| |
| |||||||
Log-Analyse und Auswertung: Malware - Logfileauswertung - Rechner stürzt ab oder friert einWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
14.05.2015, 22:03
| #1 |
| |  Malware - Logfileauswertung - Rechner stürzt ab oder friert ein Hallo zusammen, habe auf meinem Rechner Windows 8.1 installiert. Es kommt zeitweise dazu das der Rechner einfriert oder abstürzt. Habe hier diverse Logfiles erstellt und bitte um Hilfe bei der Auswertung. Vielen Dank im voraus. Logfile OTL: Code:
ATTFilter OTL logfile created on: 14.05.2015 20:53:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kay\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17801) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,96 Gb Total Physical Memory | 3,09 Gb Available Physical Memory | 51,90% Memory free 14,94 Gb Paging File | 11,62 Gb Available in Paging File | 77,78% Paging File free Paging file location(s): c:\pagefile.sys 9198 9198 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 918,27 Gb Total Space | 751,24 Gb Free Space | 81,81% Space Free | Partition Type: NTFS Drive D: | 10,98 Gb Total Space | 1,29 Gb Free Space | 11,74% Space Free | Partition Type: NTFS Computer Name: KSIN | User Name: Kay | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2015.05.13 03:53:28 | 001,894,064 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe PRC - [2015.05.08 21:47:35 | 000,376,944 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2015.05.08 00:03:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kay\Downloads\otl.exe PRC - [2015.04.24 07:19:02 | 004,481,824 | ---- | M] (FlashPeak Inc.) -- C:\Program Files (x86)\SlimBrowser\sbframe.exe PRC - [2015.04.24 07:19:02 | 000,999,200 | ---- | M] (FlashPeak Inc.) -- C:\Program Files (x86)\SlimBrowser\SBRender.exe PRC - [2015.04.20 18:33:52 | 003,391,712 | ---- | M] (Mister Group) -- C:\Program Files (x86)\System Explorer\SystemExplorer.exe PRC - [2015.04.17 10:01:26 | 000,888,440 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\launcher.exe PRC - [2015.04.15 13:21:40 | 003,438,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe PRC - [2015.04.15 13:17:20 | 003,745,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe PRC - [2015.04.15 13:16:38 | 001,517,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgfws.exe PRC - [2015.04.15 13:10:56 | 000,311,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe PRC - [2015.04.14 09:36:30 | 001,080,120 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe PRC - [2015.04.14 09:36:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe PRC - [2015.04.14 09:36:20 | 006,212,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe PRC - [2015.03.10 19:58:49 | 000,620,056 | ---- | M] () -- C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe PRC - [2015.03.08 16:30:28 | 001,740,776 | ---- | M] (Evaer Technology) -- C:\Program Files (x86)\Evaer\videochannel.exe PRC - [2014.11.26 14:44:54 | 000,153,384 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe PRC - [2014.11.26 14:42:12 | 001,167,656 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTgui.exe PRC - [2014.07.14 19:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe PRC - [2014.07.14 19:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe ========== Modules (No Company Name) ========== MOD - [2015.05.13 03:53:28 | 016,867,504 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll MOD - [2015.03.02 13:00:23 | 001,718,808 | ---- | M] () -- C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll MOD - [2012.05.17 06:26:32 | 000,088,496 | ---- | M] () -- C:\Program Files (x86)\SlimBrowser\easyhook32.dll ========== Services (SafeList) ========== SRV:64bit: - [2015.05.06 19:44:49 | 001,429,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack) SRV:64bit: - [2015.03.10 22:28:53 | 000,229,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2015.02.21 01:49:18 | 000,780,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2014.11.21 10:17:35 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2014.11.21 06:05:46 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService) SRV:64bit: - [2014.11.21 06:05:36 | 001,668,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc) SRV:64bit: - [2014.11.21 06:04:47 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness) SRV:64bit: - [2014.11.21 06:04:42 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2014.11.21 06:04:41 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2014.11.21 06:04:35 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2014.11.21 06:04:34 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2014.11.21 06:04:31 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2014.11.21 06:04:20 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2014.11.21 06:04:17 | 001,639,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2014.11.21 06:04:17 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC) SRV:64bit: - [2014.11.21 06:04:16 | 000,041,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2014.11.21 06:04:14 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2014.11.21 06:04:14 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum) SRV:64bit: - [2014.11.21 06:04:12 | 000,521,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc) SRV:64bit: - [2014.11.21 06:04:08 | 000,407,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2014.11.21 06:04:08 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2014.11.21 06:04:07 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2014.11.21 06:04:07 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2014.11.21 06:04:02 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2014.11.21 06:04:01 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2014.11.21 06:04:01 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2014.11.21 06:04:01 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost) SRV:64bit: - [2014.11.21 06:03:56 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc) SRV:64bit: - [2014.11.21 06:03:50 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2014.11.21 06:03:50 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2014.11.21 06:03:50 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2014.11.21 06:03:50 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2014.11.21 06:03:50 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2014.11.21 06:03:50 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2014.11.21 06:03:50 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface) SRV:64bit: - [2014.11.21 06:03:34 | 000,838,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2014.11.21 06:03:34 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2014.11.21 06:03:30 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2014.11.21 06:03:29 | 000,324,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv) SRV:64bit: - [2014.11.21 04:12:40 | 000,244,736 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2014.07.02 10:08:33 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc) SRV - [2015.05.13 03:53:28 | 000,268,464 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2015.05.08 21:47:48 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2015.04.15 13:21:40 | 003,438,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe -- (AVGIDSAgent) SRV - [2015.04.15 13:16:38 | 001,517,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgfws.exe -- (avgfws) SRV - [2015.04.15 13:10:56 | 000,311,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe -- (avgwd) SRV - [2015.04.14 09:36:30 | 001,080,120 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe -- (MBAMService) SRV - [2015.04.14 09:36:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe -- (MBAMScheduler) SRV - [2015.04.01 18:48:32 | 005,540,424 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (CmdAgent) SRV - [2015.04.01 18:44:06 | 002,265,816 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Programme\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth) SRV - [2015.03.28 12:58:42 | 000,089,840 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService) SRV - [2015.03.26 08:41:16 | 002,306,248 | ---- | M] (Comodo) [Disabled | Stopped] -- C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe -- (ChromodoUpdater) SRV - [2015.03.10 22:21:35 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2015.03.10 22:21:33 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2015.03.10 19:58:49 | 000,620,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe -- (WtuSystemSupport) SRV - [2015.02.25 10:24:58 | 002,604,856 | ---- | M] (AVG Technologies) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2015.02.18 19:11:32 | 000,315,488 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2014.12.20 12:00:00 | 000,820,960 | ---- | M] (Mister Group) [On_Demand | Running] -- C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe -- (SystemExplorerHelpService) SRV - [2014.12.03 08:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2014.11.26 14:44:54 | 000,153,384 | ---- | M] (Sophos Limited) [On_Demand | Running] -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe -- (SophosVirusRemovalTool) SRV - [2014.11.21 06:05:11 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost) SRV - [2014.11.21 06:03:35 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc) SRV - [2014.11.21 06:03:35 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2014.11.21 06:03:30 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2014.10.10 10:37:18 | 000,409,376 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2014.10.10 10:37:16 | 000,158,496 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2014.08.21 21:42:40 | 000,093,184 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2014.07.14 19:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc) SRV - [2014.07.14 19:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc) SRV - [2014.07.02 10:10:55 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc) SRV - [2013.12.19 10:07:52 | 001,821,384 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe -- (IceDragonUpdater) SRV - [2013.11.20 11:43:20 | 000,339,456 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2013.08.27 15:32:30 | 000,828,376 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R) SRV - [2013.08.27 15:32:14 | 000,747,520 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) ========== Driver Services (SafeList) ========== DRV:64bit: - [2015.05.14 20:39:16 | 000,136,408 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV:64bit: - [2015.04.15 13:06:02 | 000,256,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2015.04.14 09:38:00 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl) DRV:64bit: - [2015.04.14 09:37:46 | 000,107,736 | ---- | M] (Malwarebytes Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon) DRV:64bit: - [2015.04.14 09:37:42 