Ist ja ein schönes Gefühlt erkannt zu werden :)
Ende 2013 hatte ich mit der Ausbildung bei euch angefangen gehabt. Leider hat mir einfach die Zeit gefehlt um hier richtig angreifen zu können.
Die Ausbildung zum Anwendungsentwickler fordert viel Kraft und Zeit, da ich diese gut abschließen will. Und so habe ich mich dazu entschlossen gehabt den Platz nicht weiter zu blockieren und jemend anderem die Möglichkeit zu geben bei euch zu lernen.
Vielleicht bietet Ihr mir ja eines Tages die Gelegenheit die Ausbildung abzuschließen :)
Zum ersten Schritt: die Deinstallation hat über Programme und Features geklappt. Code:
# AdwCleaner v4.202 - Bericht erstellt 27/04/2015 um 21:39:45
# Aktualisiert 23/04/2015 von Xplode
# Datenbank : 2015-04-27.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Rod - ROD
# Gestarted von : D:\downloads\AdwCleaner_4.202.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem
[#] Dienst Gelöscht : WindowsMangerProtect
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\IHProtectUpDate
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Users\Rod\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Rod\AppData\Local\BrowserHelper
Ordner Gelöscht : C:\Users\Rod\AppData\Roaming\00000000-1430077888-0000-0000-8C89A50FD868
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Rod\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Rod\Desktop\Continue Live Installation.lnk
Datei Gelöscht : C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\invalidprefs.js
***** [ Geplante Tasks ] *****
Task Gelöscht : globalUpdateUpdateTaskMachineCore
Task Gelöscht : globalUpdateUpdateTaskMachineUA
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sweetsearch@gmail.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_searchff@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Wert Gelöscht : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4AEC2270-2E5F-40C8-BE5A-E5A5264714C0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{52E8E39B-2773-448F-BC20-547CD8DA4685}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{62163814-0C94-4DC3-BA99-5E9E2420C914}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{68AEA825-D48B-4A56-87F0-6FCE988A2C48}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6A0F07D3-F28E-4F45-8D4C-BBF8000F5BB8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AF435BC-80A9-466E-938B-32E4482EBD65}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{85CEBABD-A775-41E2-8B67-FE06104F06ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AE92A5AB-E575-4487-BCC0-96D333E5346C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C622315B-3049-43D4-9B41-D4B2DC2CD706}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{CDB85458-AE08-4106-B699-B946FF4A61CD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{025EEF9C-90F5-417E-9196-09FA4AAB4C92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03F13205-38FF-4361-BECE-EE939A002FA2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1FAAF6AB-B931-4D05-BA12-B0ECCCCE2D0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4B746FD7-84D5-47E9-A957-FDEC06327FF9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\HomeTab
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\TNT2
Schlüssel Gelöscht : HKCU\Software\WajIntEnhance
Schlüssel Gelöscht : HKCU\Software\SearchProtectWS
Schlüssel Gelöscht : HKCU\Software\Linkey
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\IHProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\WajIntEnhance
Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit
Schlüssel Gelöscht : HKLM\SOFTWARE\luckysearchesSoftware
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Description
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\ShopperPro
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v29.0.1 (de)
[xz1euvt7.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[xz1euvt7.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.luckysearches.com/web/favicon.ico");
[xz1euvt7.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.luckysearches.com/web/?type=dspp&ts=1430077802&from=fsf&uid=SanDiskXSD6SB1M064G_133958401282&q={searchTerms}");
[xz1euvt7.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.crossrider.bic", "14cf74ba9a4e8638227b0ff2e1f1cc8d");
[xz1euvt7.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[xz1euvt7.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
-\\ Chromium v
