Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Notebook Win8 - Befall mit Keylogger Wolfeye?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 13.03.2015, 20:13   #1
LenovoRetten
 
Notebook Win8 - Befall mit Keylogger Wolfeye? - Standard

Notebook Win8 - Befall mit Keylogger Wolfeye?



Ich war - hoffentlich jedenfalls - vom Wolfeye Keylogger befallen, oder besser mein Notebook. Ich habe zwar schon allerlei gelesen und alles mögliche durchlaufen lassen und scheinbar ist er weg, aber so wirklich sicher bin ich mir nicht. Denn soweit man liest sind diese professionellen Keylogger ja schon sehr tief im System drin, und dazu recht hartnäckig, logischerweise. Daher möchte ich gerne mal von den Spezialisten hier eine Meinung zu den Logs haben, ob es da etwas Verdächtiges gibt. Das Notebook neu aufsetzen möchte ich nämlich nur sehr ungerne.

Danke!

Hier die Logs, als Einzelbeiträge, ich bekomme den Hinweis sie sind zu lang.

FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by 187 (administrator) on 187-G580 on 13-03-2015 20:54:00
Running from D:\Downloads
Loaded Profiles: 187 (Available profiles: 187)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
(Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Barracuda Networks, Inc.) C:\Users\187\AppData\Roaming\Copy\CopyAgent.exe
() C:\Users\187\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
() C:\Users\187\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Spotify Ltd) C:\Users\187\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Dropbox, Inc.) C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Spotify Ltd) C:\Users\187\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\187\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\187\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\187\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872720 2012-09-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-06-26] (Alcor Micro Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-07-16] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-07-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [OV3_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\FirstStart.exe [55656 2013-12-10] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1593640 2015-03-11] (Sophos Limited)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\Run: [Copy] => C:\Users\187\AppData\Roaming\Copy\CopyAgent.exe [15435920 2015-02-27] (Barracuda Networks, Inc.)
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\Run: [OV3_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe [420200 2013-12-10] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [404080 2014-06-12] (CyberGhost S.R.L.)
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\Run: [Amazon Cloud Player] => C:\Users\187\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\187\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\Run: [Facebook Update] => C:\Users\187\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-04-28] (Facebook Inc.)
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\Run: [Spotify Web Helper] => C:\Users\187\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-12] (Spotify Ltd)
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\Run: [Spotify] => C:\Users\187\AppData\Roaming\Spotify\spotify.exe [6611512 2015-03-12] (Spotify Ltd)
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\MountPoints2: {08b28a0d-d62a-11e3-bef1-3c970e5ca325} - "K:\Startme.exe" 
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\MountPoints2: {22b545ca-67c0-11e3-beb6-3c970e5ca325} - "J:\Startme.exe" 
HKU\S-1-5-18\...\Run: [Copy] => C:\Users\187\AppData\Roaming\Copy\CopyAgent.exe [15435920 2015-02-27] (Barracuda Networks, Inc.)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217672 2015-02-27] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2015-02-27] (Sophos Limited)
Startup: C:\Users\187\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\187\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\187\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\187\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\187\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\187\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\187\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\187\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\187\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\187\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SpiderOakOverlay] -> {6E1010DC-3571-45DE-9CA2-C5890119BBBE} => C:\Program Files\SpiderOak\shell_extension.dll (SpiderOak)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4017697916-1499371932-692838387-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
SearchScopes: HKU\S-1-5-21-4017697916-1499371932-692838387-1001 -> {56A7E625-FC34-47CE-B677-585B0CD702A9} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft.Search.HRSToolBar.InitToolbarBHO -> {1d970ed5-3eda-438d-bffd-715931e2775d} -> C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll [2013-05-14] (Mindjet)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-01-28] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM-x32 - Bing HRS Toolbar - {c9a6357b-25cc-4bcf-96c1-78736985d414} - C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{41C5C5D7-F46B-4FC0-9486-0E89C63BB497}: [NameServer] 134.147.32.40,134.147.222.4

