| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Wie entferne ich Search Protect richtig?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.07.2014, 15:06
| #1 |
 |  Wie entferne ich Search Protect richtig? Hallo, ich habe mir gerade eben durch den Download von JDownloader 2 bei Chip das "Tool" Search Protect eingefangen, welcher nach meinen bisherigen Recherchen zwar nicht aggressiv ist, aber dennoch schleunigst von meinen Laptop sollte. Ich habe seither noch keine Schritte unternommen und habe Windows 8.1 (64x) installiert. Hier im Anhang befinden sich die FRST Logfiles. FIRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Jonathan (administrator) on JONATHAN-PC on 26-07-2014 16:01:53
Running from C:\Users\Jonathan\Downloads
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.102\remoting_host.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.102\remoting_host.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
() C:\Program Files (x86)\SupTab\HpUI.exe
() C:\Program Files (x86)\SupTab\Loader32.exe
() C:\Program Files (x86)\SupTab\Loader64.exe
(AppWork GmbH) C:\Users\Jonathan\AppData\Local\JDownloader v2.0\JDownloader2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016432 2013-03-07] (Synaptics Incorporated)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-07-06] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2092401695-3164244550-927435982-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-2092401695-3164244550-927435982-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-09-30] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-05-20] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [166568 2014-05-20] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [146480 2014-05-20] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1406380747&from=cor&uid=TOSHIBAXMQ01ABF050_63B9S7X3SXX63B9S7X3S
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1406380747&from=cor&uid=TOSHIBAXMQ01ABF050_63B9S7X3SXX63B9S7X3S
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1406380747&from=cor&uid=TOSHIBAXMQ01ABF050_63B9S7X3SXX63B9S7X3S&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1406380747&from=cor&uid=TOSHIBAXMQ01ABF050_63B9S7X3SXX63B9S7X3S
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1406380747&from=cor&uid=TOSHIBAXMQ01ABF050_63B9S7X3SXX63B9S7X3S
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1406380747&from=cor&uid=TOSHIBAXMQ01ABF050_63B9S7X3SXX63B9S7X3S&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1406380747&from=cor&uid=TOSHIBAXMQ01ABF050_63B9S7X3SXX63B9S7X3S&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1406380747&from=cor&uid=TOSHIBAXMQ01ABF050_63B9S7X3SXX63B9S7X3S
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1406380747&from=cor&uid=TOSHIBAXMQ01ABF050_63B9S7X3SXX63B9S7X3S
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1406380747&from=cor&uid=TOSHIBAXMQ01ABF050_63B9S7X3SXX63B9S7X3S&q={searchTerms}
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1406380747&from=cor&uid=TOSHIBAXMQ01ABF050_63B9S7X3SXX63B9S7X3S&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1406380747&from=cor&uid=TOSHIBAXMQ01ABF050_63B9S7X3SXX63B9S7X3S&q={searchTerms}
SearchScopes: HKLM - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM - {F095393E-4B57-4AAF-8CF6-C0DAABA8F4AD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1406380747&from=cor&uid=TOSHIBAXMQ01ABF050_63B9S7X3SXX63B9S7X3S&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1406380747&from=cor&uid=TOSHIBAXMQ01ABF050_63B9S7X3SXX63B9S7X3S&q={searchTerms}
SearchScopes: HKLM-x32 - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 - {F095393E-4B57-4AAF-8CF6-C0DAABA8F4AD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1406380747&from=cor&uid=TOSHIBAXMQ01ABF050_63B9S7X3SXX63B9S7X3S&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1406380747&from=cor&uid=TOSHIBAXMQ01ABF050_63B9S7X3SXX63B9S7X3S&q={searchTerms}
SearchScopes: HKCU - {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKCU - {F095393E-4B57-4AAF-8CF6-C0DAABA8F4AD} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
Chrome:
=======
CHR HomePage: hxxp://www.sweet-page.com/?type=hp&ts=1406380747&from=cor&uid=TOSHIBAXMQ01ABF050_63B9S7X3SXX63B9S7X3S
CHR StartupUrls: "hxxp://www.sweet-page.com/?type=hp&ts=1406380747&from=cor&uid=TOSHIBAXMQ01ABF050_63B9S7X3SXX63B9S7X3S"
CHR Extension: (Google Docs) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-31]
CHR Extension: (Google Drive) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-31]
CHR Extension: (Adblock Plus) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-31]
CHR Extension: (Pushbullet) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-07-06]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2013-10-31]
CHR Extension: (Google-Suche) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-31]
CHR Extension: (Google+) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2013-10-31]
CHR Extension: (Google Kalender) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-10-31]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-04-18]
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2013-10-31]
CHR Extension: (AirDroid) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgndiocipalkpejnpafdbdlfdjihomd [2013-10-31]
CHR Extension: (Google Maps) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-10-31]
CHR Extension: (Google Wallet) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-31]
CHR Extension: (Google Mail) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-31]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-09] (AVAST Software)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.102\remoting_host.exe [51016 2014-06-26] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107944 2013-01-08] (Condusiv Technologies)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2013-11-21] (Futuremark)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [702344 2014-07-26] (Cherished Technololgy LIMITED)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [156616 2013-06-05] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182760 2013-04-15] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-08-23] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-11-12] (Acer Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [535936 2014-07-26] (Fuyu LIMITED)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3667696 2013-08-23] (Intel® Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-09] ()
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [26024 2013-01-08] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112552 2013-01-08] (Condusiv Technologies)
S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [115656 2013-06-04] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-04-15] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-04-15] ()
S3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [442368 2013-05-08] (Intel(R) Corporation) [File not signed]
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-04-15] ()
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3597792 2013-05-14] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-03-07] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-07-12] ()
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X]
S3 UHSfiltv; \SystemRoot\system32\drivers\UHSfiltv.sys [X]
S3 usb3Hub; \SystemRoot\System32\drivers\usb3Hub.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-26 16:01 - 2014-07-26 16:02 - 00028001 _____ () C:\Users\Jonathan\Downloads\FRST.txt
2014-07-26 16:01 - 2014-07-26 16:01 - 00000000 ____D () C:\FRST
2014-07-26 16:00 - 2014-07-26 16:00 - 02093568 _____ (Farbar) C:\Users\Jonathan\Downloads\FRST64.exe
2014-07-26 15:44 - 2014-07-26 15:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jonathan\Downloads\revosetup95.exe
2014-07-26 15:19 - 2014-07-26 15:19 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\sweet-page
2014-07-26 15:19 - 2014-07-26 15:19 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2014-07-26 15:19 - 2014-07-26 15:19 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-07-26 15:19 - 2014-07-26 15:19 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-07-26 15:19 - 2014-07-26 15:19 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-07-26 15:18 - 2014-07-26 15:32 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\JDownloader v2.0
2014-07-21 12:06 - 2014-07-21 12:06 - 00000000 ___SH () C:\DkHyperbootSync
2014-07-18 17:53 - 2014-07-18 17:53 - 00004257 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-18 17:53 - 2014-07-18 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-15 16:23 - 2014-07-15 16:23 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Activision
2014-07-14 18:46 - 2014-07-14 18:46 - 00000000 ____D () C:\ProgramData\FlyVPN
2014-07-14 18:44 - 2014-07-14 18:44 - 01688304 _____ (www.flyvpn.com) C:\Users\Jonathan\Downloads\FlyClient_3.0.1.8.exe
