| |
| |||||||
Log-Analyse und Auswertung: win8.1 tablet mit unbekanntem wiederkehrenden Trojaner infiziertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
28.06.2015, 09:49
| #1 |
| |  win8.1 tablet mit unbekanntem wiederkehrenden Trojaner infiziert Hallo, ich benötige dringend fachmännische Hilfe. Mein Tablet wurde vom ersten Tag an gehackt. Ein paar der Symptome sind: - Fehlermeldungen beim Start von Programmen wie GMER usw: Load Driver( "C:\Users\SH98AC 1\AppData\Local\Temp\pgldipdo.sys")error 0xC0000428:Windws cannot verify the digital signature for... -Bluescreens/Tablet stirbt ab/fährt nicht herunter, obwohl ich es angeklickt habe. -ich habe das tablet beteits mehrfach auf werkseinstellungen zurueckgesetzt, jedoch der trojaner ist immer wieder da -Programme öffnen sich von selbst -Dateien verschwinden, Ordner sind leer obwohl ich Sie mit Dateien befüllt habe -Ich kann Virenprogramme wie gamer, Avira, ... nicht einmal herunterladen und starten.(dll,registry) - Andere Virenprogramme wie avg zeigen fakeberichte - touchscreen/tastatur macht was sie will Log files von gestern mit otl:OTL Logfile: Code:
ATTFilter OTL logfile created on: 2015-06-27 6:58:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\shè\Downloads
An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17842)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd
951.41 Mb Total Physical Memory | 61.93 Mb Available Physical Memory | 6.51% Memory free
3.21 Gb Paging File | 0.70 Gb Available in Paging File | 21.77% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 23.14 Gb Total Space | 15.08 Gb Free Space | 65.16% Space Free | Partition Type: NTFS
Computer Name: XHÈ | User Name: shè | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\shè\Downloads\pferd.exe (OldTimer Tools)
PRC - C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe (NETGATE Technologies s.r.o.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2015\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2015\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2015\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2015\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2015\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Hotspot Shield\bin\cmw_srv.exe (AnchorFree Inc.)
PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files\Hotspot Shield\bin\HSSCP.exe (AnchorFree Inc.)
PRC - C:\Program Files\Hotspot Shield\bin\af_proxy_cmd.exe (AnchorFree Inc.)
PRC - C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe (Locktime Software)
PRC - C:\Program Files\Locktime Software\NetLimiter 4\NLClientApp.exe (Locktime Software)
PRC - C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
PRC - C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe (NETGATE Technologies s.r.o.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\igfxEM.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxCUIService.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxHK.exe (Intel Corporation)
PRC - C:\Windows\System32\DptfPolicyCriticalService.exe (Intel Corporation)
PRC - C:\Windows\System32\DptfPolicyLpmService.exe (Intel Corporation)
PRC - C:\Windows\System32\DptfParticipantProcessorService.exe (Intel Corporation)
PRC - C:\Windows\System32\DptfPolicyLpmServiceHelper.exe (Intel Corporation)
PRC - C:\Program Files\Realtek\REALTEK Bluetooth\BTDevMgr.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
PRC - C:\Windows\System32\taskhostex.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Windows\System32\RuntimeBroker.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (Intel(R) Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\NLClientApp.Modules\66030d0fdf0ac1f13c7477386276c06b\NLClientApp.Modules.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CoreLibNet\b4c0fe92eb15bd8e12dd5cce28b9f5f8\CoreLibNet.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\NLInterop\dec3e1ce9b0ab4684751f8e0ef284c70\NLInterop.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\NetLimiter\78e1616e0ab0134a897835d6465e4287\NetLimiter.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\NLClientApp.Core\4f18b6e38e508bd7da88b2196862a8c1\NLClientApp.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Locktime.WPF\32e42ccc909606d10b474838d24237f5\Locktime.WPF.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\c926f90d88838d450951cd6c5b41c961\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\3be4139a741b447ab35a2c788a2f4559\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\NLClientApp\092816fba14624e9b3bc66c695b86789\NLClientApp.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\fc3b086418e8d8807cfb6b88ccae1c64\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\7159bb28e23de8ed898a2acb1dbfef6c\System.ServiceModel.Internals.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\1c09d6db83322a23a1744d75c4836f85\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43edd630a9f8cd6ac38c527b106ec94f\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\6281ab590224520bad7c4f5b3ef37575\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\592a40dd076e6e46b4a8bc95bb64b2e8\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\662aae610c401a254416904a4861b189\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\ab763e7f2c7532e9fe8f587995105156\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8efdc7a3726640f79d9333da88accaf8\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\814dd462b742d7c16c620e79397b2463\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\eb62bc6e97d1d2aafbf3a101d7f029e1\PresentationFramework.Aero2.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\ec27e642d9ec3d9dfde1ece6c9b12426\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\41d56a9ca758109d5fe17cffba55346e\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\eae66374b80515eff6a84e373b9e036e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\67bdc09fa286920c1f42f2a98c400f95\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\1c5fe4cb68f67046baec4c3a854f722f\System.ni.dll ()
MOD - C:\Program Files\Hotspot Shield\bin\af_proxy.dll ()
MOD - C:\Program Files\CCleaner\Lang\lang-1031.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dll ()
========== Services (SafeList) ==========
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2015\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe ()
SRV - (hshld) -- C:\Program Files\Hotspot Shield\bin\cmw_srv.exe (AnchorFree Inc.)
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (nlsvc) -- C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe (Locktime Software)
SRV - (SpyEmrgSrv) -- C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe (NETGATE Technologies s.r.o.)
SRV - (AudioEndpointBuilder) -- C:\Windows\System32\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
SRV - (PrintNotify) -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll (Microsoft Corporation)
SRV - (SystemEventsBroker) -- C:\Windows\System32\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV - (BrokerInfrastructure) -- C:\Windows\System32\bisrv.dll (Microsoft Corporation)
SRV - (workfolderssvc) -- C:\Windows\System32\workfolderssvc.dll (Microsoft Corporation)
SRV - (lfsvc) -- C:\Windows\System32\GeofenceMonitorService.dll (Microsoft Corporation)
SRV - (AppXSvc) -- C:\Windows\System32\AppXDeploymentServer.dll (Microsoft Corporation)
SRV - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\System32\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (igfxCUIService1.0.0.0) -- C:\Windows\System32\igfxCUIService.exe (Intel Corporation)
SRV - (DptfPolicyCriticalService) -- C:\Windows\System32\DptfPolicyCriticalService.exe (Intel Corporation)
SRV - (DptfPolicyLpmService) -- C:\Windows\System32\DptfPolicyLpmService.exe (Intel Corporation)
SRV - (DptfParticipantProcessorService) -- C:\Windows\System32\DptfParticipantProcessorService.exe (Intel Corporation)
SRV - (BTDevManager) -- C:\Program Files\Realtek\REALTEK Bluetooth\BTDevMgr.exe ()
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (w3logsvc) -- C:\Windows\System32\inetsrv\w3logsvc.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (LSM) -- C:\Windows\System32\lsm.dll (Microsoft Corporation)
SRV - (AppReadiness) -- C:\Windows\System32\AppReadiness.dll (Microsoft Corporation)
SRV - (Wcmsvc) -- C:\Windows\System32\wcmsvc.dll (Microsoft Corporation)
SRV - (WSService) -- C:\Windows\System32\WSService.dll (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Windows\System32\wlidsvc.dll (Microsoft Corporation)
SRV - (DeviceAssociationService) -- C:\Windows\System32\das.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (jhi_service) -- C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (WEPHOSTSVC) -- C:\Windows\System32\wephostsvc.dll (Microsoft Corporation)
SRV - (EFS) -- C:\Windows\System32\efssvc.dll (Microsoft Corporation)
SRV - (WiaRpc) -- C:\Windows\System32\wiarpc.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (svsvc) -- C:\Windows\System32\svsvc.dll (Microsoft Corporation)
SRV - (fhsvc) -- C:\Windows\System32\fhsvc.dll (Microsoft Corporation)
SRV - (NcaSvc) -- C:\Windows\System32\NcaSvc.dll (Microsoft Corporation)
SRV - (vmicvss) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (vmictimesync) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (vmicshutdown) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (vmicrdv) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (vmickvpexchange) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (vmicheartbeat) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (vmicguestinterface) -- C:\Windows\System32\icsvc.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\System32\smphost.dll (Microsoft Corporation)
SRV - (ScDeviceEnum) -- C:\Windows\System32\ScDeviceEnum.dll (Microsoft Corporation)
SRV - (KeyIso) -- C:\Windows\System32\keyiso.dll (Microsoft Corporation)
SRV - (TimeBroker) -- C:\Windows\System32\TimeBrokerServer.dll (Microsoft Corporation)
SRV - (netprofm) -- C:\Windows\System32\netprofmsvc.dll (Microsoft Corporation)
SRV - (NcbService) -- C:\Windows\System32\ncbservice.dll (Microsoft Corporation)
SRV - (VaultSvc) -- C:\Windows\System32\vaultsvc.dll (Microsoft Corporation)
SRV - (DsmSvc) -- C:\Windows\System32\DeviceSetupManager.dll (Microsoft Corporation)
SRV - (NcdAutoSetup) -- C:\Windows\System32\NcdAutoSetup.dll (Microsoft Corporation)
SRV - (Intel(R) -- C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe (Intel(R) Corporation)
SRV - (Intel(R) -- C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (Intel(R) Corporation)
========== Driver Services (SafeList) ==========
DRV - (avkmgr) -- C:\Windows\system32\DRIVERS\avkmgr.sys File not found
DRV - (pgldipob) -- C:\Users\shè\AppData\Local\Temp\pgldipob.sys (GMER)
DRV - (nldrv) -- C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys (Locktime Software)
DRV - (ssmdrv) -- C:\Windows\System32\Drivers\ssmdrv.sys (Avira Operations GmbH & Co. KG)
DRV - (AVGIDSDriver) -- C:\Windows\System32\Drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\Drivers\avgidsshimw8x.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgwfpx) -- C:\Windows\System32\Drivers\avgwfpx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\Drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (taphss6) -- C:\Windows\System32\Drivers\taphss6.sys (Anchorfree Inc.)
DRV - (HssDRV6) -- C:\Windows\System32\Drivers\hssdrv6.sys (AnchorFree Inc.)
DRV - (Avglogx) -- C:\Windows\System32\Drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgbootx) -- C:\Windows\System32\Drivers\avgbootx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgdiskx) -- C:\Windows\System32\Drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
DRV - (SpyEmrgGuard) -- C:\Windows\System32\Drivers\spyemrg_guard.sys (NETGATE Technologies s.r.o.)
DRV - (CLFS) -- C:\Windows\System32\Drivers\clfs.sys (Microsoft Corporation)
DRV - (ahcache) -- C:\Windows\System32\Drivers\ahcache.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (pdc) -- C:\Windows\System32\Drivers\pdc.sys (Microsoft Corporation)
DRV - (intelpep) -- C:\Windows\System32\Drivers\intelpep.sys (Microsoft Corporation)
DRV - (RtlWlans) -- C:\Windows\System32\Drivers\rtwlans.sys (Realtek Semiconductor Corporation )
DRV - (rtii2sac) -- C:\Windows\System32\Drivers\rtii2sac.sys (Realtek Semiconductor Corp.)
DRV - (GPIOClx0101) -- C:\Windows\System32\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV - (USBHUB3) -- C:\Windows\System32\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV - (spaceport) -- C:\Windows\System32\Drivers\spaceport.sys (Microsoft Corporation)
DRV - (NdisImPlatform) -- C:\Windows\System32\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV - (wpcfltr) -- C:\Windows\System32\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\Drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Wof) -- C:\Windows\System32\drivers\wof.sys (Microsoft Corporation)
DRV - (WFPLWFS) -- C:\Windows\System32\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV - (WdFilter) -- C:\Windows\System32\Drivers\WdFilter.sys (Microsoft Corporation)
DRV - (WdNisDrv) -- C:\Windows\System32\Drivers\WdNisDrv.sys (Microsoft Corporation)
DRV - (WdBoot) -- C:\Windows\System32\Drivers\WdBoot.sys (Microsoft Corporation)
DRV - (ov5648) -- C:\Windows\System32\Drivers\ov5648.sys (Intel Corporation)
DRV - (GoodixTouchDriver) -- C:\Windows\System32\Drivers\GoodixTouchDriver.sys (Windows (R) Win 7 DDK provider)
DRV - (iaiouart) -- C:\Windows\System32\Drivers\iaiouart.sys (Intel Corporation)
DRV - (TXEI) -- C:\Windows\System32\Drivers\TXEI.sys (Intel Corporation)
DRV - (PMIC) -- C:\Windows\System32\Drivers\PMIC.sys (Intel Corporation)
DRV - (iaioi2c) -- C:\Windows\System32\Drivers\iaioi2ce.sys (Intel Corporation)
DRV - (SensorFusion) -- C:\Windows\System32\Drivers\HIDFusion.sys (Intel Corporation)
DRV - (MBI) -- C:\Windows\System32\Drivers\MBI.sys (Intel Corporation)
DRV - (MAG_SensorDriver) -- C:\Windows\System32\Drivers\MAG_SensorDriver.sys ()
DRV - (ACC_SensorDriver) -- C:\Windows\System32\Drivers\ACC_SensorDriver.sys ()
DRV - (GYRO_SensorDriver) -- C:\Windows\System32\Drivers\GYRO_SensorDriver.sys ()
DRV - (camera) -- C:\Windows\System32\Drivers\camera.sys (Intel Corporation)
DRV - (IntelSST) -- C:\Windows\System32\Drivers\isstrtc.sys (Intel(R) Corporation)
DRV - (DptfManager) -- C:\Windows\System32\Drivers\DptfManager.sys (Intel Corporation)
DRV - (DptfDevProc) -- C:\Windows\System32\Drivers\DptfDevProc.sys (Intel Corporation)
DRV - (gc310) -- C:\Windows\System32\Drivers\gc310.sys (Intel Corporation)
DRV - (IntelBatteryManagement) -- C:\Windows\System32\Drivers\IntelBatteryManagement.sys ()
DRV - (DptfDevAmbient) -- C:\Windows\System32\Drivers\DptfDevAmbient.sys (Intel Corporation)
DRV - (DptfDevGen) -- C:\Windows\System32\Drivers\DptfDevGen.sys (Intel Corporation)
DRV - (GPIO) -- C:\Windows\System32\Drivers\iaiogpioe.sys (Intel Corporation)
DRV - (DptfDevDisplay) -- C:\Windows\System32\Drivers\DptfDevDisplay.sys (Intel Corporation)
DRV - (DptfDevDBPT) -- C:\Windows\System32\Drivers\DptfDevPower.sys (Intel Corporation)
DRV - (GpioVirtual) -- C:\Windows\System32\Drivers\iaiogpiovirtual.sys (Intel Corporation)
DRV - (RtkUart) -- C:\Windows\System32\Drivers\RtkUart.sys (Realtek Semiconductor Corporation)
DRV - (kxspb) -- C:\Windows\System32\Drivers\kxspb.sys (Kionix, Inc.)
