-38.036-AvastVBoxSVC.exe-2508.log
2014-11-22 10:37 - 2014-11-22 10:38 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-11-22 10:37 - 2014-11-22 10:38 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-22 10:33 - 2014-11-22 10:33 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-22 10:33 - 2014-11-22 10:33 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-22 10:33 - 2014-11-22 10:33 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-21 22:22 - 2014-11-21 22:23 - 00000000 ____D () C:\Users\Internet\AppData\Local\Overwolf
2014-11-21 19:57 - 2014-11-21 19:57 - 00003728 _____ () C:\Windows\System32\Tasks\Overwolf Updater Task
2014-11-21 19:57 - 2014-11-21 19:57 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2014-11-21 19:57 - 2014-11-21 19:57 - 00000000 ____D () C:\ProgramData\Overwolf
2014-11-21 19:57 - 2014-11-21 19:57 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2014-11-21 19:55 - 2014-11-21 19:57 - 00000000 ____D () C:\Users\Admin\AppData\Local\Overwolf
2014-11-19 22:54 - 2014-11-19 22:55 - 00001352 _____ () C:\Users\Internet\Desktop\shutdown 1 Hour.lnk
2014-11-19 19:16 - 2014-11-19 19:16 - 00000000 ____D () C:\ProgramData\Sun
2014-11-19 19:16 - 2014-11-19 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-19 19:16 - 2014-11-19 19:15 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-19 19:15 - 2014-11-19 19:16 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-19 19:15 - 2014-11-19 19:15 - 00638888 _____ (Oracle Corporation) C:\Users\Internet\Downloads\jxpiinstall.exe
2014-11-19 19:15 - 2014-11-19 19:15 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-19 19:01 - 2014-11-19 19:01 - 00002002 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-11-19 19:01 - 2014-11-19 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-11-19 18:59 - 2014-11-19 18:59 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-11-19 18:57 - 2014-11-19 18:57 - 00000000 ____D () C:\Users\Internet\Documents\Shuame
2014-11-19 18:56 - 2014-11-19 18:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-11-19 18:53 - 2014-11-19 18:53 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-11-19 18:53 - 2014-11-19 18:53 - 00000000 ____D () C:\Users\Internet\Documents\samsung
2014-11-19 18:53 - 2014-11-19 18:53 - 00000000 ____D () C:\Users\Internet\AppData\Roaming\Samsung
2014-11-19 18:53 - 2014-11-19 18:53 - 00000000 ____D () C:\Users\Internet\AppData\Local\Samsung
2014-11-19 18:51 - 2014-04-30 19:43 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2014-11-19 18:51 - 2014-04-30 19:43 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2014-11-19 18:50 - 2014-11-19 18:50 - 00000000 ____D () C:\Users\Admin\AppData\Local\Downloaded Installations
2014-11-19 18:48 - 2014-11-24 20:47 - 00000000 ____D () C:\Users\Internet\AppData\Local\CrashDumps
2014-11-19 18:47 - 2014-11-19 18:50 - 75714480 _____ (Samsung Electronics Co., Ltd.) C:\Users\Internet\Downloads\KiesSetup.exe
2014-11-19 18:47 - 2014-11-19 18:49 - 41860496 _____ (Samsung Electronics Co., Ltd.) C:\Users\Internet\Downloads\Kies3Setup.exe
2014-11-19 18:35 - 2014-11-19 18:35 - 00000000 ____D () C:\Users\Public\Documents\RootGenius
2014-11-19 18:35 - 2014-11-19 18:35 - 00000000 ____D () C:\Users\Internet\.android
2014-11-19 18:22 - 2014-06-16 07:01 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-11-19 18:22 - 2014-06-16 07:01 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2014-11-19 18:22 - 2014-06-16 07:01 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-11-19 18:22 - 2014-06-16 07:01 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-11-19 18:08 - 2014-11-08 12:22 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 18:08 - 2014-11-08 12:21 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 18:08 - 2014-11-08 07:57 - 00187904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 18:08 - 2014-11-08 07:56 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 18:57 - 2014-11-21 19:52 - 00000000 ____D () C:\Users\Internet\Desktop\Schatz musik
2014-11-15 14:06 - 2014-11-15 14:06 - 00000000 ____D () C:\Users\Admin\Documents\My Cheat Tables
2014-11-15 13:08 - 2014-11-20 21:56 - 00713672 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-15 13:08 - 2014-11-20 21:56 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 23:08 - 2014-11-05 07:40 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 23:08 - 2014-11-05 07:38 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 23:08 - 2014-11-05 04:16 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 23:08 - 2014-10-18 09:44 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 23:08 - 2014-10-18 08:05 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 23:08 - 2014-10-11 08:45 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-12 23:08 - 2014-10-11 08:44 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 23:08 - 2014-10-11 08:44 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-12 23:08 - 2014-10-11 08:43 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-12 23:08 - 2014-10-11 06:58 - 08858624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-11-12 23:08 - 2014-10-11 06:57 - 02416640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 23:08 - 2014-10-11 06:57 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-12 23:08 - 2014-10-11 06:56 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-12 23:08 - 2014-10-03 02:21 - 00522728 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 23:08 - 2014-10-02 23:29 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 23:08 - 2014-10-02 23:29 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 23:08 - 2014-10-02 23:29 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-12 23:08 - 2014-10-02 00:05 - 04068864 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 23:08 - 2014-09-25 00:29 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 23:08 - 2014-09-25 00:29 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-12 23:08 - 2014-09-25 00:01 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 