2014-07-12 17:41 - 2014-07-12 17:41 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2014-07-11 11:44 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-11 11:20 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-11 11:20 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-11 11:20 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-11 11:20 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-11 11:20 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-11 11:20 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-11 11:20 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-11 11:20 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-11 11:20 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-11 11:20 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-11 11:16 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-11 11:16 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-11 11:16 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-11 11:15 - 2014-07-11 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-11 11:15 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-11 11:15 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-11 11:15 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-11 11:15 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-11 11:15 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-11 11:15 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-11 11:15 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-11 11:15 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-11 11:15 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-11 11:15 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-11 11:15 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-11 11:15 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-11 11:15 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-11 11:15 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-11 11:15 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-11 11:15 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-11 11:15 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-11 11:15 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-11 11:15 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-11 11:15 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-11 11:15 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-11 11:15 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-11 11:15 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-11 11:15 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-11 11:15 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-11 11:15 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-11 11:15 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-11 11:15 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-11 11:15 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-11 11:15 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-11 11:15 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 11:15 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-11 11:15 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-11 11:15 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 11:15 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-11 11:15 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-11 11:15 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-11 11:15 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-11 11:15 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-11 11:15 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-11 11:15 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-11 11:14 - 2014-07-11 11:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-11 11:14 - 2014-07-11 11:14 - 00000000 ____D () C:\Program Files\iTunes
2014-07-11 11:14 - 2014-07-11 11:14 - 00000000 ____D () C:\Program Files\iPod
2014-07-11 11:14 - 2014-07-11 11:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-06 11:47 - 2014-07-06 11:52 - 00000000 ____D () C:\Users\Jonathan\Downloads\Cards Against Humanity
2014-06-28 23:02 - 2014-07-15 22:01 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\vlc
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-26 16:02 - 2014-07-26 16:01 - 00028001 _____ () C:\Users\Jonathan\Downloads\FRST.txt
2014-07-26 16:01 - 2014-07-26 16:01 - 00000000 ____D () C:\FRST
2014-07-26 16:00 - 2014-07-26 16:00 - 02093568 _____ (Farbar) C:\Users\Jonathan\Downloads\FRST64.exe
2014-07-26 16:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-26 15:49 - 2013-11-12 21:55 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B6D9C7CC-68E0-4F89-8800-6BAAAB270045}
2014-07-26 15:44 - 2014-07-26 15:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jonathan\Downloads\revosetup95.exe
2014-07-26 15:32 - 2014-07-26 15:18 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\JDownloader v2.0
2014-07-26 15:25 - 2013-10-30 23:37 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2092401695-3164244550-927435982-1002
2014-07-26 15:19 - 2014-07-26 15:19 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\sweet-page
2014-07-26 15:19 - 2014-07-26 15:19 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2014-07-26 15:19 - 2014-07-26 15:19 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-07-26 15:19 - 2014-07-26 15:19 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-07-26 15:19 - 2014-07-26 15:19 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-07-26 15:06 - 2013-10-31 19:31 - 00001138 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-26 13:42 - 2013-10-31 19:57 - 00706560 ___SH () C:\Users\Jonathan\Downloads\Thumbs.db
2014-07-26 13:03 - 2013-11-01 10:00 - 01542310 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-26 12:43 - 2013-11-01 10:27 - 00000000 __RDO () C:\Users\Jonathan\SkyDrive
2014-07-26 12:43 - 2013-10-31 20:28 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-26 12:43 - 2013-10-31 19:31 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-26 01:45 - 2014-06-13 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-26 01:44 - 2014-06-13 21:19 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-26 01:44 - 2014-06-13 21:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-26 01:44 - 2013-09-30 06:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-26 01:44 - 2013-09-30 05:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-26 01:44 - 2013-09-30 05:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-25 00:07 - 2013-08-22 16:46 - 00408306 _____ () C:\WINDOWS\setupact.log
2014-07-24 11:39 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-21 12:06 - 2014-07-21 12:06 - 00000000 ___SH () C:\DkHyperbootSync
2014-07-19 13:06 - 2014-01-09 14:57 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Deployment
2014-07-18 17:53 - 2014-07-18 17:53 - 00004257 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-18 17:53 - 2014-07-18 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-18 17:53 - 2014-06-23 22:27 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-18 17:53 - 2013-11-01 10:55 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-17 18:38 - 2013-11-11 21:16 - 00000000 ____D () C:\Users\Jonathan\Documents\ManiaPlanet
2014-07-17 17:47 - 2013-11-11 21:16 - 00000000 ____D () C:\ProgramData\ManiaPlanet
2014-07-15 22:01 - 2014-06-28 23:02 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\vlc
2014-07-15 16:23 - 2014-07-15 16:23 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Activision
2014-07-15 16:23 - 2013-11-01 13:50 - 00388320 _____ () C:\WINDOWS\DirectX.log
2014-07-15 16:20 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-14 22:33 - 2013-10-31 20:42 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Skype
2014-07-14 18:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\tracing
2014-07-14 18:46 - 2014-07-14 18:46 - 00000000 ____D () C:\ProgramData\FlyVPN
2014-07-14 18:44 - 2014-07-14 18:44 - 01688304 _____ (www.flyvpn.com) C:\Users\Jonathan\Downloads\FlyClient_3.0.1.8.exe
2014-07-12 18:56 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-12 17:41 - 2014-07-12 17:41 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2014-07-12 17:41 - 2013-09-29 21:04 - 00091420 _____ () C:\WINDOWS\PFRO.log
2014-07-12 17:41 - 2013-09-06 12:03 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2014-07-12 17:41 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-12 17:41 - 2013-08-22 16:44 - 00371160 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-11 12:42 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-11 12:41 - 2013-09-30 05:59 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 12:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-11 12:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 12:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 12:41 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-11 12:06 - 2013-10-31 19:31 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-11 11:46 - 2013-10-31 19:26 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-11 11:45 - 2013-10-31 19:26 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-11 11:45 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-11 11:29 - 2013-10-31 20:27 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Apple Computer
2014-07-11 11:17 - 2013-12-22 12:15 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-07-11 11:15 - 2014-07-11 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-11 11:14 - 2014-07-11 11:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-11 11:14 - 2014-07-11 11:14 - 00000000 ____D () C:\Program Files\iTunes
2014-07-11 11:14 - 2014-07-11 11:14 - 00000000 ____D () C:\Program Files\iPod
2014-07-11 11:14 - 2014-07-11 11:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-11 11:13 - 2014-01-09 14:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-11 03:02 - 2014-06-23 22:27 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-06-23 22:27 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-06-23 22:27 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-06-23 22:27 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-06 14:54 - 2013-10-30 23:30 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Packages
2014-07-06 11:52 - 2014-07-06 11:47 - 00000000 ____D () C:\Users\Jonathan\Downloads\Cards Against Humanity
2014-06-26 22:55 - 2013-08-22 17:38 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-26 22:55 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Jonathan\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Jonathan\AppData\Local\Temp\Gw2.exe
C:\Users\Jonathan\AppData\Local\Temp\i4jdel0.exe
C:\Users\Jonathan\AppData\Local\Temp\ICReinstall_JDSetup130508542092866470.exe
C:\Users\Jonathan\AppData\Local\Temp\JDSetup130508542092866470.exe
C:\Users\Jonathan\AppData\Local\Temp\JDSetup130508542414221766.exe
C:\Users\Jonathan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Jonathan\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Jonathan\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Jonathan\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Jonathan\AppData\Local\Temp\proxy_vole8446299497625801483.dll
C:\Users\Jonathan\AppData\Local\Temp\SetupHomeStudentRetail.x86.de-DE_HomeStudentRetail_HDBH6-GTNDV-PCGMG-WYQQG-P7GKQ_act_1_.exe
C:\Users\Jonathan\AppData\Local\Temp\SRLDetectionLibrary3067757875894566811.dll
C:\Users\Jonathan\AppData\Local\Temp\vlc-2.1.3-win32.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-24 12:32
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014
Ran by Jonathan at 2014-07-26 16:02:26