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2015.04.09 14:11:14 | 000,284,128 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2015.04.07 12:39:26 | 000,293,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgwfpa.sys -- (Avgwfpa) DRV:64bit: - [2015.04.03 09:34:12 | 000,137,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2015.04.01 18:50:10 | 000,020,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd) DRV:64bit: - [2015.03.27 08:40:48 | 000,021,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\avgboota.sys -- (Avgboota) DRV:64bit: - [2015.03.21 18:30:05 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon) DRV:64bit: - [2015.03.20 12:20:42 | 000,067,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd) DRV:64bit: - [2015.03.20 12:18:18 | 000,040,928 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2015.03.20 04:31:18 | 000,131,384 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm) DRV:64bit: - [2015.03.20 03:56:10 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache) DRV:64bit: - [2015.03.17 19:26:06 | 000,467,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2015.03.14 10:06:49 | 000,157,944 | ---- | M] (Ray Hinchliffe) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SIVX64.sys -- (SIVDriver) DRV:64bit: - [2015.03.13 06:03:31 | 000,239,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2015.03.11 12:16:06 | 000,162,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska) DRV:64bit: - [2015.03.11 12:13:36 | 000,344,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2015.03.11 12:13:28 | 000,213,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2015.03.10 22:27:12 | 000,264,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2015.03.10 22:27:12 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv) DRV:64bit: - [2015.03.10 22:27:12 | 000,044,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2015.03.09 04:02:51 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2015.03.04 12:25:11 | 000,377,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS) DRV:64bit: - [2015.01.06 18:03:02 | 000,413,960 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci) DRV:64bit: - [2014.12.29 22:38:17 | 000,034,512 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\debutfilterx64.sys -- (debutfilter) DRV:64bit: - [2014.12.04 21:44:34 | 000,033,520 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:64bit: - [2014.11.21 06:06:04 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof) DRV:64bit: - [2014.11.21 06:05:51 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2014.11.21 06:05:47 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2014.11.21 06:04:34 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2014.11.21 06:04:31 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2014.11.21 06:04:30 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2014.11.21 06:04:28 | 000,921,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS) DRV:64bit: - [2014.11.21 06:04:12 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2014.11.21 06:03:31 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2014.11.21 06:03:29 | 000,415,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2014.11.21 06:03:29 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc) DRV:64bit: - [2014.11.21 06:03:29 | 000,069,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci) DRV:64bit: - [2014.11.21 06:03:28 | 000,324,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2014.11.21 06:03:28 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2014.11.21 05:42:09 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2) DRV:64bit: - [2014.11.21 05:41:53 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2014.11.21 05:41:52 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2014.11.21 05:41:51 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme) DRV:64bit: - [2014.11.21 05:41:51 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2014.11.21 05:13:11 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2014.11.21 04:40:00 | 018,959,360 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2014.11.21 04:08:54 | 000,589,312 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2014.11.19 11:29:16 | 000,876,760 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2014.11.10 20:06:59 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2014.11.04 21:33:40 | 000,058,176 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam) DRV:64bit: - [2014.10.17 06:56:23 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep) DRV:64bit: - [2014.10.17 05:35:04 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc) DRV:64bit: - [2014.10.10 10:37:16 | 000,129,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64) DRV:64bit: - [2014.03.11 16:20:04 | 000,222,720 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdWB6.sys -- (AtiHDAudioService) DRV:64bit: - [2014.01.13 23:50:42 | 000,023,608 | ---- | M] (Christian Gulden) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pimou.sys -- (pimou) DRV:64bit: - [2013.12.18 12:34:38 | 000,888,536 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2013.11.21 09:31:28 | 000,632,168 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2013.11.20 11:43:22 | 000,551,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2013.08.22 15:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv) DRV:64bit: - [2013.08.22 15:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2013.08.22 14:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2013.08.22 14:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2013.08.22 14:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2013.08.22 14:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2013.08.22 14:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2013.08.22 14:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2013.08.22 14:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2013.08.22 14:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2013.08.22 14:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3) DRV:64bit: - [2013.08.22 14:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX) DRV:64bit: - [2013.08.22 14:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2013.08.22 14:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2013.08.22 14:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware) DRV:64bit: - [2013.08.22 14:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2013.08.22 14:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2013.08.22 14:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2013.08.22 14:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2013.08.22 14:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2013.08.22 14:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2013.08.22 14:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2013.08.22 14:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci) DRV:64bit: - [2013.08.22 14:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2013.08.22 14:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2013.08.22 14:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI) DRV:64bit: - [2013.08.22 14:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2013.08.22 13:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2013.08.22 13:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2013.08.22 13:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2013.08.22 13:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2013.08.22 13:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2013.08.22 13:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013.08.22 13:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2013.08.22 13:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2013.08.22 13:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2013.08.22 13:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2013.08.22 13:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2013.08.22 13:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2013.08.22 13:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2013.08.22 13:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2013.08.22 13:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus) DRV:64bit: - [2013.08.22 10:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2013.08.13 01:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2) DRV:64bit: - [2013.08.10 02:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV) DRV:64bit: - [2013.07.30 20:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO) DRV:64bit: - [2013.07.25 21:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C) DRV:64bit: - [2013.07.18 15:00:04 | 000,083,224 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2012.09.23 01:17:24 | 000,021,160 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdkmafd.sys -- (amdkmafd) DRV:64bit: - [2012.05.17 12:57:06 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) DRV:64bit: - [2009.06.18 13:54:10 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\6044.tmp -- (MEMSWEEP2) DRV - [2015.03.12 05:30:10 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64) DRV - [2015.01.13 12:26:10 | 000,014,112 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = hxxp://www.google.com/search?q={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{BA667243-1B10-47C5-AD89-F7D3CE8B219D}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = hxxp://www.google.com/search?q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{BA667243-1B10-47C5-AD89-F7D3CE8B219D}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKLM\..\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}: "URL" = https://www.google.com/search?trackid=sp-006&q={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4150589384-1404209100-33404022-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ IE - HKU\S-1-5-21-4150589384-1404209100-33404022-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006 IE - HKU\S-1-5-21-4150589384-1404209100-33404022-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} IE - HKU\S-1-5-21-4150589384-1404209100-33404022-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKU\S-1-5-21-4150589384-1404209100-33404022-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4150589384-1404209100-33404022-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4150589384-1404209100-33404022-1001\..