*************************
AdwCleaner[R2].txt - [6860 Bytes] - [21/11/2014 00:16:17]
AdwCleaner[R3].txt - [927 Bytes] - [29/11/2014 17:00:01]
AdwCleaner[R4].txt - [1045 Bytes] - [29/11/2014 17:07:07]
AdwCleaner[R5].txt - [16450 Bytes] - [27/04/2015 21:39:01]
AdwCleaner[S2].txt - [5620 Bytes] - [21/11/2014 00:17:18]
AdwCleaner[S3].txt - [987 Bytes] - [29/11/2014 17:01:15]
AdwCleaner[S4].txt - [13742 Bytes] - [27/04/2015 21:39:45]
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [13802 Bytes] ########## Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 27.04.2015
Suchlauf-Zeit: 21:50:33
Logdatei: MBAM-Log.txt
Administrator: Ja
Version: 2.01.6.1022
Malware Datenbank: v2015.04.27.03
Rootkit Datenbank: v2015.04.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Rod
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 558369
Verstrichene Zeit: 9 Min, 31 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente gefunden)
Module: 0
(Keine schädliche Elemente gefunden)
Registrierungsschlüssel: 6
PUP.Optional.ModGoog, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [c5cae38e424886b0dfa1d67157ab9070],
PUP.Optional.ModGoog, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [c5cae38e424886b0dfa1d67157ab9070],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [731c165b5c2ea78f51991aabe0238c74],
PUP.Optional.Cinema.A, HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\SOFTWARE\CinemaP-1.4cV16.03-nv-ie, In Quarantäne, [b1dec5aca9e12511b4d1f8f150b3ac54],
PUP.Optional.iWebar.A, HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\SOFTWARE\iWebar-nv-ie, In Quarantäne, [c9c6e19021697db90f334192be45b34d],
PUP.Optional.ObjectBrowser.A, HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\SOFTWARE\Object Browser-nv-ie, In Quarantäne, [c7c8d998454540f686b8785624df3dc3],
Registrierungswerte: 3
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mbot_de_611, In Quarantäne, [414e502121694aec168497542ed5d62a],
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\fovudyqe|ImagePath, C:\Users\Rod\AppData\Roaming\00000000-1430077888-0000-0000-8C89A50FD868\jnsc4735.tmp, In Quarantäne, [5b34442d34563204dd448bcd35d0669a]
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\kikutuwy|ImagePath, C:\Users\Rod\AppData\Roaming\00000000-1430077888-0000-0000-8C89A50FD868\nszFE6.tmp, In Quarantäne, [6827116022682f07ee312434a1645ea2]
Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)
Ordner: 6
PUP.Optional.MultiPlug.A, C:\Users\Rod\AppData\Local\00000000-1430085370-0000-0000-8C89A50FD868, In Quarantäne, [e5aaaac79ceef442edaa0158fa0b7a86],
PUP.Optional.GlobalUpdate.A, C:\Users\Rod\AppData\Local\Temp\comh.11522, In Quarantäne, [187772ffa7e31e1896716742709347b9],
PUP.Optional.GlobalUpdate.A, C:\Users\Rod\AppData\Local\Temp\comh.394691, In Quarantäne, [2e616e038efc8fa763a4beeb33d09f61],
PUP.Optional.GlobalUpdate.A, C:\Users\Rod\AppData\Local\Temp\comh.75781, In Quarantäne, [3659f47d0f7ba59130d79712a65dad53],
PUP.Optional.ShopperPro.A, C:\Users\Public\Documents\ShopperPro, In Quarantäne, [870891e03951ff37e175873c7d86738d],
PUP.Optional.ShopperPro.A, C:\Users\Public\Documents\ShopperPro\JsDriver, In Quarantäne, [870891e03951ff37e175873c7d86738d],
Dateien: 51
PUP.Optional.CrossRider.A, C:\Users\Rod\AppData\Roaming\OXJV.exe, In Quarantäne, [f39c333ed7b3fd397dc8c479b650a060],
PUP.Optional.CrossRider.A, C:\Users\Rod\AppData\Roaming\RTQFZORV.exe, In Quarantäne, [454aec859deda0966fd6d66700069b65],
PUP.Optional.SafeSoftware, C:\$Recycle.Bin\S-1-5-21-1164391901-2496949349-3293824855-1002\$RIW8D8T.exe, In Quarantäne, [b2dd086993f710264236d96cf3135fa1],
PUP.Optional.SupTab.A, C:\$Recycle.Bin\S-1-5-21-1164391901-2496949349-3293824855-1002\$RURQFZY\SupTab.dll, In Quarantäne, [117e630e8604bc7a068d3afd51af08f8],
PUP.Optional.PreBackup.A, C:\Users\Rod\AppData\Local\Temp\CloudBackup3360.exe, In Quarantäne, [cbc48ce591f91620c1702f457090f60a],
PUP.Optional.Bundle, C:\Users\Rod\AppData\Local\Temp\setup.exe, In Quarantäne, [b0df4c251b6f6bcbfbb9014d39c9916f],
PUP.Optional.LuckySearches.A, C:\Users\Rod\AppData\Local\Temp\amt_luckysearches.exe, In Quarantäne, [f39c93ded4b6310569fdea5afb0b966a],
Trojan.Downloader, C:\Users\Rod\AppData\Local\Temp\nstC01F.tmp, In Quarantäne, [7619f18097f3d660f5cada5f867d5da3],
PUP.Optional.Bundle, C:\Users\Rod\AppData\Local\Temp\nstC020.tmp, In Quarantäne, [7c13a6cb4842c175742e08f1e81dd52b],
PUP.Optional.Bundle, C:\Users\Rod\AppData\Local\Temp\sudden strike 3 arms for victory 1.4 no cd__10924_i1505121814_il1500977.exe, In Quarantäne, [e5aa68097317e84ec96d8eb32cd67987],