FireFox:
========
FF ProfilePath: C:\Users\187\AppData\Roaming\Mozilla\Firefox\Profiles\o7bx65e2.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF NetworkProxy: "no_proxies_on", ""
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-27] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2013-06-25] (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4017697916-1499371932-692838387-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\187\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-4017697916-1499371932-692838387-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\187\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-4017697916-1499371932-692838387-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2013-08-22] (Sony Network Entertainment International LLC)
FF SearchPlugin: C:\Users\187\AppData\Roaming\Mozilla\Firefox\Profiles\o7bx65e2.default\searchplugins\duckduckgo.xml [2013-09-19]
FF Extension: Ghostery - C:\Users\187\AppData\Roaming\Mozilla\Firefox\Profiles\o7bx65e2.default\Extensions\firefox@ghostery.com.xpi [2013-09-19]
FF Extension: DuckDuckGo Plus - C:\Users\187\AppData\Roaming\Mozilla\Firefox\Profiles\o7bx65e2.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2013-09-19]
FF Extension: Private Tab - C:\Users\187\AppData\Roaming\Mozilla\Firefox\Profiles\o7bx65e2.default\Extensions\privateTab@infocatcher.xpi [2013-09-19]
FF Extension: Session Manager - C:\Users\187\AppData\Roaming\Mozilla\Firefox\Profiles\o7bx65e2.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-09-19]
FF Extension: NoScript - C:\Users\187\AppData\Roaming\Mozilla\Firefox\Profiles\o7bx65e2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-09-19]
FF Extension: DownThemAll! - C:\Users\187\AppData\Roaming\Mozilla\Firefox\Profiles\o7bx65e2.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-02-17]
FF Extension: Greasemonkey - C:\Users\187\AppData\Roaming\Mozilla\Firefox\Profiles\o7bx65e2.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-12-24]
FF Extension: Adblock Edge - C:\Users\187\AppData\Roaming\Mozilla\Firefox\Profiles\o7bx65e2.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-09-19]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-09-29]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-09-29]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-01-16]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://de.msn.com/?pc=UP21&ocid=UP21DHP&dt=042513"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\187\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-09-19]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-12-23]
CHR Extension: (NordVPN) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\akldomkejfjleegcaioaeebdmkdmfpkj [2015-02-27]
CHR Extension: (Google Docs) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-19]
CHR Extension: (Google Drive) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-19]
CHR Extension: (Please enter your password) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2013-09-19]
CHR Extension: (Brushed) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg [2013-09-19]
CHR Extension: (YouTube) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-19]
CHR Extension: (Image Downloader) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2014-09-25]
CHR Extension: (Google Search) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-19]
CHR Extension: (Screen Capture (by Google)) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg [2014-07-23]
CHR Extension: (Cloud Save) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlbemabjbfhjcccahjioenmkgimjbbkd [2013-09-19]
CHR Extension: (Tabs Plus) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\edooipcjkkbjmnogkdcahgmhbniipefp [2013-09-19]
CHR Extension: (Gmail Offline) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-09-19]
CHR Extension: (AddToAny: Share Anywhere) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffpgijchhhkhnokafdeklpllijgnbche [2013-09-19]
CHR Extension: (Annotary) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\fncckipieakpgpjifiadfiigdeanbond [2013-09-19]
CHR Extension: (HTTPS Everywhere) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2013-09-19]
CHR Extension: (AdBlock) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-19]
CHR Extension: (Send to Evernote) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnilckpgiopfcokcijkhpghppekcoafm [2013-09-19]
CHR Extension: (Easy Access for Evernote) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplhgfadohpfcokacjeaioajkbbjaamp [2013-09-19]
CHR Extension: (TweetDeck by Twitter) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2013-09-19]
CHR Extension: (SearchPreview) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo [2013-09-19]
CHR Extension: (SEO & Website Analysis) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlngmmdolgbdnnimbmblfhhndibdipaf [2013-09-19]
CHR Extension: (Google Keep - notes and lists) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-09-25]
CHR Extension: (Disconnect Search) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2013-10-08]
CHR Extension: (Snipping Tool for Evernote™ ) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmhpjbejpnnaffkpmebeagdiidibjfa [2013-09-19]
CHR Extension: (Yet Another Drag and Go) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnoonkgmmnklbdehoepdjcidhjbncjmi [2013-09-19]
CHR Extension: (Bitly 
 Unleash the power of the link) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic [2013-09-19]
CHR Extension: (DownFlickr - Flickr Downloader) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\idiemcijhbenngdhkdiipmpkafnkbkeg [2013-09-19]
CHR Extension: (Stealthy) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje [2013-09-19]
CHR Extension: (BeeLine Reader) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifjafammaookpiajfbedmacfldaiamgg [2013-10-08]
CHR Extension: (Social Fixer for Facebook) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2013-09-19]
CHR Extension: (Search the current site) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\jliolpcnkmolaaecncdfeofombdekjcp [2013-09-19]
CHR Extension: (Gestures for Google Chrome™) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk [2013-09-19]
CHR Extension: (iGraal) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhkepipobnjllejbafajoemahjejdcm [2013-09-19]
CHR Extension: (Evernote Web) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2013-09-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Mail Checker) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-09-19]
CHR Extension: (Ghostery) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-09-19]
CHR Extension: (Postponer Manager) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfblgljgoaokhbcjnddgcnaielcpjeb [2013-09-19]
CHR Extension: (Zootool for Chrome) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfgbnknfnfkhafbllpdimdefhopfckf [2013-09-19]
CHR Extension: (GetThemAll Downloader) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2014-09-25]
CHR Extension: (Save to Pocket) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-09-25]
CHR Extension: (dict-cc) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2013-09-19]
CHR Extension: (Google Wallet) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-19]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2013-09-19]
CHR Extension: (ImTranslator: Google Translate) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2014-12-23]
CHR Extension: (Buffer) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2013-09-19]
CHR Extension: (CS Nav Links) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocllggdpffecgmbehjojemifgblpjiij [2013-09-19]
CHR Extension: (Blog This!) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\pengoopmcjnbflcjbmoeodbmoflcgjlk [2013-09-19]
CHR Extension: (Postponer Adder) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\pggmlienkcoenodbjpkbidlmmedgonai [2013-09-19]
CHR Extension: (Citavi Picker) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\piehhloihgjjiomhieeddiidpekaajio [2014-01-16]
CHR Extension: (Evernote Web Clipper) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-09-19]
CHR Extension: (Gmail) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-19]
CHR Extension: (AVG PrivacyFix) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbdbkdcni [2013-09-19]
CHR HKLM-x32\...\Chrome\Extension: [piehhloihgjjiomhieeddiidpekaajio] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Chrome\ChromePicker.crx [2014-01-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Corporate.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [814344 2009-12-19] (ABBYY)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 btwdins; c:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953720 2012-07-29] (Broadcom Corporation.)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [56592 2010-10-08] ()
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [906024 2013-11-27] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-11-13] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [555304 2013-11-27] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [957712 2010-10-08] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [697616 2010-10-08] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2014-04-14] (The OpenVPN Project)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-30] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2014-12-22] (Sophos Limited)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2013-05-23] (Sony Corporation) [File not signed]
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [340776 2015-03-11] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2014-12-22] (Sophos Limited)
R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [300840 2015-02-27] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3274536 2015-02-27] (Sophos Limited)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-10-30] (Disc Soft Ltd)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2013-11-13] (AnchorFree Inc.)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [161024 2014-12-22] (Sophos Limited)
S3 sdcfilter; C:\Windows\system32\DRIVERS\sdcfilter.sys [38144 2014-05-30] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [27904 2014-05-30] (Sophos Limited)
R1 swi_callout; C:\Windows\system32\DRIVERS\swi_callout.sys [32512 2015-03-11] (Sophos Limited)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-13 20:50 - 2015-03-13 20:54 - 00000000 ____D () C:\FRST
2015-03-12 23:05 - 2015-03-04 22:24 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-12 23:05 - 2015-03-04 22:24 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-12 21:10 - 2014-04-14 04:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2015-03-12 20:45 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-03-12 20:45 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-03-12 20:32 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-12 20:32 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-12 20:32 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-12 20:32 - 2015-02-21 01:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-12 20:32 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-12 20:32 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-12 20:32 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-12 20:32 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-12 20:32 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-12 20:32 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-12 20:32 - 2015-02-20 03:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-12 20:32 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-12 20:32 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-12 20:32 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-12 20:32 - 2015-02-20 03:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-12 20:32 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-12 20:32 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-12 20:32 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-12 20:32 - 2015-02-20 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-12 20:32 - 2015-02-20 02:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-12 20:32 - 2015-02-20 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-12 20:32 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-12 20:32 - 2015-02-20 02:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-12 20:32 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-12 20:32 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-12 20:32 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-12 20:32 - 2015-02-20 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-12 20:32 - 2015-02-20 02:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-12 20:32 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-12 20:32 - 2015-02-20 02:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-12 20:32 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-12 20:32 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-12 20:32 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-12 20:32 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-12 20:32 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-12 20:32 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-12 20:32 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-12 20:32 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-03-12 20:32 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-03-12 20:32 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-03-12 20:32 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-03-12 20:32 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-03-12 20:32 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-03-12 20:32 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2015-03-12 20:32 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2015-03-12 20:32 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-03-12 20:32 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-03-12 20:32 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2015-03-12 20:32 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2015-03-12 20:32 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2015-03-12 20:32 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2015-03-12 20:32 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2015-03-12 20:32 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2015-03-12 20:32 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-03-12 20:32 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-03-12 20:32 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-03-12 20:32 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2015-03-12 20:32 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2015-03-12 20:32 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2015-03-12 20:32 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2015-03-12 20:32 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2015-03-12 20:32 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-03-12 20:32 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2015-03-12 20:32 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-03-12 20:32 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2015-03-12 20:32 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2015-03-12 20:32 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-03-12 20:32 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2015-03-12 20:32 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-12 20:32 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2015-03-12 20:32 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2015-03-12 20:32 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-03-12 20:32 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-03-12 20:32 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2015-03-12 20:32 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2015-03-12 20:32 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-03-12 20:32 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2015-03-12 20:31 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2015-03-12 20:31 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2015-03-12 20:31 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2015-03-12 20:31 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2015-03-12 20:31 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-03-12 20:31 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2015-03-12 20:31 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-03-12 20:31 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2015-03-12 20:31 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2015-03-12 20:31 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2015-03-12 20:31 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2015-03-12 20:31 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2015-03-12 20:31 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2015-03-12 20:31 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2015-03-12 20:31 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2015-03-12 20:20 - 2015-01-23 08:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-12 20:20 - 2015-01-23 06:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-12 20:11 - 2015-02-12 18:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-12 20:11 - 2015-02-12 18:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-12 20:09 - 2015-02-04 00:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-12 20:09 - 2015-02-04 00:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-12 20:09 - 2015-02-04 00:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-12 20:09 - 2015-02-03 00:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-12 20:09 - 2015-02-03 00:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-12 20:06 - 2015-01-28 16:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-12 20:06 - 2015-01-28 16:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-12 20:06 - 2015-01-28 16:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-12 20:06 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-03-12 20:06 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-03-12 20:06 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-03-12 20:06 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-03-12 20:06 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-03-12 20:06 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-03-12 20:06 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-03-12 20:06 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-03-12 20:05 - 2015-02-03 01:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-12 20:05 - 2015-02-03 01:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-12 20:05 - 2015-01-30 03:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-12 20:05 - 2015-01-30 03:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-12 20:05 - 2015-01-30 02:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-12 20:05 - 2015-01-30 02:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-12 20:05 - 2015-01-30 02:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-12 20:05 - 2014-10-29 02:28 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll
2015-03-12 20:04 - 2015-01-29 02:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-12 20:04 - 2015-01-29 02:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-12 20:04 - 2015-01-29 01:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-12 20:04 - 2015-01-29 01:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-12 20:04 - 2014-10-29 03:34 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2015-03-12 20:04 - 2014-10-29 03:34 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2015-03-12 20:04 - 2014-10-29 02:13 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-03-12 20:04 - 2014-10-29 01:55 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-03-12 20:03 - 2015-02-06 02:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-03-12 20:03 - 2015-02-06 02:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-12 20:02 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-03-12 20:01 - 2015-01-29 02:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-12 20:01 - 2015-01-29 02:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-12 20:01 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-03-12 20:01 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-03-12 20:01 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-03-12 20:01 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-03-12 20:01 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-03-12 20:01 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-03-12 20:01 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-03-12 20:01 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-03-12 20:01 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-03-12 20:01 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-03-12 20:01 - 2014-10-29 03:43 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.exe
2015-03-12 20:01 - 2014-10-29 03:34 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-03-12 20:01 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-03-12 20:01 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-03-12 20:01 - 2014-10-29 03:04 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll
2015-03-12 20:01 - 2014-10-29 02:58 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.exe
2015-03-12 20:01 - 2014-10-29 02:52 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2015-03-12 20:01 - 2014-10-29 02:51 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-03-12 20:01 - 2014-10-29 02:45 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2015-03-12 20:01 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-03-12 20:01 - 2014-10-29 02:28 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll
2015-03-12 20:01 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-03-12 20:01 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-03-12 20:01 - 2014-10-29 02:20 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-03-12 20:01 - 2014-10-29 02:15 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2015-03-12 20:01 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-03-12 20:01 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-03-12 20:01 - 2014-10-29 01:55 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2015-03-12 20:01 - 2014-10-29 01:44 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2015-03-12 20:01 - 2014-10-29 01:41 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2015-03-12 20:01 - 2014-10-29 01:35 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2015-03-12 20:00 - 2015-03-06 03:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-12 20:00 - 2015-03-06 03:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-12 20:00 - 2015-01-31 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-03-12 20:00 - 2015-01-31 00:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-12 20:00 - 2015-01-30 04:01 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-12 20:00 - 2015-01-30 04:00 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-03-12 20:00 - 2015-01-29 19:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-12 20:00 - 2015-01-29 19:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-12 20:00 - 2014-10-29 03:46 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2015-03-12 20:00 - 2014-10-29 03:46 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2015-03-12 20:00 - 2014-10-29 03:45 - 01198080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-03-12 20:00 - 2014-10-29 03:03 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsquirt.exe
2015-03-12 19:59 - 2015-02-26 00:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-12 19:59 - 2015-02-05 21:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-12 19:59 - 2015-01-29 02:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-12 19:59 - 2015-01-29 02:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-12 19:59 - 2015-01-29 01:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-12 19:59 - 2015-01-29 01:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-03-12 19:59 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-03-12 19:59 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-03-12 19:59 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-03-12 19:59 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-03-12 19:59 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-03-12 19:59 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-03-12 19:59 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-03-12 19:59 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-03-12 19:59 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-03-12 19:59 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-03-12 19:59 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-03-12 19:59 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-03-12 19:59 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-03-12 19:59 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-03-12 19:59 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-03-12 19:59 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-03-12 19:59 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-03-12 19:59 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-03-12 19:59 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-03-12 19:59 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-03-12 19:59 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-03-12 19:59 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-03-12 19:59 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-03-12 19:58 - 2015-02-20 04:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-12 19:58 - 2015-02-20 03:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-12 19:58 - 2015-02-20 03:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-12 19:58 - 2015-02-20 03:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-12 19:58 - 2015-02-07 00:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-12 19:58 - 2015-01-27 04:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-03-12 19:58 - 2015-01-24 02:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-03-12 19:58 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-03-12 19:58 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-03-12 19:58 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-03-12 19:58 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-03-12 19:58 - 2014-10-29 03:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-03-12 19:58 - 2014-10-29 03:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-03-12 19:58 - 2014-10-29 03:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-03-12 19:58 - 2014-10-29 03:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-03-12 19:58 - 2014-10-29 03:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-03-12 19:58 - 2014-10-29 03:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-03-12 19:57 - 2015-01-30 03:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-12 19:57 - 2015-01-30 02:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-12 19:57 - 2015-01-30 02:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-12 19:57 - 2015-01-30 02:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-12 19:57 - 2015-01-30 02:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-12 19:57 - 2015-01-30 02:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-12 19:57 - 2015-01-30 02:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-12 19:57 - 2015-01-30 02:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-12 19:57 - 2015-01-28 03:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-12 19:57 - 2015-01-28 02:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-12 19:57 - 2015-01-28 00:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-12 19:57 - 2015-01-28 00:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-12 19:57 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-03-12 19:57 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-03-12 19:57 - 2014-10-29 02:19 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll
2015-03-12 19:57 - 2014-10-29 01:59 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll
2015-03-12 19:56 - 2015-02-08 00:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-12 19:56 - 2015-02-08 00:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-12 19:56 - 2015-01-31 00:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-12 19:56 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-12 19:56 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-12 19:56 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-12 19:56 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-12 19:56 - 2015-01-21 06:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-12 19:56 - 2015-01-21 06:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-12 19:56 - 2014-12-11 06:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-12 19:56 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-03-12 19:56 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-03-12 19:56 - 2014-10-29 04:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-03-12 19:56 - 2014-10-29 03:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-03-12 19:56 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-03-12 19:56 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-03-11 19:41 - 2015-03-13 20:13 - 00000000 ____D () C:\Users\187\AppData\Roaming\Spotify
2015-03-11 19:41 - 2015-03-13 18:03 - 00000000 ____D () C:\Users\187\AppData\Local\Spotify
2015-03-11 19:41 - 2015-03-11 19:41 - 00001814 _____ () C:\Users\187\Desktop\Spotify.lnk
2015-03-11 19:41 - 2015-03-11 19:41 - 00001800 _____ () C:\Users\187\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-03-11 09:28 - 2015-03-11 09:23 - 00032512 _____ (Sophos Limited) C:\WINDOWS\system32\Drivers\swi_callout.sys
2015-02-28 00:08 - 2014-08-16 01:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2015-02-28 00:08 - 2014-08-16 01:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-02-28 00:07 - 2014-08-16 05:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2015-02-28 00:07 - 2014-08-16 04:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-02-28 00:07 - 2014-08-16 04:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2015-02-28 00:07 - 2014-08-16 02:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-02-28 00:07 - 2014-08-16 02:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2015-02-28 00:07 - 2014-08-16 01:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-02-28 00:07 - 2014-08-16 01:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2015-02-28 00:07 - 2014-08-16 01:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2015-02-28 00:07 - 2014-08-16 01:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-02-28 00:07 - 2014-08-16 01:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2015-02-28 00:07 - 2014-08-16 01:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2015-02-28 00:07 - 2014-08-16 01:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2015-02-28 00:07 - 2014-08-16 01:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2015-02-28 00:07 - 2014-08-16 01:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-02-28 00:07 - 2014-08-16 01:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-02-28 00:07 - 2014-08-16 01:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2015-02-28 00:07 - 2014-08-16 01:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-02-28 00:07 - 2014-08-16 01:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-02-28 00:07 - 2014-08-16 01:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2015-02-28 00:07 - 2014-08-16 01:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-02-28 00:07 - 2014-08-16 01:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2015-02-28 00:07 - 2014-08-16 01:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-02-28 00:07 - 2014-07-24 16:28 - 00468288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-02-28 00:07 - 2014-07-24 12:41 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2015-02-28 00:07 - 2014-07-24 11:09 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-02-28 00:07 - 2014-07-24 10:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-02-28 00:05 - 2014-03-18 06:00 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-02-28 00:05 - 2014-03-18 05:52 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-02-28 00:04 - 2014-03-30 23:54 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2015-02-28 00:03 - 2014-04-18 15:57 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2015-02-28 00:03 - 2014-04-18 10:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2015-02-28 00:03 - 2014-04-14 10:20 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-02-28 00:03 - 2014-04-14 09:01 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-02-28 00:03 - 2014-04-11 05:51 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2015-02-28 00:03 - 2014-04-11 05:23 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2015-02-28 00:03 - 2014-04-11 04:30 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2015-02-28 00:03 - 2014-04-09 12:53 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2015-02-28 00:03 - 2014-04-09 07:39 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2015-02-28 00:03 - 2014-04-09 06:44 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2015-02-28 00:03 - 2014-04-09 04:33 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2015-02-28 00:03 - 2014-04-08 03:01 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2015-02-28 00:03 - 2014-04-06 17:34 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-02-28 00:03 - 2014-04-06 17:34 - 00275800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2015-02-28 00:03 - 2014-04-06 17:32 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2015-02-28 00:03 - 2014-04-06 17:30 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2015-02-28 00:03 - 2014-04-06 17:24 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2015-02-28 00:03 - 2014-04-06 17:20 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-02-28 00:03 - 2014-04-06 17:20 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-02-28 00:03 - 2014-04-06 17:20 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-02-28 00:03 - 2014-04-06 17:20 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-02-28 00:03 - 2014-04-06 17:20 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-02-28 00:03 - 2014-04-06 17:20 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-02-28 00:03 - 2014-04-06 16:23 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2015-02-28 00:03 - 2014-04-06 16:22 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2015-02-28 00:03 - 2014-04-06 16:16 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-02-28 00:03 - 2014-04-06 16:16 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-02-28 00:03 - 2014-04-06 16:16 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-02-28 00:03 - 2014-04-06 16:16 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-02-28 00:03 - 2014-04-06 16:16 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-02-28 00:03 - 2014-04-06 13:33 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-02-28 00:03 - 2014-04-06 11:51 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-02-28 00:03 - 2014-04-06 11:36 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-02-28 00:03 - 2014-04-06 11:05 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2015-02-28 00:03 - 2014-04-06 10:59 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2015-02-28 00:03 - 2014-04-03 09:12 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2015-02-28 00:03 - 2014-04-03 05:03 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2015-02-28 00:03 - 2014-04-03 05:03 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2015-02-28 00:03 - 2014-04-03 03:53 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2015-02-28 00:03 - 2014-04-03 03:51 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-02-28 00:03 - 2014-04-01 07:23 - 00384856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2015-02-28 00:03 - 2014-03-28 16:58 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-02-28 00:03 - 2014-03-27 07:16 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2015-02-28 00:03 - 2014-03-27 06:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2015-02-28 00:03 - 2014-03-27 05:59 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2015-02-28 00:03 - 2014-03-27 05:19 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2015-02-28 00:03 - 2014-03-27 04:46 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2015-02-28 00:03 - 2014-03-27 04:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2015-02-28 00:03 - 2014-03-27 04:10 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2015-02-28 00:03 - 2014-03-20 04:48 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-02-28 00:03 - 2014-03-19 09:07 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2015-02-28 00:03 - 2014-03-18 09:19 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-02-28 00:03 - 2014-03-17 06:09 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2015-02-28 00:03 - 2014-03-17 05:11 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2015-02-28 00:03 - 2014-03-17 04:01 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-02-28 00:03 - 2014-03-17 03:45 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-02-28 00:03 - 2014-03-14 07:26 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-02-28 00:03 - 2014-03-14 07:10 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-02-28 00:03 - 2014-03-06 13:42 - 00310616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2015-02-28 00:02 - 2014-04-06 17:20 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-02-28 00:02 - 2014-04-06 13:58 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2015-02-28 00:02 - 2014-04-06 13:51 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2015-02-28 00:02 - 2014-04-06 13:24 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2015-02-28 00:02 - 2014-04-06 13:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
2015-02-28 00:02 - 2014-04-06 12:26 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2015-02-28 00:02 - 2014-04-03 09:12 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2015-02-28 00:02 - 2014-04-03 03:23 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll
2015-02-28 00:02 - 2014-04-03 03:22 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2015-02-28 00:02 - 2014-03-31 01:01 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2015-02-28 00:02 - 2014-03-31 00:43 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2015-02-28 00:02 - 2014-03-30 23:49 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2015-02-28 00:02 - 2014-03-30 23:35 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2015-02-28 00:02 - 2014-03-27 05:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2015-02-28 00:02 - 2014-03-19 09:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2015-02-28 00:02 - 2014-03-19 08:24 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2015-02-28 00:02 - 2014-03-19 08:17 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2015-02-28 00:02 - 2014-03-19 06:45 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2015-02-28 00:02 - 2014-03-19 06:19 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2015-02-28 00:02 - 2014-03-19 06:07 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2015-02-28 00:02 - 2014-03-19 06:02 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-02-28 00:02 - 2014-03-19 06:00 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2015-02-28 00:02 - 2014-03-19 05:51 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2015-02-28 00:02 - 2014-03-19 05:31 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-02-28 00:00 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-02-28 00:00 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-02-28 00:00 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-02-28 00:00 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-02-28 00:00 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-02-28 00:00 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-02-28 00:00 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-02-27 23:59 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-02-27 23:59 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-02-27 23:59 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2015-02-27 23:59 - 2014-08-31 01:17 - 00148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2015-02-27 23:59 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2015-02-27 23:59 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2015-02-27 23:59 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2015-02-27 23:59 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-02-27 23:59 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2015-02-27 23:59 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2015-02-27 23:59 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-02-27 23:59 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-02-27 23:51 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-02-27 23:51 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-02-27 23:51 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-02-27 23:51 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2015-02-27 23:51 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2015-02-27 23:51 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2015-02-27 23:49 - 2014-05-13 08:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2015-02-27 23:49 - 2014-05-03 06:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-02-27 23:49 - 2014-05-03 06:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2015-02-27 23:49 - 2014-05-03 06:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2015-02-27 23:49 - 2014-05-03 06:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2015-02-27 23:49 - 2014-05-03 05:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2015-02-27 23:49 - 2014-05-03 05:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2015-02-27 23:49 - 2014-05-03 05:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2015-02-27 23:49 - 2014-05-03 00:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2015-02-27 23:49 - 2014-04-30 07:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2015-02-27 23:49 - 2014-04-30 07:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-02-27 23:49 - 2014-04-30 07:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2015-02-27 23:49 - 2014-04-30 07:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2015-02-27 23:49 - 2014-04-30 06:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2015-02-27 23:49 - 2014-04-30 05:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2015-02-27 23:49 - 2014-04-30 05:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2015-02-27 23:49 - 2014-04-30 05:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2015-02-27 23:49 - 2014-04-30 05:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2015-02-27 23:49 - 2014-04-30 05:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2015-02-27 23:49 - 2014-04-30 05:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-02-27 23:49 - 2014-04-30 04:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-02-27 23:49 - 2014-04-30 04:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2015-02-27 23:49 - 2014-04-30 04:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2015-02-27 23:49 - 2014-04-30 04:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2015-02-27 23:49 - 2014-04-30 04:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2015-02-27 23:49 - 2014-04-30 04:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2015-02-27 23:49 - 2014-04-28 23:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-02-27 23:49 - 2014-04-26 23:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-02-27 23:49 - 2014-04-26 21:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-02-27 23:49 - 2014-04-26 17:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2015-02-27 23:49 - 2014-04-14 10:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2015-02-27 23:49 - 2014-04-14 09:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2015-02-27 23:49 - 2014-04-14 06:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2015-02-27 23:49 - 2014-04-09 07:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-02-27 23:49 - 2014-04-09 06:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-02-27 23:47 - 2014-06-16 23:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2015-02-27 23:47 - 2014-06-16 23:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2015-02-27 23:44 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-02-27 23:44 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-02-27 23:44 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-02-27 23:43 - 2014-05-31 11:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-02-27 23:43 - 2014-05-31 11:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-02-27 23:43 - 2014-05-31 04:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-02-27 23:43 - 2014-05-31 04:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-02-27 23:43 - 2014-05-31 03:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-02-27 23:43 - 2014-05-31 03:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-02-27 23:43 - 2014-05-31 03:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-02-27 23:43 - 2014-05-31 03:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-02-27 23:43 - 2014-05-31 03:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-02-27 23:43 - 2014-04-11 09:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-02-27 23:43 - 2014-04-11 07:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-02-27 23:43 - 2014-04-11 06:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-02-27 23:42 - 2014-08-23 07:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2015-02-27 23:42 - 2014-08-23 06:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2015-02-27 23:42 - 2014-08-23 05:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2015-02-27 23:41 - 2014-03-13 08:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2015-02-27 23:41 - 2014-03-13 07:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2015-02-27 23:40 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-02-27 23:40 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-02-27 23:40 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-02-27 23:40 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-02-27 23:40 - 2014-08-15 01:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2015-02-27 23:40 - 2014-07-30 02:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-02-27 23:40 - 2014-07-29 06:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2015-02-27 23:39 - 2014-05-30 04:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-02-27 23:35 - 2014-06-05 15:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2015-02-27 23:35 - 2014-06-05 14:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2015-02-27 23:35 - 2014-06-02 03:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2015-02-27 23:35 - 2014-05-31 11:07 - 00440664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-02-27 23:35 - 2014-05-31 11:07 - 00419672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-02-27 23:35 - 2014-05-31 11:07 - 00089944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-02-27 23:35 - 2014-05-31 11:07 - 00027480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-02-27 23:35 - 2014-05-31 07:30 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-02-27 23:35 - 2014-05-31 07:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2015-02-27 23:35 - 2014-05-31 07:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2015-02-27 23:35 - 2014-05-31 05:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2015-02-27 23:35 - 2014-05-31 05:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2015-02-27 23:35 - 2014-05-31 05:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2015-02-27 23:35 - 2014-05-27 10:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2015-02-27 23:35 - 2014-05-27 10:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2015-02-27 23:35 - 2014-05-17 05:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-02-27 23:35 - 2014-05-17 05:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-02-27 23:33 - 2014-08-07 03:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-02-27 23:33 - 2014-08-02 04:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-02-27 23:33 - 2014-04-11 03:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-02-27 23:32 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-02-27 23:32 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-02-27 23:32 - 2014-04-11 04:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-02-27 23:32 - 2014-04-11 04:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-02-27 23:32 - 2014-04-11 04:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-02-27 23:32 - 2014-04-11 04:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-02-27 23:32 - 2014-04-11 03:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-02-27 23:32 - 2014-04-11 03:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-02-27 23:28 - 2014-06-13 02:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-02-27 23:28 - 2014-06-13 02:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-02-27 23:28 - 2014-06-13 01:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2015-02-27 23:26 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2015-02-27 23:26 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2015-02-27 23:26 - 2014-07-15 19:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2015-02-27 23:26 - 2014-07-15 09:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2015-02-27 23:26 - 2014-07-15 09:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2015-02-27 23:26 - 2014-07-15 09:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2015-02-27 23:26 - 2014-05-31 07:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-02-27 23:26 - 2014-05-19 07:31 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2015-02-27 23:26 - 2014-05-19 07:21 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2015-02-27 23:26 - 2014-05-19 06:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe
2015-02-27 23:26 - 2014-04-30 05:43 - 01975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-02-27 23:26 - 2014-04-30 05:26 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-02-27 23:26 - 2014-04-30 04:47 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-02-27 23:24 - 2014-08-02 01:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-02-27 23:24 - 2014-06-20 02:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-02-27 23:24 - 2014-06-20 00:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-02-27 23:23 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-02-27 23:23 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-02-27 23:23 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-02-27 23:23 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2015-02-27 23:23 - 2014-04-08 23:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2015-02-27 23:23 - 2014-04-08 23:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2015-02-27 23:23 - 2014-04-08 19:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2015-02-27 23:23 - 2014-04-08 19:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2015-02-27 23:21 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2015-02-27 23:21 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2015-02-27 23:20 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-02-27 23:20 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-02-27 23:19 - 2014-05-01 14:31 - 00055328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-02-27 23:19 - 2014-05-01 06:24 - 02834944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2015-02-27 23:16 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-02-27 23:16 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-02-27 23:16 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-02-27 23:16 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-02-27 23:16 - 2014-07-12 05:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-02-27 23:16 - 2014-06-06 14:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2015-02-27 23:16 - 2014-06-06 13:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2015-02-17 15:26 - 2015-02-17 15:26 - 01217184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FM20.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-13 20:36 - 2013-11-26 16:56 - 00000000 ____D () C:\Users\187\AppData\Roaming\Copy
2015-03-13 20:16 - 2014-02-05 21:12 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-13 20:04 - 2013-09-19 15:08 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-13 20:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-13 19:26 - 2013-10-18 08:46 - 01973155 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-13 19:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-13 19:10 - 2014-04-28 21:05 - 00000938 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4017697916-1499371932-692838387-1001UA.job
2015-03-13 18:04 - 2013-09-30 05:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-13 18:04 - 2013-09-30 04:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-13 18:04 - 2013-09-30 04:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-12 23:08 - 2013-09-19 15:08 - 00000000 ____D () C:\Users\187\AppData\Roaming\Dropbox
2015-03-12 23:06 - 2013-09-19 15:08 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-12 23:03 - 2013-08-22 15:46 - 00033508 _____ () C:\WINDOWS\setupact.log
2015-03-12 23:03 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-12 23:03 - 2013-08-22 15:44 - 00476672 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-12 23:02 - 2013-09-29 20:04 - 00065594 _____ () C:\WINDOWS\PFRO.log
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 22:56 - 2013-09-30 04:59 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-12 22:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-12 22:56 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-03-12 22:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-03-12 22:10 - 2014-04-28 21:05 - 00000916 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4017697916-1499371932-692838387-1001Core.job
2015-03-12 22:05 - 2013-09-19 14:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 22:05 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-12 22:01 - 2012-07-26 06:26 - 00000223 _____ () C:\WINDOWS\win.ini
2015-03-12 21:04 - 2013-09-20 10:11 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-12 10:13 - 2013-09-20 11:43 - 00000000 ____D () C:\Users\187\AppData\Roaming\SpiderOak
2015-03-12 10:12 - 2013-09-19 23:08 - 00000000 ____D () C:\Users\187\AppData\Roaming\Apple Computer
2015-03-11 20:20 - 2013-09-19 13:13 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4017697916-1499371932-692838387-1001
2015-03-11 19:40 - 2013-10-22 17:29 - 00000000 _____ () C:\WINDOWS\system32\vireng.log
2015-03-11 19:23 - 2013-10-18 08:30 - 00000000 ____D () C:\Users\187
2015-03-11 12:14 - 2013-09-19 18:35 - 00000000 ____D () C:\Users\187\AppData\Roaming\vlc
2015-03-11 12:12 - 2013-12-17 12:22 - 00001093 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-11 09:15 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-27 23:59 - 2013-09-24 23:23 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-02-27 23:51 - 2014-02-05 21:12 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-27 23:50 - 2014-12-22 11:23 - 18129584 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-02-27 23:31 - 2014-04-15 15:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2015-02-27 23:12 - 2013-09-19 15:10 - 00000000 ____D () C:\Users\187\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-27 23:07 - 2014-02-21 01:59 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-02-27 23:07 - 2014-02-21 01:59 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-02-27 23:07 - 2014-02-21 01:59 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2015-02-27 23:00 - 2013-09-19 15:08 - 00004108 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-27 22:59 - 2013-09-19 15:08 - 00003872 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-27 22:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-26 21:14 - 2013-06-10 17:39 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2013-09-20 11:38 - 2014-05-10 07:44 - 0000976 _____ () C:\Users\187\AppData\Local\7F68A003.il
2013-09-20 11:38 - 2014-05-10 07:44 - 0000280 _____ () C:\Users\187\AppData\Local\IndexIE_7F68A003.il
2014-05-12 10:05 - 2014-05-12 10:05 - 0005886 _____ () C:\Users\187\AppData\Local\recently-used.xbel
2014-12-23 22:47 - 2014-12-23 22:47 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-07-16 10:21 - 2013-07-16 10:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\187\AppData\Local\Temp\7z.dll
C:\Users\187\AppData\Local\Temp\7z.exe
C:\Users\187\AppData\Local\Temp\COMAP.EXE
C:\Users\187\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjbeqog.dll
C:\Users\187\AppData\Local\Temp\dtkill.exe
C:\Users\187\AppData\Local\Temp\Executor.exe
C:\Users\187\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\187\AppData\Local\Temp\tester.dllC:\Users\187\AppData\Local\Temp\vcredist_x86-2010.exe
C:\Users\187\AppData\Local\Temp\vcredist_x86-2012.exe
C:\Users\187\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\187\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\187\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\187\AppData\Local\Temp\vlc-2.1.5-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-13 18:13