\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}: "URL" = https://www.google.com/search?trackid=sp-006&q={searchTerms} IE - HKU\S-1-5-21-4150589384-1404209100-33404022-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.countryCode: "DE" FF - prefs.js..browser.search.defaultengine: "Google (avast)" FF - prefs.js..browser.search.defaultthis.engineName: "Google (avast)" FF - prefs.js..browser.search.defaulturl: "https://www.google.com/search/?trackid=sp-006" FF - prefs.js..browser.search.isUS: false FF - prefs.js..browser.search.order.1: "Google (avast)" FF - prefs.js..browser.search.region: "DE" FF - prefs.js..browser.search.searchengine.desc: "this is my first firefox searchEngine" FF - prefs.js..browser.search.searchengine.ptid: "cvs" FF - prefs.js..browser.search.searchengine.uid: "WDCXWD10EZEX-60ZF5A0_WD-WCC1S098102481024" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "yahoo.de" FF - prefs.js..extensions.enabledAddons: support%40free-hideip.com:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:38.0 FF - prefs.js..keyword.URL: "https://www.google.com/search/?trackid=sp-006" FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.45.2: C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2: C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.45.2: C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2: C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\hp.com/HPDetect: C:\Users\Kay\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 38.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015.04.15 22:49:55 | 000,000,000 | ---D | M] [2014.12.10 20:47:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kay\AppData\Roaming\mozilla\Extensions [2015.04.13 21:55:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kay\AppData\Roaming\mozilla\Firefox\Profiles\732yhgy9.default-1418351222236\extensions [2015.04.13 21:55:30 | 000,004,548 | ---- | M] () (No name found) -- C:\Users\Kay\AppData\Roaming\mozilla\firefox\profiles\732yhgy9.default-1418351222236\extensions\support@free-hideip.com.xpi [2015.03.22 23:16:12 | 000,002,428 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\mozilla\firefox\profiles\732yhgy9.default-1418351222236\searchplugins\google-avast.xml [2015.03.02 22:44:30 | 000,000,663 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\mozilla\firefox\profiles\732yhgy9.default-1418351222236\searchplugins\google-images.xml [2015.03.02 22:44:30 | 000,002,307 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\mozilla\firefox\profiles\732yhgy9.default-1418351222236\searchplugins\google-maps.xml [2015.03.10 20:02:14 | 000,008,039 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\mozilla\firefox\profiles\732yhgy9.default-1418351222236\searchplugins\Google.xml [2015.05.13 03:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2015.05.13 03:54:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - plugin: Error reading preferences file CHR - Extension: No name found = C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\ CHR - Extension: No name found = C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\ CHR - Extension: No name found = C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\ CHR - Extension: No name found = C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\ CHR - Extension: No name found = C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\ CHR - Extension: No name found = C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\ CHR - Extension: No name found = C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik\2.2015.506.11355_0\ CHR - Extension: No name found = C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\ CHR - Extension: No name found = C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\ CHR - Extension: No name found = C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ O1 HOSTS File: ([2013.08.22 15:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.8.0_45\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre1.8.0_45\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup File not found O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [SystemExplorerAutoStart] C:\Program Files (x86)\System Explorer\SystemExplorer.exe (Mister Group) O4 - HKU\S-1-5-21-4150589384-1404209100-33404022-1001..\Run: [avichannel] C:\Program Files (x86)\Evaer\videochannel.exe (Evaer Technology) O4 - HKU\S-1-5-21-4150589384-1404209100-33404022-1001..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKLM..\RunOnce\Setup: [Registering MS MPEG4 ActiveX filter...] C:\Windows\SysWOW64\MPG4ds32.ax (Microcrap Corporation) O4 - Startup: C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015.03.12 20:49:04 | 000,000,000 | -H-D | M] O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O7 - HKU\S-1-5-21-4150589384-1404209100-33404022-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-4150589384-1404209100-33404022-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKU\S-1-5-21-4150589384-1404209100-33404022-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCF39CDF-2E39-4AE3-8CD8-AB6F3A508737}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\ica - No CLSID value found O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\adobe air application installer.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\chromodo.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\icedragon.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\wordview.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\adobe air application installer.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\chromodo.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\icedragon.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\wordview.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (sdnclean64.exe) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2015.05.14 20:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos [2015.05.14 20:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2015.05.14 20:21:10 | 000,000,000 | ---D | C] -- C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Software [2015.05.14 20:10:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2015.05.14 20:10:07 | 000,000,000 | ---D | C] -- C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2015.05.13 03:24:32 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationCFFRasterizerNative_v0300.dll [2015.05.13 03:24:32 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll [2015.05.13 03:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2015.05.13 03:18:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2015.05.13 03:18:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2015.05.12 20:33:57 | 001,441,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll [2015.05.12 20:33:57 | 000,445,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\certcli.dll [2015.05.12 20:33:57 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\certcli.dll [2015.05.12 20:33:56 | 001,996,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DWrite.dll [2015.05.12 20:33:56 | 000,410,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\services.exe [2015.05.12 20:33:53 | 006,025,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll [2015.05.12 20:33:52 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll [2015.05.12 20:33:52 | 000,664,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll [2015.05.12 20:33:52 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll [2015.05.12 20:33:51 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl [2015.05.12 20:33:51 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl [2015.05.12 20:33:51 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll [2015.05.12 20:33:51 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll [2015.05.12 20:33:51 | 000,720,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe [2015.05.12 20:33:51 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll [2015.05.12 20:33:51 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll [2015.05.12 20:33:51 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\html.iec [2015.05.12 20:33:51 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\html.iec [2015.05.12 20:33:51 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll [2015.05.12 20:33:51 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iepeers.dll [2015.05.12 20:33:51 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll [2015.05.12 20:33:51 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inseng.dll [2015.05.12 20:33:51 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll [2015.05.12 20:33:51 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll [2015.05.08 01:45:12 | 000,000,000 | ---D | C] -- C:\Users\Kay\AppData\Roaming\Comodo [2015.05.08 01:44:40 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfc71.dll [2015.05.07 23:45:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Adobe [2015.05.07 23:35:48 | 000,027,400 | ---- | C] (COMODO CA Limited) -- C:\WINDOWS\SysNative\certsentry.dll [2015.05.07 23:35:48 | 000,024,328 | ---- | C] (COMODO CA Limited) -- C:\WINDOWS\SysWow64\certsentry.dll [2015.05.07 23:35:48 | 000,024,296 | ---- | C] (COMODO CA Limited) -- C:\WINDOWS\SysNative\certsentry.exe [2015.05.07 23:35:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo [2015.05.07 23:09:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2015.05.07 23:07:23 | 000,000,000 | ---D | C] -- C:\Users\Kay\AppData\Roaming\TrojanHunter [2015.05.07 22:52:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter [2015.05.07 22:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrojanHunter 5.6 [2015.05.07 22:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TrojanHunter [2015.05.07 22:36:52 | 000,000,000 | ---D | C] -- C:\Users\Kay\AppData\Roaming\AVG2015 [2015.05.07 22:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2015.05.07 22:35:43 | 000,000,000 | -H-D | C] -- C:\$AVG [2015.05.07 22:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2015 [2015.05.07 22:30:21 | 000,000,000 | ---D | C] -- C:\Users\Kay\AppData\Local\Avg2015 [2015.05.07 21:25:35 | 000,000,000 | -H-D | C] -- C:\VTRoot [2015.05.07 21:23:36 | 000,023,608 | ---- | C] (Christian Gulden) -- C:\WINDOWS\SysNative\drivers\pimou.sys [2015.05.07 21:21:56 | 000,413,960 | ---- | C] (Texas Instruments Incorporated) -- C:\WINDOWS\SysNative\drivers\tixhci.sys [2015.05.07 21:04:36 | 002,378,448 | ---- | C] (COMODO Security Solutions) -- C:\bsm_chrome.exe [2015.05.07 21:04:36 | 001,238,744 | ---- | C] (COMODO) -- C:\cmdstat.dll [2015.05.07 21:04:36 | 000,281,816 | ---- | C] (Igor Pavlov) -- C:\7za.dll [2015.05.07 21:04:36 | 000,000,000 | ---D | C] -- C:\translations [2015.05.07 21:04:35 | 004,479,704 | ---- | C] (COMODO) -- C:\cmdinstall.exe [2015.05.07 21:04:35 | 003,454,680 | ---- | C] (Terra Informatica Software, Inc.) -- C:\cmdhtml.dll [2015.05.07 21:04:35 | 000,000,000 | ---D | C] -- C:\cis [2015.05.07 21:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader [2015.05.07 20:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Shared Space [2015.05.07 20:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO [2015.05.07 20:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo [2015.05.07 20:45:49 | 000,000,000 | ---D | C] -- C:\Users\Kay\AppData\Local\Comodo [2015.05.07 20:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo [2015.05.06 23:35:55 | 000,000,000 | ---D | C] -- C:\Snort [2015.05.06 22:53:42 | 000,000,000 | ---D | C] -- C:\Users\Kay\.zenmap [2015.05.06 22:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nmap [2015.05.06 22:37:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemExplorer [2015.05.06 22:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer [2015.05.06 22:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\System Explorer [2015.05.06 22:33:28 | 000,000,000 | ---D | C] -- C:\Users\Kay\Desktop\filme [2015.05.06 22:32:26 | 000,285,208 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysNative\drivers\tmcomm.sys [2015.05.06 22:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved [2015.05.06 22:17:26 | 000,000,000 | ---D | C] -- C:\Users\Kay\AppData\Roaming\Raptr [2015.05.06 21:40:22 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2015.05.06 20:48:08 | 000,000,000 | ---D | C] -- C:\Users\Kay\AppData\Roaming\Nico Mak Computing [2015.05.06 19:45:25 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UtcResources.dll [2015.05.06 00:28:48 | 002,256,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll [2015.05.06 00:28:47 | 001,943,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll [2015.05.06 00:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2015.05.06 00:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit [2015.05.05 23:51:03 | 000,000,000 | ---D | C] -- C:\Users\Kay\Desktop\Neuer Ordner (3) [2015.04.30 01:37:56 | 000,000,000 | ---D | C] -- C:\Users\Kay\Desktop\Neuer Ordner (2) [2015.04.29 19:54:01 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sdbinst.exe [2015.04.29 19:54:01 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sdbinst.exe [2015.04.29 19:54:00 | 004,417,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dbgeng.dll [2015.04.29 19:54:00 | 002,985,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dbgeng.dll [2015.04.29 19:54:00 | 001,491,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dbghelp.dll [2015.04.29 19:54:00 | 001,207,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dbghelp.dll [2015.04.29 19:54:00 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\ahcache.sys [2015.04.28 04:39:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache [2015.04.28 03:17:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shark007 [2015.04.28 03:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Advanced [2015.04.28 02:42:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2015.04.23 23:06:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard [2015.04.23 10:14:42 | 002,819,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers.dll [2015.04.23 10:14:42 | 000,467,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS [2015.04.23 10:14:42 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Input.Inking.dll [2015.04.23 10:14:42 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Input.Inking.dll [2015.04.23 10:14:42 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\bthhfenum.sys [2015.04.23 10:14:12 | 002,162,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRH.dll [2015.04.23 10:14:12 | 001,812,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SRH.dll [2015.04.23 10:14:11 | 000,445,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PhotoMetadataHandler.dll [2015.04.23 10:14:11 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PhotoMetadataHandler.dll [2015.04.23 10:14:11 | 000,239,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\sdbus.sys [2015.04.23 10:14:11 | 000,154,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dumpsd.sys [2015.04.23 10:14:07 | 002,067,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpdshext.dll [2015.04.23 10:14:07 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dpapisrv.dll [2015.04.23 10:14:06 | 001,429,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\diagtrack.dll [2015.04.23 00:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\UltraDefrag [2015.04.19 15:00:14 | 000,089,600 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\SysNative\udefrag.exe [2015.04.19 15:00:10 | 000,013,312 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\SysNative\hibernate4win.exe [2015.04.19 15:00:08 | 000,012,288 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\SysNative\bootexctrl.exe [2015.04.19 15:00:04 | 000,033,792 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\SysNative\wgx.dll [2015.04.19 14:59:40 | 000,394,752 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\SysNative\defrag_native.exe [2015.04.19 14:59:22 | 000,055,808 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\SysNative\udefrag.dll [2015.04.19 14:59:14 | 000,337,920 | ---- | C] (UltraDefrag Development Team) -- C:\WINDOWS\SysNative\zenwinx.dll [2015.04.15 22:49:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2015.04.15 22:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2015.04.15 22:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2015.04.15 22:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2015.04.15 22:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AmUStor [2015.04.15 22:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AmUStor [2015.04.15 22:07:19 | 000,876,760 | ---- | C] (Realtek ) -- C:\WINDOWS\SysNative\drivers\Rt630x64.sys [2015.04.15 22:07:19 | 000,073,800 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\SysNative\RtNicProp64.dll [2015.04.15 21:52:43 | 000,000,000 | ---D | C] -- C:\Users\Kay\AppData\Roaming\Easeware [2015.04.15 21:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\Easeware [2015.04.15 21:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Citrix [2015.04.15 15:36:57 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rascfg.dll [2015.04.15 15:36:57 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rascfg.dll [2015.04.15 13:06:02 | 000,256,992 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgldx64.sys [2015.04.15 12:52:59 | 007,476,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe [2015.04.15 12:52:58 | 001,733,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll [2015.04.15 12:52:57 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tdh.dll [2015.04.15 12:52:57 | 000,749,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tdh.dll [2015.04.15 12:52:56 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tracerpt.exe [2015.04.15 12:52:56 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tracerpt.exe [2015.04.15 12:52:56 | 000,360,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sechost.dll [2015.04.15 12:52:56 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wow64.dll [2015.04.15 12:52:56 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\microsoft-windows-system-events.dll [2015.04.15 12:52:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wow64cpu.dll [2015.04.15 12:52:01 | 000,377,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\clfs.sys [2015.04.15 12:52:01 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\clfsw32.dll [2015.04.15 12:52:01 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\clfsw32.dll [5 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ] [1 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2015.05.14 20:58:39 | 000,016,448 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\sfi.dat [2015.05.14 20:40:56 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2015.05.14 20:39:16 | 000,136,408 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys [2015.05.14 20:39:01 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForKay.job [2015.05.14 20:38:55 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2015.05.14 20:38:04 | 000,146,484 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\fvstore.dat [2015.05.14 20:36:00 | 000,002,775 | ---- | M] () -- C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk [2015.05.14 20:23:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2015.05.14 20:10:07 | 000,001,282 | ---- | M] () -- C:\Users\Kay\Desktop\Revo Uninstaller.lnk [2015.05.14 19:58:11 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\Free Hide IP.lnk [2015.05.13 17:17:50 | 000,010,330 | ---- | M] () -- C:\KSIN.rtf [2015.05.13 03:54:59 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2015.05.13 03:46:58 | 000,355,136 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2015.05.13 00:31:33 | 303,890,083 | ---- | M] () -- C:\Users\Kay\Desktop\sugarbaby1.mp4 [2015.05.12 23:39:35 | 000,069,352 | ---- | M] () -- C:\Users\Kay\Desktop\sassdaa.jpg [2015.05.12 23:37:37 | 000,020,533 | ---- | M] () -- C:\Users\Kay\Desktop\41Sev2a-k7L.jpg [2015.05.12 23:00:33 | 000,261,803 | ---- | M] () -- C:\Users\Kay\Desktop\IMG_7296.JPG [2015.05.12 23:00:02 | 000,259,247 | ---- | M] () -- C:\Users\Kay\Desktop\IMG_6077.JPG [2015.05.12 22:59:50 | 000,945,439 | ---- | M] () -- C:\Users\Kay\Desktop\IMG_0709.PNG [2015.05.12 22:59:35 | 000,274,295 | ---- | M] () -- C:\Users\Kay\Desktop\IMG_6076.JPG [2015.05.12 22:59:30 | 000,055,248 | ---- | M] () -- C:\Users\Kay\Desktop\IMG_6510.JPG [2015.05.12 22:41:55 | 001,552,070 | ---- | M] () -- C:\Users\Kay\Desktop\Picture 5.jpg [2015.05.12 22:20:44 | 002,047,393 | ---- | M] () -- C:\Users\Kay\Desktop\Picture 3.jpg [2015.05.11 04:17:23 | 171,822,746 | ---- | M] () -- C:\Users\Kay\Desktop\black angel.mp4 [2015.05.11 02:36:08 | 924,734,625 | ---- | M] () -- C:\Users\Kay\Desktop\blond jennifer.mp4 [2015.05.11 02:11:24 | 000,008,349 | ---- | M] () -- C:\Users\Kay\Desktop\black_tribal_tattoo.jpg [2015.05.09 11:09:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job [2015.05.09 04:00:35 | 291,529,144 | ---- | M] () -- C:\Users\Kay\Desktop\hothot hot.mp4 [2015.05.08 19:19:17 | 359,372,269 | ---- | M] () -- C:\Users\Kay\Desktop\sasha.mp4 [2015.05.08 04:45:03 | 000,027,400 | ---- | M] (COMODO CA Limited) -- C:\WINDOWS\SysNative\certsentry.dll [2015.05.08 04:45:03 | 000,024,328 | ---- | M] (COMODO CA Limited) -- C:\WINDOWS\SysWow64\certsentry.dll [2015.05.08 04:45:03 | 000,024,296 | ---- | M] (COMODO CA Limited) -- C:\WINDOWS\SysNative\certsentry.exe [2015.05.08 02:48:00 | 000,027,260 | ---- | M] () -- C:\Users\Kay\Desktop\My Snapshot56.jpg [2015.05.08 01:49:13 | 000,027,040 | ---- | M] () -- C:\Users\Kay\Desktop\My Snapshot57.jpg [2015.05.08 01:44:57 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\Comodo IceDragon.lnk [2015.05.08 01:44:40 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfc71.dll [2015.05.07 23:37:06 | 000,001,133 | ---- | M] () -- C:\Users\Kay\Desktop\Internet (Chromodo).lnk [2015.05.07 22:52:21 | 000,059,392 | R--- | M] () -- C:\WINDOWS\SysWow64\streamhlp.dll [2015.05.07 22:52:20 | 000,001,099 | ---- | M] () -- C:\Users\Kay\Desktop\TrojanHunter.lnk [2015.05.07 22:36:09 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2015.lnk [2015.05.07 22:34:57 | 000,000,034 | ---- | M] () -- C:\WINDOWS\AvastEmUpdate.ini [2015.05.07 21:16:33 | 000,000,558 | ---- | M] () -- C:\WINDOWS\wininit.ini [2015.05.07 21:07:24 | 000,002,030 | ---- | M] () -- C:\Users\Kay\Desktop\Spotify.lnk [2015.05.07 21:07:24 | 000,001,464 | ---- | M] () -- C:\Users\Kay\Desktop\PatchMyPC - Verknüpfung.lnk [2015.05.07 21:04:36 | 000,001,512 | RHS- | M] () -- C:\WINDOWS\SysWow64\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf [2015.05.07 21:04:36 | 000,000,642 | ---- | M] () -- C:\WINDOWS\SysWow64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile [2015.05.07 20:49:26 | 001,103,942 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat [2015.05.07 20:49:26 | 000,278,380 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat [2015.05.07 20:18:19 | 000,557,183 | ---- | M] () -- C:\Users\Kay\Desktop\bookmarks-2015-05-07.json [2015.05.07 04:11:11 | 206,929,475 | ---- | M] () -- C:\Users\Kay\Desktop\sweet alice.mp4 [2015.05.07 02:26:02 | 000,030,410 | ---- | M] () -- C:\Users\Kay\Desktop\My Snapshot35.jpg [2015.05.07 02:21:32 | 000,032,978 | ---- | M] () -- C:\Users\Kay\Desktop\My Snapshot34.jpg [2015.05.06 23:03:46 | 000,000,218 | ---- | M] () -- C:\Users\Kay\AppData\Local\recently-used.xbel [2015.05.06 22:39:20 | 000,425,490 | ---- | M] () -- C:\Users\Kay\AppData\Local\census.cache [2015.05.06 22:39:15 | 000,190,976 | ---- | M] () -- C:\Users\Kay\AppData\Local\ars.cache [2015.05.06 22:37:11 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\System Explorer.lnk [2015.05.06 22:37:04 | 000,000,010 | ---- | M] () -- C:\Users\Kay\AppData\Local\sponge.last.runtime.cache [2015.05.06 22:32:21 | 000,000,036 | ---- | M] () -- C:\Users\Kay\AppData\Local\housecall.guid.cache [2015.05.06 19:44:49 | 001,429,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\diagtrack.dll [2015.05.06 02:05:01 | 000,074,610 | ---- | M] () -- C:\Users\Kay\Desktop\byIw2Ar.jpg [2015.05.05 20:54:15 | 000,114,745 | ---- | M] () -- C:\Users\Kay\Desktop\35038511_1427436033.jpg [2015.05.05 20:51:37 | 000,043,176 | ---- | M] () -- C:\Users\Kay\Desktop\12066647_3169260_1430851837.jpg [2015.05.05 19:59:54 | 000,792,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe [2015.05.05 19:59:54 | 000,178,168 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl [2015.05.04 22:10:45 | 001,210,680 | ---- | M] () -- C:\Users\Kay\Desktop\IMG_0553.JPG [2015.05.04 22:09:30 | 001,397,548 | ---- | M] () -- C:\Users\Kay\Desktop\IMG_0597.JPG [2015.05.04 22:07:37 | 001,082,736 | ---- | M] () -- C:\Users\Kay\Desktop\IMG_0513.JPG [2015.05.03 23:49:31 | 000,112,288 | ---- | M] () -- C:\Users\Kay\Desktop\1adscd.jpg [2015.05.03 23:48:47 | 000,217,685 | ---- | M] () -- C:\Users\Kay\Desktop\1adsc.jpg [2015.05.03 23:47:35 | 000,136,828 | ---- | M] () -- C:\Users\Kay\Desktop\1ads.jpg [2015.05.03 23:46:48 | 000,237,906 | ---- | M] () -- C:\Users\Kay\Desktop\1ad.jpg [2015.05.03 23:45:47 | 000,121,245 | ---- | M] () -- C:\Users\Kay\Desktop\1a.jpg [2015.04.30 22:35:31 | 000,124,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PresentationCFFRasterizerNative_v0300.dll [2015.04.30 22:35:19 | 000,102,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll [2015.04.30 08:19:36 | 000,088,786 | ---- | M] () -- C:\Users\Kay\Desktop\20584_1400044763644037_8996562729210117065_n.jpg [2015.04.30 08:19:26 | 000,052,902 | ---- | M] () -- C:\Users\Kay\Desktop\11133760_1433575380290975_4430675554431884670_n.jpg [2015.04.30 08:19:19 | 000,043,247 | ---- | M] () -- C:\Users\Kay\Desktop\11204940_1435453956769784_298465847266038884_n.jpg [2015.04.28 16:52:53 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2015.04.28 04:40:35 | 000,012,889 | -H-- | M] () -- C:\WINDOWS\SysWow64\BTImages.dat [2015.04.25 13:02:42 | 001,984,420 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI [2015.04.25 13:02:42 | 000,787,792 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat [2015.04.25 13:02:42 | 000,161,550 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat [2015.04.24 23:32:10 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UtcResources.dll [2015.04.22 20:03:27 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2015.04.21 18:50:12 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll [2015.04.21 18:50:03 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\html.iec [2015.04.21 18:37:16 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll [2015.04.21 18:35:30 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll [2015.04.21 18:31:56 | 006,025,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll [2015.04.21 18:13:03 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inseng.dll [2015.04.21 18:09:57 | 000,341,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\html.iec [2015.04.21 18:08:20 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll [2015.04.21 18:07:19 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iepeers.dll [2015.04.21 18:05:26 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll [2015.04.21 17:58:36 | 000,664,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll [2015.04.21 17:51:05 | 000,000,959 | ---- | M] () -- C:\Users\Kay\Desktop\Evaer.lnk [2015.04.21 17:49:46 | 000,720,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe [2015.04.21 17:49:17 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll [2015.04.21 17:46:50 | 002,125,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl [2015.04.21 17:38:39 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll [2015.04.21 17:37:13 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll [2015.04.21 17:25:45 | 002,052,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl [2015.04.21 17:03:34 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll [2015.04.21 16:56:39 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll [2015.04.21 01:56:49 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2015.04.19 15:00:14 | 000,089,600 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\SysNative\udefrag.exe [2015.04.19 15:00:10 | 000,013,312 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\SysNative\hibernate4win.exe [2015.04.19 15:00:08 | 000,012,288 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\SysNative\bootexctrl.exe [2015.04.19 15:00:04 | 000,033,792 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\SysNative\wgx.dll [2015.04.19 14:59:50 | 000,132,608 | ---- | M] () -- C:\WINDOWS\SysNative\lua5.1a.dll [2015.04.19 14:59:40 | 000,394,752 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\SysNative\defrag_native.exe [2015.04.19 14:59:22 | 000,055,808 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\SysNative\udefrag.dll [2015.04.19 14:59:14 | 000,337,920 | ---- | M] (UltraDefrag Development Team) -- C:\WINDOWS\SysNative\zenwinx.dll [2015.04.15 22:49:55 | 000,002,041 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2015.04.15 21:57:22 | 000,111,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\WindowsAccessBridge-64.dll [2015.04.15 21:41:05 | 000,136,408 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\422D0373.sys [2015.04.15 13:06:02 | 000,256,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SysNative\drivers\avgldx64.sys [5 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ] [1 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2015.05.14 20:36:00 | 000,002,775 | ---- | C] () -- C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk [2015.05.14 20:10:07 | 000,001,282 | ---- | C] () -- C:\Users\Kay\Desktop\Revo Uninstaller.lnk [2015.05.13 00:12:37 | 303,890,083 | ---- | C] () -- C:\Users\Kay\Desktop\sugarbaby1.mp4 [2015.05.12 23:39:35 | 000,069,352 | ---- | C] () -- C:\Users\Kay\Desktop\sassdaa.jpg [2015.05.12 23:37:37 | 000,020,533 | ---- | C] () -- C:\Users\Kay\Desktop\41Sev2a-k7L.jpg [2015.05.12 23:00:39 | 000,261,803 | ---- | C] () -- C:\Users\Kay\Desktop\IMG_7296.JPG [2015.05.12 23:00:10 | 000,259,247 | ---- | C] () -- C:\Users\Kay\Desktop\IMG_6077.JPG [2015.05.12 23:00:06 | 000,945,439 | ---- | C] () -- C:\Users\Kay\Desktop\IMG_0709.PNG [2015.05.12 23:00:01 | 000,055,248 | ---- | C] () -- C:\Users\Kay\Desktop\IMG_6510.JPG [2015.05.12 22:59:56 | 000,274,295 | ---- | C] () -- C:\Users\Kay\Desktop\IMG_6076.JPG [2015.05.12 22:42:14 | 001,552,070 | ---- | C] () -- C:\Users\Kay\Desktop\Picture 5.jpg [2015.05.12 22:21:29 | 002,047,393 | ---- | C] () -- C:\Users\Kay\Desktop\Picture 3.jpg [2015.05.11 04:06:41 | 171,822,746 | ---- | C] () -- C:\Users\Kay\Desktop\black angel.mp4 [2015.05.11 02:11:23 | 000,008,349 | ---- | C] () -- C:\Users\Kay\Desktop\black_tribal_tattoo.jpg [2015.05.11 01:38:30 | 924,734,625 | ---- | C] () -- C:\Users\Kay\Desktop\blond jennifer.mp4 [2015.05.09 03:42:26 | 291,529,144 | ---- | C] () -- C:\Users\Kay\Desktop\hothot hot.mp4 [2015.05.08 18:56:54 | 359,372,269 | ---- | C] () -- C:\Users\Kay\Desktop\sasha.mp4 [2015.05.08 17:07:26 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\Free Hide IP.lnk [2015.05.08 02:48:04 | 000,027,260 | ---- | C] () -- C:\Users\Kay\Desktop\My Snapshot56.jpg [2015.05.08 01:49:21 | 000,027,040 | ---- | C] () -- C:\Users\Kay\Desktop\My Snapshot57.jpg [2015.05.08 01:44:57 | 000,001,152 | ---- | C] () -- C:\Users\Public\Desktop\Comodo IceDragon.lnk [2015.05.07 23:35:53 | 000,001,133 | ---- | C] () -- C:\Users\Kay\Desktop\Internet (Chromodo).lnk [2015.05.07 23:09:53 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2015.05.07 23:09:52 | 000,001,173 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2015.05.07 22:52:20 | 000,001,099 | ---- | C] () -- C:\Users\Kay\Desktop\TrojanHunter.lnk [2015.05.07 22:52:18 | 000,059,392 | R--- | C] () -- C:\WINDOWS\SysWow64\streamhlp.dll [2015.05.07 22:36:09 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2015.lnk [2015.05.07 22:33:41 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AvastEmUpdate.ini [2015.05.07 21:25:33 | 000,146,484 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\fvstore.dat [2015.05.07 21:02:27 | 000,001,512 | RHS- | C] () -- C:\WINDOWS\SysWow64\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf [2015.05.07 21:02:27 | 000,000,642 | ---- | C] () -- C:\WINDOWS\SysWow64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile [2015.05.07 20:49:19 | 000,016,448 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\sfi.dat [2015.05.07 20:18:19 | 000,557,183 | ---- | C] () -- C:\Users\Kay\Desktop\bookmarks-2015-05-07.json [2015.05.07 03:58:17 | 206,929,475 | ---- | C] () -- C:\Users\Kay\Desktop\sweet alice.mp4 [2015.05.07 02:26:11 | 000,030,410 | ---- | C] () -- C:\Users\Kay\Desktop\My Snapshot35.jpg [2015.05.07 02:21:47 | 000,032,978 | ---- | C] () -- C:\Users\Kay\Desktop\My Snapshot34.jpg [2015.05.06 23:04:04 | 001,667,584 | ---- | C] () -- C:\Users\Kay\Desktop\ncat.exe [2015.05.06 23:03:46 | 000,000,218 | ---- | C] () -- C:\Users\Kay\AppData\Local\recently-used.xbel [2015.05.06 22:39:20 | 000,425,490 | ---- | C] () -- C:\Users\Kay\AppData\Local\census.cache [2015.05.06 22:39:15 | 000,190,976 | ---- | C] () -- C:\Users\Kay\AppData\Local\ars.cache [2015.05.06 22:37:11 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\System Explorer.lnk [2015.05.06 22:37:04 | 000,000,010 | ---- | C] () -- C:\Users\Kay\AppData\Local\sponge.last.runtime.cache [2015.05.06 22:32:21 | 000,000,036 | ---- | C] () -- C:\Users\Kay\AppData\Local\housecall.guid.cache [2015.05.06 22:26:09 | 000,006,069 | ---- | C] () -- C:\Users\Kay\Desktop\cports_lng.ini [2015.05.06 02:05:01 | 000,074,610 | ---- | C] () -- C:\Users\Kay\Desktop\byIw2Ar.jpg [2015.05.05 20:54:15 | 000,114,745 | ---- | C] () -- C:\Users\Kay\Desktop\35038511_1427436033.jpg [2015.05.05 20:51:37 | 000,043,176 | ---- | C] () -- C:\Users\Kay\Desktop\12066647_3169260_1430851837.jpg [2015.05.04 22:10:49 | 001,210,680 | ---- | C] () -- C:\Users\Kay\Desktop\IMG_0553.JPG [2015.05.04 22:09:46 | 001,397,548 | ---- | C] () -- C:\Users\Kay\Desktop\IMG_0597.JPG [2015.05.04 22:09:15 | 001,082,736 | ---- | C] () -- C:\Users\Kay\Desktop\IMG_0513.JPG [2015.05.03 23:49:31 | 000,112,288 | ---- | C] () -- C:\Users\Kay\Desktop\1adscd.jpg [2015.05.03 23:48:47 | 000,217,685 | ---- | C] () -- C:\Users\Kay\Desktop\1adsc.jpg [2015.05.03 23:47:34 | 000,136,828 | ---- | C] () -- C:\Users\Kay\Desktop\1ads.jpg [2015.05.03 23:46:48 | 000,237,906 | ---- | C] () -- C:\Users\Kay\Desktop\1ad.jpg [2015.05.03 23:45:46 | 000,121,245 | ---- | C] () -- C:\Users\Kay\Desktop\1a.jpg [2015.04.30 08:19:36 | 000,088,786 | ---- | C] () -- C:\Users\Kay\Desktop\20584_1400044763644037_8996562729210117065_n.jpg [2015.04.30 08:19:26 | 000,052,902 | ---- | C] () -- C:\Users\Kay\Desktop\11133760_1433575380290975_4430675554431884670_n.jpg [2015.04.30 08:19:19 | 000,043,247 | ---- | C] () -- C:\Users\Kay\Desktop\11204940_1435453956769784_298465847266038884_n.jpg [2015.04.29 19:53:59 | 000,410,017 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml [2015.04.28 04:40:18 | 000,002,729 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk [2015.04.28 03:19:47 | 001,679,360 | ---- | C] () -- C:\WINDOWS\SysWow64\ac3filter.acm.new [2015.04.23 00:56:07 | 000,000,892 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job [2015.04.23 00:31:58 | 000,000,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraDefrag.lnk [2015.04.21 17:42:35 | 422,283,349 | ---- | C] () -- C:\Users\Kay\Desktop\1997.06.28 - HR 3 Clubnight Spezial - Hessentag Korbach - Talla 2XLC, Mark Spoon, Sven Vath & Ulli Brenner.mp3 [2015.04.21 00:02:28 | 504,369,062 | ---- | C] () -- C:\Users\Kay\Desktop\1998.06.28 - HR 3 Clubnight Spezial - DJ Dag & Non Eric @ Katharinenkirche.mp3 [2015.04.19 14:59:50 | 000,132,608 | ---- | C] () -- C:\WINDOWS\SysNative\lua5.1a.dll [2015.04.15 22:49:55 | 000,002,457 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2015.04.15 22:49:55 | 000,002,041 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2015.04.15 22:21:57 | 000,001,464 | ---- | C] () -- C:\Users\Kay\Desktop\PatchMyPC - Verknüpfung.lnk [2015.04.15 22:00:46 | 000,010,330 | ---- | C] () -- C:\KSIN.rtf [2015.04.15 21:01:31 | 000,001,624 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk [2015.04.15 12:52:37 | 000,016,303 | ---- | C] () -- C:\WINDOWS\SysWow64\ieuinit.inf [2015.04.15 12:52:37 | 000,016,303 | ---- | C] () -- C:\WINDOWS\SysNative\ieuinit.inf [2015.03.22 17:23:50 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2015.03.21 17:20:46 | 000,000,558 | ---- | C] () -- C:\WINDOWS\wininit.ini [2015.03.11 23:16:53 | 000,007,639 | ---- | C] () -- C:\Users\Kay\AppData\Local\Resmon.ResmonCfg [2015.03.10 22:35:59 | 002,008,552 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2015.03.10 22:32:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2015.03.02 22:17:07 | 000,338,432 | ---- | C] () -- C:\WINDOWS\SysWow64\sqlite36_engine.dll [2014.12.18 01:50:47 | 000,012,889 | -H-- | C] () -- C:\WINDOWS\SysWow64\BTImages.dat [2014.11.21 06:05:31 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll [2014.11.21 06:03:37 | 000,107,008 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll [2014.11.21 05:42:28 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini [2014.11.21 04:25:30 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll [2014.11.20 22:35:00 | 000,038,912 | ---- | C] () -- C:\WINDOWS\SysWow64\kdbsdk32.dll [2014.07.21 23:04:58 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat [2014.07.21 23:04:58 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat [2014.07.21 23:04:46 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat [2014.07.21 23:04:04 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe [2014.07.21 23:04:04 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe [2013.08.22 17:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat [2013.08.22 17:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT [2013.08.22 16:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2013.08.22 09:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin [2013.08.22 01:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll [2013.08.22 01:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat ========== ZeroAccess Check ========== [2015.03.10 23:19:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2015.03.10 22:23:42 | 022,291,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015.03.10 22:23:42 | 019,731,824 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014.11.21 06:03:53 | 001,013,760 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2014.11.21 06:05:05 | 000,786,944 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014.11.21 06:03:52 | 000,512,512 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 26 bytes -> C:\Users\Kay\Desktop\sassdaa.jpg:$CmdZnID @Alternate Data Stream - 26 bytes -> C:\Users\Kay\Desktop\black_tribal_tattoo.jpg:$CmdZnID < End of report > |
|
14.05.2015, 22:42
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Malware - Logfileauswertung - Rechner stürzt ab oder friert ein Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
14.05.2015, 22:53
| #3 |
| | eset online log C:\Users\Kay\AppData\Local\Temp\DMR\dmr_72.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
__________________C:\AdwCleaner\Quarantine\C\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmEng.dll.vir Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\AdwCleaner\Quarantine\C\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmsrv.exe.vir Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir Win32/ELEX.BM evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir Win32/ELEX.BM evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir Variante von Win32/ELEX.CY evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1031.xpi.vir Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir Win32/ELEX.DK evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir Win32/ELEX.BM evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\AdwCleaner\Quarantine\C\Users\Kay\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exe.vir Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\AdwCleaner\Quarantine\C\Users\Kay\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall_d.exe.vir Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\AdwCleaner\Quarantine\C\Users\Kay\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm4ffx.exe.vir Win32/Toolbar.Montiera.E evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\AdwCleaner\Quarantine\C\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\732yhgy9.default-1418351222236\Extensions\ffxtlbr@zonealarm.com\uninstall.exe.vir Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe Variante von Win32/Systweak.L evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll Variante von Win32/Systweak.N evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe Variante von Win32/Systweak.L evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe Variante von Win32/Systweak evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe Variante von Win32/Systweak.L evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe Variante von Win32/Systweak.L evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Users\Kay\Downloads\Revo Uninstaller - CHIP-Installer.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\VTRoot\HarddiskVolume4\Program Files (x86)\XTab\BrowerWatchCH.dll Win32/ELEX.BM evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\VTRoot\HarddiskVolume4\Program Files (x86)\XTab\BrowerWatchFF.dll Win32/ELEX.BM evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\VTRoot\HarddiskVolume4\Program Files (x86)\XTab\BrowserAction.dll Variante von Win32/ELEX.DH evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\VTRoot\HarddiskVolume4\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1031.xpi Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\VTRoot\HarddiskVolume4\Program Files (x86)\XTab\IeWatchDog.dll Win32/ELEX.BM evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\VTRoot\HarddiskVolume4\Program Files (x86)\XTab\ProtectService.exe Win32/ELEX.BM evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\VTRoot\HarddiskVolume4\Users\Kay\AppData\Local\Microsoft\Windows\INetCache\IE\NSTCL6P7\1[1].zip Variante von Win32/ELEX.BF evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\VTRoot\HarddiskVolume4\Users\Kay\AppData\Local\Microsoft\Windows\INetCache\IE\NSTCL6P7\ProPCCleaner_1712[1].exe Variante von MSIL/Rebrand.LittleRegClean.B evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\VTRoot\HarddiskVolume4\Users\Kay\AppData\Local\Temp\E910.exe Variante von Win32/Adware.MultiPlug.JZ Anwendung Gesäubert durch Löschen - in Quarantäne kopiert C:\VTRoot\HarddiskVolume4\Users\Kay\AppData\Local\Temp\DMR\dmr_72.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\VTRoot\HarddiskVolume4\Users\Kay\AppData\Local\Temp\tmp-RunningMan\QQBrowserFrame.dll Variante von Win32/ELEX.BF evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\VTRoot\HarddiskVolume4\Users\Kay\AppData\Local\Temp\tmp-RunningMan\sweetsearch@gmail.com!1.0.0.1031.xpi Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\VTRoot\HarddiskVolume4\Users\Kay\AppData\Local\Temp\tmp-RunningMan\UninstallManager.exe Variante von Win32/ELEX.CP evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\VTRoot\HarddiskVolume4\Users\Kay\AppData\Local\Temp\tmp-RunningMan\tmp\wpm_v20.0.0.2227.exe Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\VTRoot\HarddiskVolume4\Users\Kay\AppData\Local\Temp\tmp-RunningMan\tmp\XTab_Setup2253.exe Win32/ELEX.BM evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\VTRoot\HarddiskVolume4\Users\Kay\AppData\Roaming\oursurfing\UninstallManager.exe Variante von Win32/ELEX.CP evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert C:\Windows\Installer\382cc.msi Variante von Win32/Systweak.L evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 14.05.2015 Suchlauf-Zeit: 21:34:29 Logdatei: mbm.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.05.14.04 Rootkit Datenbank: v2015.04.21.01 Lizenz: Premium Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Aktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Kay Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 424062 Verstrichene Zeit: 12 Min, 29 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 1 PUP.Optional.TenkiTechnology, C:\Program Files (x86)\FreeHideIP\FreeHideIP.exe, , [c5c71d766921e84e200216cb38cd1be5], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) FRST und addition habe ich auch aber bekomme die hier aufgrund Größe nicht reinkopoiert |
|