PUP.Optional.CrossRider, C:\Users\Rod\AppData\Local\Temp\Install_29558\ins_cr.exe, In Quarantäne, [99f699d866240432dad0459e857c15eb],
PUP.Optional.CrossRider, C:\Users\Rod\AppData\Local\Temp\Install_29558\ins_iwebar.exe, In Quarantäne, [573809680b7f7fb7c2e86b78837e9868],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.11522\GoogleCrashHandler.exe, In Quarantäne, [840b9ad7deac71c5364a0146956dea16],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.11522\GoogleUpdate.exe, In Quarantäne, [c5cae38e424886b0dfa1d67157ab9070],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.11522\GoogleUpdateBroker.exe, In Quarantäne, [cec1b8b9206a43f394ec1a2dc24048b8],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.11522\GoogleUpdateOnDemand.exe, In Quarantäne, [1778116090fa191d86fa0245cc367090],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.11522\goopdate.dll, In Quarantäne, [8a05bdb409815cda4e3293b4936fb14f],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.11522\goopdateres_en.dll, In Quarantäne, [513efc756921e74fdca4b88f37cbbe42],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.11522\npGoogleUpdate4.dll, In Quarantäne, [434c076a7c0e0b2bbbc5f750bf438c74],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.11522\psmachine.dll, In Quarantäne, [c8c782efabdf3df9f48c6ed9b0524eb2],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.11522\psuser.dll, In Quarantäne, [652a5a1715754ee85030242336cc827e],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.394691\GoogleCrashHandler.exe, In Quarantäne, [513e551c4149e353c8b80740a0623fc1],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.394691\GoogleUpdate.exe, In Quarantäne, [8c039ed36e1c7bbb384855f2e220dc24],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.394691\GoogleUpdateBroker.exe, In Quarantäne, [eba4ed843f4b0234235d87c09f63728e],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.394691\GoogleUpdateOnDemand.exe, In Quarantäne, [038c98d9cac061d57d03f552fe04d52b],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.394691\goopdate.dll, In Quarantäne, [b3dc6d04d7b37cba413f1f2840c258a8],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.394691\goopdateres_en.dll, In Quarantäne, [3e51670ae3a7c86e0a764dfa5ea4936d],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.394691\npGoogleUpdate4.dll, In Quarantäne, [47489fd2b3d79d99740c6adda95924dc],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.394691\psmachine.dll, In Quarantäne, [3659264bc5c5c86ef68aac9b27dbc040],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.394691\psuser.dll, In Quarantäne, [028d541dc7c32b0b1d63281fee149c64],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.75781\GoogleCrashHandler.exe, In Quarantäne, [1b74274aa9e14ee85b252a1d06fccf31],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.75781\GoogleUpdate.exe, In Quarantäne, [cec1aac7acde15212060bc8ba85a6a96],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.75781\GoogleUpdateBroker.exe, In Quarantäne, [117edc9516742c0a3e42301706fc02fe],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.75781\GoogleUpdateOnDemand.exe, In Quarantäne, [8e01b5bcf89271c51b653314788aa65a],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.75781\goopdate.dll, In Quarantäne, [8d028de4b5d53ff72e52bf88d2302dd3],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.75781\goopdateres_en.dll, In Quarantäne, [3c5395dca6e496a06917cc7bc73bed13],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.75781\npGoogleUpdate4.dll, In Quarantäne, [cfc01c553a500333522eb295e61c7d83],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.75781\psmachine.dll, In Quarantäne, [543b531e8a00bc7ab1cf4bfc6a98f808],
PUP.Optional.ModGoog, C:\Users\Rod\AppData\Local\Temp\comh.75781\psuser.dll, In Quarantäne, [66294c25f9918caadaa6ca7df80a1ae6],
PUP.Optional.ABEngine.A, C:\Users\Rod\AppData\Local\Temp\abengine.log, In Quarantäne, [157a9ed37218b086e15fbc17ac57cd33],
PUP.Optional.ABEngine.A, C:\Windows\Temp\abengine.log, In Quarantäne, [840bfc758802a0969da3d8fbf2113fc1],
PUP.Optional.MultiPlug.A, C:\Users\Rod\AppData\Local\00000000-1430085370-0000-0000-8C89A50FD868\onsyE54.tmp, In Quarantäne, [e5aaaac79ceef442edaa0158fa0b7a86],
PUP.Optional.MultiPlug.A, C:\Users\Rod\AppData\Local\00000000-1430085370-0000-0000-8C89A50FD868\pnsdE74.exe, In Quarantäne, [e5aaaac79ceef442edaa0158fa0b7a86],