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 13.03.2015, 20:14   #2
M-K-D-B
/// TB-Ausbilder
 
Notebook Win8 - Befall mit Keylogger Wolfeye? - Standard

Notebook Win8 - Befall mit Keylogger Wolfeye?






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!


Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Zur ersten Analyse bitte FRST ausführen:


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 13.03.2015, 20:17   #3
LenovoRetten
 
Notebook Win8 - Befall mit Keylogger Wolfeye? - Standard

FRST Log



FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by 187 (administrator) on 187-G580 on 13-03-2015 20:54:00
Running from D:\Downloads
Loaded Profiles: 187 (Available profiles: 187)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
(Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Barracuda Networks, Inc.) C:\Users\187\AppData\Roaming\Copy\CopyAgent.exe
() C:\Users\187\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
() C:\Users\187\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Spotify Ltd) C:\Users\187\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Dropbox, Inc.) C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Spotify Ltd) C:\Users\187\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\187\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\187\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\187\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872720 2012-09-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-06-26] (Alcor Micro Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-07-16] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-07-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [OV3_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\FirstStart.exe [55656 2013-12-10] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1593640 2015-03-11] (Sophos Limited)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\Run: [Copy] => C:\Users\187\AppData\Roaming\Copy\CopyAgent.exe [15435920 2015-02-27] (Barracuda Networks, Inc.)
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\Run: [OV3_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 3\OV3Monitor.exe [420200 2013-12-10] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [404080 2014-06-12] (CyberGhost S.R.L.)
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\Run: [Amazon Cloud Player] => C:\Users\187\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\187\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\Run: [Facebook Update] => C:\Users\187\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-04-28] (Facebook Inc.)
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\Run: [Spotify Web Helper] => C:\Users\187\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-12] (Spotify Ltd)
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\Run: [Spotify] => C:\Users\187\AppData\Roaming\Spotify\spotify.exe [6611512 2015-03-12] (Spotify Ltd)
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\MountPoints2: {08b28a0d-d62a-11e3-bef1-3c970e5ca325} - "K:\Startme.exe" 
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\MountPoints2: {22b545ca-67c0-11e3-beb6-3c970e5ca325} - "J:\Startme.exe" 
HKU\S-1-5-18\...\Run: [Copy] => C:\Users\187\AppData\Roaming\Copy\CopyAgent.exe [15435920 2015-02-27] (Barracuda Networks, Inc.)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217672 2015-02-27] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2015-02-27] (Sophos Limited)
Startup: C:\Users\187\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\187\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\187\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\187\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\187\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\187\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\187\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\187\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\187\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\187\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SpiderOakOverlay] -> {6E1010DC-3571-45DE-9CA2-C5890119BBBE} => C:\Program Files\SpiderOak\shell_extension.dll (SpiderOak)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4017697916-1499371932-692838387-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
SearchScopes: HKU\S-1-5-21-4017697916-1499371932-692838387-1001 -> {56A7E625-FC34-47CE-B677-585B0CD702A9} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft.Search.HRSToolBar.InitToolbarBHO -> {1d970ed5-3eda-438d-bffd-715931e2775d} -> C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll [2013-05-14] (Mindjet)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-01-28] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM-x32 - Bing HRS Toolbar - {c9a6357b-25cc-4bcf-96c1-78736985d414} - C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{41C5C5D7-F46B-4FC0-9486-0E89C63BB497}: [NameServer] 134.147.32.40,134.147.222.4