14.05.2015, 22:54
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware - Logfileauswertung - Rechner stürzt ab oder friert einLesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.05.2015, 22:55
| #5 |
| | Malware - Logfileauswertung - Rechner stürzt ab oder friert einFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 01
Ran by Kay (administrator) on KSIN on 14-05-2015 21:19:14
Running from C:\Users\Kay\Downloads
Loaded Profiles: Kay (Available profiles: Kay & Administrator)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Comodo\IceDragon\icedragon.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Evaer Technology) C:\Program Files (x86)\Evaer\videochannel.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTgui.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(UltraDefrag Development Team) C:\Program Files\UltraDefrag\ultradefrag.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Opera Software) C:\Program Files (x86)\Opera\launcher.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(FlashPeak Inc.) C:\Program Files (x86)\SlimBrowser\sbframe.exe
(FlashPeak Inc.) C:\Program Files (x86)\SlimBrowser\SBRender.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-05-05] (Raptr, Inc)
HKLM-x32\...\Run: [SystemExplorerAutoStart] => C:\Program Files (x86)\System Explorer\SystemExplorer.exe [3391712 2015-04-20] (Mister Group)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745232 2015-04-15] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4150589384-1404209100-33404022-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-4150589384-1404209100-33404022-1001\...\Run: [avichannel] => C:\Program Files (x86)\Evaer\videochannel.exe [1740776 2015-03-08] (Evaer Technology)
HKU\S-1-5-21-4150589384-1404209100-33404022-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-4150589384-1404209100-33404022-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\adobe air application installer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\chromodo.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\icedragon.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\wordview.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Startup: C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-03-12] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-4150589384-1404209100-33404022-1001] => http=;ftp=;https=;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4&q={searchTerms}
HKU\S-1-5-21-4150589384-1404209100-33404022-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4
HKU\S-1-5-21-4150589384-1404209100-33404022-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4
HKU\S-1-5-21-4150589384-1404209100-33404022-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-4150589384-1404209100-33404022-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {BA667243-1B10-47C5-AD89-F7D3CE8B219D} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {BA667243-1B10-47C5-AD89-F7D3CE8B219D} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4150589384-1404209100-33404022-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4150589384-1404209100-33404022-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\732yhgy9.default-1418351222236
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF Homepage: yahoo.de
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-13] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-04-08] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4150589384-1404209100-33404022-1001: hp.com/HPDetect -> C:\Users\Kay\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Kay\AppData\Roaming\mozilla\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\732yhgy9.default-1418351222236\searchplugins\google-avast.xml [2015-03-22]
FF SearchPlugin: C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\732yhgy9.default-1418351222236\searchplugins\google-images.xml [2015-03-02]
FF SearchPlugin: C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\732yhgy9.default-1418351222236\searchplugins\google-maps.xml [2015-03-02]
FF Extension: Free Hide IP - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\732yhgy9.default-1418351222236\Extensions\support@free-hideip.com.xpi [2015-04-13]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-07]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.oursurfing.com/?type=hp&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4
CHR StartupUrls: Default -> "hxxp://www.oursurfing.com/?type=hp&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4"
CHR DefaultSearchKeyword: Default -> oursurfing
CHR DefaultSearchURL: Default -> hxxp://www.oursurfing.com/web/?type=ds&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4&q={searchTerms}
CHR Profile: C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-12]
CHR Extension: (Google Docs) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-12]
CHR Extension: (Google Drive) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-12]
CHR Extension: (YouTube) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-12]
CHR Extension: (Google Search) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-12]
CHR Extension: (Google Sheets) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-12]
CHR Extension: (Bookmark Manager) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-12]
CHR Extension: (Gmail) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-12]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.oursurfing.com/?type=sc&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4
Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.oursurfing.com/?type=sc&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U2 EventLog; C:\Windows\System32\wevtsvc.dll [1696256 2015-03-06] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\Windows\System32\gpsvc.dll [1360896 2014-11-21] (Microsoft Corporation) [File not signed]
U2 NlaSvc; C:\Windows\System32\nlasvc.dll [391680 2015-03-10] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\System32\nsisvc.dll [28672 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [802816 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WinHttpAutoProxySvc; C:\Windows\SysWOW64\winhttp.dll [631808 2014-11-21] (Microsoft Corporation) [File not signed]
U3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [214528 2014-11-21] (Microsoft Corporation) [File not signed]
U3 ALG; C:\Windows\System32\alg.exe [96768 2014-11-21] (Microsoft Corporation) [File not signed]
U2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [244736 2014-11-21] (AMD) [File not signed]
U2 AppHostSvc; C:\Windows\system32\inetsrv\apphostsvc.dll [66048 2015-03-10] (Microsoft Corporation) [File not signed]
U3 AppIDSvc; C:\Windows\System32\appidsvc.dll [39424 2014-11-21] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\Windows\System32\appinfo.dll [110080 2014-11-21] (Microsoft Corporation) [File not signed]
U3 AppReadiness; C:\Windows\system32\AppReadiness.dll [562688 2014-11-21] (Microsoft Corporation) [File not signed]
U3 AppXSvc; C:\Windows\system32\appxdeploymentserver.dll [1348096 2014-11-21] (Microsoft Corporation) [File not signed]
U2 AudioEndpointBuilder; C:\Windows\System32\AudioEndpointBuilder.dll [229888 2015-03-10] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [911360 2014-11-21] (Microsoft Corporation) [File not signed]
U2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1517480 2015-04-15] (AVG Technologies CZ, s.r.o.)
U2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438032 2015-04-15] (AVG Technologies CZ, s.r.o.)
U2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.)
U3 AxInstSV; C:\Windows\System32\AxInstSV.dll [111104 2014-11-21] (Microsoft Corporation) [File not signed]
U3 BDESVC; C:\Windows\System32\bdesvc.dll [348672 2014-11-21] (Microsoft Corporation) [File not signed]
U2 BFE; C:\Windows\System32\bfe.dll [845312 2014-11-10] (Microsoft Corporation) [File not signed]
U2 BITS; C:\Windows\System32\qmgr.dll [933376 2014-11-21] (Microsoft Corporation) [File not signed]
U2 BrokerInfrastructure; C:\Windows\System32\bisrv.dll [270336 2014-11-21] (Microsoft Corporation) [File not signed]
U3 Browser; C:\Windows\System32\browser.dll [135168 2014-11-21] (Microsoft Corporation) [File not signed]
U3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation) [File not signed]
U3 bthserv; C:\Windows\system32\bthserv.dll [94720 2014-11-21] (Microsoft Corporation) [File not signed]
U2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
U2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
U3 CertPropSvc; C:\Windows\System32\certprop.dll [156160 2014-11-21] (Microsoft Corporation) [File not signed]
U4 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2306248 2015-03-26] (Comodo)
U2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5540424 2015-04-01] (COMODO)
U3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265816 2015-04-01] (COMODO)
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [131584 2014-11-21] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [817664 2014-11-21] (Microsoft Corporation) [File not signed]
U3 defragsvc; C:\Windows\System32\defragsvc.dll [524288 2014-11-21] (Microsoft Corporation) [File not signed]
U2 DeviceAssociationService; C:\Windows\system32\das.dll [407040 2014-11-21] (Microsoft Corporation) [File not signed]
U3 DeviceInstall; C:\Windows\system32\umpnpmgr.dll [116736 2014-11-21] (Microsoft Corporation) [File not signed]
U2 Dhcp; C:\Windows\system32\dhcpcore.dll [365056 2014-11-21] (Microsoft Corporation) [File not signed]
U2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [292864 2014-11-21] (Microsoft Corporation) [File not signed]
U2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-05-06] (Microsoft Corporation) [File not signed]
U2 Dnscache; C:\Windows\System32\dnsrslvr.dll [252416 2014-11-05] (Microsoft Corporation) [File not signed]
U3 dot3svc; C:\Windows\System32\dot3svc.dll [262144 2014-11-21] (Microsoft Corporation) [File not signed]
U2 DPS; C:\Windows\system32\dps.dll [174080 2014-11-21] (Microsoft Corporation) [File not signed]
U3 DsmSvc; C:\Windows\System32\DeviceSetupManager.dll [206848 2014-11-21] (Microsoft Corporation) [File not signed]