PUP.Optional.MultiPlug.A, C:\Users\Rod\AppData\Local\00000000-1430085370-0000-0000-8C89A50FD868\rnsyE53.exe, In Quarantäne, [e5aaaac79ceef442edaa0158fa0b7a86],
PUP.Optional.MultiPlug.A, C:\Users\Rod\AppData\Local\00000000-1430085370-0000-0000-8C89A50FD868\snsyE52.tmp, In Quarantäne, [e5aaaac79ceef442edaa0158fa0b7a86],
PUP.Optional.MultiPlug.A, C:\Users\Rod\AppData\Local\00000000-1430085370-0000-0000-8C89A50FD868\Uninstall.exe, In Quarantäne, [e5aaaac79ceef442edaa0158fa0b7a86],
PUP.Optional.GlobalUpdate.A, C:\Users\Rod\AppData\Local\Temp\comh.11522\GoogleUpdateHelper.msi, In Quarantäne, [187772ffa7e31e1896716742709347b9],
PUP.Optional.GlobalUpdate.A, C:\Users\Rod\AppData\Local\Temp\comh.394691\GoogleUpdateHelper.msi, In Quarantäne, [2e616e038efc8fa763a4beeb33d09f61],
PUP.Optional.GlobalUpdate.A, C:\Users\Rod\AppData\Local\Temp\comh.75781\GoogleUpdateHelper.msi, In Quarantäne, [3659f47d0f7ba59130d79712a65dad53],
PUP.Optional.ShopperPro.A, C:\Users\Public\Documents\ShopperPro\JsDriver\Config.xml, In Quarantäne, [870891e03951ff37e175873c7d86738d],
PUP.Optional.LuckySearches.A, C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.selectedEngine", "luckysearches");), Ersetzt,[6728afc2aae00e283ad80344798dec14]
Physische Sektoren: 0
(Keine schädliche Elemente gefunden)
(end) FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01
Ran by Rod (administrator) on ROD on 27-04-2015 22:07:57
Running from D:\downloads
Loaded Profiles: Rod & MSSQLFDLauncher$AUSBILDUNG (Available profiles: Rod & MSSQL$AUSBILDUNG & MSSQLSERVER & MSSQLFDLauncher$AUSBILDUNG)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(Microsoft Corporation) D:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) D:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) D:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Geek Software GmbH) D:\Software\PDF24\PDF24\pdf24.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Mozilla Corporation) D:\Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Malwarebytes Corporation) D:\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2859344 2013-04-30] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [403848 2013-05-14] (MSI)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [399776 2013-05-14] (MSI)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-23] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [PDFPrint] => D:\Software\PDF24\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => E:\SuddenStrike3\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\Run: [Spotify Web Helper] => C:\Users\Rod\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-03] (Spotify Ltd)
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\Run: [BuildNotification12] => "D:\VS2013\Common7\IDE\BuildNotificationApp.exe"
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\Run: [Spotify] => C:\Users\Rod\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-03] (Spotify Ltd)
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\MountPoints2: H - "H:\SETUP.EXE"
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\MountPoints2: I - "I:\autorun.exe"
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\MountPoints2: {61f6dd93-d3e6-11e3-bede-8c89a50fd868} - "G:\autorun.exe"
HKU\S-1-5-21-1164391901-2496949349-3293824855-1002\...\MountPoints2: {dc1b46f1-676a-11e4-bf0e-8c89a50fd868} - "G:\autorun.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178512 2015-03-13] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178512 2015-03-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164568 2015-03-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk [2013-10-28]
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
Startup: C:\Users\Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-01-26]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
URLSearchHook: [S-1-5-80-4129702732-3888187158-186309658-1063465230-1591156635] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-10-16] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-16] (Oracle Corporation)
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-16] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-16] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default
FF Homepage: hxxp://google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-26] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\searchplugins\gmx-suche.xml [2015-03-10]