23:08 - 2014-09-25 00:01 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-12 23:08 - 2014-09-22 06:53 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-11-12 23:08 - 2014-09-13 07:24 - 02233152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-12 23:08 - 2014-09-06 01:46 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-11-12 23:08 - 2014-09-03 03:48 - 00457728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-11-12 23:08 - 2014-09-03 03:48 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2014-11-12 23:08 - 2014-09-03 03:22 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2014-11-12 23:08 - 2014-09-03 03:21 - 00623104 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-11-12 23:08 - 2014-09-03 03:21 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-11-12 23:08 - 2014-08-29 05:17 - 02043392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-11-12 23:08 - 2014-08-29 05:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-11-12 23:08 - 2014-08-29 05:04 - 02837504 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-12 23:08 - 2014-08-29 05:04 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-11-12 23:08 - 2014-08-28 07:04 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSCOMEX.dll
2014-11-12 23:08 - 2014-08-28 07:04 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-11-12 23:08 - 2014-08-28 06:59 - 00616448 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-12 23:08 - 2014-08-28 06:59 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-11-12 23:08 - 2014-08-28 06:59 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\FXSTIFF.dll
2014-11-12 23:08 - 2014-08-28 06:59 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\FXST30.dll
2014-11-12 23:08 - 2014-08-26 23:08 - 00270024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-11-12 23:08 - 2014-08-22 00:56 - 01418752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 23:08 - 2014-08-22 00:27 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 23:08 - 2014-07-24 14:12 - 00328512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-11-12 23:07 - 2014-10-26 02:56 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 23:07 - 2014-10-26 02:56 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 23:07 - 2014-10-26 02:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-11-12 23:07 - 2014-10-26 02:56 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-11-12 23:07 - 2014-10-26 02:56 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 23:07 - 2014-10-26 02:55 - 19284480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 23:07 - 2014-10-26 02:55 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 23:07 - 2014-10-26 02:55 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 23:07 - 2014-10-26 02:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 23:07 - 2014-10-26 02:54 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 23:07 - 2014-10-26 02:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 23:07 - 2014-10-26 02:54 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 23:07 - 2014-10-26 02:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 23:07 - 2014-10-26 02:54 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 23:07 - 2014-10-26 02:54 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 23:07 - 2014-10-26 02:54 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 23:07 - 2014-10-26 02:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-12 23:07 - 2014-10-26 02:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 23:07 - 2014-10-26 02:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 23:07 - 2014-10-26 02:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 23:07 - 2014-10-26 02:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 23:07 - 2014-10-26 01:36 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 23:07 - 2014-10-26 01:35 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 23:07 - 2014-10-26 01:35 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 23:07 - 2014-10-26 01:35 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 23:07 - 2014-10-26 01:35 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 23:07 - 2014-10-26 01:35 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 23:07 - 2014-10-26 01:35 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-11-12 23:07 - 2014-10-26 01:34 - 13758464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 23:07 - 2014-10-26 01:34 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 23:07 - 2014-10-26 01:34 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 23:07 - 2014-10-26 01:34 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 23:07 - 2014-10-26 01:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-12 23:07 - 2014-10-26 01:34 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 23:07 - 2014-10-26 01:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 23:07 - 2014-10-26 01:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 23:07 - 2014-10-26 01:34 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-12 23:07 - 2014-10-26 01:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 23:07 - 2014-10-26 01:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 23:07 - 2014-10-26 01:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 23:07 - 2014-10-26 01:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 23:07 - 2014-10-26 01:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 23:07 - 2014-10-25 22:48 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-11-12 23:07 - 2014-10-23 13:47 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 23:07 - 2014-10-23 12:04 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 23:07 - 2014-10-11 09:35 - 00171840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 23:07 - 2014-10-11 08:44 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-12 23:07 - 2014-10-11 08:44 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-11-12 23:07 - 2014-10-11 08:43 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 23:07 - 2014-10-11 06:57 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-11-12 23:07 - 2014-10-11 06:41 - 00713728 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 23:07 - 2014-10-11 06:41 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 23:07 - 2014-10-11 06:05 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 23:07 - 2014-10-11 06:04 - 00713728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 21:21 - 2014-11-11 21:21 - 00000000 ____D () C:\Users\Admin\AppData\Local\Samsung