DRV - (hm2056) -- C:\Windows\System32\Drivers\hm2056.sys (Intel Corporation)
DRV - (gc2235) -- C:\Windows\System32\Drivers\gc2235.sys (Intel Corporation)
DRV - (intaud_WaveExtensible) -- C:\Windows\System32\Drivers\intelaud.sys (Intel Corporation)
DRV - (iwdbus) -- C:\Windows\System32\Drivers\iwdbus.sys (Intel Corporation)
DRV - (SerCx2) -- C:\Windows\System32\Drivers\SerCx2.sys (Microsoft Corporation)
DRV - (BthLEEnum) -- C:\Windows\System32\Drivers\BthLEEnum.sys (Microsoft Corporation)
DRV - (VerifierExt) -- C:\Windows\System32\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV - (sdstor) -- C:\Windows\System32\Drivers\sdstor.sys (Microsoft Corporation)
DRV - (stornvme) -- C:\Windows\System32\Drivers\stornvme.sys (Microsoft Corporation)
DRV - (BasicRender) -- C:\Windows\System32\Drivers\BasicRender.sys (Microsoft Corporation)
DRV - (USBXHCI) -- C:\Windows\System32\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV - (UCX01000) -- C:\Windows\System32\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\Drivers\terminpt.sys (Microsoft Corporation)
DRV - (tap0901) -- C:\Windows\System32\Drivers\tap0901.sys (The OpenVPN Project)
DRV - (condrv) -- C:\Windows\System32\Drivers\condrv.sys (Microsoft Corporation)
DRV - (dam) -- C:\Windows\System32\Drivers\dam.sys (Microsoft Corporation)
DRV - (acpiex) -- C:\Windows\System32\Drivers\acpiex.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\Drivers\tpm.sys (Microsoft Corporation)
DRV - (mvumis) -- C:\Windows\System32\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV - (msgpiowin32) -- C:\Windows\System32\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV - (LSI_SAS3) -- C:\Windows\System32\Drivers\lsi_sas3.sys (LSI Corporation)
DRV - (LSI_SSS) -- C:\Windows\System32\Drivers\lsi_sss.sys (LSI Corporation)
DRV - (3ware) -- C:\Windows\System32\Drivers\3ware.sys (LSI)
DRV - (ADP80XX) -- C:\Windows\System32\Drivers\adp80xx.sys (PMC-Sierra)
DRV - (EhStorTcgDrv) -- C:\Windows\System32\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV - (EhStorClass) -- C:\Windows\System32\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV - (VSTXRAID) -- C:\Windows\System32\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV - (storahci) -- C:\Windows\System32\Drivers\storahci.sys (Microsoft Corporation)
DRV - (SpbCx) -- C:\Windows\System32\Drivers\SpbCx.sys (Microsoft Corporation)
DRV - (SerCx) -- C:\Windows\System32\Drivers\SerCx.sys (Microsoft Corporation)
DRV - (UASPStor) -- C:\Windows\System32\Drivers\uaspstor.sys (Microsoft Corporation)
DRV - (cnghwassist) -- C:\Windows\System32\Drivers\cnghwassist.sys (Microsoft Corporation)
DRV - (UEFI) -- C:\Windows\System32\Drivers\uefi.sys (Microsoft Corporation)
DRV - (WpdUpFltr) -- C:\Windows\System32\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\Drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\Drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\Drivers\storvsc.sys (Microsoft Corporation)
DRV - (BasicDisplay) -- C:\Windows\System32\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV - (HyperVideo) -- C:\Windows\System32\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV - (mshidumdf) -- C:\Windows\System32\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV - (acpitime) -- C:\Windows\System32\Drivers\acpitime.sys (Microsoft Corporation)
DRV - (acpipagr) -- C:\Windows\System32\Drivers\acpipagr.sys (Microsoft Corporation)
DRV - (npsvctrig) -- C:\Windows\System32\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV - (BthAvrcpTg) -- C:\Windows\System32\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV - (kdnic) -- C:\Windows\System32\Drivers\kdnic.sys (Microsoft Corporation)
DRV - (BthMini) -- C:\Windows\System32\Drivers\BthMini.SYS (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\Drivers\vms3cap.sys (Microsoft Corporation)
DRV - (gencounter) -- C:\Windows\System32\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV - (bthhfhid) -- C:\Windows\System32\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV - (BthHFEnum) -- C:\Windows\System32\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (hyperkbd) -- C:\Windows\System32\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (hidi2c) -- C:\Windows\System32\Drivers\hidi2c.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\Drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\Drivers\dmvsc.sys (Microsoft Corporation)
DRV - (netvsc) -- C:\Windows\System32\Drivers\netvsc63.sys (Microsoft Corporation)
DRV - (NdisVirtualBus) -- C:\Windows\System32\Drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV - (MsLldp) -- C:\Windows\System32\Drivers\mslldp.sys (Microsoft Corporation)
DRV - (Ndu) -- C:\Windows\System32\Drivers\Ndu.sys (Microsoft Corporation)
DRV - (FxPPM) -- C:\Windows\System32\Drivers\fxppm.sys (Microsoft Corporation)
DRV - (bcmfn2) -- C:\Windows\System32\Drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV - (iaStorAV) -- C:\Windows\System32\Drivers\iaStorAV.sys (Intel Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\Drivers\BCMWL63.SYS (Broadcom Corporation)
DRV - (RTL8168) -- C:\Windows\System32\Drivers\Rt630x86.sys (Realtek )
DRV - (SpyEmrgAccess) -- C:\Windows\System32\Drivers\spyemrg_access.sys (NETGATE Technologies s.r.o.)
DRV - (SpyEmrg) -- C:\Windows\System32\Drivers\spyemrg.sys (NETGATE Technologies s.r.o.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13-comm.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13-comm.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13-comm.msn.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13-comm.msn.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13-comm.msn.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13-comm.msn.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-677420604-2726472551-1300724813-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13-comm.msn.com
IE - HKU\S-1-5-21-677420604-2726472551-1300724813-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-677420604-2726472551-1300724813-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-677420604-2726472551-1300724813-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=WCUG
IE - HKU\S-1-5-21-677420604-2726472551-1300724813-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
O1 HOSTS File: ([2013-08-21 23:13:55 | 000,000,824 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\System32\DptfPolicyLpmServiceHelper.exe (Intel Corporation)
O4 - HKLM..\Run: [RtkNGUI] C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-677420604-2726472551-1300724813-1001..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-677420604-2726472551-1300724813-1001..\Run: [NetLimiter] C:\Program Files\Locktime Software\NetLimiter 4\nlclientapp.exe (Locktime Software)
O4 - HKU\S-1-5-21-677420604-2726472551-1300724813-1001..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe (NETGATE Technologies s.r.o.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BCC0B70-A488-466E-8777-2EBDA7D116A0}: DhcpNameServer = 84.54.140.4 84.54.140.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB7FA1E0-95F6-46D7-9BBF-C24D682DA927}: DhcpNameServer = 8.8.8.8
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013-08-22 01:16:34 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2015-06-27 17:18:52 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Roaming\Identities
[2015-06-27 17:10:56 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Roaming\Spy Emergency
[2015-06-27 17:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Emergency
[2015-06-27 17:10:48 | 000,020,056 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\System32\drivers\spyemrg_access.sys
[2015-06-27 17:10:48 | 000,018,872 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\System32\drivers\spyemrg_guard.sys
[2015-06-27 17:10:48 | 000,014,168 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\System32\drivers\spyemrg.sys
[2015-06-27 17:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NETGATE
[2015-06-27 17:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\NETGATE
[2015-06-27 15:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2015-06-27 15:57:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2015-06-27 15:55:24 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Roaming\GlarySoft
[2015-06-27 15:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2015-06-27 15:50:51 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2015-06-27 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\shè\Desktop\TrojanWin32DelCommand & Win32BaiduIebar
[2015-06-27 13:51:39 | 000,000,000 | ---D | C] -- C:\Users\shè\Desktop\rundell.32.exe
[2015-06-27 12:02:26 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Roaming\Locktime
[2015-06-27 12:02:07 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
[2015-06-27 12:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Locktime
[2015-06-27 12:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetLimiter 4
[2015-06-27 12:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\Locktime Software
[2015-06-27 11:59:50 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Roaming\Locktime Software
[2015-06-27 11:59:25 | 007,120,232 | ---- | C] (Locktime Software) -- C:\Users\shè\Desktop\netlimiter-4.0.12.0.exe
[2015-06-26 23:03:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2015-06-26 22:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2015-06-26 22:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield
[2015-06-26 22:45:37 | 000,039,624 | ---- | C] (AnchorFree Inc.) -- C:\Windows\System32\drivers\hssdrv6.sys
[2015-06-26 22:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2015-06-26 21:06:44 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Roaming\Hotspot Shield
[2015-06-26 20:55:41 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Roaming\OpenOffice
[2015-06-26 16:33:00 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Roaming\PDF Writer
[2015-06-26 16:33:00 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Local\PDF Writer
[2015-06-26 16:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-PDF
[2015-06-26 16:23:04 | 000,103,424 | ---- | C] (Bullzip) -- C:\Windows\System32\bzDCT.dll
[2015-06-26 16:22:34 | 000,228,352 | ---- | C] (Bullzip) -- C:\Windows\System32\bzFlRdr.dll
[2015-06-26 16:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\7-PDF
[2015-06-26 16:15:42 | 001,064,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscomctl.ocx
[2015-06-26 16:15:11 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.OCX
[2015-06-26 16:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Writer
[2015-06-26 16:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\7-PDF
[2015-06-26 11:48:24 | 000,000,000 | ---D | C] -- C:\Users\shè\Desktop\kanada
[2015-06-25 15:31:09 | 000,000,000 | ---D | C] -- C:\Users\shè\Desktop\inbox wm.engineer@mail
[2015-06-25 09:30:31 | 000,000,000 | ---D | C] -- C:\Users\shè\Desktop\hoso
[2015-06-24 23:01:59 | 000,000,000 | --SD | C] -- C:\Windows\System32\CompatTel
[2015-06-24 23:01:59 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2015-06-24 23:01:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\appraiser
[2015-06-24 17:22:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2015-06-24 17:05:06 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2015-06-24 12:39:40 | 000,000,000 | ---D | C] -- C:\Users\shè\Desktop\inbox michawoche
[2015-06-24 03:46:00 | 001,943,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
[2015-06-24 03:45:50 | 000,219,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdFilter.sys
[2015-06-24 03:45:50 | 000,084,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdNisDrv.sys
[2015-06-24 03:45:50 | 000,029,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdBoot.sys
[2015-06-24 03:45:49 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winshfhc.dll
[2015-06-24 03:45:23 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll
[2015-06-24 03:45:23 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2015-06-24 03:45:22 | 000,901,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2015-06-24 03:45:22 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appraiser.dll
[2015-06-24 03:45:22 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepic.dll
[2015-06-24 03:45:22 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acmigration.dll
[2015-06-24 03:45:21 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\invagent.dll
[2015-06-24 03:45:19 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devinv.dll
[2015-06-24 03:44:30 | 002,459,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2015-06-24 03:44:28 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2015-06-24 03:44:28 | 000,108,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2015-06-24 03:44:13 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winbici.dll
[2015-06-24 03:44:01 | 000,790,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MrmCoreR.dll
[2015-06-24 03:43:24 | 000,131,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dumpsd.sys
[2015-06-24 03:19:44 | 001,560,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2015-06-24 03:19:35 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2015-06-24 03:19:34 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ahcache.sys
[2015-06-24 03:19:33 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2015-06-24 03:19:13 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ubpm.dll
[2015-06-24 03:14:03 | 003,532,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2015-06-24 03:14:01 | 005,782,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2015-06-24 03:14:00 | 000,749,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll
[2015-06-24 03:14:00 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tracerpt.exe
[2015-06-24 03:14:00 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\microsoft-windows-system-events.dll
[2015-06-24 03:14:00 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2015-06-24 03:14:00 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\typeperf.exe
[2015-06-24 03:14:00 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2015-06-24 03:14:00 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskperf.exe
[2015-06-24 03:13:58 | 000,424,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll
[2015-06-24 03:13:58 | 000,370,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2015-06-24 03:13:58 | 000,344,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AUDIOKSE.dll
[2015-06-24 03:13:58 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioEndpointBuilder.dll
[2015-06-24 03:13:57 | 000,485,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2015-06-24 03:13:57 | 000,448,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2015-06-24 03:13:57 | 000,413,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2015-06-24 03:13:57 | 000,372,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2015-06-24 03:13:57 | 000,213,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2015-06-24 03:13:57 | 000,136,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
[2015-06-24 03:13:57 | 000,108,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDump.dll
[2015-06-24 03:13:57 | 000,033,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2015-06-24 03:13:57 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werdiagcontroller.dll
[2015-06-24 03:05:37 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SettingsHandlers.dll
[2015-06-24 03:05:35 | 011,820,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\twinui.dll
[2015-06-24 03:05:33 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFMediaEngine.dll
[2015-06-24 03:05:33 | 000,670,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4srcsnk.dll
[2015-06-24 03:05:32 | 000,334,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll
[2015-06-24 03:05:32 | 000,333,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2015-06-24 03:05:31 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2015-06-24 03:05:31 | 000,286,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2015-06-24 03:05:30 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSAPI.dll
[2015-06-24 02:59:23 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapisrv.dll
[2015-06-24 02:59:23 | 000,088,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptsslp.dll
[2015-06-24 02:59:19 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2015-06-24 02:58:56 | 000,736,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2015-06-24 02:58:56 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2015-06-24 02:58:53 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2015-06-24 02:58:53 | 000,301,056 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2015-06-24 02:58:53 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2015-06-24 02:58:53 | 000,035,840 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2015-06-24 02:58:53 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2015-06-24 02:58:49 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2015-06-24 02:58:49 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jnwmon.dll