FF Extension: Ghostery - C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\Extensions\firefox@ghostery.com.xpi [2014-11-23]
FF Extension: CookieCuller - C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-11-23]
FF Extension: Adblock Plus - C:\Users\Rod\AppData\Roaming\Mozilla\Firefox\Profiles\xz1euvt7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-05]
StartMenuInternet: FIREFOX.EXE - D:\Firefox\firefox.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-03-11] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-03-18] (Microsoft Corporation)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel(R) Bluetooth Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [160712 2013-03-11] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2013-05-14] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSSQL$AUSBILDUNG; d:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R3 MSSQLFDLauncher$AUSBILDUNG; d:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-03-29] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [1931632 2015-04-17] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-02-04] ()
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [495616 2013-03-15] () [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
S2 SkypeUpdate; D:\Software\Skype\Updater\Updater.exe [315488 2015-02-18] (Skype Technologies)
S4 SQLAgent$AUSBILDUNG; d:\SQL\MSSQL11.AUSBILDUNG\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 VsEtwService120; D:\Programmierung\VS Express 2013\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3376880 2013-03-29] (Intel® Corporation)
S2 fovudyqe; No ImagePath
S2 kikutuwy; No ImagePath
S2 MSSQLSERVER; "C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [X]
S4 SQLSERVERAGENT; "C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2015-01-19] ()
S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2013-03-15] (Qualcomm Atheros, Inc.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsfw.sys [1366328 2013-04-01] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [76744 2013-03-11] (Intel Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [174448 2013-03-15] (Qualcomm Atheros, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2015-01-19] ()
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [136408 2015-04-27] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3545056 2013-04-18] (Intel Corporation)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [299664 2015-03-13] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
U0 pexgba; C:\Windows\System32\drivers\dwvfem.sys [79064 2015-04-27] (Malwarebytes Corporation)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [448072 2013-02-01] (RTS Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys [23552 2012-09-12] (Creative Technology Ltd.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-27 22:05 - 2015-04-27 22:05 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\dwvfem.sys
2015-04-26 22:25 - 2015-04-26 22:25 - 00000778 ____C () C:\Users\Rod\Desktop\Sudden Strike 2.lnk
2015-04-26 22:25 - 2015-04-26 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
2015-04-26 22:07 - 2015-04-26 22:07 - 00003146 _____ () C:\WINDOWS\System32\Tasks\{ABBAF84F-D062-43E1-B01B-79516F78051E}
2015-04-26 21:59 - 2015-04-27 21:59 - 00001686 _____ () C:\WINDOWS\Tasks\RTQFZORV.job
2015-04-26 21:59 - 2015-04-27 21:59 - 00001334 _____ () C:\WINDOWS\Tasks\OXJV.job
2015-04-26 21:59 - 2015-04-26 21:59 - 00004678 _____ () C:\WINDOWS\System32\Tasks\RTQFZORV
2015-04-26 21:59 - 2015-04-26 21:59 - 00004328 _____ () C:\WINDOWS\System32\Tasks\OXJV
2015-04-26 21:51 - 2015-04-26 21:51 - 00000000 ___DC () C:\Users\Rod\AppData\Local\CrashRpt
2015-04-26 21:48 - 2015-04-26 21:48 - 00003970 _____ () C:\WINDOWS\System32\Tasks\LaunchPreSignup
2015-04-26 21:45 - 2015-04-26 21:45 - 00003086 _____ () C:\WINDOWS\System32\Tasks\iren3006
2015-04-26 21:37 - 2015-04-26 21:37 - 00000000 ___DC () C:\Users\Rod\Documents\Fireglow Games
2015-04-15 15:48 - 2015-04-15 15:48 - 00424651 ____C () C:\Users\Rod\Desktop\Kündigungsbestätigung.jpeg
2015-04-15 15:47 - 2015-04-15 15:46 - 00292022 ____C () C:\Users\Rod\Desktop\Gutschrift.jpeg