Running from C:\Users\Jonathan\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer Theft Shield (HKLM\...\{8ADB0CD2-4E5A-452F-BB3B-3A2984CAC749}) (Version: 1.01.3006 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version: - Ensemble Studios)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version: - Frictional Games)
Antichamber (HKLM-x32\...\Steam App 219890) (Version: - Alexander Bruce)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software)
Brothers - A Tale of Two Sons (HKLM-x32\...\Steam App 225080) (Version: - Starbreeze Studios AB)
Chrome Remote Desktop Host (HKLM-x32\...\{2E9C0CF2-6FD1-417E-A5A1-5AE93C0032DF}) (Version: 36.0.1985.102 - Google Inc.)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
ExpressCache (HKLM\...\{C123584F-9C84-45E8-AE5F-522328BB79A0}) (Version: 1.0.100.0 - Condusiv Technologies)
Futuremark SystemInfo (HKLM-x32\...\{991C8DEA-3C01-45B8-A62B-1BB69BDC277D}) (Version: 4.23.255 - Futuremark)
Gone Home (HKLM-x32\...\Steam App 232430) (Version: - The Fullbright Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HID Monitor (HKLM-x32\...\{4ED132F6-EC28-49CE-8291-2F6B42614BC1}) (Version: 1.1.5 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
Intel(R) Experience Center Driver (Version: 1.9.0.8 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel(R) PRO/Wireless Driver (Version: 16.05.3000.0599 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.5.0.0096 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{444400C1-6BDF-4FD1-1306-148929CC1385}) (Version: 3.0.1306.0342 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.5.0.1066 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) Smart Connect Technology 4.1 x64 (HKLM\...\{6555226B-7295-4CFD-9D5B-9C8F394BE03A}) (Version: 4.1.41.2234 - Intel)
Intel(R) Update Manager (x32 Version: 1.6.0.56 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{1c7272f2-45cf-469f-b7e9-17c6b212549c}) (Version: 16.5.3 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.05.1000.0264 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4631.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Mp3tag v2.59a (HKLM-x32\...\Mp3tag) (Version: v2.59a - Florian Heidenreich)
Nero BackItUp (x32 Version: 12.5.5000 - Nero AG) Hidden
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Nero BackItUp Help (CHM) (x32 Version: 12.0.10000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.3001 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
Peggle Nights (HKLM-x32\...\Steam App 3540) (Version: - PopCap Games, Inc.)
Poker Night 2 (HKLM-x32\...\Steam App 234710) (Version: - Telltale Games)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21222 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version: - Frontier)
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version: - 5th Cell Media)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
ShootMania Storm (HKLM-x32\...\Steam App 229870) (Version: - Nadeo)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sound Blaster Play! 2 Extras (HKLM-x32\...\{DBAE4081-D97A-48C7-8698-CD5CE616C005}) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version: - Bossa Studios)
sweet-page uninstall (HKLM-x32\...\sweet-page uninstall) (Version: - sweet-page) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.31 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
TrackMania² Canyon (HKLM-x32\...\Steam App 228760) (Version: - Nadeo)
TrackMania² Stadium (HKLM-x32\...\Steam App 232910) (Version: - Nadeo)
TrackMania² Valley (HKLM-x32\...\Steam App 243360) (Version: - Nadeo)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WindowsMangerProtect20.0.0.502 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.502 - WindowsProtect LIMITED)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2092401695-3164244550-927435982-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2092401695-3164244550-927435982-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2092401695-3164244550-927435982-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2092401695-3164244550-927435982-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
11-07-2014 09:42:49 Windows Update
15-07-2014 14:20:06 Windows Update
18-07-2014 15:52:39 Installed Java 7 Update 65
25-07-2014 23:43:37 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0533806E-31E1-40A9-9B1B-437468C06FC8} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {05CEB71A-ED26-4995-A7D4-A161C53E4D88} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-31] (Google Inc.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {15FE91E7-396D-4C20-9285-C0A5AA0B245C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-11] (Microsoft Corporation)
Task: {20131466-9A07-4702-AB64-2B0F68FCB471} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2EED3C3E-01CB-4C91-8266-0BB8BE66EA8F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-09] (AVAST Software)
Task: {35082D33-A0BB-419D-B031-1DC5F1832AE2} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-01-18] (Acer Incorporated)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4CADE2ED-3A43-402B-8094-D46C13F0AA76} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {4F6F255A-4C6F-4546-B242-5F08C0A30AA7} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {60BBE7B8-FFD1-4FC5-AC8A-B9C278B6C6A0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8967CF48-6597-4573-BDCC-B84BA4E6ACF7} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
Task: {8B0FD5CF-AE7E-4EE6-84AA-D481B42023E4} - System32\Tasks\Theft Shield\AcerTheftShieldTask => C:\Program Files\Acer\Acer Theft Shield\USecuAppLauncher.exe [2012-11-12] (Acer Incorporated)
Task: {8CB68B1F-D590-4AFF-878A-F724CC3C0DE6} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8E90B46F-2416-41E9-BBFE-452EDA387B6A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-31] (Google Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A48C565F-335E-4F3D-BB85-0C01EF097FCD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: {A85E40DE-9AB9-48BD-909E-636D4130EDC1} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {C7ADB7B4-5819-4E13-A388-1ACED0916560} - System32\Tasks\HIDMonitor => C:\Program Files\Acer Incorporated\HID Monitor\HIDMonitor.exe
Task: {CA91D364-4506-4863-872F-3A0F6B254529} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {CC626A71-4899-4215-9E8D-159BF5912B82} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {FC996A97-0304-482C-976B-955FC3B0E3BF} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
Task: {FDFDBBF1-BE2E-4C7A-BD40-FD48DD1F9CE9} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-04-26] (Acer Incorporate)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2013-11-30 16:32 - 2012-08-17 09:45 - 12875776 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\dlthm1zRC.DLL
2014-03-19 18:34 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-04-15 15:45 - 2013-04-15 15:45 - 00182760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-04-15 15:45 - 2013-04-15 15:45 - 00060392 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-05-26 16:27 - 2014-05-20 04:44 - 00014280 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-05-26 16:31 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-06 12:20 - 2013-02-20 22:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2014-07-23 16:32 - 2014-07-26 15:19 - 00106376 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll
2012-08-23 14:02 - 2012-08-23 14:02 - 00030640 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
2014-05-23 16:44 - 2014-05-23 16:44 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-07-23 16:32 - 2014-07-26 15:19 - 00732040 _____ () C:\Program Files (x86)\SupTab\HpUI.exe
2014-07-16 11:16 - 2014-07-16 11:16 - 00064000 _____ () C:\Program Files (x86)\SupTab\Loader32.exe
2014-07-16 10:55 - 2014-07-16 10:55 - 00073216 _____ () C:\Program Files (x86)\SupTab\Loader64.exe
2014-07-26 15:21 - 2014-07-26 15:21 - 00040448 ____N () C:\Users\Jonathan\AppData\Local\Temp\proxy_vole8446299497625801483.dll
2014-07-26 15:22 - 2014-07-26 15:22 - 00566439 _____ () C:\Users\Jonathan\AppData\Local\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll
2014-07-26 15:22 - 2014-07-26 15:22 - 04078962 _____ () C:\Users\Jonathan\AppData\Local\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll
2014-07-11 11:17 - 2014-07-11 11:17 - 02792448 _____ () C:\Program Files\AVAST Software\Avast\defs\14071001\algo.dll
2014-07-26 12:52 - 2014-07-26 12:52 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14072600\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-06 11:23 - 2013-03-20 09:47 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-01-04 16:19 - 2013-01-04 16:19 - 00035336 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\ElanTPAPI.dll
2014-05-22 19:01 - 2014-07-12 02:53 - 01116672 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-05-22 19:01 - 2014-07-12 02:53 - 00399360 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2014-01-08 17:23 - 2014-07-12 02:53 - 00331264 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-04-23 19:10 - 2014-07-12 02:53 - 00438784 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2013-10-24 10:45 - 2014-06-27 00:40 - 00764416 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-22 19:01 - 2014-07-16 04:28 - 02139328 _____ () C:\Program Files (x86)\Steam\video.dll
2014-05-22 19:01 - 2014-04-29 02:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2013-10-30 12:25 - 2014-07-16 04:28 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-10-23 13:07 - 2014-05-02 01:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-05-26 16:27 - 2014-05-20 04:44 - 00012120 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-07-23 16:32 - 2014-07-26 15:19 - 00093576 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll
2013-12-22 12:15 - 2013-12-22 12:15 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-06 12:20 - 2013-02-20 22:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2014-07-16 21:07 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-16 21:07 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-16 21:07 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-16 21:07 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-16 21:07 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\Users\Jonathan\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Unbekanntes USB-Gerät (Fehler beim Anfordern einer Gerätebeschreibung.)