[2015-06-24 02:58:40 | 000,418,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2015-06-24 02:58:40 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2015-06-24 02:58:39 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2015-06-24 02:58:38 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2015-06-24 02:58:36 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2015-06-24 02:58:29 | 000,685,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2015-06-24 02:58:28 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2015-06-24 02:58:28 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2015-06-24 02:58:28 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2015-06-24 02:58:26 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2015-06-24 02:58:25 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2015-06-24 02:58:25 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2015-06-24 02:58:23 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2015-06-24 02:58:22 | 004,305,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2015-06-24 02:58:20 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2015-06-24 02:58:20 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2015-06-24 02:58:19 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2015-06-24 02:58:18 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2015-06-24 02:58:18 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2015-06-24 02:58:18 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2015-06-24 02:58:18 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2015-06-24 02:58:18 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2015-06-24 02:58:18 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hlink.dll
[2015-06-24 02:58:18 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2015-06-24 02:58:18 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2015-06-24 02:58:18 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2015-06-24 02:58:18 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2015-06-24 02:58:18 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2015-06-24 02:58:17 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2015-06-24 02:58:17 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2015-06-24 02:58:17 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2015-06-24 02:58:17 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2015-06-24 02:58:17 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2015-06-24 02:57:58 | 000,875,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr120_clr0400.dll
[2015-06-24 02:57:45 | 002,975,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2015-06-24 02:57:45 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2015-06-24 02:57:44 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rfxvmt.dll
[2015-06-24 02:57:44 | 000,022,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2015-06-24 02:57:39 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2015-06-24 02:57:39 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvcfg.exe
[2015-06-24 02:57:28 | 001,653,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2015-06-24 02:57:28 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2015-06-24 02:57:27 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUSettingsProvider.dll
[2015-06-24 02:57:27 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2015-06-24 02:57:27 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2015-06-24 02:57:27 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2015-06-24 02:57:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2015-06-24 02:57:27 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2015-06-24 02:57:27 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaext.dll
[2015-06-24 02:57:23 | 000,076,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pdc.sys
[2015-06-24 02:57:23 | 000,036,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\intelpep.sys
[2015-06-24 02:57:22 | 000,047,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2015-06-24 02:41:25 | 000,279,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\clfs.sys
[2015-06-24 02:41:25 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfsw32.dll
[2015-06-24 00:26:32 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Local\Avg
[2015-06-23 11:41:09 | 000,031,848 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\ssmdrv.sys
[2015-06-23 06:34:29 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Roaming\AVG2015
[2015-06-23 06:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
[2015-06-23 06:33:19 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Roaming\TuneUp Software
[2015-06-23 06:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2015-06-23 06:29:41 | 000,000,000 | -H-D | C] -- C:\$AVG
[2015-06-23 06:29:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2015
[2015-06-23 06:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2015-06-23 06:27:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2015-06-23 06:27:55 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Local\MFAData
[2015-06-23 06:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2015-06-23 06:27:55 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Local\Avg2015
[2015-06-23 05:51:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\log
[2015-06-23 05:20:42 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Local\Diagnostics
[2015-06-23 04:58:56 | 000,000,000 | --SD | C] -- C:\Users\shè\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
[2015-06-23 04:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice 4
[2015-06-23 04:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2015-06-23 04:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2015-06-23 04:57:23 | 000,000,000 | ---D | C] -- C:\Users\shè\Desktop\OpenOffice 4.1.1 (de) Installation Files
[2015-06-23 04:48:16 | 000,000,000 | ---D | C] -- C:\Users\shè\Documents\Simply Super Software
[2015-06-23 04:48:16 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Roaming\Simply Super Software
[2015-06-23 04:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2015-06-23 04:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2015-06-23 04:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2015-06-23 04:47:36 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Local\Programs
[2015-06-23 01:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2015-06-23 01:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2015-06-23 01:14:45 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Roaming\Hewlett-Packard
[2015-06-23 01:14:27 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Roaming\hpqlog
[2015-06-23 01:14:21 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Local\Hewlett-Packard
[2015-06-23 01:07:56 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2015-06-23 01:05:58 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Roaming\Macromedia
[2015-06-23 01:05:52 | 000,000,000 | -HSD | C] -- C:\Users\shè\AppData\Local\EmieUserList
[2015-06-23 01:05:52 | 000,000,000 | -HSD | C] -- C:\Users\shè\AppData\Local\EmieSiteList
[2015-06-22 15:24:30 | 000,000,000 | R--D | C] -- C:\Users\shè\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2015-06-22 15:24:30 | 000,000,000 | R--D | C] -- C:\Users\shè\Searches
[2015-06-22 15:24:30 | 000,000,000 | R--D | C] -- C:\Users\shè\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2015-06-22 15:24:29 | 000,000,000 | R--D | C] -- C:\Users\shè\Contacts
[2015-06-22 15:24:29 | 000,000,000 | -H-D | C] -- C:\Users\shè\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2015-06-22 15:24:27 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Local\VirtualStore
[2015-06-22 15:24:26 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Roaming\Adobe
[2015-06-22 15:24:23 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Local\Packages
[2015-06-22 15:24:22 | 000,000,000 | -HSD | C] -- C:\Users\shè\IntelGraphicsProfiles
[2015-06-22 15:24:19 | 000,000,000 | -HSD | C] -- C:\Users\shè\AppData\Local\Temporary Internet Files
[2015-06-22 15:24:19 | 000,000,000 | -HSD | C] -- C:\Users\shè\Templates
[2015-06-22 15:24:19 | 000,000,000 | -HSD | C] -- C:\Users\shè\Start Menu
[2015-06-22 15:24:19 | 000,000,000 | -HSD | C] -- C:\Users\shè\SendTo
[2015-06-22 15:24:19 | 000,000,000 | -HSD | C] -- C:\Users\shè\Recent
[2015-06-22 15:24:19 | 000,000,000 | -HSD | C] -- C:\Users\shè\PrintHood
[2015-06-22 15:24:19 | 000,000,000 | -HSD | C] -- C:\Users\shè\NetHood
[2015-06-22 15:24:19 | 000,000,000 | -HSD | C] -- C:\Users\shè\Documents\My Videos
[2015-06-22 15:24:19 | 000,000,000 | -HSD | C] -- C:\Users\shè\Documents\My Pictures
[2015-06-22 15:24:19 | 000,000,000 | -HSD | C] -- C:\Users\shè\Documents\My Music
[2015-06-22 15:24:19 | 000,000,000 | -HSD | C] -- C:\Users\shè\My Documents
[2015-06-22 15:24:19 | 000,000,000 | -HSD | C] -- C:\Users\shè\Local Settings
[2015-06-22 15:24:19 | 000,000,000 | -HSD | C] -- C:\Users\shè\AppData\Local\History
[2015-06-22 15:24:19 | 000,000,000 | -HSD | C] -- C:\Users\shè\Cookies
[2015-06-22 15:24:19 | 000,000,000 | -HSD | C] -- C:\Users\shè\Application Data
[2015-06-22 15:24:19 | 000,000,000 | -HSD | C] -- C:\Users\shè\AppData\Local\Application Data
[2015-06-22 15:24:18 | 000,000,000 | --SD | C] -- C:\Users\shè\AppData\Roaming\Microsoft
[2015-06-22 15:24:18 | 000,000,000 | R--D | C] -- C:\Users\shè\Videos
[2015-06-22 15:24:18 | 000,000,000 | R--D | C] -- C:\Users\shè\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2015-06-22 15:24:18 | 000,000,000 | R--D | C] -- C:\Users\shè\Saved Games
[2015-06-22 15:24:18 | 000,000,000 | R--D | C] -- C:\Users\shè\Pictures
[2015-06-22 15:24:18 | 000,000,000 | R--D | C] -- C:\Users\shè\Music
[2015-06-22 15:24:18 | 000,000,000 | R--D | C] -- C:\Users\shè\Links
[2015-06-22 15:24:18 | 000,000,000 | R--D | C] -- C:\Users\shè\Favorites
[2015-06-22 15:24:18 | 000,000,000 | R--D | C] -- C:\Users\shè\Downloads
[2015-06-22 15:24:18 | 000,000,000 | R--D | C] -- C:\Users\shè\Documents
[2015-06-22 15:24:18 | 000,000,000 | R--D | C] -- C:\Users\shè\Desktop
[2015-06-22 15:24:18 | 000,000,000 | R--D | C] -- C:\Users\shè\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2015-06-22 15:24:18 | 000,000,000 | R--D | C] -- C:\Users\shè\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2015-06-22 15:24:18 | 000,000,000 | -H-D | C] -- C:\Users\shè\Documents\hp.system.package.metadata
[2015-06-22 15:24:18 | 000,000,000 | -H-D | C] -- C:\Users\shè\Documents\hp.applications.package.appdata
[2015-06-22 15:24:18 | 000,000,000 | -H-D | C] -- C:\Users\shè\AppData
[2015-06-22 15:24:18 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Local\Temp
[2015-06-22 15:24:18 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Local\Microsoft
[2015-06-22 15:24:18 | 000,000,000 | ---D | C] -- C:\Users\shè\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2015-06-22 15:24:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2015-06-22 15:13:47 | 000,000,000 | -HSD | C] -- C:\System Volume Information
========== Files - Modified Within 30 Days ==========
[2015-06-27 18:18:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015-06-27 17:10:57 | 000,001,165 | ---- | M] () -- C:\Users\Public\Desktop\Spy Emergency.lnk
[2015-06-27 16:34:38 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3drm.dll
[2015-06-27 16:07:38 | 000,000,214 | ---- | M] () -- C:\Users\shè\Documents\cc_20150627_160732.reg
[2015-06-27 16:06:43 | 000,088,228 | ---- | M] () -- C:\Users\shè\Documents\cc_20150627_160548.reg
[2015-06-27 15:57:57 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015-06-27 15:55:45 | 000,788,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015-06-27 15:55:45 | 000,161,188 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015-06-27 15:50:58 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2015-06-27 15:50:55 | 000,001,043 | ---- | M] () -- C:\Users\shè\Desktop\Glary Utilities.lnk
[2015-06-27 15:48:38 | 798,101,504 | -HS- | M] () -- C:\hiberfil.sys
[2015-06-27 15:48:38 | 016,777,216 | -HS- | M] () -- C:\swapfile.sys
[2015-06-27 15:16:23 | 000,571,937 | ---- | M] () -- C:\Users\shè\Desktop\ceanboot.oxps
[2015-06-27 15:15:36 | 000,118,285 | ---- | M] () -- C:\Users\shè\Desktop\NAwww.spy-emergency.com - Trojan.Win32.pdf
[2015-06-27 15:11:32 | 001,019,028 | ---- | M] () -- C:\Users\shè\Desktop\GUT ABERmalwaretips.com.pdf
[2015-06-27 15:01:14 | 000,234,138 | ---- | M] () -- C:\Users\shè\Desktop\NAJA....dll-repair.com.pdf
[2015-06-27 14:54:37 | 000,274,168 | ---- | M] () -- C:\Users\shè\Desktop\registrycleaner.pdf
[2015-06-27 14:51:19 | 000,212,436 | ---- | M] () -- C:\Users\shè\Desktop\NAJA...www.dllfilefixer.com - verwenden-dll-tool-compobj-dll-prob.pdf
[2015-06-27 13:15:57 | 000,086,632 | ---- | M] () -- C:\Users\shè\Desktop\superuser.com - how-can-i-find-out-whats-.pdf
[2015-06-27 12:06:53 | 000,577,589 | ---- | M] () -- C:\Users\shè\Desktop\bandbreite regulieren.oxps
[2015-06-27 12:00:49 | 000,001,219 | ---- | M] () -- C:\Users\Public\Desktop\NetLimiter 4.lnk
[2015-06-27 11:59:26 | 007,120,232 | ---- | M] (Locktime Software) -- C:\Users\shè\Desktop\netlimiter-4.0.12.0.exe
[2015-06-26 23:05:32 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2015-06-26 12:43:14 | 000,977,145 | ---- | M] () -- C:\Users\shè\Desktop\how to use gmer.oxps
[2015-06-24 23:04:32 | 000,361,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2015-06-24 14:37:12 | 001,121,202 | ---- | M] () -- C:\Users\shè\Desktop\CELEX_41997A0819(01)_DE_TXT.pdf
[2015-06-24 12:50:51 | 000,217,918 | ---- | M] () -- C:\Users\shè\Documents\dubliner uebereinkommen.oxps
[2015-06-24 08:39:03 | 000,420,135 | ---- | M] () -- C:\Users\shè\Documents\facebook engl2.oxps
[2015-06-24 08:38:01 | 000,000,000 | ---- | M] () -- C:\Users\shè\Documents\facebook englisch.oxps
[2015-06-24 08:36:39 | 000,355,818 | ---- | M] () -- C:\Users\shè\Documents\facebook 4.oxps
[2015-06-24 08:36:16 | 000,443,409 | ---- | M] () -- C:\Users\shè\Documents\facebook 3.oxps
[2015-06-24 08:35:47 | 000,354,723 | ---- | M] () -- C:\Users\shè\Documents\facebook 2.oxps
[2015-06-24 08:35:24 | 000,330,011 | ---- | M] () -- C:\Users\shè\Documents\facebook 1.oxps
[2015-06-24 00:28:14 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2015.lnk
[2015-06-23 05:33:11 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2015-06-23 04:58:58 | 000,001,162 | ---- | M] () -- C:\Users\shè\Desktop\OpenOffice 4.1.1.lnk
[2015-06-23 04:48:09 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2015-06-23 04:15:14 | 000,576,430 | ---- | M] () -- C:\Users\shè\Documents\fixing error 0cx0000022.oxps
[2015-06-23 01:18:29 | 000,001,443 | ---- | M] () -- C:\Users\shè\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2015-06-23 01:07:33 | 000,000,036 | ---- | M] () -- C:\Users\shè\AppData\Local\housecall.guid.cache
[2015-06-22 15:24:25 | 000,000,184 | ---- | M] () -- C:\Windows\insFileSpec
[2015-06-22 15:24:22 | 000,000,144 | ---- | M] () -- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[2015-06-19 20:02:45 | 000,792,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2015-06-19 20:02:45 | 000,178,168 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2015-06-27 17:10:57 | 000,001,165 | ---- | C] () -- C:\Users\Public\Desktop\Spy Emergency.lnk
[2015-06-27 16:07:36 | 000,000,214 | ---- | C] () -- C:\Users\shè\Documents\cc_20150627_160732.reg
[2015-06-27 16:05:56 | 000,088,228 | ---- | C] () -- C:\Users\shè\Documents\cc_20150627_160548.reg
[2015-06-27 15:57:57 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015-06-27 15:50:58 | 000,000,316 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2015-06-27 15:50:55 | 000,001,043 | ---- | C] () -- C:\Users\shè\Desktop\Glary Utilities.lnk
[2015-06-27 15:16:20 | 000,571,937 | ---- | C] () -- C:\Users\shè\Desktop\ceanboot.oxps
[2015-06-27 15:15:37 | 000,118,285 | ---- | C] () -- C:\Users\shè\Desktop\NAwww.spy-emergency.com - Trojan.Win32.pdf
[2015-06-27 15:11:34 | 001,019,028 | ---- | C] () -- C:\Users\shè\Desktop\GUT ABERmalwaretips.com.pdf
[2015-06-27 15:01:15 | 000,234,138 | ---- | C] () -- C:\Users\shè\Desktop\NAJA....dll-repair.com.pdf
[2015-06-27 14:54:37 | 000,274,168 | ---- | C] () -- C:\Users\shè\Desktop\registrycleaner.pdf
[2015-06-27 14:51:19 | 000,212,436 | ---- | C] () -- C:\Users\shè\Desktop\NAJA...www.dllfilefixer.com - verwenden-dll-tool-compobj-dll-prob.pdf
[2015-06-27 13:15:57 | 000,086,632 | ---- | C] () -- C:\Users\shè\Desktop\superuser.com - how-can-i-find-out-whats-.pdf
[2015-06-27 12:06:51 | 000,577,589 | ---- | C] () -- C:\Users\shè\Desktop\bandbreite regulieren.oxps
[2015-06-27 12:00:49 | 000,001,219 | ---- | C] () -- C:\Users\Public\Desktop\NetLimiter 4.lnk
[2015-06-26 22:46:36 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2015-06-26 16:18:43 | 000,476,160 | ---- | C] () -- C:\Windows\System32\TabStripCtlU.ocx
[2015-06-26 16:18:13 | 000,539,648 | ---- | C] () -- C:\Windows\System32\LblCtlsU.ocx
[2015-06-26 16:17:43 | 001,061,888 | ---- | C] () -- C:\Windows\System32\ExLvwU.ocx
[2015-06-26 16:17:12 | 000,805,376 | ---- | C] () -- C:\Windows\System32\EditCtlsU.ocx
[2015-06-26 16:16:42 | 001,103,872 | ---- | C] () -- C:\Windows\System32\CBLCtlsU.ocx
[2015-06-26 16:16:12 | 000,645,632 | ---- | C] () -- C:\Windows\System32\BtnCtlsU.ocx
[2015-06-26 12:43:12 | 000,977,145 | ---- | C] () -- C:\Users\shè\Desktop\how to use gmer.oxps
[2015-06-24 14:37:09 | 001,121,202 | ---- | C] () -- C:\Users\shè\Desktop\CELEX_41997A0819(01)_DE_TXT.pdf
[2015-06-24 12:50:49 | 000,217,918 | ---- | C] () -- C:\Users\shè\Documents\dubliner uebereinkommen.oxps
[2015-06-24 08:39:01 | 000,420,135 | ---- | C] () -- C:\Users\shè\Documents\facebook engl2.oxps
[2015-06-24 08:38:01 | 000,000,000 | ---- | C] () -- C:\Users\shè\Documents\facebook englisch.oxps
[2015-06-24 08:36:38 | 000,355,818 | ---- | C] () -- C:\Users\shè\Documents\facebook 4.oxps
[2015-06-24 08:36:14 | 000,443,409 | ---- | C] () -- C:\Users\shè\Documents\facebook 3.oxps
[2015-06-24 08:35:46 | 000,354,723 | ---- | C] () -- C:\Users\shè\Documents\facebook 2.oxps
[2015-06-24 08:35:21 | 000,330,011 | ---- | C] () -- C:\Users\shè\Documents\facebook 1.oxps
[2015-06-24 03:45:28 | 000,410,017 | ---- | C] () -- C:\Windows\System32\ApnDatabase.xml
[2015-06-24 02:58:17 | 000,016,303 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2015-06-23 06:33:19 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2015.lnk
[2015-06-23 05:33:11 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2015-06-23 04:58:58 | 000,001,162 | ---- | C] () -- C:\Users\shè\Desktop\OpenOffice 4.1.1.lnk