2014-11-11 21:17 - 2014-11-11 21:17 - 00001946 _____ () C:\Users\Public\Desktop\SW Update.lnk
2014-11-09 20:45 - 2014-11-09 20:45 - 00000017 _____ () C:\Users\Internet\Documents\mac wlan laptop.txt
2014-11-05 18:34 - 2014-11-05 18:32 - 00174112 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2014-11-04 20:33 - 2014-11-04 20:33 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-10-31 22:11 - 2014-10-31 22:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-30 22:26 - 2014-11-01 00:42 - 00000000 ____D () C:\Windows\system32\AutoUpdateLicense
2014-10-30 18:53 - 2014-10-22 04:34 - 00010777 _____ () C:\Windows\system32\AutoconfigV2.cab
2014-10-30 18:53 - 2014-10-22 02:08 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-10-30 18:53 - 2014-10-22 02:08 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-30 18:53 - 2014-10-22 02:01 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-10-30 18:53 - 2014-10-22 02:01 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-10-30 18:53 - 2014-10-22 02:01 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-30 18:53 - 2014-10-22 02:00 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-29 14:26 - 2014-10-04 09:50 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-894033733-1469534155-2011522179-1004
2014-11-29 14:23 - 2014-10-15 19:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-29 14:20 - 2014-10-03 16:09 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-29 14:20 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-29 14:20 - 2012-07-26 06:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-11-29 14:16 - 2014-10-04 15:33 - 00000000 ____D () C:\Users\Admin
2014-11-29 14:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-11-29 13:59 - 2014-10-06 21:40 - 00000000 ____D () C:\Windows\Minidump
2014-11-29 13:58 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\SchCache
2014-11-29 12:38 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-29 12:31 - 2014-10-04 09:46 - 00000000 ____D () C:\Users\Internet\Documents\Bluetooth Folder
2014-11-29 11:28 - 2014-10-03 21:12 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-26 22:34 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-25 20:23 - 2014-10-15 19:27 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-24 22:37 - 2014-10-03 16:19 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-23 22:24 - 2012-10-19 23:28 - 00754172 _____ () C:\Windows\system32\perfh007.dat
2014-11-23 22:24 - 2012-10-19 23:28 - 00156362 _____ () C:\Windows\system32\perfc007.dat
2014-11-23 22:24 - 2012-07-26 08:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-22 15:29 - 2014-10-05 00:01 - 00000860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraDefrag.lnk
2014-11-22 15:29 - 2014-10-05 00:01 - 00000848 _____ () C:\Users\Public\Desktop\UltraDefrag.lnk
2014-11-22 15:29 - 2014-10-05 00:01 - 00000000 ____D () C:\Program Files\UltraDefrag
2014-11-22 15:27 - 2014-10-03 17:48 - 00000000 ____D () C:\Windows\Panther
2014-11-22 15:27 - 2014-10-03 16:18 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-22 10:33 - 2014-10-03 16:18 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-22 10:33 - 2014-10-03 16:18 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-22 10:33 - 2014-10-03 16:18 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-22 10:33 - 2014-10-03 16:18 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-11-22 10:33 - 2014-10-03 16:18 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-22 10:33 - 2014-10-03 16:18 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-22 10:33 - 2014-10-03 16:18 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-22 10:33 - 2014-10-03 16:18 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-21 18:22 - 2014-10-03 16:10 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-20 20:40 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-11-19 18:51 - 2014-10-03 19:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-19 18:51 - 2014-10-03 16:43 - 00000000 ____D () C:\ProgramData\Samsung
2014-11-19 18:51 - 2014-10-03 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-11-19 18:51 - 2014-10-03 16:43 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-11-19 18:35 - 2014-10-04 09:43 - 00000000 ____D () C:\Users\Internet
2014-11-19 18:22 - 2014-10-03 16:43 - 00000000 ____D () C:\Program Files\Samsung
2014-11-15 19:26 - 2014-10-03 16:09 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 19:26 - 2014-10-03 16:09 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-15 19:26 - 2014-10-03 16:09 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-15 01:06 - 2014-10-04 09:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-15 01:06 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2014-11-15 01:06 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-15 01:06 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-15 01:06 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-15 01:06 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-13 13:00 - 2014-10-03 17:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 12:57 - 2014-10-03 17:22 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-01 13:06 - 2014-10-03 16:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-30 22:26 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll
C:\Users\Richard\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplqddbe.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-29 10:32
==================== End Of Log ============================ mfg |