Description: Unbekanntes USB-Gerät (Fehler beim Anfordern einer Gerätebeschreibung.)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/22/2014 11:29:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 43200391
Error: (07/22/2014 11:29:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 43200391
Error: (07/22/2014 11:29:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/21/2014 00:37:53 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to launch stream service as user [87]
Error: (07/19/2014 06:23:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AUDIODG.EXE, Version: 6.3.9600.17090, Zeitstempel: 0x53413821
Name des fehlerhaften Moduls: RtCOM64.dll, Version: 2.0.0.157, Zeitstempel: 0x5114d322
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005f433
ID des fehlerhaften Prozesses: 0x1bd8
Startzeit der fehlerhaften Anwendung: 0xAUDIODG.EXE0
Pfad der fehlerhaften Anwendung: AUDIODG.EXE1
Pfad des fehlerhaften Moduls: AUDIODG.EXE2
Berichtskennung: AUDIODG.EXE3
Vollständiger Name des fehlerhaften Pakets: AUDIODG.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AUDIODG.EXE5
Error: (07/16/2014 09:05:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1554297
Error: (07/16/2014 09:05:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1554297
Error: (07/16/2014 09:05:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/14/2014 06:24:20 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database
Error: (07/09/2014 00:00:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1328
System errors:
=============
Error: (07/26/2014 00:52:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127
Error: (07/25/2014 01:47:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127
Error: (07/23/2014 00:19:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127
Error: (07/20/2014 00:44:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127
Error: (07/19/2014 03:59:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127
Error: (07/18/2014 05:53:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127
Error: (07/18/2014 05:45:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/18/2014 05:45:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (07/16/2014 08:27:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127
Error: (07/15/2014 06:33:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127
Microsoft Office Sessions:
=========================
Error: (07/22/2014 11:29:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 43200391
Error: (07/22/2014 11:29:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 43200391
Error: (07/22/2014 11:29:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/21/2014 00:37:53 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to launch stream service as user [87]
Error: (07/19/2014 06:23:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.3.9600.1709053413821RtCOM64.dll2.0.0.1575114d322c0000005000000000005f4331bd801cfa36b9114b995C:\WINDOWS\system32\AUDIODG.EXEC:\WINDOWS\system32\RtCOM64.dllf2aff7e3-0f60-11e4-beb5-0c8bfd455087
Error: (07/16/2014 09:05:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1554297
Error: (07/16/2014 09:05:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1554297
Error: (07/16/2014 09:05:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/14/2014 06:24:20 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: -2147024883
Error: (07/09/2014 00:00:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1328
CodeIntegrity Errors:
===================================
Date: 2014-07-19 18:22:59.816
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-19 18:22:56.118
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-19 18:22:53.871
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-19 18:16:31.230
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-15 18:08:05.181
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-15 18:08:04.891
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-15 18:08:04.580
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-15 18:08:04.288
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-15 18:08:03.920
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-15 18:07:53.265
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 50%
Total physical RAM: 7848.27 MB
Available physical RAM: 3896.06 MB
Total Pagefile: 9064.27 MB
Available Pagefile: 4795.94 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:448.11 GB) (Free:323.32 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: ADE961E9)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 22 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=22 GB) - (Type=73)
==================== End Of Log ============================
 Grüße Deagleking |
|
26.07.2014, 16:35
| #2 |
| /// TB-Ausbilder /// Anleitungs-Guru  | Wie entferne ich Search Protect richtig? Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das... 
 Hinweis:Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean  bekommst.Los geht's: Schritt 1 Lade Dir bitte Revo Uninstaller  hier herunter.Entpacke die zip-Datei auf den Desktop.
Auch wenn am Ende noch Programme übrig geblieben sind, die den ATTENTION-Zusatz haben, führe den nächsten Schritt aus: Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Bitte lade Dir zoek.exe von hier: http://hijackthis.nl/smeenk/
Schritt 4   Bitte starte FRST erneut, markiere auch die checkbox  und drücke auf Scan. Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________ |
|
26.07.2014, 17:00
| #3 |
| | Wie entferne ich Search Protect richtig? Hallo Jürgen, schon mal vielen Dank für deine Antwort
__________________Ich habe nun den Revo Uninstaller installiert und die betreffende Datei nahmens "sweet-page-uninstall" ausgewählt, klicke ich aber nun auf deinstallieren, öffnet sich ein sperates Deinstallationsfenster der Software und fragt mich, welche Komponenten ich nun auch wirklich löschen will. Grundsätzlich würde ich natürlich alles abhaken, aber da es sich ja um die betreffende Software selbst handelt, bin hier lieber vorsichtig Desweiteren läuft ja auch noch im Hintergrund der Deinstallationsversuch der Revo Uninstaller Software.Hier im Anhang ein Screenshot des Fensters:  Schon mal vielen Dank für deine Antwort |
|
26.07.2014, 17:04
| #4 |
| /// TB-Ausbilder /// Anleitungs-Guru | Wie entferne ich Search Protect richtig? Hi, versuche die Deinstallation mal bei Windows 8  mit der Windowstaste + X über  .Da kommt das gleiche Fenster oder?
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
26.07.2014, 17:07
| #5 |
| | Wie entferne ich Search Protect richtig? Genau |
|
26.07.2014, 17:08
| #6 |
| /// TB-Ausbilder /// Anleitungs-Guru | Wie entferne ich Search Protect richtig? Dann klick alles bei Revo an...und lass es laufen... 