[2015-06-23 04:48:09 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2015-06-23 04:15:12 | 000,576,430 | ---- | C] () -- C:\Users\shè\Documents\fixing error 0cx0000022.oxps
[2015-06-23 01:18:29 | 000,001,443 | ---- | C] () -- C:\Users\shè\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2015-06-23 01:07:33 | 000,000,036 | ---- | C] () -- C:\Users\shè\AppData\Local\housecall.guid.cache
[2015-06-22 15:24:26 | 000,001,449 | ---- | C] () -- C:\Users\shè\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2015-06-22 15:24:24 | 000,000,184 | ---- | C] () -- C:\Windows\insFileSpec
[2015-06-22 15:24:22 | 000,000,144 | ---- | C] () -- C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[2015-06-22 15:24:18 | 000,000,369 | ---- | C] () -- C:\Users\shè\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
[2015-06-22 15:24:18 | 000,000,369 | ---- | C] () -- C:\Users\shè\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
[2015-06-22 15:24:18 | 000,000,352 | ---- | C] () -- C:\Users\shè\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2015-06-22 15:24:18 | 000,000,334 | ---- | C] () -- C:\Users\shè\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2015-06-22 15:22:36 | 798,101,504 | -HS- | C] () -- C:\hiberfil.sys
[2015-06-22 15:19:01 | 016,777,216 | -HS- | C] () -- C:\swapfile.sys
[2014-11-09 06:39:12 | 000,050,504 | ---- | C] () -- C:\Windows\System32\rtl8723b_mp_bt40_fw_asic_rom_patch.bin
[2014-11-09 06:39:12 | 000,000,080 | ---- | C] () -- C:\Windows\System32\rtl8723b_config.bin
[2014-11-09 06:28:05 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2014-11-09 06:28:05 | 000,036,864 | ---- | C] () -- C:\Windows\runSW.exe
[2014-09-23 06:38:26 | 000,050,745 | ---- | C] () -- C:\Windows\System32\srms.dat
[2014-09-02 12:10:08 | 000,020,480 | ---- | C] () -- C:\Windows\System32\drivers\MAG_SensorDriver.sys
[2014-09-02 12:10:08 | 000,019,968 | ---- | C] () -- C:\Windows\System32\drivers\ACC_SensorDriver.sys
[2014-09-02 12:10:08 | 000,018,944 | ---- | C] () -- C:\Windows\System32\drivers\GYRO_SensorDriver.sys
[2014-09-02 12:10:02 | 000,069,632 | ---- | C] ( ) -- C:\Windows\System32\igfxDHLibv2_0.dll
[2014-09-02 12:10:02 | 000,063,488 | ---- | C] () -- C:\Windows\System32\igfxCUIServicePS.dll
[2014-09-02 12:10:02 | 000,057,856 | ---- | C] ( ) -- C:\Windows\System32\igfxDHLib.dll
[2014-09-02 12:10:02 | 000,010,752 | ---- | C] ( ) -- C:\Windows\System32\igfxDILib.dll
[2014-09-02 12:10:02 | 000,010,240 | ---- | C] ( ) -- C:\Windows\System32\igfxEMLibv2_0.dll
[2014-09-02 12:10:02 | 000,010,240 | ---- | C] ( ) -- C:\Windows\System32\igfxEMLib.dll
[2014-09-02 12:10:02 | 000,010,240 | ---- | C] ( ) -- C:\Windows\System32\igfxDILibv2_0.dll
[2014-09-02 12:10:02 | 000,005,120 | ---- | C] ( ) -- C:\Windows\System32\igfxLHMLibv2_0.dll
[2014-09-02 12:10:02 | 000,005,120 | ---- | C] ( ) -- C:\Windows\System32\igfxLHMLib.dll
[2014-09-02 12:10:00 | 000,349,112 | ---- | C] () -- C:\Windows\System32\igdmd32.dll
[2014-09-02 12:10:00 | 000,183,808 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2014-09-02 12:10:00 | 000,142,848 | ---- | C] () -- C:\Windows\System32\igdail32.dll
[2014-09-02 12:09:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2014-09-02 12:09:58 | 000,000,895 | ---- | C] () -- C:\Windows\System32\Gfxv2_0.exe.config
[2014-09-02 12:09:58 | 000,000,895 | ---- | C] () -- C:\Windows\System32\DPTopologyAppv2_0.exe.config
[2014-09-02 12:09:58 | 000,000,889 | ---- | C] () -- C:\Windows\System32\Gfxv4_0.exe.config
[2014-09-02 12:09:58 | 000,000,889 | ---- | C] () -- C:\Windows\System32\DPTopologyApp.exe.config
[2014-09-02 12:09:56 | 009,849,700 | ---- | C] () -- C:\Windows\System32\drivers\isp_firmware.bin
[2014-09-02 12:09:56 | 000,526,484 | ---- | C] () -- C:\Windows\System32\drivers\realtek_fw_sst.bin
[2014-09-02 12:09:56 | 000,038,400 | ---- | C] () -- C:\Windows\System32\drivers\IntelBatteryManagement.sys
[2014-09-02 12:09:56 | 000,000,895 | ---- | C] () -- C:\Windows\System32\CustomModeAppv2_0.exe.config
[2014-09-02 12:09:56 | 000,000,889 | ---- | C] () -- C:\Windows\System32\CustomModeApp.exe.config
[2014-03-18 00:49:08 | 000,262,335 | ---- | C] () -- C:\Windows\System32\dfpinc.dat
[2014-03-18 00:48:53 | 000,103,936 | ---- | C] () -- C:\Windows\System32\OEMLicense.dll
[2014-03-18 00:48:51 | 000,002,255 | ---- | C] () -- C:\Windows\System32\WimBootCompress.ini
[2013-08-22 01:19:09 | 000,788,686 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2013-08-22 01:19:09 | 000,296,742 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2013-08-22 01:19:09 | 000,161,188 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2013-08-22 01:19:09 | 000,033,362 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2013-08-22 01:17:31 | 000,000,389 | ---- | C] () -- C:\Windows\System32\AutoWorkplace.exe.config
[2013-08-22 01:17:30 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2013-08-22 01:17:29 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2013-08-22 00:24:03 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013-08-22 00:22:45 | 000,361,880 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-08-21 20:33:54 | 000,073,216 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2013-08-21 20:32:36 | 000,046,080 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2013-08-21 16:57:03 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013-08-21 16:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2013-08-21 16:52:35 | 001,520,828 | ---- | C] () -- C:\Windows\System32\WpcNBModel.bin
[2013-08-21 16:52:35 | 000,526,068 | ---- | C] () -- C:\Windows\System32\staticurllist.bin
[2013-08-21 16:50:57 | 000,008,192 | ---- | C] () -- C:\Windows\System32\settings.dat
[2013-07-01 20:40:44 | 000,001,536 | ---- | C] () -- C:\Windows\System32\IusEventLog.dll
========== ZeroAccess Check ==========
[2014-11-09 06:48:25 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015-02-12 10:34:06 | 019,731,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013-08-21 19:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2013-08-21 19:42:12 | 000,390,144 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2015-06-24 00:28:13 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2015-06-24 00:28:13 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2015-06-23 06:34:29 | 000,000,000 | ---D | M] -- C:\Users\shè\AppData\Roaming\AVG2015
[2015-06-27 15:55:24 | 000,000,000 | ---D | M] -- C:\Users\shè\AppData\Roaming\GlarySoft
[2015-06-26 21:06:44 | 000,000,000 | ---D | M] -- C:\Users\shè\AppData\Roaming\Hotspot Shield
[2015-06-27 12:02:26 | 000,000,000 | ---D | M] -- C:\Users\shè\AppData\Roaming\Locktime
[2015-06-27 11:59:50 | 000,000,000 | ---D | M] -- C:\Users\shè\AppData\Roaming\Locktime Software
[2015-06-26 20:55:41 | 000,000,000 | ---D | M] -- C:\Users\shè\AppData\Roaming\OpenOffice
[2015-06-26 16:33:00 | 000,000,000 | ---D | M] -- C:\Users\shè\AppData\Roaming\PDF Writer
[2015-06-23 04:48:16 | 000,000,000 | ---D | M] -- C:\Users\shè\AppData\Roaming\Simply Super Software
[2015-06-27 17:18:29 | 000,000,000 | ---D | M] -- C:\Users\shè\AppData\Roaming\Spy Emergency
[2015-06-23 06:33:19 | 000,000,000 | ---D | M] -- C:\Users\shè\AppData\Roaming\TuneUp Software
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >
2.Teil:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 2015-06-27 6:58:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\shè\Downloads
An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17842)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd
951.41 Mb Total Physical Memory | 61.93 Mb Available Physical Memory | 6.51% Memory free
3.21 Gb Paging File | 0.70 Gb Available in Paging File | 21.77% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 23.14 Gb Total Space | 15.08 Gb Free Space | 65.16% Space Free | Partition Type: NTFS
Computer Name: XHÈ | User Name: shè | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{079AB5FF-C595-48E8-8649-54351D3D692E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2015\avgmfapx.exe |
"{0886F145-51CF-4F8D-A6D5-BD6D4D3EF0C5}" = dir=out | name=onenote |
"{0E98616A-3A99-4277-BEA3-223AE9F18F81}" = dir=out | name=@{ad2f1837.gettingstartedwithwindows8_1.6.0.0_neutral__v10z8vjag6ke6?ms-resource://ad2f1837.gettingstartedwithwindows8/resources/id_app_title} |
"{13CC65DA-EDDC-4DDA-919E-999D11740B2A}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{1B8B5CFC-3673-426C-913F-2CDC5F706A53}" = protocol=6 | dir=in | app=c:\program files\avg\avg2015\avgdiagex.exe |
"{206C1A4E-4FAE-4963-8252-9C124B8BFC3C}" = dir=out | name=@{microsoft.bingsports_3.0.4.322_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{2841EC50-8960-4EA1-9A42-EB0ECD254B7A}" = dir=out | name=@{microsoft.bingtravel_3.0.4.322_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{2DF2E2B0-A588-4810-90EB-4C394CAB983F}" = dir=in | name=junipernetworks.junospulsevpn |
"{331D3F10-92E3-4211-9259-CAF9D02FCE86}" = dir=out | name=junipernetworks.junospulsevpn |
"{354B3410-E3DC-4862-B025-E742F51E2853}" = protocol=6 | dir=in | app=c:\program files\avg\avg2015\avgmfapx.exe |
"{3753DAF9-EC78-4100-8A5D-2BB0D34ABF40}" = dir=out | name=@{microsoft.bingfinance_3.0.4.323_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{438B4337-4590-4727-93E3-F67277595188}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.322_x86__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{489524BA-3BA1-4766-890B-88CDB35DC310}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{5707FD30-1853-486D-A325-6E937EBB4C83}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20856_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{66218FB7-C438-4CD0-922C-79B42368EFDB}" = dir=out | name=@{microsoft.zunemusic_2.6.672.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{70046FD2-2B71-4972-9FAD-6BD37CF68029}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{7AD4C18C-A052-4894-85B6-98911F6A51B3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2015\avgemcx.exe |
"{80E83D99-D49D-46E5-984B-F9A02025D223}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20856_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{835E0E77-65D1-4FAA-AA5E-AC67565A94FB}" = dir=out | name=sonicwall.mobileconnect |
"{83894E1A-5030-41C1-A3B1-E9B277E85809}" = protocol=17 | dir=in | app=c:\program files\avg\avg2015\avgdiagex.exe |
"{88BE8280-918A-4BD7-8106-58CDC99D2A50}" = dir=out | name=windows_ie_ac_001 |
"{9A2FD01E-4A1C-4E1A-A2D6-96B1241256BA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9D56B1CD-8830-4677-86EA-AA532FEA2142}" = dir=out | name=@{microsoft.bingweather_3.0.4.322_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |
"{A5FC0ADE-A1BE-4963-AB88-E7DD8884E7E5}" = dir=in | name=snapfish |
"{A7A81EAA-6712-46CF-9E8D-ED219FE7D019}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A9080F4C-BE69-49F6-87CD-FAE444526D27}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{AA2B0E53-FA9E-4A19-A5D3-12B75B1D3E0A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2015\avgnsx.exe |
"{AF4CD98F-A6B6-4B1C-8D65-661A94CE0BDE}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{BEF6B631-97DB-45D6-A55E-E0B68AA5F2DC}" = dir=out | name=snapfish |
"{C6182E4B-10FC-4083-A766-458080D68E73}" = dir=in | name=f5.vpn.client |
"{C741B669-8494-4CEB-8614-1C98FB8F413D}" = dir=in | name=onenote |
"{C8D37BCC-4511-47F9-9EFC-11BACD7884AB}" = dir=out | name=skype |
"{CE4ABD68-2ABE-47FF-B8BD-F883695BF548}" = dir=out | name=@{microsoft.bingnews_3.0.4.322_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{CF8A292C-750A-4719-832D-149932B51745}" = protocol=17 | dir=in | app=c:\program files\avg\avg2015\avgnsx.exe |
"{D52CB194-0A00-4CA5-B044-58D3EF3499DF}" = dir=in | name=@{ad2f1837.gettingstartedwithwindows8_1.6.0.0_neutral__v10z8vjag6ke6?ms-resource://ad2f1837.gettingstartedwithwindows8/resources/id_app_title} |
"{D9C1058A-681E-4988-BF71-38CAA6162D0B}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.322_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{DD9777DC-C9DE-40C0-A56F-6B99C7D91762}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{E20BB53A-3BDC-460D-BAEE-FFDC117AB485}" = dir=in | name=sonicwall.mobileconnect |
"{E4BE5589-3348-48BE-898B-BB8C738CDC3E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2015\avgemcx.exe |
"{E6A4BE21-4183-455E-8C07-84C78011B261}" = dir=out | name=checkpoint.vpn |
"{EA997832-A7CA-479A-AE75-0321D4FFAEF9}" = dir=out | name=@{microsoft.zunevideo_2.6.441.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{F562F4E9-D490-4DBD-89C9-5801ED8DDBF9}" = dir=out | name=hp registration |
"{F9F59BE0-6080-4ADC-9204-F6C79F251088}" = dir=out | name=hp connected music |
"{FA35BA80-EA4B-48FD-9FEF-74E9E0B3FEC7}" = dir=in | name=checkpoint.vpn |
"{FDC2F9AF-7E59-486F-8A73-F748888C6B3F}" = dir=in | name=skype |
"{FE5EA256-AD54-4FD8-B211-1263089653FF}" = dir=out | name=f5.vpn.client |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}" = Cisco PEAP Module
"{176E2755-0A17-42C6-88E2-192AB2131278}" = Intel(R) Trusted Execution Engine
"{192979A0-37F4-4703-B1BB-62052142CE44}" = REALTEK Bluetooth
"{330A4B75-13DC-4643-84D7-B25820508E25}" = AVG 2015
"{33AABC60-A52F-41FF-B2B9-17321240CD5}" = REALTEK Wireless LAN Driver
"{4BE64DB8-771F-42D0-B120-EFB738C40215}" = kxaccel-1.0.13.20-win8-x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6D5305DC-8124-47AA-8EB8-D00C51048A93}" = Intel(R) Trusted Execution Engine Driver
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89A448AA-3301-46AA-AFC3-34F2D7C670E8}" = Realtek I2S Audio
"{8AD64734-8040-4A69-BABB-0DB3FD6FB8C3}" = NetLimiter 4
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A875E145-5434-48D4-A53A-6ABBF7235FFD}" = AVG 2015
"{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}" = OpenOffice 4.1.1
"{AF312B06-5C5C-468E-89B3-BE6DE2645722}" = Cisco LEAP Module
"{B7EC5C10-E557-4A2B-A4EB-494F166A87E1}" = HP Documentation
"{B99DC3D1-C45C-4C33-A1AA-086F1EF51C46}" = Intel(R) Trusted Execution Engine
"{DD43EA67-DAF3-4879-BFF7-E534675BDEA5}" = HP PC Hardware Diagnostics UEFI
"{EACD3CC2-8923-45B4-9ED3-818D983C5CAE}" = HP Registration Service
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"7-PDF Printer_is1" = 7-PDF Printer 10.11.0.2342
"9B850DEC9F528A80EF96519B4987C5F90EF303B8" = Windows Driver Package - Kionix, Inc. (kxspb) Sensor I/O devices (06/26/2014 1.2.6.3)
"A29252E022AC11B53F70404D9A02C2B623F7A4BB" = Windows Driver Package - Kionix, Inc. (WUDFRd) Sensor (06/26/2014 1.0.13.20)
"AVG" = AVG 2015
"CCleaner" = CCleaner
"Glary Utilities_is1" = Glary Utilities 2.56.0.1822
"HotspotShield" = Hotspot Shield 4.15.3
"InstallShield_{192979A0-37F4-4703-B1BB-62052142CE44}" = REALTEK Bluetooth
"NetLimiter 4 4.0.12.0" = NetLimiter 4
"Spy Emergency_is1" = Spy Emergency
"Trojan Remover_is1" = Trojan Remover 6.9.2.2938
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2015-06-25 8:18:53 PM | Computer Name = xhè | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 26235
Error - 2015-06-25 8:18:53 PM | Computer Name = xhè | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 26235
Error - 2015-06-25 8:18:56 PM | Computer Name = xhè | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 2015-06-25 8:25:22 PM | Computer Name = xhè | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 29016
Error - 2015-06-25 8:25:22 PM | Computer Name = xhè | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 29016
Error - 2015-06-25 11:53:15 PM | Computer Name = xhè | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 2015-06-25 11:53:15 PM | Computer Name = xhè | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14812
Error - 2015-06-25 11:53:15 PM | Computer Name = xhè | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14812
Error - 2015-06-26 5:58:39 PM | Computer Name = xhè | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x8898008d)
Error - 2015-06-27 8:05:40 PM | Computer Name = xhè | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 11.0.9600.17840 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1a3c Start
Time: 01d0b1335e4a41d3 Termination Time: 93 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 65fbbc73-1d29-11e5-972f-adb04b6ef5e4 Faulting package
full name: Faulting package-relative application ID:
[ System Events ]
Error - 2015-06-27 8:04:54 PM | Computer Name = xhè | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 10. The Windows SChannel error state is 10.
Error - 2015-06-27 8:04:54 PM | Computer Name = xhè | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 10. The Windows SChannel error state is 10.
Error - 2015-06-27 8:15:05 PM | Computer Name = xhè | Source = Service Control Manager | ID = 7000
Description = The Spy Emergency Health Check service failed to start due to the
following error: %%3
Error - 2015-06-27 8:19:21 PM | Computer Name = xhè | Source = DCOM | ID = 10010
Description =
Error - 2015-06-27 9:46:53 PM | Computer Name = xhè | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 10. The Windows SChannel error state is 10.
Error - 2015-06-27 9:46:54 PM | Computer Name = xhè | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 10. The Windows SChannel error state is 10.
Error - 2015-06-27 9:47:01 PM | Computer Name = xhè | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 10. The Windows SChannel error state is 10.
Error - 2015-06-27 9:47:02 PM | Computer Name = xhè | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 10. The Windows SChannel error state is 10.
Error - 2015-06-27 9:47:19 PM | Computer Name = xhè | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 10. The Windows SChannel error state is 10.
Error - 2015-06-27 9:47:20 PM | Computer Name = xhè | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This
may result in termination of the connection. The TLS protocol defined fatal error
code is 10. The Windows SChannel error state is 10.