FireFox:
========
FF ProfilePath: C:\Users\187\AppData\Roaming\Mozilla\Firefox\Profiles\o7bx65e2.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF NetworkProxy: "no_proxies_on", ""
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-27] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2013-06-25] (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4017697916-1499371932-692838387-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\187\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-4017697916-1499371932-692838387-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\187\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-4017697916-1499371932-692838387-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2013-08-22] (Sony Network Entertainment International LLC)
FF SearchPlugin: C:\Users\187\AppData\Roaming\Mozilla\Firefox\Profiles\o7bx65e2.default\searchplugins\duckduckgo.xml [2013-09-19]
FF Extension: Ghostery - C:\Users\187\AppData\Roaming\Mozilla\Firefox\Profiles\o7bx65e2.default\Extensions\firefox@ghostery.com.xpi [2013-09-19]
FF Extension: DuckDuckGo Plus - C:\Users\187\AppData\Roaming\Mozilla\Firefox\Profiles\o7bx65e2.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2013-09-19]
FF Extension: Private Tab - C:\Users\187\AppData\Roaming\Mozilla\Firefox\Profiles\o7bx65e2.default\Extensions\privateTab@infocatcher.xpi [2013-09-19]
FF Extension: Session Manager - C:\Users\187\AppData\Roaming\Mozilla\Firefox\Profiles\o7bx65e2.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-09-19]
FF Extension: NoScript - C:\Users\187\AppData\Roaming\Mozilla\Firefox\Profiles\o7bx65e2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-09-19]
FF Extension: DownThemAll! - C:\Users\187\AppData\Roaming\Mozilla\Firefox\Profiles\o7bx65e2.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-02-17]
FF Extension: Greasemonkey - C:\Users\187\AppData\Roaming\Mozilla\Firefox\Profiles\o7bx65e2.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-12-24]
FF Extension: Adblock Edge - C:\Users\187\AppData\Roaming\Mozilla\Firefox\Profiles\o7bx65e2.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-09-19]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-09-29]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-09-29]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-01-16]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://de.msn.com/?pc=UP21&ocid=UP21DHP&dt=042513"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\187\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-09-19]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-12-23]
CHR Extension: (NordVPN) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\akldomkejfjleegcaioaeebdmkdmfpkj [2015-02-27]
CHR Extension: (Google Docs) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-19]
CHR Extension: (Google Drive) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-19]
CHR Extension: (Please enter your password) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2013-09-19]
CHR Extension: (Brushed) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg [2013-09-19]
CHR Extension: (YouTube) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-19]
CHR Extension: (Image Downloader) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2014-09-25]
CHR Extension: (Google Search) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-19]
CHR Extension: (Screen Capture (by Google)) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg [2014-07-23]
CHR Extension: (Cloud Save) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlbemabjbfhjcccahjioenmkgimjbbkd [2013-09-19]
CHR Extension: (Tabs Plus) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\edooipcjkkbjmnogkdcahgmhbniipefp [2013-09-19]
CHR Extension: (Gmail Offline) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-09-19]
CHR Extension: (AddToAny: Share Anywhere) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffpgijchhhkhnokafdeklpllijgnbche [2013-09-19]
CHR Extension: (Annotary) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\fncckipieakpgpjifiadfiigdeanbond [2013-09-19]
CHR Extension: (HTTPS Everywhere) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2013-09-19]
CHR Extension: (AdBlock) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-19]
CHR Extension: (Send to Evernote) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnilckpgiopfcokcijkhpghppekcoafm [2013-09-19]
CHR Extension: (Easy Access for Evernote) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplhgfadohpfcokacjeaioajkbbjaamp [2013-09-19]
CHR Extension: (TweetDeck by Twitter) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2013-09-19]
CHR Extension: (SearchPreview) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo [2013-09-19]
CHR Extension: (SEO & Website Analysis) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlngmmdolgbdnnimbmblfhhndibdipaf [2013-09-19]
CHR Extension: (Google Keep - notes and lists) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-09-25]
CHR Extension: (Disconnect Search) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2013-10-08]
CHR Extension: (Snipping Tool for Evernote™ ) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmhpjbejpnnaffkpmebeagdiidibjfa [2013-09-19]
CHR Extension: (Yet Another Drag and Go) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnoonkgmmnklbdehoepdjcidhjbncjmi [2013-09-19]
CHR Extension: (Bitly 
 Unleash the power of the link) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic [2013-09-19]
CHR Extension: (DownFlickr - Flickr Downloader) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\idiemcijhbenngdhkdiipmpkafnkbkeg [2013-09-19]
CHR Extension: (Stealthy) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje [2013-09-19]
CHR Extension: (BeeLine Reader) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifjafammaookpiajfbedmacfldaiamgg [2013-10-08]
CHR Extension: (Social Fixer for Facebook) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2013-09-19]
CHR Extension: (Search the current site) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\jliolpcnkmolaaecncdfeofombdekjcp [2013-09-19]
CHR Extension: (Gestures for Google Chrome™) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk [2013-09-19]
CHR Extension: (iGraal) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhkepipobnjllejbafajoemahjejdcm [2013-09-19]
CHR Extension: (Evernote Web) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2013-09-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Mail Checker) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-09-19]
CHR Extension: (Ghostery) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-09-19]
CHR Extension: (Postponer Manager) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfblgljgoaokhbcjnddgcnaielcpjeb [2013-09-19]
CHR Extension: (Zootool for Chrome) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfgbnknfnfkhafbllpdimdefhopfckf [2013-09-19]
CHR Extension: (GetThemAll Downloader) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2014-09-25]
CHR Extension: (Save to Pocket) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-09-25]
CHR Extension: (dict-cc) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2013-09-19]
CHR Extension: (Google Wallet) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-19]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2013-09-19]
CHR Extension: (ImTranslator: Google Translate) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2014-12-23]
CHR Extension: (Buffer) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2013-09-19]
CHR Extension: (CS Nav Links) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocllggdpffecgmbehjojemifgblpjiij [2013-09-19]
CHR Extension: (Blog This!) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\pengoopmcjnbflcjbmoeodbmoflcgjlk [2013-09-19]
CHR Extension: (Postponer Adder) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\pggmlienkcoenodbjpkbidlmmedgonai [2013-09-19]
CHR Extension: (Citavi Picker) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\piehhloihgjjiomhieeddiidpekaajio [2014-01-16]
CHR Extension: (Evernote Web Clipper) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-09-19]
CHR Extension: (Gmail) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-19]
CHR Extension: (AVG PrivacyFix) - C:\Users\187\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbdbkdcni [2013-09-19]
CHR HKLM-x32\...\Chrome\Extension: [piehhloihgjjiomhieeddiidpekaajio] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Chrome\ChromePicker.crx [2014-01-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Corporate.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [814344 2009-12-19] (ABBYY)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 btwdins; c:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953720 2012-07-29] (Broadcom Corporation.)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [56592 2010-10-08] ()
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [906024 2013-11-27] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-11-13] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [555304 2013-11-27] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [957712 2010-10-08] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [697616 2010-10-08] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2014-04-14] (The OpenVPN Project)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-30] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [208168 2014-12-22] (Sophos Limited)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2013-05-23] (Sony Corporation) [File not signed]
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [340776 2015-03-11] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2014-12-22] (Sophos Limited)
R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [300840 2015-02-27] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3274536 2015-02-27] (Sophos Limited)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-10-30] (Disc Soft Ltd)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2013-11-13] (AnchorFree Inc.)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [161024 2014-12-22] (Sophos Limited)
S3 sdcfilter; C:\Windows\system32\DRIVERS\sdcfilter.sys [38144 2014-05-30] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [27904 2014-05-30] (Sophos Limited)
R1 swi_callout; C:\Windows\system32\DRIVERS\swi_callout.sys [32512 2015-03-11] (Sophos Limited)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-13 20:50 - 2015-03-13 20:54 - 00000000 ____D () C:\FRST
2015-03-12 23:05 - 2015-03-04 22:24 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-12 23:05 - 2015-03-04 22:24 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-12 21:10 - 2014-04-14 04:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2015-03-12 20:45 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-03-12 20:45 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-03-12 20:32 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-12 20:32 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-12 20:32 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-12 20:32 - 2015-02-21 01:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-12 20:32 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-12 20:32 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-12 20:32 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-12 20:32 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-12 20:32 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-12 20:32 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-12 20:32 - 2015-02-20 03:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-12 20:32 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-12 20:32 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-12 20:32 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-12 20:32 - 2015-02-20 03:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-12 20:32 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-12 20:32 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-12 20:32 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-12 20:32 - 2015-02-20 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-12 20:32 - 2015-02-20 02:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-12 20:32 - 2015-02-20 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-12 20:32 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-12 20:32 - 2015-02-20 02:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-12 20:32 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-12 20:32 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-12 20:32 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-12 20:32 - 2015-02-20 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-12 20:32 - 2015-02-20 02:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-12 20:32 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-12 20:32 - 2015-02-20 02:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-12 20:32 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-12 20:32 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-12 20:32 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-12 20:32 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-12 20:32 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-12 20:32 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-12 20:32 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-12 20:32 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-03-12 20:32 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-03-12 20:32 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-03-12 20:32 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-03-12 20:32 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-03-12 20:32 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-03-12 20:32 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2015-03-12 20:32 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2015-03-12 20:32 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-03-12 20:32 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-03-12 20:32 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2015-03-12 20:32 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2015-03-12 20:32 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2015-03-12 20:32 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2015-03-12 20:32 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2015-03-12 20:32 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2015-03-12 20:32 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-03-12 20:32 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-03-12 20:32 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-03-12 20:32 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2015-03-12 20:32 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2015-03-12 20:32 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2015-03-12 20:32 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2015-03-12 20:32 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2015-03-12 20:32 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-03-12 20:32 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2015-03-12 20:32 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-03-12 20:32 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2015-03-12 20:32 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2015-03-12 20:32 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-03-12 20:32 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2015-03-12 20:32 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-12 20:32 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2015-03-12 20:32 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2015-03-12 20:32 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-03-12 20:32 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-03-12 20:32 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2015-03-12 20:32 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2015-03-12 20:32 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-03-12 20:32 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2015-03-12 20:31 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2015-03-12 20:31 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2015-03-12 20:31 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2015-03-12 20:31 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2015-03-12 20:31 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-03-12 20:31 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2015-03-12 20:31 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-03-12 20:31 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2015-03-12 20:31 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2015-03-12 20:31 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2015-03-12 20:31 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2015-03-12 20:31 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2015-03-12 20:31 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2015-03-12 20:31 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2015-03-12 20:31 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2015-03-12 20:20 - 2015-01-23 08:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-12 20:20 - 2015-01-23 06:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-12 20:11 - 2015-02-12 18:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-12 20:11 - 2015-02-12 18:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-12 20:09 - 2015-02-04 00:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-12 20:09 - 2015-02-04 00:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-12 20:09 - 2015-02-04 00:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-12 20:09 - 2015-02-03 00:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-12 20:09 - 2015-02-03 00:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-12 20:06 - 2015-01-28 16:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-12 20:06 - 2015-01-28 16:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-12 20:06 - 2015-01-28 16:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-12 20:06 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-03-12 20:06 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-03-12 20:06 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-03-12 20:06 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-03-12 20:06 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-03-12 20:06 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-03-12 20:06 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-03-12 20:06 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-03-12 20:05 - 2015-02-03 01:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-12 20:05 - 2015-02-03 01:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-12 20:05 - 2015-01-30 03:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-12 20:05 - 2015-01-30 03:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-12 20:05 - 2015-01-30 02:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-12 20:05 - 2015-01-30 02:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-12 20:05 - 2015-01-30 02:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-12 20:05 - 2014-10-29 02:28 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll
2015-03-12 20:04 - 2015-01-29 02:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-12 20:04 - 2015-01-29 02:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-12 20:04 - 2015-01-29 01:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-12 20:04 - 2015-01-29 01:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-12 20:04 - 2014-10-29 03:34 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2015-03-12 20:04 - 2014-10-29 03:34 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2015-03-12 20:04 - 2014-10-29 02:13 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-03-12 20:04 - 2014-10-29 01:55 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-03-12 20:03 - 2015-02-06 02:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-03-12 20:03 - 2015-02-06 02:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-12 20:02 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-03-12 20:01 - 2015-01-29 02:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-12 20:01 - 2015-01-29 02:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-12 20:01 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-03-12 20:01 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-03-12 20:01 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-03-12 20:01 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-03-12 20:01 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-03-12 20:01 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-03-12 20:01 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-03-12 20:01 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-03-12 20:01 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-03-12 20:01 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-03-12 20:01 - 2014-10-29 03:43 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.exe
2015-03-12 20:01 - 2014-10-29 03:34 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-03-12 20:01 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-03-12 20:01 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-03-12 20:01 - 2014-10-29 03:04 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll
2015-03-12 20:01 - 2014-10-29 02:58 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.exe
2015-03-12 20:01 - 2014-10-29 02:52 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2015-03-12 20:01 - 2014-10-29 02:51 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-03-12 20:01 - 2014-10-29 02:45 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2015-03-12 20:01 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-03-12 20:01 - 2014-10-29 02:28 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll
2015-03-12 20:01 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-03-12 20:01 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-03-12 20:01 - 2014-10-29 02:20 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-03-12 20:01 - 2014-10-29 02:15 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2015-03-12 20:01 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-03-12 20:01 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-03-12 20:01 - 2014-10-29 01:55 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2015-03-12 20:01 - 2014-10-29 01:44 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2015-03-12 20:01 - 2014-10-29 01:41 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2015-03-12 20:01 - 2014-10-29 01:35 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2015-03-12 20:00 - 2015-03-06 03:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-12 20:00 - 2015-03-06 03:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-12 20:00 - 2015-01-31 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-03-12 20:00 - 2015-01-31 00:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-12 20:00 - 2015-01-30 04:01 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-12 20:00 - 2015-01-30 04:00 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-03-12 20:00 - 2015-01-29 19:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-12 20:00 - 2015-01-29 19:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-12 20:00 - 2014-10-29 03:46 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2015-03-12 20:00 - 2014-10-29 03:46 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2015-03-12 20:00 - 2014-10-29 03:45 - 01198080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-03-12 20:00 - 2014-10-29 03:03 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsquirt.exe
2015-03-12 19:59 - 2015-02-26 00:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-12 19:59 - 2015-02-05 21:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-12 19:59 - 2015-01-29 02:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-12 19:59 - 2015-01-29 02:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-12 19:59 - 2015-01-29 01:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-12 19:59 - 2015-01-29 01:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-03-12 19:59 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-03-12 19:59 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-03-12 19:59 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-03-12 19:59 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-03-12 19:59 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-03-12 19:59 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-03-12 19:59 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-03-12 19:59 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-03-12 19:59 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-03-12 19:59 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-03-12 19:59 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-03-12 19:59 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-03-12 19:59 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-03-12 19:59 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-03-12 19:59 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-03-12 19:59 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-03-12 19:59 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-03-12 19:59 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-03-12 19:59 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-03-12 19:59 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-03-12 19:59 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-03-12 19:59 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-03-12 19:59 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-03-12 19:58 - 2015-02-20 04:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-12 19:58 - 2015-02-20 03:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-12 19:58 - 2015-02-20 03:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-12 19:58 - 2015-02-20 03:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-12 19:58 - 2015-02-07 00:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-12 19:58 - 2015-01-27 04:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-03-12 19:58 - 2015-01-24 02:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-03-12 19:58 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-03-12 19:58 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-03-12 19:58 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-03-12 19:58 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-03-12 19:58 - 2014-10-29 03:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-03-12 19:58 - 2014-10-29 03:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-03-12 19:58 - 2014-10-29 03:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-03-12 19:58 - 2014-10-29 03:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-03-12 19:58 - 2014-10-29 03:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-03-12 19:58 - 2014-10-29 03:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-03-12 19:57 - 2015-01-30 03:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-12 19:57 - 2015-01-30 02:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-12 19:57 - 2015-01-30 02:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-12 19:57 - 2015-01-30 02:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-12 19:57 - 2015-01-30 02:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-12 19:57 - 2015-01-30 02:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-12 19:57 - 2015-01-30 02:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-12 19:57 - 2015-01-30 02:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-12 19:57 - 2015-01-28 03:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-12 19:57 - 2015-01-28 02:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-12 19:57 - 2015-01-28 00:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-12 19:57 - 2015-01-28 00:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-12 19:57 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-03-12 19:57 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-03-12 19:57 - 2014-10-29 02:19 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll
2015-03-12 19:57 - 2014-10-29 01:59 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll
2015-03-12 19:56 - 2015-02-08 00:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-12 19:56 - 2015-02-08 00:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-12 19:56 - 2015-01-31 00:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-12 19:56 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-12 19:56 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-12 19:56 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-12 19:56 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-12 19:56 - 2015-01-21 06:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-12 19:56 - 2015-01-21 06:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-12 19:56 - 2014-12-11 06:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-12 19:56 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-03-12 19:56 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-03-12 19:56 - 2014-10-29 04:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-03-12 19:56 - 2014-10-29 03:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-03-12 19:56 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-03-12 19:56 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-03-11 19:41 - 2015-03-13 20:13 - 00000000 ____D () C:\Users\187\AppData\Roaming\Spotify