__________________ --> Wie entferne ich Search Protect richtig? |
|
26.07.2014, 17:09
| #7 |
| | Wie entferne ich Search Protect richtig? Jetzt hat sich aber diese Fenster hier geöffnet, nachdem ich die erste Deinstallation abgebrochen habe, um es über die Systemsteuerung zu versuchen  |
|
26.07.2014, 17:12
| #8 |
| /// TB-Ausbilder /// Anleitungs-Guru | Wie entferne ich Search Protect richtig? Alles nochmal schließen und nochmal mit Revo probieren. Wenn das Fenster wieder kommt, dann wähle Pfeil 1...
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
26.07.2014, 17:21
| #9 |
| | Wie entferne ich Search Protect richtig? Die Deinstallation ist nun fertig, wurde aber praktisch komplett mit dem Uninstaller der Sweet-Page software durchgeführt. Am Ende der Deinstallation hat Revo auch keine Überreste mehr gefunden, aber in meiner Startleiste befindet sich weiterhin das Search Protect Icon, welcher auch nach wie vor funktionstüchtig ist. Weder in Revo noch in der Systemsteuerung konnte ich ein Programm mit dem gleichen oder ähnlichen Namen finden. Soll ich jetzt trozdem einfach mal mit dem 2. Schritt weitermachen? EDIT: Um hinzuzufügen, in den FRST Logfiles wird Safe Protect auch überhaupt nicht aufgeführt, weder mit oder ohne ATTENTION Zusatz? Geändert von Deagleking (26.07.2014 um 17:27 Uhr) |
|
26.07.2014, 17:26
| #10 |
| /// TB-Ausbilder /// Anleitungs-Guru | Wie entferne ich Search Protect richtig? Ja! Weiter zum nächsten Schritt.... Revo verwendet den Programmuninstaller, das ist nicht schlimm...
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
26.07.2014, 17:37
| #11 |
| | Wie entferne ich Search Protect richtig? Soo, also hier mal der Log des AdwCleaners, das Symbol ist schon mal zumindest aus der startleiste verschwunden  Code:
ATTFilter # AdwCleaner v3.216 - Bericht erstellt am 26/07/2014 um 18:29:27
# Aktualisiert 17/07/2014 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : Jonathan - JONATHAN-PC
# Gestartet von : C:\Users\Jonathan\Desktop\adwcleaner_3.216.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : IePluginServices
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\sweet-pageSoftware
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Google Chrome v36.0.1985.125
[ Datei : C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Startup_urls] : hxxp://www.sweet-page.com/?type=hp&ts=1406380747&from=cor&uid=TOSHIBAXMQ01ABF050_63B9S7X3SXX63B9S7X3S
Gelöscht [Homepage] : hxxp://www.sweet-page.com/?type=hp&ts=1406380747&from=cor&uid=TOSHIBAXMQ01ABF050_63B9S7X3SXX63B9S7X3S
*************************
AdwCleaner[R0].txt - [2959 octets] - [26/07/2014 18:28:45]
AdwCleaner[S0].txt - [2232 octets] - [26/07/2014 18:29:27]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2292 octets] ##########
|
|
26.07.2014, 17:43
| #12 |
| /// TB-Ausbilder /// Anleitungs-Guru | Wie entferne ich Search Protect richtig? Deswegen verwenden wir das Tool ja auch...
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
26.07.2014, 18:11
| #13 |
| | Wie entferne ich Search Protect richtig? ok, also da das anscheinend geklappt hat, sollte ich jetzt noch den 3. schritt ausführen, oder hat es sich jetzt damit schon erledigt? Schon mal vielen dank für deine Hilfe Ok, also hier ist der Log von zoek: Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 26-07-2014
Tool run by Jonathan on 26.07.2014 at 18:53:21,88.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jonathan\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
26.07.2014 18:53:57 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsMangerProtect deleted successfully
==== Deleting Files \ Folders ======================
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Jonathan\Searches deleted
"C:\windows\Installer\15784.msi" deleted
"C:\WINDOWS\Installer\1ef124af.msi" deleted
==== Chrome Look ======================
Pushbullet - Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd
Spotify - Music for every moment - Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh
Feedly - News Blogs and Youtube - Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob
AirDroid - Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgndiocipalkpejnpafdbdlfdjihomd
==== Chrome Fix ======================
C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully
C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="hxxp://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{F095393E-4B57-4AAF-8CF6-C0DAABA8F4AD} Unknown Url="Not_Found"
==== Reset Google Chrome ======================
C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2092401695-3164244550-927435982-1002\Software\Microsoft\Internet Explorer\SearchScopes\{F095393E-4B57-4AAF-8CF6-C0DAABA8F4AD} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\203E62EEA6789D84098513925E9B9999 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE26E302-876A-48D9-9058-3129E5B99999} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\203E62EEA6789D84098513925E9B9999 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jonathan\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Jonathan\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=42 folders=30 139692508 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Jonathan\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Jonathan\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 26.07.2014 at 19:02:51,32 ======================
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Jonathan (administrator) on JONATHAN-PC on 26-07-2014 19:06:17
Running from C:\Users\Jonathan\Downloads
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.102\remoting_host.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.102\remoting_host.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016432 2013-03-07] (Synaptics Incorporated)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-07-06] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2092401695-3164244550-927435982-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-2092401695-3164244550-927435982-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-09-30] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-05-20] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [166568 2014-05-20] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [146480 2014-05-20] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-31]
CHR Extension: (Google Drive) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-31]
CHR Extension: (YouTube) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-26]
CHR Extension: (Google-Suche) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-31]
CHR Extension: (Google Wallet) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-31]
CHR Extension: (Google Mail) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-31]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-09] (AVAST Software)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\36.0.1985.102\remoting_host.exe [51016 2014-06-26] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107944 2013-01-08] (Condusiv Technologies)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2013-11-21] (Futuremark)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [156616 2013-06-05] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182760 2013-04-15] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-08-23] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-11-12] (Acer Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3667696 2013-08-23] (Intel® Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-09] ()
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [26024 2013-01-08] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112552 2013-01-08] (Condusiv Technologies)
S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [115656 2013-06-04] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-04-15] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-04-15] ()
S3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [442368 2013-05-08] (Intel(R) Corporation) [File not signed]
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-04-15] ()
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3597792 2013-05-14] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-03-07] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-07-26] ()
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X]
S3 UHSfiltv; \SystemRoot\system32\drivers\UHSfiltv.sys [X]
S3 usb3Hub; \SystemRoot\System32\drivers\usb3Hub.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-26 19:06 - 2014-07-26 19:06 - 00022323 _____ () C:\Users\Jonathan\Downloads\FRST.txt
2014-07-26 19:01 - 2014-07-26 18:53 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-07-26 18:53 - 2014-07-26 19:02 - 00006953 _____ () C:\zoek-results.log
2014-07-26 18:53 - 2014-07-26 19:00 - 00000000 ____D () C:\zoek_backup
2014-07-26 18:52 - 2014-07-26 18:52 - 01287168 _____ () C:\Users\Jonathan\Desktop\zoek.exe
2014-07-26 18:30 - 2014-07-26 19:02 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2014-07-26 18:29 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-26 18:28 - 2014-07-26 18:29 - 00000000 ____D () C:\AdwCleaner
2014-07-26 18:17 - 2014-07-26 18:17 - 01354223 _____ () C:\Users\Jonathan\Desktop\adwcleaner_3.216.exe
2014-07-26 17:46 - 2014-07-26 17:46 - 03007700 _____ () C:\Users\Jonathan\Desktop\revouninstaller.zip
2014-07-26 17:46 - 2014-07-26 17:46 - 00000000 ____D () C:\Users\Jonathan\Desktop\revouninstaller-portable
2014-07-26 16:01 - 2014-07-26 19:06 - 00000000 ____D () C:\FRST
2014-07-26 16:00 - 2014-07-26 16:00 - 02093568 _____ (Farbar) C:\Users\Jonathan\Downloads\FRST64.exe
2014-07-26 15:19 - 2014-07-26 15:19 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2014-07-26 15:18 - 2014-07-26 17:30 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\JDownloader v2.0
2014-07-18 17:53 - 2014-07-18 17:53 - 00004257 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-18 17:53 - 2014-07-18 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-15 16:23 - 2014-07-15 16:23 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Activision