< End of report >
Ich stehe bereits seit Jahren unter der Gewalt von diesen Cyber Kriminellen und benötige dringend Schutz. Bitte kann mir jemand mit Rat und Tat zur Seite stehen? Mir geht es nicht um ein paar Dateien (Musik, etc.) die verloren gehen könnten, sondern (ich möchte jetzt nicht kitschig klingen, aber ich würde lügen, wenn ich was anderes sagen würde) um mein Leben. Vielen Dank im Vorraus. |
|
28.06.2015, 10:02
| #2 |
| /// the machine /// TB-Ausbilder    | win8.1 tablet mit unbekanntem wiederkehrenden Trojaner infiziert hi,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
28.06.2015, 11:08
| #3 |
| | win8.1 tablet mit unbekanntem wiederkehrenden Trojaner infiziert Danke für deine fixe Antwort.
__________________Ich habe das Programm sofort gestartet. Hier die Ergebnisse: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-06-2015
Ran by shè (administrator) on XHÈ on 28-06-2015 12:09:09
Running from C:\Users\shè\Downloads
Loaded Profiles: shè (Available Profiles: shè)
Platform: Microsoft Windows 8.1 with Bing (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files\Hotspot Shield\bin\hsswd.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
() C:\Program Files\ShootnSave\ShootnSave.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Glarysoft Ltd) C:\Program Files\Glary Utilities\Integrator.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\af_proxy_cmd.exe
() C:\Program Files\Hotspot Shield\bin\openvpn.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Apache Software Foundation) C:\Program Files\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files\OpenOffice 4\program\soffice.bin
(Farbar) C:\Users\shè\Downloads\qwe.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [7750144 2014-09-10] (Realtek Semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\System32\DptfPolicyLpmServiceHelper.exe [83048 2014-09-02] (Intel Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3727824 2015-06-16] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-677420604-2726472551-1300724813-1001\...\Run: [NetLimiter] => C:\Program Files\Locktime Software\NetLimiter 4\nlclientapp.exe [52352 2015-06-03] (Locktime Software)
HKU\S-1-5-21-677420604-2726472551-1300724813-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6369048 2015-05-08] (Piriform Ltd)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13-comm.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13-comm.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13-comm.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13-comm.msn.com
HKU\S-1-5-21-677420604-2726472551-1300724813-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-677420604-2726472551-1300724813-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13-comm.msn.com
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
FireFox:
========
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-12] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-12] (Intel Corporation)
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-16] (AVG Technologies CZ, s.r.o.)
R2 BTDevManager; C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe [114688 2014-08-27] () [File not signed]
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280680 2014-09-02] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [85096 2014-09-02] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [98920 2014-09-02] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [92264 2014-09-02] (Intel Corporation)
R2 HP Support Assistant Service; C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [93184 2014-08-21] (Hewlett-Packard Company) [File not signed]
R2 hshld; C:\Program Files\Hotspot Shield\bin\cmw_srv.exe [1169616 2015-06-03] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [96600 2015-06-03] ()
R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [589520 2015-06-03] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [279656 2014-09-02] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [242816 2015-06-03] (Locktime Software)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-21] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [66560 2014-04-14] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-21] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-21] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1222144 2014-09-23] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACC_SensorDriver; C:\Windows\System32\drivers\ACC_SensorDriver.sys [19968 2014-09-02] ()
S0 Avgbootx; C:\Windows\System32\DRIVERS\avgbootx.sys [19104 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [227808 2015-05-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [190944 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\system32\DRIVERS\avgidsshimw8x.sys [29664 2015-05-14] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [169440 2015-05-12] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpx; C:\Windows\system32\DRIVERS\avgwfpx.sys [219616 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63.sys [7783600 2013-07-01] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [186880 2014-03-18] (Microsoft Corporation)
R3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [24064 2013-08-21] (Microsoft Corporation)
R3 camera; C:\Windows\system32\DRIVERS\camera.sys [461312 2014-09-02] (Intel Corporation)
S3 DptfDevAmbient; C:\Windows\System32\drivers\DptfDevAmbient.sys [36352 2014-09-02] (Intel Corporation)
R3 DptfDevDBPT; C:\Windows\system32\DRIVERS\DptfDevPower.sys [17408 2014-09-02] (Intel Corporation)
S3 DptfDevDisplay; C:\Windows\System32\drivers\DptfDevDisplay.sys [19968 2014-09-02] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [28160 2014-09-02] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [72704 2014-09-02] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [174080 2014-09-02] (Intel Corporation)
S3 gc2235; C:\Windows\System32\drivers\gc2235.sys [44032 2014-06-27] (Intel Corporation)
R3 gc310; C:\Windows\system32\DRIVERS\gc310.sys [40448 2014-09-02] (Intel Corporation)
R3 GoodixTouchDriver; C:\Windows\System32\drivers\GoodixTouchDriver.sys [41984 2014-09-10] (Windows (R) Win 7 DDK provider)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [23552 2014-09-02] (Intel Corporation)
R3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [16896 2014-09-02] (Intel Corporation)
S3 GYRO_SensorDriver; C:\Windows\System32\drivers\GYRO_SensorDriver.sys [18944 2014-09-02] ()
R3 hm2056; C:\Windows\System32\drivers\hm2056.sys [43008 2014-06-27] (Intel Corporation)
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [39624 2015-05-07] (AnchorFree Inc.)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [62464 2014-09-02] (Intel Corporation)
R3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [87552 2014-09-02] (Intel Corporation)
S3 intaud_WaveExtensible; C:\Windows\system32\drivers\intelaud.sys [32152 2014-05-06] (Intel Corporation)
S3 IntelBatteryManagement; C:\Windows\System32\drivers\IntelBatteryManagement.sys [38400 2014-09-02] ()
R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [263168 2014-09-02] (Intel(R) Corporation)
R3 iwdbus; C:\Windows\System32\drivers\iwdbus.sys [23448 2014-05-06] (Intel Corporation)
R3 kxspb; C:\Windows\System32\drivers\kxspb.sys [46928 2014-07-03] (Kionix, Inc.)
S3 MAG_SensorDriver; C:\Windows\System32\drivers\MAG_SensorDriver.sys [20480 2014-09-02] ()
R0 MBI; C:\Windows\System32\drivers\MBI.sys [21968 2014-09-02] (Intel Corporation)
R2 nldrv; C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys [88976 2015-06-03] (Locktime Software)
S3 ov5648; C:\Windows\System32\drivers\ov5648.sys [58880 2014-09-12] (Intel Corporation)
R3 PMIC; C:\Windows\System32\drivers\PMIC.sys [66560 2014-09-02] (Intel Corporation)
R3 rtii2sac; C:\Windows\system32\DRIVERS\rtii2sac.sys [207064 2014-09-23] (Realtek Semiconductor Corp.)
R3 RtkUart; C:\Windows\System32\drivers\RtkUart.sys [508120 2014-08-12] (Realtek Semiconductor Corporation)
R3 RtlWlans; C:\Windows\system32\DRIVERS\rtwlans.sys [2800856 2014-10-09] (Realtek Semiconductor Corporation )
S3 SensorFusion; C:\Windows\System32\drivers\HIDFusion.sys [59240 2014-09-02] (Intel Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [188416 2014-09-23] (Microsoft Corporation)
R1 ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [31848 2015-05-27] (Avira Operations GmbH & Co. KG)
S3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [37064 2015-05-07] (Anchorfree Inc.)
R3 TXEI; C:\Windows\System32\drivers\TXEI.sys [75792 2014-09-02] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [84800 2014-09-21] (Microsoft Corporation)
R0 Wof; C:\Windows\system32\Drivers\Wof.sys [138584 2014-09-23] (Microsoft Corporation)
R3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [188416 2014-09-23] (Microsoft Corporation)
S3 pgldipob; C:\pgldipob.sys [104960 2015-06-28] (GMER) [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-28 12:09 - 2015-06-28 12:09 - 00014683 _____ C:\Users\shè\Downloads\FRST.txt
2015-06-28 12:08 - 2015-06-28 12:09 - 00000000 ____D C:\FRST
2015-06-28 12:06 - 2015-06-28 12:06 - 01636352 _____ (Farbar) C:\Users\shè\Downloads\qwe.exe
2015-06-28 10:56 - 2015-06-28 10:56 - 00104960 _____ (GMER) C:\pgldipob.sys
2015-06-28 09:41 - 2015-06-28 09:41 - 00000964 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shoot'n Save.lnk
2015-06-28 09:41 - 2015-06-28 09:41 - 00000952 _____ C:\Users\Public\Desktop\Shoot'n Save.lnk
2015-06-28 09:41 - 2015-06-28 09:41 - 00000952 _____ C:\ProgramData\Desktop\Shoot'n Save.lnk
2015-06-28 09:41 - 2015-06-28 09:41 - 00000000 ____D C:\Program Files\ShootnSave
2015-06-28 09:40 - 2015-06-28 09:40 - 00000000 ____D C:\Users\shè\AppData\Roaming\Chip Digital GmbH
2015-06-28 09:34 - 2015-06-28 09:34 - 01198368 _____ C:\Users\shè\Downloads\bildbe.exe
2015-06-28 09:32 - 2015-06-28 09:32 - 01198368 _____ C:\Users\shè\Downloads\Shoot n Save - CHIP-Installer.exe
2015-06-28 02:54 - 2015-06-28 02:54 - 00001118 _____ C:\Users\shè\Documents\cc_20150628_025435.reg
2015-06-28 02:20 - 2015-06-28 02:20 - 00010818 _____ C:\Users\shè\Documents\cc_20150628_021957.reg
2015-06-27 23:15 - 2015-06-27 23:21 - 00000000 ____D C:\Users\shè\Desktop\creams
2015-06-27 19:21 - 2015-06-27 19:37 - 00141918 _____ C:\Users\shè\Downloads\OTL.Txt
2015-06-27 19:21 - 2015-06-27 19:21 - 00035720 _____ C:\Users\shè\Downloads\Extras.Txt
2015-06-27 18:55 - 2015-06-27 18:55 - 00602112 _____ (OldTimer Tools) C:\Users\shè\Downloads\pferd.exe
2015-06-27 17:09 - 2015-06-27 17:09 - 24866456 _____ (NETGATE Technologies s.r.o. ) C:\Users\shè\Downloads\se-setup.exe
2015-06-27 17:05 - 2015-06-27 17:05 - 00231656 _____ C:\Users\shè\Downloads\freedllfixer_setup-46070987.exe
2015-06-27 16:57 - 2015-06-27 16:57 - 00000296 _____ C:\Users\shè\Downloads\RootkitRemover_20150627_165749.log
2015-06-27 16:56 - 2015-06-27 16:56 - 00000296 _____ C:\Users\shè\Downloads\RootkitRemover_20150627_165623.log
2015-06-27 16:54 - 2015-06-27 16:54 - 00000296 _____ C:\Users\shè\Downloads\RootkitRemover_20150627_165431.log
2015-06-27 16:53 - 2015-06-27 16:53 - 00783120 _____ (McAfee, Inc.) C:\Users\shè\Downloads\rraffe.exe
2015-06-27 16:39 - 2015-06-27 16:39 - 00380416 _____ C:\Users\shè\Downloads\Gmer-19357.exe
2015-06-27 16:22 - 2015-06-27 16:23 - 00177792 _____ C:\Users\shè\Downloads\d3drm.zip
2015-06-27 16:07 - 2015-06-27 16:07 - 00000214 _____ C:\Users\shè\Documents\cc_20150627_160732.reg
2015-06-27 16:05 - 2015-06-27 16:06 - 00088228 _____ C:\Users\shè\Documents\cc_20150627_160548.reg
2015-06-27 15:57 - 2015-06-27 15:57 - 00000984 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-06-27 15:57 - 2015-06-27 15:57 - 00000984 _____ C:\ProgramData\Desktop\CCleaner.lnk
2015-06-27 15:57 - 2015-06-27 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-06-27 15:57 - 2015-06-27 15:57 - 00000000 ____D C:\Program Files\CCleaner
2015-06-27 15:55 - 2015-06-27 15:55 - 00000000 ____D C:\Users\shè\AppData\Roaming\GlarySoft
2015-06-27 15:50 - 2015-06-28 09:03 - 00000316 _____ C:\Windows\Tasks\GlaryInitialize.job
2015-06-27 15:50 - 2015-06-27 15:50 - 00001043 _____ C:\Users\shè\Desktop\Glary Utilities.lnk
2015-06-27 15:50 - 2015-06-27 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
2015-06-27 15:50 - 2015-06-27 15:50 - 00000000 ____D C:\Program Files\Glary Utilities
2015-06-27 15:42 - 2015-06-27 15:42 - 05313056 _____ (Piriform Ltd) C:\Users\shè\Downloads\yhb2.exe
2015-06-27 15:41 - 2015-06-27 15:41 - 06685392 _____ (Glarysoft Ltd ) C:\Users\shè\Downloads\yhb.exe
2015-06-27 15:29 - 2015-06-27 15:29 - 24866456 _____ (NETGATE Technologies s.r.o. ) C:\Users\shè\Downloads\asdfg.exe
2015-06-27 15:16 - 2015-06-27 15:16 - 00571937 _____ C:\Users\shè\Desktop\ceanboot.oxps
2015-06-27 14:36 - 2015-06-28 12:10 - 00000000 ____D C:\Users\shè\Desktop\TrojanWin32DelCommand & Win32BaiduIebar
2015-06-27 13:51 - 2015-06-27 13:52 - 00000000 ____D C:\Users\shè\Desktop\rundell.32.exe
2015-06-27 12:06 - 2015-06-27 12:06 - 00577589 _____ C:\Users\shè\Desktop\bandbreite regulieren.oxps
2015-06-27 12:02 - 2015-06-27 12:02 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin
2015-06-27 12:02 - 2015-06-27 12:02 - 00000000 ____D C:\Users\shè\AppData\Roaming\Locktime
2015-06-27 12:00 - 2015-06-27 12:00 - 00001219 _____ C:\Users\Public\Desktop\NetLimiter 4.lnk
2015-06-27 12:00 - 2015-06-27 12:00 - 00001219 _____ C:\ProgramData\Desktop\NetLimiter 4.lnk
2015-06-27 12:00 - 2015-06-27 12:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetLimiter 4
2015-06-27 12:00 - 2015-06-27 12:00 - 00000000 ____D C:\ProgramData\Locktime
2015-06-27 12:00 - 2015-06-27 12:00 - 00000000 ____D C:\Program Files\Locktime Software
2015-06-27 11:59 - 2015-06-27 11:59 - 00000000 ____D C:\Users\shè\AppData\Roaming\Locktime Software
2015-06-26 23:03 - 2015-06-27 15:48 - 00000000 ____D C:\Windows\Minidump
2015-06-26 22:46 - 2015-06-26 23:05 - 00001029 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2015-06-26 22:46 - 2015-06-26 23:05 - 00001029 _____ C:\ProgramData\Desktop\Hotspot Shield.lnk
2015-06-26 22:45 - 2015-06-26 23:05 - 00000000 ____D C:\Program Files\Hotspot Shield
2015-06-26 22:45 - 2015-06-26 22:46 - 00000000 ____D C:\ProgramData\Hotspot Shield
2015-06-26 22:45 - 2015-06-26 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2015-06-26 22:45 - 2015-05-07 16:18 - 00039624 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys
2015-06-26 21:06 - 2015-06-26 21:06 - 00000000 ____D C:\Users\shè\AppData\Roaming\Hotspot Shield
2015-06-26 20:55 - 2015-06-26 20:55 - 00000000 ____D C:\Users\shè\AppData\Roaming\OpenOffice
2015-06-26 16:33 - 2015-06-26 16:33 - 00000000 ____D C:\Users\shè\AppData\Roaming\PDF Writer
2015-06-26 16:33 - 2015-06-26 16:33 - 00000000 ____D C:\Users\shè\AppData\Local\PDF Writer
2015-06-26 16:27 - 2015-06-26 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-PDF
2015-06-26 16:23 - 2008-07-09 08:38 - 00103424 _____ (Bullzip) C:\Windows\system32\bzDCT.dll
2015-06-26 16:22 - 2014-11-19 08:38 - 00228352 _____ (Bullzip) C:\Windows\system32\bzFlRdr.dll
2015-06-26 16:19 - 2015-06-26 16:24 - 00000000 ____D C:\Program Files\Common Files\7-PDF
2015-06-26 16:18 - 2013-07-12 14:57 - 00539648 _____ C:\Windows\system32\LblCtlsU.ocx
2015-06-26 16:18 - 2013-04-05 05:55 - 00476160 _____ C:\Windows\system32\TabStripCtlU.ocx
2015-06-26 16:17 - 2013-07-13 04:15 - 00805376 _____ C:\Windows\system32\EditCtlsU.ocx
2015-06-26 16:17 - 2013-03-03 06:37 - 01061888 _____ C:\Windows\system32\ExLvwU.ocx
2015-06-26 16:16 - 2013-09-01 04:59 - 01103872 _____ C:\Windows\system32\CBLCtlsU.ocx
2015-06-26 16:16 - 2013-03-28 15:13 - 00645632 _____ C:\Windows\system32\BtnCtlsU.ocx
2015-06-26 16:15 - 1999-05-12 15:00 - 01064456 _____ (Microsoft Corporation) C:\Windows\system32\mscomctl.ocx
2015-06-26 16:15 - 1999-05-06 16:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.OCX
2015-06-26 16:13 - 2015-06-26 16:30 - 00000000 ____D C:\ProgramData\PDF Writer
2015-06-26 16:13 - 2015-06-26 16:13 - 00000000 ____D C:\Program Files\7-PDF
2015-06-26 16:12 - 2015-06-26 16:12 - 06889574 _____ C:\Users\shè\Downloads\Setup_7PDF_10_11_0_2342_FREE.zip
2015-06-26 16:09 - 2015-06-26 16:09 - 01198368 _____ C:\Users\shè\Downloads\7 PDF Printer - CHIP-Installer.exe
2015-06-26 15:56 - 2015-06-26 15:56 - 00005047 _____ C:\Users\shè\Downloads\26022015Brief.html
2015-06-26 12:50 - 2015-06-26 12:52 - 109314472 _____ (Agnitum, Ltd. ) C:\Users\shè\Downloads\hguh.exe
2015-06-26 12:43 - 2015-06-26 12:43 - 00977145 _____ C:\Users\shè\Desktop\how to use gmer.oxps
2015-06-26 12:28 - 2015-06-26 12:28 - 00000000 _____ C:\Users\shè\Downloads\Gmer-19357.reg
2015-06-26 12:27 - 2015-06-26 12:27 - 00000000 _____ C:\Users\shè\Downloads\Gmer-19357.bat
2015-06-26 12:18 - 2015-06-26 12:18 - 00003759 _____ C:\Users\shè\Documents\gmer unvollstaendige log file.log
2015-06-26 12:13 - 2015-06-26 12:13 - 00380416 _____ C:\Users\shè\Downloads\mere.exe
2015-06-26 12:10 - 2015-06-26 12:10 - 00380416 _____ C:\Users\shè\Downloads\ere.exe
2015-06-26 11:48 - 2015-06-26 12:44 - 00000000 ____D C:\Users\shè\Desktop\kanada
2015-06-25 15:31 - 2015-06-26 20:38 - 00000000 ____D C:\Users\shè\Desktop\inbox wm.engineer@mail
2015-06-25 09:30 - 2015-06-26 11:48 - 00000000 ____D C:\Users\shè\Desktop\hoso
2015-06-24 23:01 - 2015-06-24 23:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-24 23:01 - 2015-06-24 23:01 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-24 17:22 - 2015-06-24 17:25 - 00000000 ____D C:\Windows\system32\MRT
2015-06-24 17:21 - 2015-05-27 00:03 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-24 17:05 - 2015-04-30 13:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-24 12:50 - 2015-06-24 12:50 - 00217918 _____ C:\Users\shè\Documents\dubliner uebereinkommen.oxps