2015-03-11 19:41 - 2015-03-13 18:03 - 00000000 ____D () C:\Users\187\AppData\Local\Spotify
2015-03-11 19:41 - 2015-03-11 19:41 - 00001814 _____ () C:\Users\187\Desktop\Spotify.lnk
2015-03-11 19:41 - 2015-03-11 19:41 - 00001800 _____ () C:\Users\187\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-03-11 09:28 - 2015-03-11 09:23 - 00032512 _____ (Sophos Limited) C:\WINDOWS\system32\Drivers\swi_callout.sys
2015-02-28 00:08 - 2014-08-16 01:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2015-02-28 00:08 - 2014-08-16 01:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-02-28 00:07 - 2014-08-16 05:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2015-02-28 00:07 - 2014-08-16 04:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-02-28 00:07 - 2014-08-16 04:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2015-02-28 00:07 - 2014-08-16 02:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-02-28 00:07 - 2014-08-16 02:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2015-02-28 00:07 - 2014-08-16 01:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-02-28 00:07 - 2014-08-16 01:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2015-02-28 00:07 - 2014-08-16 01:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2015-02-28 00:07 - 2014-08-16 01:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-02-28 00:07 - 2014-08-16 01:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2015-02-28 00:07 - 2014-08-16 01:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2015-02-28 00:07 - 2014-08-16 01:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2015-02-28 00:07 - 2014-08-16 01:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2015-02-28 00:07 - 2014-08-16 01:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-02-28 00:07 - 2014-08-16 01:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-02-28 00:07 - 2014-08-16 01:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2015-02-28 00:07 - 2014-08-16 01:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-02-28 00:07 - 2014-08-16 01:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-02-28 00:07 - 2014-08-16 01:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2015-02-28 00:07 - 2014-08-16 01:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-02-28 00:07 - 2014-08-16 01:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2015-02-28 00:07 - 2014-08-16 01:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-02-28 00:07 - 2014-07-24 16:28 - 00468288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-02-28 00:07 - 2014-07-24 12:41 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2015-02-28 00:07 - 2014-07-24 11:09 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-02-28 00:07 - 2014-07-24 10:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-02-28 00:05 - 2014-03-18 06:00 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-02-28 00:05 - 2014-03-18 05:52 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-02-28 00:04 - 2014-03-30 23:54 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2015-02-28 00:03 - 2014-04-18 15:57 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2015-02-28 00:03 - 2014-04-18 10:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2015-02-28 00:03 - 2014-04-14 10:20 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-02-28 00:03 - 2014-04-14 09:01 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-02-28 00:03 - 2014-04-11 05:51 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2015-02-28 00:03 - 2014-04-11 05:23 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2015-02-28 00:03 - 2014-04-11 04:30 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2015-02-28 00:03 - 2014-04-09 12:53 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2015-02-28 00:03 - 2014-04-09 07:39 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2015-02-28 00:03 - 2014-04-09 06:44 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2015-02-28 00:03 - 2014-04-09 04:33 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2015-02-28 00:03 - 2014-04-08 03:01 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2015-02-28 00:03 - 2014-04-06 17:34 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-02-28 00:03 - 2014-04-06 17:34 - 00275800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2015-02-28 00:03 - 2014-04-06 17:32 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2015-02-28 00:03 - 2014-04-06 17:30 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2015-02-28 00:03 - 2014-04-06 17:24 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2015-02-28 00:03 - 2014-04-06 17:20 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-02-28 00:03 - 2014-04-06 17:20 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-02-28 00:03 - 2014-04-06 17:20 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-02-28 00:03 - 2014-04-06 17:20 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-02-28 00:03 - 2014-04-06 17:20 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-02-28 00:03 - 2014-04-06 17:20 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-02-28 00:03 - 2014-04-06 16:23 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2015-02-28 00:03 - 2014-04-06 16:22 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2015-02-28 00:03 - 2014-04-06 16:16 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-02-28 00:03 - 2014-04-06 16:16 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-02-28 00:03 - 2014-04-06 16:16 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-02-28 00:03 - 2014-04-06 16:16 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-02-28 00:03 - 2014-04-06 16:16 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-02-28 00:03 - 2014-04-06 13:33 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-02-28 00:03 - 2014-04-06 11:51 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-02-28 00:03 - 2014-04-06 11:36 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-02-28 00:03 - 2014-04-06 11:05 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2015-02-28 00:03 - 2014-04-06 10:59 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2015-02-28 00:03 - 2014-04-03 09:12 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2015-02-28 00:03 - 2014-04-03 05:03 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2015-02-28 00:03 - 2014-04-03 05:03 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2015-02-28 00:03 - 2014-04-03 03:53 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2015-02-28 00:03 - 2014-04-03 03:51 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-02-28 00:03 - 2014-04-01 07:23 - 00384856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2015-02-28 00:03 - 2014-03-28 16:58 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-02-28 00:03 - 2014-03-27 07:16 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2015-02-28 00:03 - 2014-03-27 06:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2015-02-28 00:03 - 2014-03-27 05:59 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2015-02-28 00:03 - 2014-03-27 05:19 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2015-02-28 00:03 - 2014-03-27 04:46 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2015-02-28 00:03 - 2014-03-27 04:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2015-02-28 00:03 - 2014-03-27 04:10 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2015-02-28 00:03 - 2014-03-20 04:48 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-02-28 00:03 - 2014-03-19 09:07 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2015-02-28 00:03 - 2014-03-18 09:19 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-02-28 00:03 - 2014-03-17 06:09 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2015-02-28 00:03 - 2014-03-17 05:11 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2015-02-28 00:03 - 2014-03-17 04:01 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-02-28 00:03 - 2014-03-17 03:45 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-02-28 00:03 - 2014-03-14 07:26 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-02-28 00:03 - 2014-03-14 07:10 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-02-28 00:03 - 2014-03-06 13:42 - 00310616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2015-02-28 00:02 - 2014-04-06 17:20 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-02-28 00:02 - 2014-04-06 13:58 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2015-02-28 00:02 - 2014-04-06 13:51 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2015-02-28 00:02 - 2014-04-06 13:24 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2015-02-28 00:02 - 2014-04-06 13:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
2015-02-28 00:02 - 2014-04-06 12:26 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2015-02-28 00:02 - 2014-04-03 09:12 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2015-02-28 00:02 - 2014-04-03 03:23 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll
2015-02-28 00:02 - 2014-04-03 03:22 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2015-02-28 00:02 - 2014-03-31 01:01 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2015-02-28 00:02 - 2014-03-31 00:43 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2015-02-28 00:02 - 2014-03-30 23:49 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2015-02-28 00:02 - 2014-03-30 23:35 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2015-02-28 00:02 - 2014-03-27 05:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2015-02-28 00:02 - 2014-03-19 09:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2015-02-28 00:02 - 2014-03-19 08:24 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2015-02-28 00:02 - 2014-03-19 08:17 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2015-02-28 00:02 - 2014-03-19 06:45 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2015-02-28 00:02 - 2014-03-19 06:19 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2015-02-28 00:02 - 2014-03-19 06:07 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2015-02-28 00:02 - 2014-03-19 06:02 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-02-28 00:02 - 2014-03-19 06:00 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2015-02-28 00:02 - 2014-03-19 05:51 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2015-02-28 00:02 - 2014-03-19 05:31 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-02-28 00:00 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-02-28 00:00 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-02-28 00:00 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-02-28 00:00 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-02-28 00:00 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-02-28 00:00 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-02-28 00:00 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-02-27 23:59 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-02-27 23:59 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-02-27 23:59 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2015-02-27 23:59 - 2014-08-31 01:17 - 00148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2015-02-27 23:59 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2015-02-27 23:59 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2015-02-27 23:59 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2015-02-27 23:59 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-02-27 23:59 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2015-02-27 23:59 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2015-02-27 23:59 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-02-27 23:59 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-02-27 23:51 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-02-27 23:51 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-02-27 23:51 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-02-27 23:51 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2015-02-27 23:51 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2015-02-27 23:51 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2015-02-27 23:49 - 2014-05-13 08:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2015-02-27 23:49 - 2014-05-03 06:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-02-27 23:49 - 2014-05-03 06:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2015-02-27 23:49 - 2014-05-03 06:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2015-02-27 23:49 - 2014-05-03 06:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2015-02-27 23:49 - 2014-05-03 05:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2015-02-27 23:49 - 2014-05-03 05:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2015-02-27 23:49 - 2014-05-03 05:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2015-02-27 23:49 - 2014-05-03 00:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2015-02-27 23:49 - 2014-04-30 07:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2015-02-27 23:49 - 2014-04-30 07:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-02-27 23:49 - 2014-04-30 07:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2015-02-27 23:49 - 2014-04-30 07:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2015-02-27 23:49 - 2014-04-30 06:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2015-02-27 23:49 - 2014-04-30 05:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2015-02-27 23:49 - 2014-04-30 05:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2015-02-27 23:49 - 2014-04-30 05:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2015-02-27 23:49 - 2014-04-30 05:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2015-02-27 23:49 - 2014-04-30 05:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2015-02-27 23:49 - 2014-04-30 05:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-02-27 23:49 - 2014-04-30 04:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-02-27 23:49 - 2014-04-30 04:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2015-02-27 23:49 - 2014-04-30 04:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2015-02-27 23:49 - 2014-04-30 04:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2015-02-27 23:49 - 2014-04-30 04:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2015-02-27 23:49 - 2014-04-30 04:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2015-02-27 23:49 - 2014-04-28 23:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-02-27 23:49 - 2014-04-26 23:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-02-27 23:49 - 2014-04-26 21:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-02-27 23:49 - 2014-04-26 17:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2015-02-27 23:49 - 2014-04-14 10:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2015-02-27 23:49 - 2014-04-14 09:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2015-02-27 23:49 - 2014-04-14 06:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2015-02-27 23:49 - 2014-04-09 07:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-02-27 23:49 - 2014-04-09 06:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-02-27 23:47 - 2014-06-16 23:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2015-02-27 23:47 - 2014-06-16 23:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2015-02-27 23:44 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-02-27 23:44 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-02-27 23:44 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-02-27 23:43 - 2014-05-31 11:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-02-27 23:43 - 2014-05-31 11:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-02-27 23:43 - 2014-05-31 04:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-02-27 23:43 - 2014-05-31 04:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-02-27 23:43 - 2014-05-31 03:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-02-27 23:43 - 2014-05-31 03:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-02-27 23:43 - 2014-05-31 03:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-02-27 23:43 - 2014-05-31 03:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-02-27 23:43 - 2014-05-31 03:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-02-27 23:43 - 2014-04-11 09:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-02-27 23:43 - 2014-04-11 07:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-02-27 23:43 - 2014-04-11 06:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-02-27 23:42 - 2014-08-23 07:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2015-02-27 23:42 - 2014-08-23 06:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2015-02-27 23:42 - 2014-08-23 05:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2015-02-27 23:41 - 2014-03-13 08:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2015-02-27 23:41 - 2014-03-13 07:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2015-02-27 23:40 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-02-27 23:40 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-02-27 23:40 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-02-27 23:40 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-02-27 23:40 - 2014-08-15 01:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2015-02-27 23:40 - 2014-07-30 02:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-02-27 23:40 - 2014-07-29 06:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2015-02-27 23:39 - 2014-05-30 04:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-02-27 23:35 - 2014-06-05 15:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2015-02-27 23:35 - 2014-06-05 14:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2015-02-27 23:35 - 2014-06-02 03:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2015-02-27 23:35 - 2014-05-31 11:07 - 00440664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-02-27 23:35 - 2014-05-31 11:07 - 00419672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-02-27 23:35 - 2014-05-31 11:07 - 00089944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-02-27 23:35 - 2014-05-31 11:07 - 00027480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-02-27 23:35 - 2014-05-31 07:30 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-02-27 23:35 - 2014-05-31 07:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2015-02-27 23:35 - 2014-05-31 07:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2015-02-27 23:35 - 2014-05-31 05:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2015-02-27 23:35 - 2014-05-31 05:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2015-02-27 23:35 - 2014-05-31 05:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2015-02-27 23:35 - 2014-05-27 10:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2015-02-27 23:35 - 2014-05-27 10:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2015-02-27 23:35 - 2014-05-17 05:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-02-27 23:35 - 2014-05-17 05:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-02-27 23:33 - 2014-08-07 03:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-02-27 23:33 - 2014-08-02 04:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-02-27 23:33 - 2014-04-11 03:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-02-27 23:32 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-02-27 23:32 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-02-27 23:32 - 2014-04-11 04:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-02-27 23:32 - 2014-04-11 04:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-02-27 23:32 - 2014-04-11 04:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-02-27 23:32 - 2014-04-11 04:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-02-27 23:32 - 2014-04-11 03:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-02-27 23:32 - 2014-04-11 03:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-02-27 23:28 - 2014-06-13 02:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-02-27 23:28 - 2014-06-13 02:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-02-27 23:28 - 2014-06-13 01:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2015-02-27 23:26 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2015-02-27 23:26 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2015-02-27 23:26 - 2014-07-15 19:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2015-02-27 23:26 - 2014-07-15 09:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2015-02-27 23:26 - 2014-07-15 09:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2015-02-27 23:26 - 2014-07-15 09:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2015-02-27 23:26 - 2014-05-31 07:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-02-27 23:26 - 2014-05-19 07:31 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2015-02-27 23:26 - 2014-05-19 07:21 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2015-02-27 23:26 - 2014-05-19 06:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe
2015-02-27 23:26 - 2014-04-30 05:43 - 01975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-02-27 23:26 - 2014-04-30 05:26 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-02-27 23:26 - 2014-04-30 04:47 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-02-27 23:24 - 2014-08-02 01:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-02-27 23:24 - 2014-06-20 02:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-02-27 23:24 - 2014-06-20 00:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-02-27 23:23 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-02-27 23:23 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-02-27 23:23 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-02-27 23:23 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2015-02-27 23:23 - 2014-04-08 23:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2015-02-27 23:23 - 2014-04-08 23:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2015-02-27 23:23 - 2014-04-08 19:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2015-02-27 23:23 - 2014-04-08 19:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2015-02-27 23:21 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2015-02-27 23:21 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2015-02-27 23:20 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-02-27 23:20 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-02-27 23:19 - 2014-05-01 14:31 - 00055328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-02-27 23:19 - 2014-05-01 06:24 - 02834944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2015-02-27 23:16 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-02-27 23:16 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-02-27 23:16 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-02-27 23:16 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-02-27 23:16 - 2014-07-12 05:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-02-27 23:16 - 2014-06-06 14:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2015-02-27 23:16 - 2014-06-06 13:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2015-02-17 15:26 - 2015-02-17 15:26 - 01217184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FM20.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-13 20:36 - 2013-11-26 16:56 - 00000000 ____D () C:\Users\187\AppData\Roaming\Copy
2015-03-13 20:16 - 2014-02-05 21:12 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-13 20:04 - 2013-09-19 15:08 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-13 20:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-13 19:26 - 2013-10-18 08:46 - 01973155 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-13 19:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-13 19:10 - 2014-04-28 21:05 - 00000938 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4017697916-1499371932-692838387-1001UA.job
2015-03-13 18:04 - 2013-09-30 05:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-13 18:04 - 2013-09-30 04:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-13 18:04 - 2013-09-30 04:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-12 23:08 - 2013-09-19 15:08 - 00000000 ____D () C:\Users\187\AppData\Roaming\Dropbox
2015-03-12 23:06 - 2013-09-19 15:08 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-12 23:03 - 2013-08-22 15:46 - 00033508 _____ () C:\WINDOWS\setupact.log
2015-03-12 23:03 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-12 23:03 - 2013-08-22 15:44 - 00476672 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-12 23:02 - 2013-09-29 20:04 - 00065594 _____ () C:\WINDOWS\PFRO.log
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 22:57 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 22:56 - 2013-09-30 04:59 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-12 22:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-12 22:56 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-03-12 22:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-03-12 22:10 - 2014-04-28 21:05 - 00000916 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4017697916-1499371932-692838387-1001Core.job
2015-03-12 22:05 - 2013-09-19 14:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 22:05 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-12 22:01 - 2012-07-26 06:26 - 00000223 _____ () C:\WINDOWS\win.ini
2015-03-12 21:04 - 2013-09-20 10:11 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-12 10:13 - 2013-09-20 11:43 - 00000000 ____D () C:\Users\187\AppData\Roaming\SpiderOak
2015-03-12 10:12 - 2013-09-19 23:08 - 00000000 ____D () C:\Users\187\AppData\Roaming\Apple Computer
2015-03-11 20:20 - 2013-09-19 13:13 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4017697916-1499371932-692838387-1001
2015-03-11 19:40 - 2013-10-22 17:29 - 00000000 _____ () C:\WINDOWS\system32\vireng.log
2015-03-11 19:23 - 2013-10-18 08:30 - 00000000 ____D () C:\Users\187
2015-03-11 12:14 - 2013-09-19 18:35 - 00000000 ____D () C:\Users\187\AppData\Roaming\vlc
2015-03-11 12:12 - 2013-12-17 12:22 - 00001093 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-11 09:15 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-27 23:59 - 2013-09-24 23:23 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-02-27 23:51 - 2014-02-05 21:12 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-27 23:50 - 2014-12-22 11:23 - 18129584 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-02-27 23:31 - 2014-04-15 15:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2015-02-27 23:12 - 2013-09-19 15:10 - 00000000 ____D () C:\Users\187\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-27 23:07 - 2014-02-21 01:59 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-02-27 23:07 - 2014-02-21 01:59 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-02-27 23:07 - 2014-02-21 01:59 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2015-02-27 23:00 - 2013-09-19 15:08 - 00004108 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-27 22:59 - 2013-09-19 15:08 - 00003872 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-27 22:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-26 21:14 - 2013-06-10 17:39 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2013-09-20 11:38 - 2014-05-10 07:44 - 0000976 _____ () C:\Users\187\AppData\Local\7F68A003.il
2013-09-20 11:38 - 2014-05-10 07:44 - 0000280 _____ () C:\Users\187\AppData\Local\IndexIE_7F68A003.il
2014-05-12 10:05 - 2014-05-12 10:05 - 0005886 _____ () C:\Users\187\AppData\Local\recently-used.xbel
2014-12-23 22:47 - 2014-12-23 22:47 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-07-16 10:21 - 2013-07-16 10:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\187\AppData\Local\Temp\7z.dll
C:\Users\187\AppData\Local\Temp\7z.exe
C:\Users\187\AppData\Local\Temp\COMAP.EXE
C:\Users\187\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjbeqog.dll
C:\Users\187\AppData\Local\Temp\dtkill.exe
C:\Users\187\AppData\Local\Temp\Executor.exe
C:\Users\187\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\187\AppData\Local\Temp\tester.dllC:\Users\187\AppData\Local\Temp\vcredist_x86-2010.exe
C:\Users\187\AppData\Local\Temp\vcredist_x86-2012.exe
C:\Users\187\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\187\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\187\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\187\AppData\Local\Temp\vlc-2.1.5-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-13 18:13