2015-04-15 15:17 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 15:17 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 15:17 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 15:17 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 15:17 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 15:17 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 15:17 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 15:17 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 15:17 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 15:17 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 15:17 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 15:17 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 15:17 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 15:17 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 15:17 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 15:17 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 15:17 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 15:17 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 15:17 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 15:17 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 15:17 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 15:17 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 15:17 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 15:17 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 15:17 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 15:17 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 15:17 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 15:17 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 15:17 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 15:17 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 15:17 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 15:17 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 15:17 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 15:17 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 15:17 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 15:17 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 15:17 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 15:17 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 15:17 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 15:17 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 15:17 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 15:17 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 15:17 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 15:16 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 15:16 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 15:16 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 15:16 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 15:16 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 15:16 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-04 15:07 - 2015-04-05 09:54 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-04 15:07 - 2015-04-04 15:07 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-03-30 20:35 - 2015-03-30 20:35 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-03-30 20:35 - 2015-03-30 20:35 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-03-30 20:34 - 2015-03-13 21:41 - 32114888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 25460880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 24775368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 20466376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 18580512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 17258024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 16022016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 13297144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 13210080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 10775080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 10715864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 10262160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-03-30 20:34 - 2015-03-13 21:41 - 03611792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 03249352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 01896136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434788.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434788.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00970384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00944784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00930448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00909512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00496272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00400584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00390288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00354112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00346824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00306208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-03-30 20:34 - 2015-03-13 21:41 - 00299664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvkflt.sys