2014-07-14 18:46 - 2014-07-14 18:46 - 00000000 ____D () C:\ProgramData\FlyVPN
2014-07-14 18:44 - 2014-07-14 18:44 - 01688304 _____ (www.flyvpn.com) C:\Users\Jonathan\Downloads\FlyClient_3.0.1.8.exe
2014-07-11 11:44 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-11 11:20 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-11 11:20 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-11 11:20 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-11 11:20 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-11 11:20 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-11 11:20 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-11 11:20 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-11 11:20 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-11 11:20 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-11 11:20 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-11 11:16 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-11 11:16 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-11 11:16 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-11 11:15 - 2014-07-11 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-11 11:15 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-11 11:15 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-11 11:15 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-11 11:15 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-11 11:15 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-11 11:15 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-11 11:15 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-11 11:15 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-11 11:15 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-11 11:15 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-11 11:15 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-11 11:15 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-11 11:15 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-11 11:15 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-11 11:15 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-11 11:15 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-11 11:15 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-11 11:15 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-11 11:15 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-11 11:15 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-11 11:15 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-11 11:15 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-11 11:15 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-11 11:15 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-11 11:15 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-11 11:15 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-11 11:15 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-11 11:15 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-11 11:15 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-11 11:15 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-11 11:15 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 11:15 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-11 11:15 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-11 11:15 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 11:15 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-11 11:15 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-11 11:15 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-11 11:15 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-11 11:15 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-11 11:15 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-11 11:15 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-11 11:14 - 2014-07-11 11:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-11 11:14 - 2014-07-11 11:14 - 00000000 ____D () C:\Program Files\iTunes
2014-07-11 11:14 - 2014-07-11 11:14 - 00000000 ____D () C:\Program Files\iPod
2014-07-11 11:14 - 2014-07-11 11:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-06 11:47 - 2014-07-06 11:52 - 00000000 ____D () C:\Users\Jonathan\Downloads\Cards Against Humanity
2014-06-28 23:02 - 2014-07-15 22:01 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\vlc
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-26 19:06 - 2014-07-26 19:06 - 00022323 _____ () C:\Users\Jonathan\Downloads\FRST.txt
2014-07-26 19:06 - 2014-07-26 16:01 - 00000000 ____D () C:\FRST
2014-07-26 19:06 - 2013-10-31 19:31 - 00001138 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-26 19:03 - 2013-11-01 10:00 - 01574423 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-26 19:03 - 2013-10-31 20:28 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-26 19:02 - 2014-07-26 18:53 - 00006953 _____ () C:\zoek-results.log
2014-07-26 19:02 - 2014-07-26 18:30 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2014-07-26 19:02 - 2013-11-01 10:27 - 00000000 __RDO () C:\Users\Jonathan\SkyDrive
2014-07-26 19:02 - 2013-11-01 10:04 - 00000000 ____D () C:\Users\Jonathan
2014-07-26 19:02 - 2013-10-31 19:31 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-26 19:02 - 2013-09-29 21:04 - 00094622 _____ () C:\WINDOWS\PFRO.log
2014-07-26 19:02 - 2013-09-06 12:03 - 00034752 _____ () C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2014-07-26 19:02 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-26 19:02 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-26 19:00 - 2014-07-26 18:53 - 00000000 ____D () C:\zoek_backup
2014-07-26 19:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-26 18:53 - 2014-07-26 19:01 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-07-26 18:53 - 2013-11-12 21:55 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B6D9C7CC-68E0-4F89-8800-6BAAAB270045}
2014-07-26 18:52 - 2014-07-26 18:52 - 01287168 _____ () C:\Users\Jonathan\Desktop\zoek.exe
2014-07-26 18:36 - 2013-10-30 23:37 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2092401695-3164244550-927435982-1002
2014-07-26 18:36 - 2013-09-30 06:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-26 18:36 - 2013-09-30 05:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-26 18:36 - 2013-09-30 05:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-26 18:30 - 2014-06-13 21:19 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-26 18:30 - 2014-06-13 21:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-26 18:29 - 2014-07-26 18:28 - 00000000 ____D () C:\AdwCleaner
2014-07-26 18:24 - 2014-04-21 21:13 - 00719360 ___SH () C:\Users\Jonathan\Desktop\Thumbs.db
2014-07-26 18:17 - 2014-07-26 18:17 - 01354223 _____ () C:\Users\Jonathan\Desktop\adwcleaner_3.216.exe
2014-07-26 17:46 - 2014-07-26 17:46 - 03007700 _____ () C:\Users\Jonathan\Desktop\revouninstaller.zip
2014-07-26 17:46 - 2014-07-26 17:46 - 00000000 ____D () C:\Users\Jonathan\Desktop\revouninstaller-portable
2014-07-26 17:30 - 2014-07-26 15:18 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\JDownloader v2.0
2014-07-26 16:00 - 2014-07-26 16:00 - 02093568 _____ (Farbar) C:\Users\Jonathan\Downloads\FRST64.exe
2014-07-26 15:19 - 2014-07-26 15:19 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2014-07-26 13:42 - 2013-10-31 19:57 - 00706560 ___SH () C:\Users\Jonathan\Downloads\Thumbs.db
2014-07-26 01:45 - 2014-06-13 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-25 00:07 - 2013-08-22 16:46 - 00408306 _____ () C:\WINDOWS\setupact.log
2014-07-24 11:39 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-19 13:06 - 2014-01-09 14:57 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Deployment
2014-07-18 17:53 - 2014-07-18 17:53 - 00004257 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-18 17:53 - 2014-07-18 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-18 17:53 - 2014-06-23 22:27 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-18 17:53 - 2013-11-01 10:55 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-17 18:38 - 2013-11-11 21:16 - 00000000 ____D () C:\Users\Jonathan\Documents\ManiaPlanet
2014-07-17 17:47 - 2013-11-11 21:16 - 00000000 ____D () C:\ProgramData\ManiaPlanet
2014-07-15 22:01 - 2014-06-28 23:02 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\vlc
2014-07-15 16:23 - 2014-07-15 16:23 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Activision
2014-07-15 16:23 - 2013-11-01 13:50 - 00388320 _____ () C:\WINDOWS\DirectX.log
2014-07-15 16:20 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-14 22:33 - 2013-10-31 20:42 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Skype
2014-07-14 18:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\tracing
2014-07-14 18:46 - 2014-07-14 18:46 - 00000000 ____D () C:\ProgramData\FlyVPN
2014-07-14 18:44 - 2014-07-14 18:44 - 01688304 _____ (www.flyvpn.com) C:\Users\Jonathan\Downloads\FlyClient_3.0.1.8.exe
2014-07-12 18:56 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-12 17:41 - 2013-08-22 16:44 - 00371160 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-11 12:41 - 2013-09-30 05:59 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 12:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-11 12:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 12:41 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 12:41 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-11 12:06 - 2013-10-31 19:31 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-11 11:46 - 2013-10-31 19:26 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-11 11:45 - 2013-10-31 19:26 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-11 11:45 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-11 11:29 - 2013-10-31 20:27 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Apple Computer
2014-07-11 11:17 - 2013-12-22 12:15 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-07-11 11:15 - 2014-07-11 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-11 11:14 - 2014-07-11 11:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-11 11:14 - 2014-07-11 11:14 - 00000000 ____D () C:\Program Files\iTunes
2014-07-11 11:14 - 2014-07-11 11:14 - 00000000 ____D () C:\Program Files\iPod