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 13.03.2015, 20:22   #4
LenovoRetten
 
Notebook Win8 - Befall mit Keylogger Wolfeye? - Standard

Notebook Win8 - Befall mit Keylogger Wolfeye?



Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by 187 at 2015-03-13 20:52:28
Running from D:\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ABBYY FineReader 10 Corporate Edition (HKLM-x32\...\{F1000000-0001-0000-0000-074957833700}) (Version: 10.501.154.7211 - ABBYY)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe PDF iFilter 9 for 64-bit platforms (HKLM\...\{5EA12CF3-8162-47F6-ACAF-45AD03EFB08F}) (Version: 9.0.0 - Adobe)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.8.42.71502 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.8.42.71502 - Alcor Micro Corp.) Hidden
Amazon Cloud Player (HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\Amazon Amazon Cloud Player) (Version: 2.3.0.422 - Amazon Services LLC)
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.4 - Atheros Communications Inc.)
Bing HRS Toolbar (HKLM-x32\...\{3E2C0025-D900-40F2-A819-D97CE1D48C43}) (Version: 3.15.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.20 - Broadcom Corporation)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.68.1077 - AB Team, d.o.o.)
calibre 64bit (HKLM\...\{022ED169-3871-4D3E-963E-322226C5F455}) (Version: 2.13.0 - Kovid Goyal)
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.2.0.11 - Swiss Academic Software)
Copy (HKLM\...\{92AA1305-04A1-4931-9B08-52FF52B171AE}) (Version: 1.37.546.0 - Barracuda Networks, Inc.)
CyberGhost 5 (HKLM\...\CyberGhost VPN 5_is1) (Version:  - CyberGhost S.R.L.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
doubleTwist Sync (HKLM-x32\...\doubleTwist) (Version: 4.0.2.18828 - doubleTwist Corporation)
Dropbox (HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
EaseUS Partition Master 9.2.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Easy Phone Sync (HKLM-x32\...\{5BBBFC75-8C26-4F4B-A483-B1D5D347D7D2}) (Version: 64 - Media Mushroom Limited)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.3 - Lenovo)
Energy Management (x32 Version: 8.0.2.3 - Lenovo) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-X64 11.4.8.1_WHQL (HKLM\...\Elantech) (Version: 11.4.8.1 - ELAN Microelectronic Corp.)
Evernote v. 5.1.2 (HKLM-x32\...\{12FB6296-8840-11E3-86D7-00163E98E7D0}) (Version: 5.1.2.2387 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FUSSBALL MANAGER 13 (HKLM-x32\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: 1.0.4.0 - Electronic Arts)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Hotspot Shield 3.20 (HKLM-x32\...\HotspotShield) (Version: 3.20 - AnchorFree Inc.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 5520 series - Grundlegende Software für das Gerät (HKLM\...\{4F396B08-301D-4E53-A372-95A7E93ABD04}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Hilfe (HKLM-x32\...\{640A03B3-4E6B-4440-A350-E6A8D6348F12}) (Version: 27.0.0 - Hewlett Packard)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.1800 - Broadcom Corporation)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.6418 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo Rescue System (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Media Go (HKLM-x32\...\{8D92969D-A6A3-44C8-9D63-D377E94F44B5}) (Version: 2.6.205 - Sony)
Media Go Video Playback Engine 2.0.112.09020 (HKLM-x32\...\{49D9CE9D-C8B7-B941-90E1-608044A0FC8D}) (Version: 2.0.112.09020 - Sony)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mindjet (HKLM-x32\...\{EAFBFF2D-5553-474A-85FA-863A82F00900}) (Version: 11.3.305 - Mindjet)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.0.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.0.1 (x86 de)) (Version: 24.0.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NewsLeecher v3.9 Final (HKLM-x32\...\NewsLeecher_is1) (Version:  - )
OLYMPUS Digital Camera Updater (HKLM-x32\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 3 (HKLM-x32\...\{BC12793B-1F89-4950-BB6C-63467B76B2D9}) (Version: 1.2.0 - OLYMPUS IMAGING CORP.)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.4001 - ooVoo LLC.)
OpenVPN 2.3.3-I002  (HKLM\...\OpenVPN) (Version: 2.3.3-I002 - )
Opera Stable 16.0.1196.80 (HKLM-x32\...\Opera 16.0.1196.80) (Version: 16.0.1196.80 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.3.6.4643 - Electronic Arts, Inc.)
PDF-XChange 2012 (HKLM\...\{504022CD-6A58-42D5-ACC9-966F695AAD93}_is1) (Version: 5.0.266.0 - Tracker Software Products Ltd)
PDF-XChange Editor (HKLM-x32\...\{e6c66f24-ae75-4cce-8afc-8ed58d732f6a}) (Version: 3.0.307.0 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (Version: 3.0.307.0 - Tracker Software Products (Canada) Ltd.) Hidden
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.18.0.15698 - Sony Computer Entertainment Inc.)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Reader for PC (HKLM-x32\...\{7FAEB610-D6B1-42CE-9EEA-6A5001C2E732}) (Version: 2.1.00.06250 - Sony Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6675 - Realtek Semiconductor Corp.)
RUBICon (HKLM-x32\...\{438134D3-0BD4-4C52-8575-5B2B63AD01C2}) (Version: 2.0.25 - RUB)
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version:  - )
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sony PC Companion 2.10.197 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.12 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16}) (Version: 4.1.0.273 - Sophos Limited)
SpiderOak x64 (HKLM\...\{5E61A03E-9E9E-40FD-8483-C85655BC67BB}) (Version: 5.0.3.10067 - SpiderOak)
Spotify (HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\Spotify) (Version: 1.0.1.1060.gc75ebdfd - Spotify AB)
Spotydl 0.9.37.0 (HKLM-x32\...\Spotydl_is1) (Version: 0.9.37.0 - spotydl.com)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4017697916-1499371932-692838387-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017697916-1499371932-692838387-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4017697916-1499371932-692838387-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017697916-1499371932-692838387-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017697916-1499371932-692838387-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017697916-1499371932-692838387-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017697916-1499371932-692838387-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017697916-1499371932-692838387-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017697916-1499371932-692838387-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017697916-1499371932-692838387-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017697916-1499371932-692838387-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