2015-06-24 12:39 - 2015-06-25 13:53 - 00000000 ____D C:\Users\shè\Desktop\inbox michawoche
2015-06-24 08:39 - 2015-06-24 08:39 - 00420135 _____ C:\Users\shè\Documents\facebook engl2.oxps
2015-06-24 08:38 - 2015-06-24 08:38 - 00000000 _____ C:\Users\shè\Documents\facebook englisch.oxps
2015-06-24 08:36 - 2015-06-24 08:36 - 00443409 _____ C:\Users\shè\Documents\facebook 3.oxps
2015-06-24 08:36 - 2015-06-24 08:36 - 00355818 _____ C:\Users\shè\Documents\facebook 4.oxps
2015-06-24 08:35 - 2015-06-24 08:35 - 00354723 _____ C:\Users\shè\Documents\facebook 2.oxps
2015-06-24 08:35 - 2015-06-24 08:35 - 00330011 _____ C:\Users\shè\Documents\facebook 1.oxps
2015-06-24 03:46 - 2015-02-05 18:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-06-24 03:45 - 2015-05-22 06:08 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-24 03:45 - 2015-05-21 06:07 - 00901120 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-24 03:45 - 2015-05-21 06:07 - 00878592 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-24 03:45 - 2015-05-21 06:07 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-24 03:45 - 2015-05-21 06:07 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-24 03:45 - 2015-05-21 06:07 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-24 03:45 - 2015-05-21 06:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-24 03:45 - 2015-04-16 15:07 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-24 03:45 - 2015-03-12 17:27 - 00410017 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-24 03:45 - 2014-09-21 19:40 - 00219968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-06-24 03:45 - 2014-09-21 19:40 - 00084800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-06-24 03:45 - 2014-09-21 19:39 - 00029688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-06-24 03:45 - 2014-09-02 15:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-06-24 03:44 - 2014-10-31 16:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-06-24 03:44 - 2014-10-12 19:37 - 00108864 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-06-24 03:44 - 2014-10-10 17:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-06-24 03:44 - 2014-10-07 23:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-06-24 03:44 - 2014-10-07 23:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-06-24 03:44 - 2014-10-07 22:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-06-24 03:44 - 2014-09-03 17:00 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2015-06-24 03:43 - 2015-03-14 01:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-06-24 03:43 - 2015-03-12 19:18 - 00200000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-06-24 03:43 - 2015-03-12 19:18 - 00131904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-06-24 03:43 - 2014-10-30 16:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-06-24 03:19 - 2015-04-09 17:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-24 03:19 - 2015-04-09 17:23 - 01088512 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-24 03:19 - 2015-01-30 16:20 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-06-24 03:19 - 2015-01-29 11:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-06-24 03:19 - 2014-12-11 18:34 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-06-24 03:19 - 2014-12-11 17:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-06-24 03:19 - 2014-12-05 19:36 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-06-24 03:19 - 2014-12-05 18:28 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-06-24 03:19 - 2014-10-28 18:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-06-24 03:19 - 2014-09-03 17:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-06-24 03:14 - 2015-05-21 09:04 - 03532288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-24 03:14 - 2015-03-23 14:45 - 05782848 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-24 03:14 - 2015-03-23 14:45 - 01468920 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-24 03:14 - 2015-03-23 14:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-24 03:14 - 2015-03-19 20:25 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-06-24 03:14 - 2015-03-19 19:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-24 03:14 - 2015-03-19 19:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-24 03:14 - 2014-10-28 18:58 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-24 03:14 - 2014-10-28 18:38 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-24 03:14 - 2014-10-28 18:04 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-24 03:14 - 2014-10-28 18:04 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-24 03:13 - 2015-04-30 15:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-24 03:13 - 2014-12-08 20:42 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-06-24 03:13 - 2014-12-08 12:46 - 00485544 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-06-24 03:13 - 2014-12-08 12:46 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-06-24 03:13 - 2014-12-08 12:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-06-24 03:13 - 2014-12-08 12:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-06-24 03:13 - 2014-12-08 12:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-06-24 03:13 - 2014-12-05 18:23 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-06-24 03:13 - 2014-10-28 20:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-06-24 03:13 - 2014-10-28 20:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-06-24 03:13 - 2014-10-28 20:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-06-24 03:13 - 2014-10-28 20:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-06-24 03:13 - 2014-10-28 20:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-06-24 03:13 - 2014-10-28 20:07 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-06-24 03:13 - 2014-10-28 18:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-06-24 03:13 - 2014-10-28 17:49 - 00694272 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-06-24 03:05 - 2014-09-09 23:18 - 00333632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-06-24 03:05 - 2014-09-07 19:33 - 01858368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-06-24 03:05 - 2014-09-07 19:33 - 00286528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-06-24 03:05 - 2014-09-04 15:29 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-06-24 03:05 - 2014-09-04 15:20 - 00839168 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-24 03:05 - 2014-09-03 19:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2015-06-24 03:05 - 2014-09-03 17:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-24 03:05 - 2014-08-30 16:00 - 00120640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2015-06-24 03:05 - 2014-08-30 13:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2015-06-24 03:05 - 2014-08-30 13:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-06-24 03:05 - 2014-08-27 17:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-06-24 03:05 - 2014-08-22 22:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2015-06-24 03:05 - 2014-08-22 21:47 - 02151936 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-06-24 03:05 - 2014-08-01 17:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-06-24 03:01 - 2015-02-24 01:20 - 00738112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-06-24 03:01 - 2015-02-12 10:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-06-24 02:59 - 2015-04-24 19:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-24 02:59 - 2014-12-08 20:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-06-24 02:59 - 2014-11-09 16:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-24 02:59 - 2014-10-22 22:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-06-24 02:59 - 2014-10-16 23:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-06-24 02:59 - 2014-09-26 22:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-06-24 02:59 - 2014-09-26 20:12 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-06-24 02:59 - 2014-08-22 22:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-06-24 02:58 - 2015-05-27 07:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-24 02:58 - 2015-05-22 20:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-24 02:58 - 2015-05-22 20:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-24 02:58 - 2015-05-22 20:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-24 02:58 - 2015-05-22 20:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-24 02:58 - 2015-05-22 20:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-24 02:58 - 2015-05-22 19:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-24 02:58 - 2015-05-22 19:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-24 02:58 - 2015-05-22 19:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-24 02:58 - 2015-05-22 19:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-24 02:58 - 2015-05-22 19:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-24 02:58 - 2015-05-22 19:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-24 02:58 - 2015-05-22 19:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-24 02:58 - 2015-05-22 19:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-24 02:58 - 2015-05-22 19:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-24 02:58 - 2015-05-22 19:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-24 02:58 - 2015-05-22 19:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-24 02:58 - 2015-05-22 19:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-24 02:58 - 2015-05-22 19:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-24 02:58 - 2015-04-21 08:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-24 02:58 - 2015-04-21 08:26 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-24 02:58 - 2015-03-29 22:51 - 00478776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-06-24 02:58 - 2015-03-26 19:20 - 01117696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-24 02:58 - 2015-02-19 19:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-06-24 02:58 - 2015-02-19 19:15 - 00035840 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-06-24 02:58 - 2015-02-19 19:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-24 02:58 - 2015-01-27 18:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-06-24 02:58 - 2015-01-15 15:37 - 00148288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-24 02:58 - 2015-01-11 18:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-24 02:58 - 2014-10-30 20:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-06-24 02:58 - 2014-10-30 20:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-24 02:58 - 2014-10-30 20:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-06-24 02:58 - 2014-10-30 20:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-06-24 02:58 - 2014-10-30 20:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-24 02:58 - 2014-10-30 20:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-24 02:58 - 2014-10-30 20:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-24 02:58 - 2014-10-30 20:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-24 02:58 - 2014-10-30 20:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-24 02:58 - 2014-10-30 20:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-24 02:58 - 2014-10-30 20:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-06-24 02:58 - 2014-10-30 20:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-24 02:58 - 2014-10-30 20:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2015-06-24 02:58 - 2014-10-30 20:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-24 02:58 - 2014-10-30 20:12 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-24 02:58 - 2014-10-30 20:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-06-24 02:58 - 2014-10-30 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-24 02:58 - 2014-10-30 19:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-06-24 02:58 - 2014-10-30 19:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-06-24 02:58 - 2014-10-30 19:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-06-24 02:58 - 2014-10-30 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-24 02:58 - 2014-10-30 19:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-24 02:58 - 2014-10-30 19:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-06-24 02:58 - 2014-10-30 19:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-06-24 02:58 - 2014-10-28 19:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-24 02:58 - 2014-10-28 19:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-24 02:58 - 2014-10-28 19:04 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-06-24 02:58 - 2014-10-28 19:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-06-24 02:58 - 2014-10-28 19:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-06-24 02:58 - 2014-10-28 18:57 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-06-24 02:58 - 2014-10-28 17:59 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-06-24 02:57 - 2015-03-12 19:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-06-24 02:57 - 2015-01-23 19:20 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-06-24 02:57 - 2015-01-23 17:48 - 02975744 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-06-24 02:57 - 2014-12-18 22:46 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-06-24 02:57 - 2014-10-28 20:10 - 00022848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-06-24 02:57 - 2014-10-28 18:54 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2015-06-24 02:57 - 2014-10-18 01:49 - 00048496 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-24 02:57 - 2014-10-18 00:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-24 02:57 - 2014-10-18 00:25 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-24 02:57 - 2014-10-17 23:29 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-06-24 02:57 - 2014-10-17 23:16 - 02946560 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-24 02:57 - 2014-10-17 23:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-24 02:57 - 2014-10-17 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-24 02:57 - 2014-10-17 23:12 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-06-24 02:57 - 2014-10-17 23:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-24 02:57 - 2014-10-17 23:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-24 02:57 - 2014-10-17 23:08 - 01653248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-24 02:57 - 2014-10-12 19:47 - 00076096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2015-06-24 02:57 - 2014-10-12 19:47 - 00036160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2015-06-24 02:57 - 2014-10-12 01:58 - 00047424 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2015-06-24 02:57 - 2014-07-23 20:20 - 00875688 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-06-24 02:57 - 2014-05-18 22:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\drvcfg.exe
2015-06-24 02:57 - 2014-05-18 22:23 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe
2015-06-24 02:41 - 2015-03-04 03:05 - 00279360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-06-24 02:41 - 2015-03-03 19:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-06-24 02:40 - 2015-04-08 15:59 - 00333624 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-06-24 00:28 - 2015-06-24 00:28 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2015-06-24 00:28 - 2015-06-24 00:28 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-06-24 00:26 - 2015-06-24 00:26 - 00000000 ____D C:\Users\shè\AppData\Local\Avg
2015-06-23 11:41 - 2015-05-27 13:08 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\ssmdrv.sys
2015-06-23 06:34 - 2015-06-23 06:34 - 00000000 ____D C:\Users\shè\AppData\Roaming\AVG2015
2015-06-23 06:33 - 2015-06-24 00:28 - 00000974 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-06-23 06:33 - 2015-06-24 00:28 - 00000974 _____ C:\ProgramData\Desktop\AVG 2015.lnk
2015-06-23 06:33 - 2015-06-24 00:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-06-23 06:33 - 2015-06-23 06:33 - 00000000 ____D C:\Users\shè\AppData\Roaming\TuneUp Software
2015-06-23 06:33 - 2015-06-23 06:33 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-23 06:29 - 2015-06-23 06:33 - 00000000 ____D C:\ProgramData\AVG2015
2015-06-23 06:29 - 2015-06-23 06:29 - 00000000 ___HD C:\$AVG
2015-06-23 06:28 - 2015-06-23 06:28 - 00000000 ____D C:\Program Files\AVG
2015-06-23 06:27 - 2015-06-28 09:27 - 00000000 ____D C:\ProgramData\MFAData
2015-06-23 06:27 - 2015-06-23 06:36 - 00000000 ____D C:\Users\shè\AppData\Local\Avg2015
2015-06-23 06:27 - 2015-06-23 06:27 - 00000000 ____D C:\Users\shè\AppData\Local\MFAData
2015-06-23 06:00 - 2015-06-23 06:05 - 178073240 _____ (AVG Technologies) C:\Users\shè\Downloads\avg_free_x86_all_2015_ltst_6030222.exe
2015-06-23 05:51 - 2015-06-23 05:51 - 00000000 ____D C:\Windows\system32\log
2015-06-23 05:42 - 2015-06-23 05:42 - 00000000 ____D C:\Users\shè\Downloads\sardu_3_rc3
2015-06-23 05:39 - 2015-06-23 05:49 - 20695454 _____ C:\Users\shè\Downloads\sardu_3_rc3.zip
2015-06-23 05:33 - 2015-06-23 05:33 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-06-23 05:18 - 2015-06-23 05:18 - 01198368 _____ C:\Users\shè\Downloads\uuu.exe
2015-06-23 04:58 - 2015-06-23 04:59 - 00000000 ___SD C:\Users\shè\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-06-23 04:58 - 2015-06-23 04:58 - 00001162 _____ C:\Users\shè\Desktop\OpenOffice 4.1.1.lnk
2015-06-23 04:58 - 2015-06-23 04:58 - 00000000 ____D C:\Program Files\OpenOffice 4
2015-06-23 04:57 - 2015-06-26 07:21 - 00000000 ____D C:\ProgramData\TEMP