2014-07-11 11:14 - 2014-07-11 11:14 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-11 11:13 - 2014-01-09 14:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-11 03:02 - 2014-06-23 22:27 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-06-23 22:27 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-06-23 22:27 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-06-23 22:27 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-06 14:54 - 2013-10-30 23:30 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Packages
2014-07-06 11:52 - 2014-07-06 11:47 - 00000000 ____D () C:\Users\Jonathan\Downloads\Cards Against Humanity
2014-06-26 22:55 - 2013-08-22 17:38 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-26 22:55 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-24 12:32
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014
Ran by Jonathan at 2014-07-26 19:06:47
Running from C:\Users\Jonathan\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer Theft Shield (HKLM\...\{8ADB0CD2-4E5A-452F-BB3B-3A2984CAC749}) (Version: 1.01.3006 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version: - Ensemble Studios)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version: - Frictional Games)
Antichamber (HKLM-x32\...\Steam App 219890) (Version: - Alexander Bruce)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software)
Brothers - A Tale of Two Sons (HKLM-x32\...\Steam App 225080) (Version: - Starbreeze Studios AB)
Chrome Remote Desktop Host (HKLM-x32\...\{2E9C0CF2-6FD1-417E-A5A1-5AE93C0032DF}) (Version: 36.0.1985.102 - Google Inc.)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
ExpressCache (HKLM\...\{C123584F-9C84-45E8-AE5F-522328BB79A0}) (Version: 1.0.100.0 - Condusiv Technologies)
Futuremark SystemInfo (HKLM-x32\...\{991C8DEA-3C01-45B8-A62B-1BB69BDC277D}) (Version: 4.23.255 - Futuremark)
Gone Home (HKLM-x32\...\Steam App 232430) (Version: - The Fullbright Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HID Monitor (HKLM-x32\...\{4ED132F6-EC28-49CE-8291-2F6B42614BC1}) (Version: 1.1.5 - Acer Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
Intel(R) Experience Center Driver (Version: 1.9.0.8 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel(R) PRO/Wireless Driver (Version: 16.05.3000.0599 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 16.5.0.0096 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{444400C1-6BDF-4FD1-1306-148929CC1385}) (Version: 3.0.1306.0342 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.5.0.1066 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) Smart Connect Technology 4.1 x64 (HKLM\...\{6555226B-7295-4CFD-9D5B-9C8F394BE03A}) (Version: 4.1.41.2234 - Intel)
Intel(R) Update Manager (x32 Version: 1.6.0.56 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{1c7272f2-45cf-469f-b7e9-17c6b212549c}) (Version: 16.5.3 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.05.1000.0264 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4631.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Mp3tag v2.59a (HKLM-x32\...\Mp3tag) (Version: v2.59a - Florian Heidenreich)
Nero BackItUp (x32 Version: 12.5.5000 - Nero AG) Hidden
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Nero BackItUp Help (CHM) (x32 Version: 12.0.10000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.7000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.3001 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
Peggle Nights (HKLM-x32\...\Steam App 3540) (Version: - PopCap Games, Inc.)
Poker Night 2 (HKLM-x32\...\Steam App 234710) (Version: - Telltale Games)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21222 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version: - Frontier)
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version: - 5th Cell Media)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
ShootMania Storm (HKLM-x32\...\Steam App 229870) (Version: - Nadeo)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sound Blaster Play! 2 Extras (HKLM-x32\...\{DBAE4081-D97A-48C7-8698-CD5CE616C005}) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version: - Bossa Studios)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.31 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
TrackMania² Canyon (HKLM-x32\...\Steam App 228760) (Version: - Nadeo)
TrackMania² Stadium (HKLM-x32\...\Steam App 232910) (Version: - Nadeo)
TrackMania² Valley (HKLM-x32\...\Steam App 243360) (Version: - Nadeo)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WindowsMangerProtect20.0.0.502 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.502 - WindowsProtect LIMITED)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2092401695-3164244550-927435982-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2092401695-3164244550-927435982-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2092401695-3164244550-927435982-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2092401695-3164244550-927435982-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
11-07-2014 09:42:49 Windows Update
15-07-2014 14:20:06 Windows Update
18-07-2014 15:52:39 Installed Java 7 Update 65
25-07-2014 23:43:37 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0533806E-31E1-40A9-9B1B-437468C06FC8} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {05CEB71A-ED26-4995-A7D4-A161C53E4D88} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-31] (Google Inc.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {20131466-9A07-4702-AB64-2B0F68FCB471} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2EED3C3E-01CB-4C91-8266-0BB8BE66EA8F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-09] (AVAST Software)
Task: {35082D33-A0BB-419D-B031-1DC5F1832AE2} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-01-18] (Acer Incorporated)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4CADE2ED-3A43-402B-8094-D46C13F0AA76} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {4F6F255A-4C6F-4546-B242-5F08C0A30AA7} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {60BBE7B8-FFD1-4FC5-AC8A-B9C278B6C6A0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8967CF48-6597-4573-BDCC-B84BA4E6ACF7} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
Task: {8B0FD5CF-AE7E-4EE6-84AA-D481B42023E4} - System32\Tasks\Theft Shield\AcerTheftShieldTask => C:\Program Files\Acer\Acer Theft Shield\USecuAppLauncher.exe [2012-11-12] (Acer Incorporated)
Task: {8CB68B1F-D590-4AFF-878A-F724CC3C0DE6} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8E90B46F-2416-41E9-BBFE-452EDA387B6A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-31] (Google Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A48C565F-335E-4F3D-BB85-0C01EF097FCD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: {A85E40DE-9AB9-48BD-909E-636D4130EDC1} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {C7ADB7B4-5819-4E13-A388-1ACED0916560} - System32\Tasks\HIDMonitor => C:\Program Files\Acer Incorporated\HID Monitor\HIDMonitor.exe
Task: {CA91D364-4506-4863-872F-3A0F6B254529} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {CC626A71-4899-4215-9E8D-159BF5912B82} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E92C4650-8000-40CA-AB52-C9ADBB90031A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-11] (Microsoft Corporation)
Task: {FC996A97-0304-482C-976B-955FC3B0E3BF} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
Task: {FDFDBBF1-BE2E-4C7A-BD40-FD48DD1F9CE9} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-04-26] (Acer Incorporate)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2014-05-26 16:27 - 2014-05-20 04:44 - 00014280 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-05-26 16:31 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-19 18:34 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-04-15 15:45 - 2013-04-15 15:45 - 00182760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-04-15 15:45 - 2013-04-15 15:45 - 00060392 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-09-06 12:20 - 2013-02-20 22:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2012-08-23 14:02 - 2012-08-23 14:02 - 00030640 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
2014-07-26 12:52 - 2014-07-26 12:52 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14072600\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-04 16:19 - 2013-01-04 16:19 - 00035336 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\ElanTPAPI.dll
2014-05-22 19:01 - 2014-07-12 02:53 - 01116672 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-05-22 19:01 - 2014-07-12 02:53 - 00399360 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2014-01-08 17:23 - 2014-07-12 02:53 - 00331264 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-04-23 19:10 - 2014-07-12 02:53 - 00438784 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2013-10-24 10:45 - 2014-06-27 00:40 - 00764416 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-22 19:01 - 2014-07-16 04:28 - 02139328 _____ () C:\Program Files (x86)\Steam\video.dll
2014-05-22 19:01 - 2014-04-29 02:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2013-10-30 12:25 - 2014-07-16 04:28 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-10-23 13:07 - 2014-05-02 01:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-05-26 16:27 - 2014-05-20 04:44 - 00012120 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-12-22 12:15 - 2013-12-22 12:15 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-06 12:20 - 2013-02-20 22:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2014-07-16 21:07 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-16 21:07 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-16 21:07 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-16 21:07 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-16 21:07 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-16 21:07 - 2014-07-15 11:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
2013-09-06 11:23 - 2013-03-20 09:47 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\Users\Jonathan\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Unbekanntes USB-Gerät (Fehler beim Anfordern einer Gerätebeschreibung.)