23-12-2014 13:28:55 Secure Download Manager wird installiert
28-02-2015 00:24:55 Geplanter Prüfpunkt
11-03-2015 10:44:39 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-10-30 10:04 - 00001323 ____A C:\WINDOWS\system32\Drivers\etc\hosts



==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {104329C9-D58B-4A1A-BB02-5B60FA23A08C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {1E5F27A1-E89A-47BF-9675-D07BDF353334} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {262E16B0-B237-4F4D-AB8C-B52E39F20353} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3453A56B-28FC-475E-BB86-057A74FA0D80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-19] (Google Inc.)
Task: {3D4EE033-A38D-460F-BFCB-F0753900FADB} - System32\Tasks\{15B6FE22-B8E2-4581-ACB5-A9E7A5AB4B90} => pcalua.exe -a D:\Downloads\SophosEndpointFirewall_extern.exe -d D:\Downloads
Task: {59759263-58B1-4B2D-A2E9-C7054ACF9049} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-26] (Microsoft Corporation)
Task: {9D297D22-0E50-4275-A20C-4C0DE4DA0AB0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-19] (Google Inc.)
Task: {9D349847-DA66-4D8F-B1E4-47D69B8FFBA8} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-27] (Adobe Systems Incorporated)
Task: {BC55B42B-5BFF-4AAF-A365-FA6D9CCB05EB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4017697916-1499371932-692838387-1001Core => C:\Users\187\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-28] (Facebook Inc.)
Task: {C3C20377-9751-4A2C-89EA-8E6451A48CB2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4017697916-1499371932-692838387-1001UA => C:\Users\187\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-28] (Facebook Inc.)
Task: {D066EE1C-DE51-46FB-8255-92E6E4E971E7} - System32\Tasks\{208A5D52-5B8D-43AE-B6F8-1A095B769BB9} => pcalua.exe -a "G:\INSTALL\Adobe\APRO23_Win_ESD1_WWEFG_Acrobat 8.exe" -d G:\INSTALL\Adobe
Task: {D5DB8ECD-4A2B-4093-83DB-60CA5F16DAF9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {E8A22B58-A412-465D-8F92-241FC0FFF869} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4017697916-1499371932-692838387-1001Core.job => C:\Users\187\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4017697916-1499371932-692838387-1001UA.job => C:\Users\187\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2007-07-30 07:05 - 2007-07-30 07:05 - 00050688 _____ () C:\WINDOWS\System32\LFXPJL2K.DLL
2012-07-29 23:37 - 2012-07-29 23:37 - 00044408 _____ () c:\Program Files\Lenovo\Bluetooth Software\BtwLeAPI.dll
2010-10-08 06:18 - 2010-10-08 06:18 - 00056592 _____ () C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
2010-09-02 08:24 - 2010-09-02 08:24 - 00017920 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00019456 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00035328 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00013312 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00119296 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00026624 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll
2013-11-27 01:39 - 2013-11-27 01:39 - 00555304 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2010-10-08 06:18 - 2010-10-08 06:18 - 00957712 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe
2010-09-02 08:24 - 2010-09-02 08:24 - 00028160 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll
2010-09-02 08:25 - 2010-09-02 08:25 - 00040448 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00030720 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll
2010-10-08 06:18 - 2010-10-08 06:18 - 00697616 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
2013-11-26 16:56 - 2013-12-12 18:14 - 08160256 _____ () C:\Users\187\AppData\Roaming\Copy\overlay\Brt.dll
2013-02-05 10:19 - 2013-02-05 10:19 - 00128512 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32api.pyd
2013-02-05 10:17 - 2013-02-05 10:17 - 00138240 _____ () C:\Program Files\SpiderOak\shell_extension_lib\pywintypes27.dll
2013-02-05 10:22 - 2013-02-05 10:22 - 00547328 _____ () C:\Program Files\SpiderOak\shell_extension_lib\pythoncom27.dll
2013-02-05 10:18 - 2013-02-05 10:18 - 00017920 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32trace.pyd
2013-02-05 10:18 - 2013-02-05 10:18 - 00136192 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32security.pyd
2013-02-05 10:30 - 2013-02-05 10:30 - 00520192 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32com.shell.shell.pyd
2013-02-05 10:19 - 2013-02-05 10:19 - 00043008 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32evtlog.pyd
2012-04-10 22:25 - 2012-04-10 22:25 - 00111616 _____ () C:\Program Files\SpiderOak\shell_extension_lib\_ctypes.pyd
2013-02-05 10:18 - 2013-02-05 10:18 - 00149504 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32file.pyd
2013-02-05 10:18 - 2013-02-05 10:18 - 00027648 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32pipe.pyd
2013-02-05 10:18 - 2013-02-05 10:18 - 00023040 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32event.pyd
2012-04-10 22:30 - 2012-04-10 22:30 - 00471552 _____ () C:\Program Files\SpiderOak\shell_extension_lib\_hashlib.pyd
2013-02-05 10:18 - 2013-02-05 10:18 - 00044032 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32process.pyd
2013-02-05 10:19 - 2013-02-05 10:19 - 00223232 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32gui.pyd
2013-02-05 10:31 - 2013-02-05 10:31 - 00125952 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32com.propsys.propsys.pyd
2013-09-19 15:39 - 2015-02-27 23:17 - 02092544 _____ () C:\Users\187\AppData\Roaming\Copy\Gui.dll
2013-09-19 15:55 - 2015-02-27 23:17 - 08212480 _____ () C:\Users\187\AppData\Roaming\Copy\Brt.dll
2013-12-12 18:14 - 2015-02-27 23:17 - 09276928 _____ () C:\Users\187\AppData\Roaming\Copy\AgentSync.dll
2013-09-19 15:41 - 2015-02-27 23:17 - 05327872 _____ () C:\Users\187\AppData\Roaming\Copy\CloudSync.dll
2014-03-04 11:40 - 2014-01-14 20:46 - 03140608 _____ () C:\Users\187\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2013-05-22 19:50 - 2013-05-22 19:50 - 00400704 _____ () C:\Users\187\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2013-11-27 01:35 - 2013-11-27 01:35 - 00903464 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2013-10-30 10:27 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-10-30 10:27 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-10-30 10:27 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-10-30 10:27 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-10-30 10:27 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-07-16 10:15 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\187\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-12 23:08 - 2015-03-12 23:08 - 00043008 _____ () c:\users\187\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjbeqog.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\187\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\187\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\187\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-12 08:57 - 2015-03-12 08:57 - 40506936 _____ () C:\Users\187\AppData\Roaming\Spotify\libcef.dll
2015-03-12 08:57 - 2015-03-12 08:57 - 01365560 _____ () C:\Users\187\AppData\Roaming\Spotify\libglesv2.dll
2015-03-12 08:57 - 2015-03-12 08:57 - 00219192 _____ () C:\Users\187\AppData\Roaming\Spotify\libegl.dll
2015-03-12 08:57 - 2015-03-12 08:57 - 09305656 _____ () C:\Users\187\AppData\Roaming\Spotify\pdf.dll
2015-03-12 08:57 - 2015-03-12 08:57 - 00990776 _____ () C:\Users\187\AppData\Roaming\Spotify\ffmpegsumo.dll
2015-03-11 10:22 - 2015-03-07 07:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-11 10:22 - 2015-03-07 07:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-11 10:22 - 2015-03-07 07:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4017697916-1499371932-692838387-1001\Control Panel\Desktop\\Wallpaper -> D:\Dropbox\POSTER\ENTWICKLUNG\P1100208.JPG
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Reader Application Helper"
HKLM\...\StartupApproved\Run32: => "OV3_Monitor"
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\StartupApproved\StartupFolder: => "Logitech . Produktregistrierung.lnk"
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\StartupApproved\Run: => "Windows Defender"
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\StartupApproved\Run: => "OV3_Monitor"

==================== Accounts: =============================

187 (S-1-5-21-4017697916-1499371932-692838387-1001 - Administrator - Enabled) => C:\Users\187
Administrator (S-1-5-21-4017697916-1499371932-692838387-500 - Administrator - Disabled)
Gast (S-1-5-21-4017697916-1499371932-692838387-501 - Limited - Disabled)
SophosSAU187-G5800 (S-1-5-21-4017697916-1499371932-692838387-1008 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2015 06:08:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm WWAHost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f64

Startzeit: 01d05db03375d5d5

Endzeit: 4294967295

Anwendungspfad: C:\Windows\System32\WWAHost.exe

Berichts-ID: 8434d8eb-c9a3-11e4-befa-3c970e5ca325

Vollständiger Name des fehlerhaften Pakets: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Windows.Store

Error: (03/13/2015 06:08:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: 187-G580)
Description: Das Paket „winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (03/12/2015 11:04:44 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "ProtectionManagement" wurde versucht, die Abfrage "select * from MSFT_MpEvent" zu registrieren, deren Zielklasse "MSFT_MpEvent" im Namespace "//./root/microsoft/protectionManagement" nicht vorhanden ist. Die Abfrage wird ignoriert.

Error: (03/12/2015 11:04:44 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "" wurde versucht, die Abfrage "select * from MSFT_MpEvent" zu registrieren, deren Zielklasse "MSFT_MpEvent" im Namespace "//./root/microsoft/protectionManagement" nicht vorhanden ist. Die Abfrage wird ignoriert.

Error: (03/12/2015 09:00:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm spotydl.exe, Version 0.9.37.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: d6c

Startzeit: 01d05c9a4126d946

Endzeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\Spotydl\spotydl.exe

Berichts-ID: e60b2b75-c88d-11e4-bef9-3c970e5ca325

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/12/2015 00:16:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SpotifyWebHelper.exe, Version: 0.9.15.27, Zeitstempel: 0x54803b75
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x5308893d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001f0a3
ID des fehlerhaften Prozesses: 0x1b04
Startzeit der fehlerhaften Anwendung: 0xSpotifyWebHelper.exe0
Pfad der fehlerhaften Anwendung: SpotifyWebHelper.exe1
Pfad des fehlerhaften Moduls: SpotifyWebHelper.exe2
Berichtskennung: SpotifyWebHelper.exe3
Vollständiger Name des fehlerhaften Pakets: SpotifyWebHelper.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SpotifyWebHelper.exe5

Error: (03/11/2015 10:04:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SpotifyWebHelper.exe, Version: 0.9.15.27, Zeitstempel: 0x54803b75
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x5308893d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001f0a3
ID des fehlerhaften Prozesses: 0x16d4
Startzeit der fehlerhaften Anwendung: 0xSpotifyWebHelper.exe0
Pfad der fehlerhaften Anwendung: SpotifyWebHelper.exe1
Pfad des fehlerhaften Moduls: SpotifyWebHelper.exe2
Berichtskennung: SpotifyWebHelper.exe3
Vollständiger Name des fehlerhaften Pakets: SpotifyWebHelper.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SpotifyWebHelper.exe5

Error: (03/11/2015 09:02:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SpotifyWebHelper.exe, Version: 0.9.15.27, Zeitstempel: 0x54803b75
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x5308893d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001f0a3
ID des fehlerhaften Prozesses: 0x17cc
Startzeit der fehlerhaften Anwendung: 0xSpotifyWebHelper.exe0
Pfad der fehlerhaften Anwendung: SpotifyWebHelper.exe1
Pfad des fehlerhaften Moduls: SpotifyWebHelper.exe2
Berichtskennung: SpotifyWebHelper.exe3
Vollständiger Name des fehlerhaften Pakets: SpotifyWebHelper.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SpotifyWebHelper.exe5

Error: (03/11/2015 07:01:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm spotydl.exe, Version 0.9.37.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1e94

Startzeit: 01d05c134123f888

Endzeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\Spotydl\spotydl.exe

Berichts-ID: a7a9276c-c818-11e4-bef7-3c970e5ca325

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/11/2015 04:51:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm spotydl.exe, Version 0.9.37.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 145c

Startzeit: 01d05c12747eec15

Endzeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\Spotydl\spotydl.exe

Berichts-ID: 7a0209db-c806-11e4-bef7-3c970e5ca325

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


System errors:
=============
Error: (03/13/2015 06:14:41 PM) (Source: DCOM) (EventID: 10010) (User: 187-G580)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (03/13/2015 06:14:10 PM) (Source: DCOM) (EventID: 10010) (User: 187-G580)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (03/12/2015 11:06:05 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005

Error: (03/12/2015 11:06:05 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (03/12/2015 08:34:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 4.5.1 und 4.5.2 unter Windows 8.1 und Windows Server 2012 R2 für x64-basierte Systeme (KB2977765)

Error: (03/12/2015 09:02:21 AM) (Source: Schannel) (EventID: 4114) (User: 187-G580)
Description: Das vom Remoteserver erhaltene Zertifikat wurde von einer nicht vertrauenswürdigen Zertifizierungsstelle ausgestellt. Aus diesem Grund können keine der im Zertifikat enthalten Daten verifiziert werden. Fehler bei der SSL-Verbindungsanforderung. Die angehängten Daten enthalten das Serverzertifikat.

Error: (03/12/2015 09:02:21 AM) (Source: Schannel) (EventID: 4120) (User: 187-G580)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 48. Der Windows-SChannel-Fehlerstatus lautet: 552.

Error: (03/12/2015 09:02:01 AM) (Source: Schannel) (EventID: 4114) (User: 187-G580)
Description: Das vom Remoteserver erhaltene Zertifikat wurde von einer nicht vertrauenswürdigen Zertifizierungsstelle ausgestellt. Aus diesem Grund können keine der im Zertifikat enthalten Daten verifiziert werden. Fehler bei der SSL-Verbindungsanforderung. Die angehängten Daten enthalten das Serverzertifikat.

Error: (03/12/2015 09:02:01 AM) (Source: Schannel) (EventID: 4120) (User: 187-G580)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 48. Der Windows-SChannel-Fehlerstatus lautet: 552.