2015-06-23 04:57 - 2015-06-23 04:57 - 00000000 ____D C:\Users\shè\Desktop\OpenOffice 4.1.1 (de) Installation Files
2015-06-23 04:57 - 2015-06-23 04:57 - 00000000 ____D C:\ProgramData\Licenses
2015-06-23 04:54 - 2015-06-23 04:54 - 00000000 _____ C:\Users\shè\Downloads\gfrhj.exe.p3lzlyf.partial
2015-06-23 04:48 - 2015-06-23 04:48 - 00001086 _____ C:\Users\Public\Desktop\Trojan Remover.lnk
2015-06-23 04:48 - 2015-06-23 04:48 - 00001086 _____ C:\ProgramData\Desktop\Trojan Remover.lnk
2015-06-23 04:48 - 2015-06-23 04:48 - 00000000 ____D C:\Users\shè\Documents\Simply Super Software
2015-06-23 04:48 - 2015-06-23 04:48 - 00000000 ____D C:\Users\shè\AppData\Roaming\Simply Super Software
2015-06-23 04:48 - 2015-06-23 04:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-06-23 04:47 - 2015-06-23 05:51 - 00000000 ____D C:\Program Files\Trojan Remover
2015-06-23 04:47 - 2015-06-23 04:47 - 00000000 ____D C:\ProgramData\Simply Super Software
2015-06-23 04:46 - 2015-06-23 04:46 - 35218576 _____ (Simply Super Software ) C:\Users\shè\Downloads\trjsetup692.exe
2015-06-23 04:36 - 2015-06-23 04:36 - 04916140 _____ C:\Users\shè\Downloads\regin072.exe
2015-06-23 04:15 - 2015-06-23 04:15 - 00576430 _____ C:\Users\shè\Documents\fixing error 0cx0000022.oxps
2015-06-23 01:22 - 2015-06-23 01:22 - 04718584 _____ (Avira Operations GmbH & Co. KG) C:\Users\shè\Downloads\cbn.exe
2015-06-23 01:19 - 2015-06-23 01:19 - 01198368 _____ C:\Users\shè\Downloads\OpenOffice - CHIP-Installer.exe
2015-06-23 01:14 - 2015-06-23 11:33 - 00000000 ____D C:\Users\shè\AppData\Roaming\Hewlett-Packard
2015-06-23 01:14 - 2015-06-23 01:14 - 00000000 ____D C:\Users\shè\AppData\Roaming\hpqlog
2015-06-23 01:14 - 2015-06-23 01:14 - 00000000 ____D C:\Users\shè\AppData\Local\Hewlett-Packard
2015-06-23 01:07 - 2015-06-23 01:07 - 02002416 _____ (Trend Micro Inc.) C:\Users\shè\Downloads\poi.exe
2015-06-23 01:07 - 2015-06-23 01:07 - 00000036 _____ C:\Users\shè\AppData\Local\housecall.guid.cache
2015-06-23 01:07 - 2011-06-20 21:09 - 00200976 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-06-23 01:05 - 2015-06-24 23:16 - 00000000 __SHD C:\Users\shè\AppData\Local\EmieUserList
2015-06-23 01:05 - 2015-06-24 23:16 - 00000000 __SHD C:\Users\shè\AppData\Local\EmieSiteList
2015-06-23 01:05 - 2015-06-23 01:05 - 00000000 ____D C:\Users\shè\AppData\Roaming\Macromedia
2015-06-22 15:24 - 2015-06-28 11:42 - 01394277 _____ C:\Windows\WindowsUpdate.log
2015-06-22 15:24 - 2015-06-28 02:12 - 00000000 ____D C:\Users\shè
2015-06-22 15:24 - 2015-06-22 15:24 - 00001449 _____ C:\Users\shè\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-22 15:24 - 2015-06-22 15:24 - 00000184 _____ C:\Windows\insFileSpec
2015-06-22 15:24 - 2015-06-22 15:24 - 00000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-06-22 15:24 - 2015-06-22 15:24 - 00000020 ___SH C:\Users\shè\ntuser.ini
2015-06-22 15:24 - 2015-06-22 15:24 - 00000000 ____D C:\Users\shè\AppData\Roaming\Adobe
2015-06-22 15:24 - 2015-06-22 15:24 - 00000000 ____D C:\Users\shè\AppData\Local\VirtualStore
2015-06-22 15:24 - 2014-11-09 06:23 - 00000000 ___HD C:\Users\shè\Documents\hp.system.package.metadata
2015-06-22 15:24 - 2014-09-23 06:45 - 00000000 ___RD C:\Users\shè\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-22 15:24 - 2014-09-23 06:35 - 00000000 ___RD C:\Users\shè\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-22 15:24 - 2014-03-18 00:48 - 00000369 _____ C:\Users\shè\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-06-22 15:24 - 2014-03-18 00:48 - 00000369 _____ C:\Users\shè\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-06-22 15:24 - 2013-08-22 01:17 - 00000000 ___RD C:\Users\shè\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-22 15:24 - 2013-08-22 01:17 - 00000000 ____D C:\Users\shè\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-22 15:18 - 2015-06-22 15:18 - 00028672 ___SH C:\Windows\system32\config\BCD-Template.LOG
2015-06-22 15:18 - 2015-06-22 15:18 - 00000000 _____ C:\Recovery.txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-28 12:00 - 2013-08-22 01:17 - 00000000 ____D C:\Windows\system32\sru
2015-06-28 10:08 - 2013-08-22 01:17 - 00000000 ____D C:\Windows\Microsoft.NET
2015-06-28 02:18 - 2014-03-18 00:50 - 00935028 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-28 02:13 - 2013-08-22 00:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-27 23:53 - 2013-08-22 01:17 - 00000000 ____D C:\Windows\AppReadiness
2015-06-27 16:34 - 2014-02-04 13:49 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\d3drm.dll
2015-06-27 16:09 - 2014-04-14 05:32 - 00000000 ____D C:\Windows\Panther
2015-06-26 03:33 - 2013-08-22 01:17 - 00000000 ____D C:\Windows\rescache
2015-06-26 03:17 - 2013-08-22 01:05 - 00000000 ____D C:\Windows\CbsTemp
2015-06-26 03:12 - 2014-03-18 00:36 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-26 03:12 - 2014-03-18 00:26 - 00000000 ____D C:\Windows\system32\winrm
2015-06-26 03:12 - 2014-03-18 00:26 - 00000000 ____D C:\Windows\system32\WCN
2015-06-26 03:12 - 2014-03-18 00:26 - 00000000 ____D C:\Windows\system32\slmgr
2015-06-26 03:12 - 2014-03-18 00:26 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2015-06-26 03:12 - 2013-08-22 01:17 - 00000000 ___SD C:\Windows\system32\dsc
2015-06-26 03:12 - 2013-08-22 01:17 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-06-26 03:12 - 2013-08-22 01:17 - 00000000 ____D C:\Windows\WinStore
2015-06-26 03:12 - 2013-08-22 01:17 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2015-06-26 03:12 - 2013-08-22 01:17 - 00000000 ____D C:\Windows\system32\MUI
2015-06-26 03:12 - 2013-08-22 01:17 - 00000000 ____D C:\Windows\system32\inetsrv
2015-06-26 03:12 - 2013-08-22 01:17 - 00000000 ____D C:\Windows\system32\fr-FR
2015-06-26 03:12 - 2013-08-22 01:17 - 00000000 ____D C:\Windows\system32\Com
2015-06-26 03:12 - 2013-08-22 01:17 - 00000000 ____D C:\Windows\IME
2015-06-26 03:12 - 2013-08-22 01:17 - 00000000 ____D C:\Windows\Help
2015-06-26 03:12 - 2013-08-22 01:17 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-06-26 03:12 - 2013-08-22 01:17 - 00000000 ____D C:\Program Files\Windows Defender
2015-06-26 03:12 - 2013-08-22 01:17 - 00000000 ____D C:\Program Files\Common Files\System
2015-06-25 09:27 - 2013-08-22 01:17 - 00000000 ____D C:\Windows\AppCompat
2015-06-24 23:04 - 2013-08-22 00:22 - 00361880 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-24 23:02 - 2013-08-22 01:17 - 00000000 ___RD C:\Windows\ToastData
2015-06-24 23:02 - 2013-08-22 01:17 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-24 23:02 - 2013-08-22 01:17 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-24 23:01 - 2013-08-22 01:17 - 00000000 ____D C:\Windows\MediaViewer
2015-06-24 23:01 - 2013-08-22 01:17 - 00000000 ____D C:\Windows\FileManager
2015-06-24 23:01 - 2013-08-22 01:17 - 00000000 ____D C:\Windows\Camera
2015-06-24 23:01 - 2013-08-22 01:17 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-23 06:37 - 2013-08-21 23:13 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-06-23 06:33 - 2013-08-22 01:17 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-06-23 01:15 - 2014-11-09 06:30 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-06-22 15:24 - 2014-11-09 06:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-06-22 15:24 - 2014-08-18 11:30 - 00000000 ___HD C:\SYSTEM.SAV
2015-06-22 15:24 - 2013-08-21 23:21 - 00000000 ___RD C:\Users\Public
2015-06-22 15:23 - 2013-08-22 01:17 - 00000000 ____D C:\Windows\system32\Recovery
2015-06-22 15:22 - 2013-08-21 23:13 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-22 15:19 - 2013-08-21 23:21 - 00000000 __RHD C:\Users\Default
2015-06-22 15:18 - 2013-08-22 01:17 - 00262144 _____ C:\Windows\system32\config\BCD-Template
2015-06-19 20:02 - 2013-08-22 01:18 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-19 20:02 - 2013-08-22 01:18 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2015-06-23 01:07 - 2015-06-23 01:07 - 0000036 _____ () C:\Users\shè\AppData\Local\housecall.guid.cache
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-22 15:19
==================== End of log ============================
[/CODE] Addition: [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x86) Version: 24-06-2015
Ran by shè at 2015-06-28 12:10:17
Running from C:\Users\shè\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-677420604-2726472551-1300724813-500 - Administrator - Disabled)
Guest (S-1-5-21-677420604-2726472551-1300724813-501 - Limited - Disabled)
shè (S-1-5-21-677420604-2726472551-1300724813-1001 - Administrator - Enabled) => C:\Users\shè
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-PDF Printer 10.11.0.2342 (HKLM\...\7-PDF Printer_is1) (Version: 10.11.0.2342 - 7-PDF, Germany - Th. Hodes)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6037 - AVG Technologies)
AVG 2015 (Version: 15.0.4365 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6037 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Glary Utilities 2.56.0.1822 (HKLM\...\Glary Utilities_is1) (Version: 2.56.0.1822 - Glarysoft Ltd)
Hewlett-Packard ACLM.NET v1.2.2.3 (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hotspot Shield 4.15.3 (HKLM\...\HotspotShield) (Version: 4.15.3 - AnchorFree Inc.)
HP Documentation (HKLM\...\{B7EC5C10-E557-4A2B-A4EB-494F166A87E1}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{EACD3CC2-8923-45B4-9ED3-818D983C5CAE}) (Version: 1.2.7745.4851 - Hewlett-Packard)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3643 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
kxaccel-1.0.13.20-win8-x86 (HKLM\...\{4BE64DB8-771F-42D0-B120-EFB738C40215}) (Version: 1.0.13.20 - Kionix)
Microsoft Office (HKLM\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.1005 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
NetLimiter 4 (HKLM\...\NetLimiter 4 4.0.12.0) (Version: 4.0.12.0 - Locktime Software)
NetLimiter 4 (Version: 4.0.12.0 - Locktime Software) Hidden
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
REALTEK Bluetooth (HKLM\...\InstallShield_{192979A0-37F4-4703-B1BB-62052142CE44}) (Version: 1.0.59.40827 - Realtek Semiconductor Corp.)
REALTEK Bluetooth (Version: 1.0.59.40827 - REALTEK Semiconductor Corp.) Hidden
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4179 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{33AABC60-A52F-41FF-B2B9-17321240CD5}) (Version: 1.01.0243 - REALTEK Semiconductor Corp.)
Shoot'n Save (Installation 28.06.2015) (HKLM\...\Shoot'n Save 2015-06-28 09.41.02) (Version: - Rosenthal Software, Germany)
Trojan Remover 6.9.2.2938 (HKLM\...\Trojan Remover_is1) (Version: 6.9.2.2938 - Simply Super Software)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Kionix, Inc. (kxspb) Sensor I/O devices (06/26/2014 1.2.6.3) (HKLM\...\9B850DEC9F528A80EF96519B4987C5F90EF303B8) (Version: 06/26/2014 1.2.6.3 - Kionix, Inc.)
Windows Driver Package - Kionix, Inc. (WUDFRd) Sensor (06/26/2014 1.0.13.20) (HKLM\...\A29252E022AC11B53F70404D9A02C2B623F7A4BB) (Version: 06/26/2014 1.0.13.20 - Kionix, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-677420604-2726472551-1300724813-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-677420604-2726472551-1300724813-1001_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-677420604-2726472551-1300724813-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-677420604-2726472551-1300724813-1001_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-677420604-2726472551-1300724813-1001_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-677420604-2726472551-1300724813-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-677420604-2726472551-1300724813-1001_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-677420604-2726472551-1300724813-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\ooofilt.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-677420604-2726472551-1300724813-1001_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-677420604-2726472551-1300724813-1001_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-677420604-2726472551-1300724813-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\propertyhdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-677420604-2726472551-1300724813-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-677420604-2726472551-1300724813-1001_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-677420604-2726472551-1300724813-1001_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-677420604-2726472551-1300724813-1001_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-677420604-2726472551-1300724813-1001_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-677420604-2726472551-1300724813-1001_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-21 23:13 - 2013-08-21 23:13 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {3410EF69-33B4-4C18-8D13-CB90A01AE8C7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {44BABE84-3F2C-45B4-B1F1-BCB52492BD39} - System32\Tasks\HPGenoobeReminder => C:\Program Files\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2014-05-15] ()
Task: {4613CE3A-5F84-420F-9D04-CDC8C2A26A5A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
Task: {672D6F2E-AA1E-4CA0-94F9-5677075DE000} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {725DB026-48D7-47F6-AA8F-BFA31374188D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {81ECF50B-4373-40E0-AB99-40FD1D8A023B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-27] (Microsoft Corporation)
Task: {86E4A6A5-FEA8-4997-800F-A6522A06E908} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files\Microsoft Office\Office15\FirstRun.exe [2014-08-23] (Microsoft Corporation)
Task: {A373F389-20EC-4579-A3F2-6F465279581A} - System32\Tasks\GlaryInitialize => C:\Program Files\Glary Utilities\initialize.exe [2013-05-27] (Glarysoft Ltd)
Task: {B303E333-F05A-44CA-8B8A-730A5E0E95BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
Task: {C39645DC-4EDE-4FB3-94B7-DB01E69ABDF5} - System32\Tasks\{47960E4B-EC2A-4A67-AFFE-7EB2D9C32973} => pcalua.exe -a C:\Users\shè\Downloads\hguh.exe -d C:\Users\shè\Downloads
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files\Glary Utilities\initialize.exe
==================== Loaded Modules (Whitelisted) ==============
2014-11-09 06:39 - 2014-08-27 16:23 - 00114688 _____ () C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe
2015-06-03 15:57 - 2015-06-03 15:57 - 01749200 _____ () C:\Program Files\Hotspot Shield\bin\af_proxy.dll
2015-06-03 16:19 - 2015-06-03 16:19 - 00616144 _____ () C:\Program Files\Hotspot Shield\bin\HssRep.4.15.3.dll
2015-04-24 18:03 - 2015-04-24 18:03 - 00280143 _____ () C:\Program Files\Hotspot Shield\bin\libidn-11.dll
2009-03-27 13:02 - 2009-03-27 13:02 - 01554920 _____ () C:\Program Files\Hotspot Shield\bin\libeay32.dll
2009-03-27 13:02 - 2009-03-27 13:02 - 00332254 _____ () C:\Program Files\Hotspot Shield\bin\libssl32.dll
2015-06-03 15:55 - 2015-06-03 15:55 - 00232144 _____ () C:\Program Files\Hotspot Shield\bin\cfghlp.dll
2015-06-03 15:59 - 2015-06-03 15:59 - 00589520 _____ () C:\Program Files\Hotspot Shield\bin\hsswd.exe
2015-06-27 12:01 - 2015-06-27 12:01 - 00123392 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\CoreLibNet\b4c0fe92eb15bd8e12dd5cce28b9f5f8\CoreLibNet.ni.dll
2015-05-08 11:50 - 2015-05-08 11:50 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-06-28 09:41 - 2015-06-28 09:41 - 00563200 _____ () C:\Program Files\ShootnSave\ShootnSave.exe
2015-06-03 15:52 - 2015-06-03 15:52 - 00686816 _____ () C:\Program Files\Hotspot Shield\bin\openvpn.exe
2014-08-13 09:27 - 2014-08-13 09:27 - 00988160 _____ () C:\Program Files\OpenOffice 4\program\libxml2.dll
2014-07-29 13:34 - 2014-07-29 13:34 - 00170496 _____ () C:\Program Files\OpenOffice 4\program\libxslt.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-677420604-2726472551-1300724813-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 8.8.8.8 - 84.54.140.4
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A7A81EAA-6712-46CF-9E8D-ED219FE7D019}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9A2FD01E-4A1C-4E1A-A2D6-96B1241256BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{354B3410-E3DC-4862-B025-E742F51E2853}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{079AB5FF-C595-48E8-8649-54351D3D692E}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{AA2B0E53-FA9E-4A19-A5D3-12B75B1D3E0A}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{CF8A292C-750A-4719-832D-149932B51745}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{1B8B5CFC-3673-426C-913F-2CDC5F706A53}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{83894E1A-5030-41C1-A3B1-E9B277E85809}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{7AD4C18C-A052-4894-85B6-98911F6A51B3}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{E4BE5589-3348-48BE-898B-BB8C738CDC3E}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/28/2015 09:03:49 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
Error: (06/28/2015 02:34:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: xhè)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (06/28/2015 02:34:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 14a0
Start Time: 01d0b1858a87da9a
Termination Time: 4294967295
Application Path: C:\Windows\system32\wwahost.exe
Report Id: d2ac1ae8-1d78-11e5-9732-a75ee227174f
Faulting package full name: Microsoft.BingWeather_3.0.4.322_x86__8wekyb3d8bbwe
Faulting package-relative application ID: App
Error: (06/28/2015 02:34:06 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: xhè)
Description: App Microsoft.BingWeather_3.0.4.322_x86__8wekyb3d8bbwe+App did not launch within its allotted time.