2015-03-30 20:34 - 2015-03-13 21:41 - 00032456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-27 22:07 - 2014-11-20 22:33 - 00000000 ____D () C:\FRST
2015-04-27 22:02 - 2014-01-15 23:38 - 01565329 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-27 22:02 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-27 22:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-27 21:52 - 2013-12-27 19:31 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1164391901-2496949349-3293824855-1002
2015-04-27 21:48 - 2014-11-22 13:50 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-27 21:47 - 2014-11-22 13:50 - 00000641 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-27 21:47 - 2014-11-22 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-27 21:47 - 2013-11-14 09:27 - 02435178 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-27 21:47 - 2013-11-14 09:11 - 01025694 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-27 21:47 - 2013-11-14 09:11 - 00247972 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-27 21:41 - 2014-11-08 15:57 - 00033219 _____ () C:\WINDOWS\setupact.log
2015-04-27 21:41 - 2014-01-31 21:27 - 00000000 __DOC () C:\Users\Rod\SkyDrive
2015-04-27 21:41 - 2013-10-28 14:55 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2015-04-27 21:40 - 2013-11-14 00:18 - 00047094 _____ () C:\WINDOWS\PFRO.log
2015-04-27 21:40 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-27 21:40 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-27 21:39 - 2014-11-21 00:14 - 00000000 ____D () C:\AdwCleaner
2015-04-27 19:37 - 2014-05-09 18:45 - 00003902 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{08CD4898-E756-4FC0-8031-743705B1BC35}
2015-04-27 00:13 - 2013-12-28 16:01 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-26 22:23 - 2014-11-22 13:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-26 22:02 - 2013-08-22 17:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-04-26 21:54 - 2014-06-03 23:00 - 00000614 ____C () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-26 21:54 - 2014-06-03 23:00 - 00000614 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-26 21:54 - 2014-01-15 23:55 - 00001458 ____C () C:\Users\Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-26 21:54 - 2013-10-29 10:40 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
2015-04-26 21:54 - 2013-10-29 10:40 - 00002449 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
2015-04-26 21:52 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-26 18:37 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-26 18:13 - 2013-12-29 00:10 - 00000000 ___DC () C:\Users\Rod\AppData\Roaming\Skype
2015-04-17 16:47 - 2013-12-29 00:10 - 00000000 ____D () C:\ProgramData\Skype
2015-04-17 00:20 - 2014-01-15 20:44 - 00000000 ____D () C:\ProgramData\Origin
2015-04-17 00:03 - 2014-04-01 12:53 - 00000000 ___DC () C:\Users\Rod\AppData\Local\Battle.net
2015-04-16 23:17 - 2015-01-26 01:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-16 23:17 - 2015-01-26 01:32 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-04-16 17:57 - 2013-12-28 00:49 - 00000000 ___DC () C:\Users\Rod\AppData\Local\Spotify
2015-04-16 17:51 - 2013-12-28 00:45 - 00000000 ___DC () C:\Users\Rod\AppData\Roaming\Spotify
2015-04-16 16:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-16 16:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-15 23:46 - 2013-12-27 21:16 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 23:44 - 2013-03-22 19:03 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-15 23:41 - 2014-12-17 18:24 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-15 23:41 - 2014-07-15 04:28 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-15 15:48 - 2014-05-06 18:49 - 00223744 __SHC () C:\Users\Rod\Desktop\Thumbs.db