Error: (03/12/2015 09:01:44 AM) (Source: Schannel) (EventID: 4114) (User: 187-G580)
Description: Das vom Remoteserver erhaltene Zertifikat wurde von einer nicht vertrauenswürdigen Zertifizierungsstelle ausgestellt. Aus diesem Grund können keine der im Zertifikat enthalten Daten verifiziert werden. Fehler bei der SSL-Verbindungsanforderung. Die angehängten Daten enthalten das Serverzertifikat.


Microsoft Office Sessions:
=========================
Error: (03/13/2015 06:08:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WWAHost.exe6.3.9600.17031f6401d05db03375d5d54294967295C:\Windows\System32\WWAHost.exe8434d8eb-c9a3-11e4-befa-3c970e5ca325winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewyWindows.Store

Error: (03/13/2015 06:08:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: 187-G580)
Description: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store

Error: (03/12/2015 11:04:44 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: ProtectionManagementselect * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement

Error: (03/12/2015 11:04:44 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: select * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement

Error: (03/12/2015 09:00:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: spotydl.exe0.9.37.0d6c01d05c9a4126d9464294967295C:\Program Files (x86)\Spotydl\spotydl.exee60b2b75-c88d-11e4-bef9-3c970e5ca325

Error: (03/12/2015 00:16:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SpotifyWebHelper.exe0.9.15.2754803b75ntdll.dll6.3.9600.170315308893dc00000050001f0a31b0401d05c3f952e9f97C:\Users\187\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\WINDOWS\SYSTEM32\ntdll.dll9c6f1e34-c844-11e4-bef9-3c970e5ca325

Error: (03/11/2015 10:04:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SpotifyWebHelper.exe0.9.15.2754803b75ntdll.dll6.3.9600.170315308893dc00000050001f0a316d401d05c36487d3c10C:\Users\187\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\WINDOWS\SYSTEM32\ntdll.dll371eb173-c832-11e4-bef9-3c970e5ca325

Error: (03/11/2015 09:02:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SpotifyWebHelper.exe0.9.15.2754803b75ntdll.dll6.3.9600.170315308893dc00000050001f0a317cc01d05c2fbfc0dbd7C:\Users\187\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\WINDOWS\SYSTEM32\ntdll.dll7aa02674-c829-11e4-bef9-3c970e5ca325

Error: (03/11/2015 07:01:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: spotydl.exe0.9.37.01e9401d05c134123f8884294967295C:\Program Files (x86)\Spotydl\spotydl.exea7a9276c-c818-11e4-bef7-3c970e5ca325

Error: (03/11/2015 04:51:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: spotydl.exe0.9.37.0145c01d05c12747eec154294967295C:\Program Files (x86)\Spotydl\spotydl.exe7a0209db-c806-11e4-bef7-3c970e5ca325


CodeIntegrity Errors:
===================================
  Date: 2014-09-29 19:51:13.260
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-29 19:51:13.232
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-29 19:51:11.014
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-29 19:51:10.954
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-29 19:51:09.676
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-29 19:51:09.659
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-29 19:51:09.645
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-29 19:51:09.626
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-29 19:51:09.611
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-29 19:51:09.595
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 48%
Total physical RAM: 5991.41 MB
Available physical RAM: 3113.71 MB
Total Pagefile: 8039.41 MB
Available Pagefile: 4527.82 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:199.65 GB) (Free:124.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:709.18 GB) (Free:138.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DEF66BCF)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
GMER
[CODE]
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-13 21:01:16
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000003d ST1000LM024_HN-M101MBB rev.2AR10001 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\187\AppData\Local\Temp\kfliqpow.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\WINDOWS\System32\win32k.sys!W32pServiceTable                                                                                                                                                                                                       fffff96000095a00 15 bytes [00, 2E, F4, 01, 80, A0, 6E, ...]
.text    C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 17                                                                                                                                                                                                  fffff96000095a11 10 bytes [5E, FC, FF, 00, BB, C7, 00, ...]

---- Threads - GMER 2.1 ----

Thread   C:\WINDOWS\system32\csrss.exe [644:676]                                                                                                                                                                                                               fffff96000817b90
---- Processes - GMER 2.1 ----

Library  C:\Users\187\AppData\Roaming\Copy\overlay\CopyShExt.dll (*** suspicious ***) @ C:\WINDOWS\Explorer.EXE [3460] (Copy Shell Extensions/Barracuda Networks, Inc.)(2013-11-26 15:56:15)                                                                   00007ffbf8ed0000
Library  C:\Users\187\AppData\Roaming\Copy\overlay\Brt.dll (*** suspicious ***) @ C:\WINDOWS\Explorer.EXE [3460](2013-11-26 15:56:15)                                                                                                                          00007ffbf43c0000
Library  C:\Users\187\AppData\Roaming\Copy\Gui.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Copy\CopyAgent.exe [4828](2013-09-19 14:39:56)                                                                                                          00007ffbeffc0000
Library  C:\Users\187\AppData\Roaming\Copy\Brt.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Copy\CopyAgent.exe [4828](2013-09-19 14:55:48)                                                                                                          00007ffbee340000
Library  C:\Users\187\AppData\Roaming\Copy\AgentSync.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Copy\CopyAgent.exe [4828](2013-12-1                                                                                                               00007ffbeda50000
Library  C:\Users\187\AppData\Roaming\Copy\QtCore4.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Copy\CopyAgent.exe [4828] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2013-06-19 14:35:36)                       000000006c100000
Library  C:\Users\187\AppData\Roaming\Copy\QtGui4.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Copy\CopyAgent.exe [4828] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2013-06-19 14:35:38)                        000000006b780000
Library  C:\Users\187\AppData\Roaming\Copy\CloudSync.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Copy\CopyAgent.exe [4828](2013-09-1                                                                                                               00007ffbed320000
Library  C:\Users\187\AppData\Roaming\Copy\imageformats\qjpeg4.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Copy\CopyAgent.exe [4828] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2013-06-19 14:36:22)           00007ffc02f40000
Process  C:\Users\187\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe (*** suspicious ***) @ C:\Users\187\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [4856](2014-03-04 10:40:49)                                                      00000000009d0000
Process  C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (FILE NOT FOUND)                                                                                              0000000000400000
Library  C:\Users\187\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:28)        000000006af20000
Library  C:\Users\187\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)            000000006ac10000
Library  C:\Users\187\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)           000000006a820000
Library  C:\Users\187\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024](2015-02-10 21:00:30)                                                                                        000000006a760000
Library  C:\Users\187\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (ICU I18N DLL/The ICU Project)(2015-02-10 21:00:30)                                                           000000004a900000
Library  C:\Users\187\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (ICU Common DLL/The ICU Project)(2015-02-10 21:00:30)                                                         0000000004990000
Library  C:\Users\187\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (ICU Data DLL/The ICU Project)(2015-02-10 21:00:30)                                                           000000004ad00000
Library  c:\users\187\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjbeqog.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024](2015-03-12 22:08:04)                                       0000000004260000
Library  C:\Users\187\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)        000000006a580000
Library  C:\Users\187\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26)         0000000069590000
Library  C:\Users\187\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)          0000000069370000
Library  C:\Users\187\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)            0000000069110000
Library  C:\Users\187\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)            000000006c370000
Library  C:\Users\187\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024](2015-02-10 21:00:30)                                                                                           000000006c1d0000
Library  C:\Users\187\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26)  000000006c1a0000
Library  C:\Users\187\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)         000000006c160000
Library  C:\Users\187\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24)   000000006c110000
Library  C:\Users\187\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024](2015-02-10 21:00:28)                                                                       000000006b380000
Library  C:\Users\187\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024](2015-02-10 21:00:28)                                                                       000000006c5c0000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                                                                                 unknown MBR code

---- EOF - GMER 2.1 ----
         
--- --- ---

Alt 13.03.2015, 20:23   #5
M-K-D-B
/// TB-Ausbilder
 
Notebook Win8 - Befall mit Keylogger Wolfeye? - Standard

Notebook Win8 - Befall mit Keylogger Wolfeye?



Servus,


welche Programme hast du denn schon alle "durchlaufen" lassen?

Wer hat den Keylogger denn auf deinem PC installiert?



Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :filefind
    *Wolfeye*
    
    :folderfind
    *Wolfeye*
    
    :regfind
    Wolfeye
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.



Alt 13.03.2015, 20:29   #6
LenovoRetten
 
Notebook Win8 - Befall mit Keylogger Wolfeye? - Standard

Notebook Win8 - Befall mit Keylogger Wolfeye?



Wenn ich das wüsste wer das war... Bis vor kurzem hatten mehrere Leute Zugriff auf das Notebook. Jetzt nur noch ich...

Systemlook sagt

Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 21:26 on 13/03/2015 by 187
Administrator - Elevation successful

========== filefind ==========

Searching for "*Wolfeye*"
No files found.

========== folderfind ==========

Searching for "*Wolfeye*"
No folders found.

========== regfind ==========

Searching for "Wolfeye"
No data found.

-= EOF =-
         

Alt 13.03.2015, 20:36   #7
M-K-D-B
/// TB-Ausbilder
 
Notebook Win8 - Befall mit Keylogger Wolfeye? - Standard

Notebook Win8 - Befall mit Keylogger Wolfeye?



Servus,


die meisten AV-Programme erkennen diesen Keylogger. Ich sehe zwar aktuell nichts in den Logdateien, würde aber zur Sicherheit noch TDSS-Killer und ComboFix laufen lassen, um sicher zu gehen.



Zukünftig bitte beachten:
Zitat:
Running from D:\Downloads
Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.






Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


Alt 13.03.2015, 21:00   #8
LenovoRetten
 
Notebook Win8 - Befall mit Keylogger Wolfeye? - Standard

Notebook Win8 - Befall mit Keylogger Wolfeye?



Danke erstmal!
Werde ich gleich laufen lassen.
Ich hatte das mit dem Desktop gelesen, aber dachte das wäre mehr für die Unbedarften damit die wissen wo sie alles finden.... sorry.

Combofix läuft nicht, sagt das Betriebsystem wird nicht unterstützt. Ich habe es als Administrator gestartet, Win 8.1

TDSS findet nichts, das Log ist zu lang zum direkt posten. Soll ich es als Anhang hochladen?

Geändert von LenovoRetten (13.03.2015 um 21:02 Uhr) Grund: Mehr Info

Alt 14.03.2015, 08:27   #9
M-K-D-B
/// TB-Ausbilder
 
Notebook Win8 - Befall mit Keylogger Wolfeye? - Standard

Notebook Win8 - Befall mit Keylogger Wolfeye?



Servus,


nein, nicht nötig.

Nimm anstatt ComboFix bitte MBAM her:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Alt 18.03.2015, 14:28   #10
M-K-D-B
/// TB-Ausbilder
 
Notebook Win8 - Befall mit Keylogger Wolfeye? - Standard

Notebook Win8 - Befall mit Keylogger Wolfeye?



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

Antwort

Themen zu Notebook Win8 - Befall mit Keylogger Wolfeye?
aufsetzen, befall, befallen, besser, cyberghost, ebook, hartnäckig, hinweis, hoffe, hotspot, keylogger, liest, meinung, mögliche, neu, neu aufsetzen, notebook, professionelle, recht, schei, spezialisten, system, verdächtiges, win, windows 8 64 bit, wirklich, wolfeye, zu lang



Ähnliche Themen: Notebook Win8 - Befall mit Keylogger Wolfeye?


  1. Win7 und Win8.1 sfc kann defekte Dateien nicht reparieren / Win8.1 abgesicherter Modus nicht startbar?
    Alles rund um Windows - 11.10.2015 (27)
  2. [Win8] Notebook hängt sich auf
    Plagegeister aller Art und deren Bekämpfung - 21.06.2015 (3)
  3. Notebook fährt ohne Grund ständig runter! Virus? Trojaner oder neues Notebook?
    Plagegeister aller Art und deren Bekämpfung - 09.03.2015 (9)
  4. Win8.1 black scrren -> wscript.exe beendet -> Win8.1 fährt hoch
    Log-Analyse und Auswertung - 14.02.2015 (3)
  5. Schwarzer Bildschirm nach dem Einloggen auf Win8 Notebook
    Plagegeister aller Art und deren Bekämpfung - 10.09.2014 (13)
  6. Notebook ASUS Win 8.1 64bit Rootkit befall ...
    Log-Analyse und Auswertung - 17.04.2014 (24)
  7. Win8 / Firefox: Befall mit Delta-Search-Virus
    Plagegeister aller Art und deren Bekämpfung - 05.08.2013 (13)
  8. Notebook verhält sich eigenartig... Eventueller Befall von Malware etc. ?
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (29)
  9. Live Security Befall - Asus Notebook Formatierung?
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (31)
  10. Keylogger oder Monitoring auf meinem Notebook?
    Log-Analyse und Auswertung - 13.06.2012 (1)
  11. Befall durch Trojan-BNK.Win32.Keylogger.gen / Was tun?
    Log-Analyse und Auswertung - 24.05.2011 (14)
  12. Keylogger Trojan-Spy.Win32.KeyLogger.cqd in Windows32
    Plagegeister aller Art und deren Bekämpfung - 05.08.2010 (1)
  13. Problem mit keylogger auf meinem notebook
    Plagegeister aller Art und deren Bekämpfung - 14.01.2010 (3)
  14. Keylogger/Trojaner-Befall ausreichend behoben?
    Plagegeister aller Art und deren Bekämpfung - 30.12.2009 (5)
  15. trojan.keylogger.win32.fung befall
    Mülltonne - 01.11.2008 (0)
  16. xp advanced keylogger Commercial KeyLogger
    Plagegeister aller Art und deren Bekämpfung - 03.08.2007 (4)
  17. family keylogger Commercial KeyLogger
    Plagegeister aller Art und deren Bekämpfung - 29.03.2006 (17)

Zum Thema Notebook Win8 - Befall mit Keylogger Wolfeye? - Ich war - hoffentlich jedenfalls - vom Wolfeye Keylogger befallen, oder besser mein Notebook. Ich habe zwar schon allerlei gelesen und alles mögliche durchlaufen lassen und scheinbar ist er weg, - Notebook Win8 - Befall mit Keylogger Wolfeye?...
Archiv
Du betrachtest: Notebook Win8 - Befall mit Keylogger Wolfeye? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.