Error: (06/28/2015 02:14:21 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: xhè)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (06/28/2015 02:14:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1224
Start Time: 01d0b182cf9326f5
Termination Time: 4294967295
Application Path: C:\Windows\system32\wwahost.exe
Report Id: 0df02303-1d76-11e5-9732-08d833eaf763
Faulting package full name: Microsoft.BingWeather_3.0.4.322_x86__8wekyb3d8bbwe
Faulting package-relative application ID: App
Error: (06/28/2015 02:14:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: xhè)
Description: App Microsoft.BingWeather_3.0.4.322_x86__8wekyb3d8bbwe+App did not launch within its allotted time.
Error: (06/27/2015 10:59:27 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
Error: (06/27/2015 05:05:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1a3c
Start Time: 01d0b1335e4a41d3
Termination Time: 93
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id: 65fbbc73-1d29-11e5-972f-adb04b6ef5e4
Faulting package full name:
Faulting package-relative application ID:
Error: (06/26/2015 02:58:39 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
System errors:
=============
Error: (06/28/2015 10:56:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The pgldipob service failed to start due to the following error:
%%577
Error: (06/28/2015 10:54:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The pgldipob service failed to start due to the following error:
%%577
Error: (06/28/2015 09:42:58 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
Error: (06/28/2015 02:32:29 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
Error: (06/28/2015 02:32:13 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
Error: (06/28/2015 02:13:46 AM) (Source: APPHOSTSVC) (EventID: 9010) (User: )
Description: The Application Host Helper Service encountered an error trying to access the root history directory 'C:\inetpub\history'. The directory either doesn't exist or the permissions on it don't allow the history service to access it. The config history feature is disabled for now and will be re-enabled after the issue is resolved. To resolve this issue, please ensure that the directory exists and that the Administrators group have read and write access to it. The data field contains the error number.
Error: (06/28/2015 02:11:50 AM) (Source: APPHOSTSVC) (EventID: 9010) (User: )
Description: The Application Host Helper Service encountered an error trying to access the root history directory 'C:\inetpub\history'. The directory either doesn't exist or the permissions on it don't allow the history service to access it. The config history feature is disabled for now and will be re-enabled after the issue is resolved. To resolve this issue, please ensure that the directory exists and that the Administrators group have read and write access to it. The data field contains the error number.
Error: (06/28/2015 02:11:48 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:58:33 PM on 2015-06-27 was unexpected.
Error: (06/28/2015 02:09:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
Error: (06/28/2015 02:09:02 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
Microsoft Office:
=========================
Error: (06/28/2015 09:03:49 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d
Error: (06/28/2015 02:34:12 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: xhè)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927142
Error: (06/28/2015 02:34:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.1703114a001d0b1858a87da9a4294967295C:\Windows\system32\wwahost.exed2ac1ae8-1d78-11e5-9732-a75ee227174fMicrosoft.BingWeather_3.0.4.322_x86__8wekyb3d8bbweApp
Error: (06/28/2015 02:34:06 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: xhè)
Description: Microsoft.BingWeather_3.0.4.322_x86__8wekyb3d8bbwe+App
Error: (06/28/2015 02:14:21 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: xhè)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927142
Error: (06/28/2015 02:14:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17031122401d0b182cf9326f54294967295C:\Windows\system32\wwahost.exe0df02303-1d76-11e5-9732-08d833eaf763Microsoft.BingWeather_3.0.4.322_x86__8wekyb3d8bbweApp
Error: (06/28/2015 02:14:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: xhè)
Description: Microsoft.BingWeather_3.0.4.322_x86__8wekyb3d8bbwe+App
Error: (06/27/2015 10:59:27 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d
Error: (06/27/2015 05:05:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.178401a3c01d0b1335e4a41d393C:\Program Files\Internet Explorer\iexplore.exe65fbbc73-1d29-11e5-972f-adb04b6ef5e4
Error: (06/26/2015 02:58:39 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d
CodeIntegrity Errors:
===================================
Date: 2015-06-28 10:56:30.010
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\pgldipob.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-28 10:56:29.994
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\pgldipob.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-28 10:56:29.432
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\SH98AC~1\AppData\Local\Temp\pgldipob.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-28 10:54:45.477
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\SH98AC~1\AppData\Local\Temp\pgldipob.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-28 10:54:45.462
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\SH98AC~1\AppData\Local\Temp\pgldipob.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-27 16:42:07.160
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\SH98AC~1\AppData\Local\Temp\pgldipob.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-27 16:42:07.160
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\SH98AC~1\AppData\Local\Temp\pgldipob.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-27 16:42:07.160
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\SH98AC~1\AppData\Local\Temp\pgldipob.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-27 16:40:09.239
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\SH98AC~1\AppData\Local\Temp\pgldipob.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-06-27 16:40:09.239
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\SH98AC~1\AppData\Local\Temp\pgldipob.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Atom(TM) CPU Z3735G @ 1.33GHz
Percentage of memory in use: 94%
Total physical RAM: 951.41 MB
Available physical RAM: 51.37 MB
Total Pagefile: 3127.41 MB
Available Pagefile: 1260 MB
Total Virtual: 2047.88 MB
Available Virtual: 1865.02 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:23.14 GB) (Free:15.51 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 1E1F4777)
Partition: GPT Partition Type.
==================== End of log ============================
Falls ich sonst noch etwas beisteuern kann, um dir/euch die eigentliche Arbeit zu erleichtern. Einfach nur raus damit .... ! (Ich hoffe das Programm und ich haben alles richtig gemacht und aussagekraeftige Ergebnisse geliefert.) |
|
28.06.2015, 17:50
| #4 | |
| /// the machine /// TB-Ausbilder | win8.1 tablet mit unbekanntem wiederkehrenden Trojaner infiziertZitat:
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.06.2015, 08:55
| #5 |
| | win8.1 tablet mit unbekanntem wiederkehrenden Trojaner infiziert Mbar.exe – Application error The instruction at 0x00690072 refrenced memory at 0x00690072. The memory could not be written. Click on ok to terminate the programm. ...... Den zuvor aufgefuehten Text erhalte ich, wenn ich versuche malewarebites zu starten. Bei einem erneuten Versuch die exe zu öffnen erscheint nur noch der Hinweis: mbar is not found. (Antwort auf deine Frage: Ja, ich hatte das tool umbenannt in qwe) Hast du schon anhand der logs eine Ahnung um welchen Trojaner es sich handelt? Vielen Dank für deine Hilfe! |
|
29.06.2015, 12:12
| #6 | |
| /// the machine /// TB-Ausbilder | win8.1 tablet mit unbekanntem wiederkehrenden Trojaner infiziert MBAR bitte neu laden, im Safe Mode versuchen, AV Programm abschalten. Egal ob es klappt oder nicht, direkt weiter mit TDSSKiller. Zitat:
__________________ --> win8.1 tablet mit unbekanntem wiederkehrenden Trojaner infiziert |
|
29.06.2015, 18:09
| #7 |
| | win8.1 tablet mit unbekanntem wiederkehrenden Trojaner infiziert Hallo, die folgenden Vorgänge habe ich im Abgesicherten Modus gemacht: -Malewarebites konnte ich im Abgesicherten Modus nicht updaten, aber dafür starten. Das Ergebnis des Durchlaufs war: Scan Finished: No maleware found! -Als ich die Installation von TSSDKiller gestartet habe kam folgende Meldung: Warning: Can't unitialize log. Initialization 10%; hier bleibt der Balken stehen bis ich auf OK drücke. Das Programm verlangte einen Neustart – was ich tat – bevor es einen Suchlauf starten konnte. Das Ergebnis hier: No threats found. Die Symptome von meinem Tablet sind aber immer noch die selben wie eingangs beschrieben. Hallo, ich habe heute nochmal avg laufen lassen. Das sind die Ergebnisse. Code:
ATTFilter Gesamten Computer scannen
Mittlerer Schweregrad 8 8 0
Gescannt: Gesamten Computer scannen
Gestartet: 2015-06-29, 7:13:23 PM
Beendet: 2015-06-29, 7:24:14 PM
Anzahl der Elemente: 154020
Gestartet von: shè
Name Beschreibung Status Status Priorität
C:\Users\shè\AppData\Local\Microsoft\Windows\INetCookies\Low\4NE84G5F.txt Tracking cookie.Casalemedia gefunden Gesichert Geheilt Mittel
C:\Users\shè\AppData\Local\Microsoft\Windows\INetCookies\Low\WMMUU0O0.txt Tracking cookie.Mediaplex gefunden Gesichert Geheilt Mittel
C:\Users\shè\AppData\Local\Microsoft\Windows\INetCookies\Low\QBEKEY91.txt Tracking cookie.Ru4 gefunden Gesichert Geheilt Mittel
C:\Users\shè\AppData\Local\Microsoft\Windows\INetCookies\Low\1C8TFK78.txt Tracking cookie.Advertising gefunden Gesichert Geheilt Mittel
C:\Users\shè\AppData\Local\Microsoft\Windows\INetCookies\Low\Y3FGUAUA.txt Tracking cookie.Oewabox gefunden Gesichert Geheilt Mittel
C:\Users\shè\AppData\Local\Microsoft\Windows\INetCookies\Low\8R485BXX.txt Tracking cookie.Pro-market gefunden Gesichert Geheilt Mittel
C:\Users\shè\AppData\Local\Microsoft\Windows\INetCookies\Low\UOBQAXUZ.txt Tracking cookie.Revsci gefunden Gesichert Geheilt Mittel
C:\Users\shè\AppData\Local\Microsoft\Windows\INetCookies\Low\SC9E5LX4.txt Tracking cookie.Serving-sys gefunden Gesichert Geheilt Mittel
In einem früheren (27.06.2015) Scan hat avg folgendes gefunden. Allerdings war das ein einmaliger Fund. Das Programm konnte die Funde nicht bereinigen, aber im nächsten Suchlauf auch nicht mehr aufspühren. Code:
ATTFilter Gesamten Computer scannen
Mittlerer Schweregrad 11 0 11
Gescannt: Gesamten Computer scannen
Gestartet: 2015-06-27, 6:18:55 PM
Beendet: 2015-06-27, 6:26:42 PM
Anzahl der Elemente: 72873
Gestartet von: shè
Name Beschreibung Status Status Priorität
C:\Windows\system32\DRIVERS\avkmgr.sys Dienstfunktion #4655-Hook -> avkmgr.sys +0x31BC Ungelöst Ungelöst Mittel
C:\Windows\system32\DRIVERS\avkmgr.sys Dienstfunktion NtOpenSection-Hook -> avkmgr.sys +0x2D68 Ungelöst Ungelöst Mittel
C:\Windows\system32\DRIVERS\avkmgr.sys Dienstfunktion NtRequestWaitReplyPort-Hook -> avkmgr.sys +0x333E Ungelöst Ungelöst Mittel
C:\Windows\system32\DRIVERS\avkmgr.sys Dienstfunktion NtSetContextThread-Hook -> avkmgr.sys +0x32AA Ungelöst Ungelöst Mittel
C:\Windows\system32\DRIVERS\avkmgr.sys Dienstfunktion #4658-Hook -> avkmgr.sys +0x309A Ungelöst Ungelöst Mittel
C:\Windows\system32\DRIVERS\avkmgr.sys Dienstfunktion NtCreateSymbolicLinkObject-Hook -> avkmgr.sys +0x2E0E Ungelöst Ungelöst Mittel
C:\Windows\system32\DRIVERS\avkmgr.sys Dienstfunktion NtSetSecurityObject-Hook -> avkmgr.sys +0x339E Ungelöst Ungelöst Mittel
C:\Windows\system32\DRIVERS\avkmgr.sys Dienstfunktion NtCreateSection-Hook -> avkmgr.sys +0x32EC Ungelöst Ungelöst Mittel
C:\Windows\system32\DRIVERS\avkmgr.sys Dienstfunktion NtLoadDriver-Hook -> avkmgr.sys +0x2E56 Ungelöst Ungelöst Mittel
C:\Windows\system32\DRIVERS\avkmgr.sys Dienstfunktion NtSetSystemInformation-Hook -> avkmgr.sys +0x2DAE Ungelöst Ungelöst Mittel
C:\Windows\system32\DRIVERS\avkmgr.sys Dienstfunktion NtSystemDebugControl-Hook -> avkmgr.sys +0x33E4 Ungelöst Ungelöst Mittel
|
|
30.06.2015, 06:49
| #8 |
| /// the machine /// TB-Ausbilder | win8.1 tablet mit unbekanntem wiederkehrenden Trojaner infiziert Das sind nur Tracking Cookies, und im alten Scan nur Treiber von Avira, die angemeckert wurden. Sorry, aber laut Logs ist der Rechner sauber.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.06.2015, 10:46
| #9 |
| | win8.1 tablet mit unbekanntem wiederkehrenden Trojaner infiziert Und jetzt? Warum kann ich Programme im normalen Modus nicht öffnen? Warum muss ich in den abgesicherten gehen um was zum Laufen zu bringen? Naja, diese Fakeberichte von den Virenprogrammen, dass alles in Ordung wäre, kann ich nicht glauben.... |
|
30.06.2015, 15:34
| #10 |
| /// the machine /// TB-Ausbilder | win8.1 tablet mit unbekanntem wiederkehrenden Trojaner infiziert Sorry, aber bitte hör auf so einen Müll zu verbreiten wie Fakeberichte und Co! Hier lesen ewig viele Leute mit, und diese Aussage ist einfach nur Schwachsinn. Gmer läuft einfach nicht auf Win8.1, das streikt bei 80% der Rechner mit diesem OS. Gib doch mal genaue Info, welches Programm nicht startet, und vor allem mal Screenshots von evtl auftretenden Fehlermeldungen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.06.2015, 20:28
| #11 |
| | win8.1 tablet mit unbekanntem wiederkehrenden Trojaner infiziert Wie bitte? Ich bin Leihe, deswegen wende ich mich in diesem Forum an Leute, die sich auskennen. Selbst bin ich natürlich in anderen Fachgebieten besser bewandert, als in IT. Das ist nicht schlimm und um Hilfe zu fragen erst recht nicht. Auch wenn mein Vokabular in diesem Sektor nicht 100% korrekt ist, solltest jedoch du als Spezialist in der Lage sein, diese zu deuten. Welcher Patient geht schon zum Arzt und sagt: “Ich habe Tinea pedis, bzw. Dermatophyten!” Wohl kein einziger. Nenne es wie du willst: Fakebericht, Pseudo-Report, falscher Befund usw. Ich weiß den Fachbegriff nicht. Ich kann dir nur sagen, dass der Trojaner mein Anti-Virensoftware unterläuft. Mit deinem zynischen, herablassenden/egozentrischen und aeusserst unprofessionellen Verhalten machst du dich eher selbst zum Affen. Ich hoffe sogar, dass andere mitlesen! |
|
01.07.2015, 10:48
| #12 | |
| /// the machine /// TB-Ausbilder | win8.1 tablet mit unbekanntem wiederkehrenden Trojaner infiziertZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.07.2015, 10:53
| #13 | |
| /// the machine /// TB-Ausbilder | win8.1 tablet mit unbekanntem wiederkehrenden Trojaner infiziertZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu win8.1 tablet mit unbekanntem wiederkehrenden Trojaner infiziert |
| autorun, avg, avira, bho, bonjour, desktop, dringend, error, failed, fatal error, firefox, format, hotspot, iexplore.exe, install.exe, installation, logfile, musik, problem, proxy, realtek, registry, rundll, scan, security, software, super, trojaner, werkseinstellungen, windows |
Linear-Darstellung