2015-04-15 15:16 - 2014-11-12 20:21 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-14 23:13 - 2013-08-22 17:36 - 00000000 __RDC () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-14 23:13 - 2013-08-22 17:36 - 00000000 __RDC () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-14 23:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-14 23:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-14 21:28 - 2015-01-13 21:13 - 18178736 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-04-14 21:28 - 2013-12-28 16:01 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-14 09:38 - 2014-11-22 13:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2014-11-22 13:50 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-11-22 13:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-14 01:24 - 2013-08-22 17:38 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-13 03:04 - 2015-03-15 21:35 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Games
2015-04-10 19:02 - 2015-01-09 22:49 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-07 21:43 - 2014-02-06 19:04 - 00000000 ___DC () C:\Users\Rod\Documents\Visual Studio 2013
2015-04-03 11:58 - 2013-12-28 00:49 - 00001840 ____C () C:\Users\Rod\Desktop\Spotify.lnk
2015-04-03 11:58 - 2013-12-28 00:49 - 00001826 ____C () C:\Users\Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-03-31 20:03 - 2013-08-22 16:44 - 00514440 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-30 20:35 - 2014-10-18 11:21 - 00000000 ____D () C:\Temp
2015-03-30 20:35 - 2014-01-15 23:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-30 20:35 - 2014-01-15 23:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-30 20:09 - 2013-12-28 18:54 - 00001401 ____C () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-03-29 15:15 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-28 08:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-03-28 08:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-03-28 08:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-03-28 05:44 - 2014-06-02 18:30 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-03-28 05:44 - 2013-12-28 17:02 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-03-28 05:43 - 2014-06-02 18:30 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-03-28 05:43 - 2013-12-28 17:02 - 01570672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-03-28 04:59 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
==================== Files in the root of some directories =======
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 ____C () C:\Users\Rod\AppData\Roaming\OXJV
2015-03-09 23:30 - 2015-03-09 23:30 - 0005487 ____C () C:\Users\Rod\AppData\Roaming\RTQFZORV
2014-11-02 20:53 - 2014-11-02 20:53 - 0000218 ____C () C:\Users\Rod\AppData\Local\recently-used.xbel
2013-12-28 16:08 - 2014-10-04 12:47 - 0007623 ____C () C:\Users\Rod\AppData\Local\Resmon.ResmonCfg
2013-10-28 14:52 - 2013-10-28 14:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-07 17:36 - 2015-03-07 17:36 - 0091734 _____ () C:\ProgramData\dxdiag.txt
2013-10-28 16:30 - 2013-10-28 16:30 - 0000104 _____ () C:\ProgramData\{01FB4998-33C4-4431-85ED-079E3EEFE75D}.log
2013-10-28 16:30 - 2013-10-28 16:30 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-10-28 16:27 - 2013-10-28 16:28 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-10-28 16:30 - 2013-10-28 16:30 - 0000111 _____ () C:\ProgramData\{39337565-330E-4ab6-A9AE-AC81E0720B10}.log
2013-10-28 16:29 - 2013-10-28 16:29 - 0000032 _____ () C:\ProgramData\{551F492A-01B0-4DC4-866F-875EC4EDC0A8}.log
2013-10-28 16:26 - 2013-10-28 16:26 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-10-28 16:29 - 2013-10-28 16:29 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2013-10-28 16:27 - 2013-10-28 16:27 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
2013-10-28 16:28 - 2013-10-28 16:28 - 0000110 _____ () C:\ProgramData\{E3D04529-6EDB-11D8-A372-0050BAE317E1}.log
Some content of TEMP:
====================
C:\Users\Rod\AppData\Local\Temp\AppLauncher.exe
C:\Users\Rod\AppData\Local\Temp\comver.dll
C:\Users\Rod\AppData\Local\Temp\everesthome220.exe
C:\Users\Rod\AppData\Local\Temp\gkey.exe
C:\Users\Rod\AppData\Local\Temp\pkeyui.exe
C:\Users\Rod\AppData\Local\Temp\Quarantine.exe
C:\Users\Rod\AppData\Local\Temp\sdan.exe
C:\Users\Rod\AppData\Local\Temp\sdapk.exe
C:\Users\Rod\AppData\Local\Temp\sdaspwn.exe
C:\Users\Rod\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Rod\AppData\Local\Temp\sqlite3.dll
C:\Users\Rod\AppData\Local\Temp\tu17p84.exe
C:\Users\Rod\AppData\Local\Temp\wabk.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-25 21:19
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- --- |