Description: Unbekanntes USB-Gerät (Fehler beim Anfordern einer Gerätebeschreibung.)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/26/2014 06:30:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvstreamsvc.exe, Version: 2.1.214.0, Zeitstempel: 0x53809acd
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x530895af
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002e106
ID des fehlerhaften Prozesses: 0x980
Startzeit der fehlerhaften Anwendung: 0xnvstreamsvc.exe0
Pfad der fehlerhaften Anwendung: nvstreamsvc.exe1
Pfad des fehlerhaften Moduls: nvstreamsvc.exe2
Berichtskennung: nvstreamsvc.exe3
Vollständiger Name des fehlerhaften Pakets: nvstreamsvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvstreamsvc.exe5
Error: (07/26/2014 06:10:14 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database
Error: (07/22/2014 11:29:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 43200391
Error: (07/22/2014 11:29:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 43200391
Error: (07/22/2014 11:29:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/21/2014 00:37:53 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to launch stream service as user [87]
Error: (07/19/2014 06:23:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AUDIODG.EXE, Version: 6.3.9600.17090, Zeitstempel: 0x53413821
Name des fehlerhaften Moduls: RtCOM64.dll, Version: 2.0.0.157, Zeitstempel: 0x5114d322
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005f433
ID des fehlerhaften Prozesses: 0x1bd8
Startzeit der fehlerhaften Anwendung: 0xAUDIODG.EXE0
Pfad der fehlerhaften Anwendung: AUDIODG.EXE1
Pfad des fehlerhaften Moduls: AUDIODG.EXE2
Berichtskennung: AUDIODG.EXE3
Vollständiger Name des fehlerhaften Pakets: AUDIODG.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AUDIODG.EXE5
Error: (07/16/2014 09:05:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1554297
Error: (07/16/2014 09:05:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1554297
Error: (07/16/2014 09:05:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (07/26/2014 07:02:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127
Error: (07/26/2014 07:02:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127
Error: (07/26/2014 07:02:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127
Error: (07/26/2014 07:02:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/26/2014 07:02:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet:
%%127
Error: (07/26/2014 07:02:30 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "\\?\Volume{9c22e6e1-b8c0-4be8-a740-67eef3df733a}" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.
Error: (07/26/2014 07:00:32 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (07/26/2014 07:00:32 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (07/26/2014 07:00:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (07/26/2014 07:00:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Microsoft Office Sessions:
=========================
Error: (07/26/2014 06:30:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvstreamsvc.exe2.1.214.053809acdntdll.dll6.3.9600.17031530895afc0000005000000000002e10698001cfa8eeee134184C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\WINDOWS\SYSTEM32\ntdll.dll2e7fd893-14e2-11e4-beb6-0c8bfd455087
Error: (07/26/2014 06:10:14 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: -2147024883
Error: (07/22/2014 11:29:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 43200391
Error: (07/22/2014 11:29:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 43200391
Error: (07/22/2014 11:29:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/21/2014 00:37:53 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to launch stream service as user [87]
Error: (07/19/2014 06:23:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.3.9600.1709053413821RtCOM64.dll2.0.0.1575114d322c0000005000000000005f4331bd801cfa36b9114b995C:\WINDOWS\system32\AUDIODG.EXEC:\WINDOWS\system32\RtCOM64.dllf2aff7e3-0f60-11e4-beb5-0c8bfd455087
Error: (07/16/2014 09:05:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1554297
Error: (07/16/2014 09:05:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1554297
Error: (07/16/2014 09:05:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
CodeIntegrity Errors:
===================================
Date: 2014-07-19 18:22:59.816
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-19 18:22:56.118
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-19 18:22:53.871
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-19 18:16:31.230
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-15 18:08:05.181
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-15 18:08:04.891
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-15 18:08:04.580
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-15 18:08:04.288
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-15 18:08:03.920
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-15 18:07:53.265
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 39%
Total physical RAM: 7848.27 MB
Available physical RAM: 4740.25 MB
Total Pagefile: 9064.27 MB
Available Pagefile: 5707.43 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:448.11 GB) (Free:324.18 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: ADE961E9)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 22 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=22 GB) - (Type=73)
==================== End Of Log ============================
|
|
26.07.2014, 18:22
| #14 |
| /// TB-Ausbilder /// Anleitungs-Guru | Wie entferne ich Search Protect richtig? Hi, wir sind noch nicht fertig! Schritt 1  Malwarebytes Antimalware
Schritt 2 ESET Online Scanner
Schritt 3 Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan. Bitte poste mir den Inhalt der beiden Logs die erstellt werden. Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
26.07.2014, 18:53
| #15 |
| | Wie entferne ich Search Protect richtig? Ok, danke für die Antwort, hier sind die Logs des Malwarebytes Antimalware Programms: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 26.07.2014 Suchlauf-Zeit: 19:37:19 Logdatei: Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.26.08 Rootkit Datenbank: v2014.07.17.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Jonathan Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 321719 Verstrichene Zeit: 12 Min, 38 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 2 PUP.Optional.SweetPage.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://www.sweet-page.com/?type=hp&ts=1406380747&from=cor&uid=TOSHIBAXMQ01ABF050_63B9S7X3SXX63B9S7X3S",), Ersetzt,[366b326eabd0b87eac610ed921e3df21] PUP.Optional.SweetPage.A, C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://www.sweet-page.com/?type=hp&ts=1406380747&from=cor&uid=TOSHIBAXMQ01ABF050_63B9S7X3SXX63B9S7X3S" ],), Ersetzt,[871a5e422e4d4ee80a06598e06fe956b] Physische Sektoren: 0 (No malicious items detected) (end) |
|
| Themen zu Wie entferne ich Search Protect richtig? |
| antivirus, browser, desktop, device driver, failed, homepage, icreinstall, launch, proxy, pup.optional.sweetpage.a, rundll, services.exe, siteadvisor, svchost.exe, sweet-page, sweet-page entfernen, sweetpage, sweetpage entfernen, trojaner, usb, win32/elex.am, win32/installcore.ln, win32/thinknice.b, windows, windowsapps, windowsmangerprotect |
dann auf 
und dann auf 
.
Linear-Darstellung