U3 Eaphost; C:\Windows\System32\eapsvc.dll [110592 2014-11-21] (Microsoft Corporation) [File not signed]
U2 EFS; C:\Windows\system32\efssvc.dll [41472 2014-11-21] (Microsoft Corporation) [File not signed]
U2 EventSystem; C:\Windows\system32\es.dll [516608 2014-11-21] (Microsoft Corporation) [File not signed]
U2 EventSystem; C:\Windows\SysWOW64\es.dll [367616 2014-11-21] (Microsoft Corporation) [File not signed]
U3 Fax; C:\Windows\system32\fxssvc.exe [658944 2014-11-21] (Microsoft Corporation) [File not signed]
U3 fdPHost; C:\Windows\system32\fdPHost.dll [22016 2014-11-21] (Microsoft Corporation) [File not signed]
U3 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2014-11-21] (Microsoft Corporation) [File not signed]
U3 fhsvc; C:\Windows\system32\fhsvc.dll [121856 2014-11-21] (Microsoft Corporation) [File not signed]
U4 FontCache; C:\Windows\system32\FntCache.dll [1387008 2015-04-10] (Microsoft Corporation) [File not signed]
U3 hidserv; C:\Windows\system32\hidserv.dll [33792 2014-11-21] (Microsoft Corporation) [File not signed]
U3 hidserv; C:\Windows\SysWOW64\hidserv.dll [30720 2014-11-21] (Microsoft Corporation) [File not signed]
U3 hkmsvc; C:\Windows\system32\kmsvc.dll [101376 2014-11-21] (Microsoft Corporation) [File not signed]
U3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [275968 2014-11-21] (Microsoft Corporation) [File not signed]
U3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [445952 2014-11-21] (Microsoft Corporation) [File not signed]
U3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [366080 2014-11-21] (Microsoft Corporation) [File not signed]
U2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [93184 2014-08-21] (Hewlett-Packard Company) [File not signed]
U4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
U4 IceDragonUpdater; C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe [1821384 2013-12-19] ()
U3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2014-11-21] (Microsoft Corporation) [File not signed]
U2 IKEEXT; C:\Windows\System32\ikeext.dll [1084416 2014-11-10] (Microsoft Corporation) [File not signed]
U2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
U3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
U2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [926208 2014-11-21] (Microsoft Corporation) [File not signed]
U4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
U3 KeyIso; C:\Windows\system32\keyiso.dll [62464 2014-11-21] (Microsoft Corporation) [File not signed]
U3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [46592 2014-11-21] (Microsoft Corporation) [File not signed]
U3 KtmRm; C:\Windows\system32\msdtckrm.dll [373248 2014-11-21] (Microsoft Corporation) [File not signed]
U2 LanmanServer; C:\Windows\system32\srvsvc.dll [329216 2014-11-21] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [289280 2014-11-21] (Microsoft Corporation) [File not signed]
U3 lfsvc; C:\Windows\System32\GeofenceMonitorService.dll [521728 2014-11-21] (Microsoft Corporation) [File not signed]
U3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [367104 2014-11-21] (Microsoft Corporation) [File not signed]
U3 lltdsvc; C:\Windows\System32\lltdsvc.dll [279040 2014-11-21] (Microsoft Corporation) [File not signed]
U2 lmhosts; C:\Windows\System32\lmhsvc.dll [24576 2014-11-21] (Microsoft Corporation) [File not signed]
U2 LSM; C:\Windows\System32\lsm.dll [780800 2015-02-21] (Microsoft Corporation) [File not signed]
U2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
U2 MMCSS; C:\Windows\system32\mmcss.dll [71168 2014-11-21] (Microsoft Corporation) [File not signed]
U2 MpsSvc; C:\Windows\system32\mpssvc.dll [880640 2014-11-21] (Microsoft Corporation) [File not signed]
U4 MSDTC; C:\Windows\System32\msdtc.exe [144384 2014-11-21] (Microsoft Corporation) [File not signed]
U3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [151040 2014-11-21] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\System32\msiexec.exe [64512 2014-11-21] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [59904 2014-11-21] (Microsoft Corporation) [File not signed]
U3 napagent; C:\Windows\system32\qagentRT.dll [446464 2014-11-21] (Microsoft Corporation) [File not signed]
U3 NcaSvc; C:\Windows\System32\ncasvc.dll [166400 2014-11-21] (Microsoft Corporation) [File not signed]
U3 NcbService; C:\Windows\System32\ncbservice.dll [154112 2014-11-21] (Microsoft Corporation) [File not signed]
U3 NcdAutoSetup; C:\Windows\System32\NcdAutoSetup.dll [74752 2014-11-21] (Microsoft Corporation) [File not signed]
U3 Netlogon; C:\Windows\system32\netlogon.dll [838656 2014-11-21] (Microsoft Corporation) [File not signed]
U3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [695296 2014-11-21] (Microsoft Corporation) [File not signed]
U3 Netman; C:\Windows\System32\netman.dll [266752 2014-11-21] (Microsoft Corporation) [File not signed]
U3 netprofm; C:\Windows\System32\netprofmsvc.dll [550912 2014-11-21] (Microsoft Corporation) [File not signed]
U3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [380416 2014-11-21] (Microsoft Corporation) [File not signed]
U4 p2psvc; C:\Windows\system32\p2psvc.dll [440832 2014-11-21] (Microsoft Corporation) [File not signed]
U4 PcaSvc; C:\Windows\System32\pcasvc.dll [474112 2014-11-21] (Microsoft Corporation) [File not signed]
U3 PerfHost; C:\Windows\SysWow64\perfhost.exe [21504 2013-08-22] (Microsoft Corporation) [File not signed]
U3 pla; C:\Windows\system32\pla.dll [1526784 2014-11-21] (Microsoft Corporation) [File not signed]
U3 pla; C:\Windows\SysWOW64\pla.dll [1534464 2014-11-21] (Microsoft Corporation) [File not signed]
U3 PlugPlay; C:\Windows\system32\umpnpmgr.dll [116736 2014-11-21] (Microsoft Corporation) [File not signed]
U4 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [26624 2014-11-21] (Microsoft Corporation) [File not signed]
U4 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [380416 2014-11-21] (Microsoft Corporation) [File not signed]
U3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [397312 2014-11-21] (Microsoft Corporation) [File not signed]
U2 Power; C:\Windows\system32\umpo.dll [80384 2014-11-21] (Microsoft Corporation) [File not signed]
U3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [2987520 2014-11-21] (Microsoft Corporation) [File not signed]
U2 ProfSvc; C:\Windows\system32\profsvc.dll [225280 2015-03-10] (Microsoft Corporation) [File not signed]
U3 QWAVE; C:\Windows\system32\qwave.dll [303104 2014-11-21] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [102912 2014-11-21] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\Windows\System32\rasmans.dll [542208 2014-11-21] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [226816 2014-11-21] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [183296 2014-11-21] (Microsoft Corporation) [File not signed]
U4 RemoteRegistry; C:\Windows\system32\regsvc.dll [166400 2014-11-21] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [80896 2014-11-21] (Microsoft Corporation) [File not signed]
U3 RpcLocator; C:\Windows\system32\locator.exe [10240 2014-11-21] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [817664 2014-11-21] (Microsoft Corporation) [File not signed]
U4 SCardSvr; C:\Windows\System32\SCardSvr.dll [194048 2014-11-21] (Microsoft Corporation) [File not signed]
U3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [131072 2014-11-21] (Microsoft Corporation) [File not signed]
U2 Schedule; C:\Windows\system32\schedsvc.dll [1265152 2014-11-21] (Microsoft Corporation) [File not signed]
U3 SCPolicySvc; C:\Windows\System32\certprop.dll [156160 2014-11-21] (Microsoft Corporation) [File not signed]
U4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
U4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
U4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
U3 seclogon; C:\Windows\system32\seclogon.dll [31744 2014-11-21] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\System32\sens.dll [73728 2014-11-21] (Microsoft Corporation) [File not signed]
U3 SensrSvc; C:\Windows\system32\sensrsvc.dll [243200 2014-11-21] (Microsoft Corporation) [File not signed]
U3 SessionEnv; C:\Windows\system32\sessenv.dll [339968 2014-11-21] (Microsoft Corporation) [File not signed]
U3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [296448 2014-11-21] (Microsoft Corporation) [File not signed]
U4 SharedAccess; C:\Windows\System32\ipnathlp.dll [452608 2014-11-21] (Microsoft Corporation) [File not signed]
U4 ShellHWDetection; C:\Windows\System32\shsvcs.dll [640000 2014-11-21] (Microsoft Corporation) [File not signed]
U4 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [576512 2014-11-21] (Microsoft Corporation) [File not signed]
U3 smphost; C:\Windows\System32\smphost.dll [13312 2014-11-21] (Microsoft Corporation) [File not signed]
U3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2014-11-21] (Microsoft Corporation) [File not signed]
U3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14848 2014-11-21] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [827392 2014-11-04] (Microsoft Corporation) [File not signed]
U3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [249344 2014-11-21] (Microsoft Corporation) [File not signed]
U3 SstpSvc; C:\Windows\system32\sstpsvc.dll [142848 2014-11-21] (Microsoft Corporation) [File not signed]
U4 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [File not signed]
U2 stisvc; C:\Windows\System32\wiaservc.dll [670720 2014-11-21] (Microsoft Corporation) [File not signed]
U3 StorSvc; C:\Windows\system32\storsvc.dll [20480 2014-11-21] (Microsoft Corporation) [File not signed]
U3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [17920 2014-11-21] (Microsoft Corporation) [File not signed]
U3 svsvc; C:\Windows\system32\svsvc.dll [13312 2014-11-21] (Microsoft Corporation) [File not signed]
U4 swprv; C:\Windows\System32\swprv.dll [706048 2014-11-21] (Microsoft Corporation) [File not signed]
U2 SysMain; C:\Windows\system32\sysmain.dll [1217024 2014-11-21] (Microsoft Corporation) [File not signed]
U2 SystemEventsBroker; C:\Windows\System32\SystemEventsBrokerServer.dll [294912 2014-11-21] (Microsoft Corporation) [File not signed]
U3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
U3 TabletInputService; C:\Windows\System32\TabSvc.dll [154624 2014-11-21] (Microsoft Corporation) [File not signed]
U3 TapiSrv; C:\Windows\System32\tapisrv.dll [313344 2014-11-21] (Microsoft Corporation) [File not signed]
U3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [254464 2014-11-21] (Microsoft Corporation) [File not signed]
S3 TermService; C:\Windows\System32\termsrv.dll [1114624 2014-11-21] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [59392 2014-11-21] (Microsoft Corporation) [File not signed]
U3 THREADORDER; C:\Windows\system32\mmcss.dll [71168 2014-11-21] (Microsoft Corporation) [File not signed]
U3 TimeBroker; C:\Windows\System32\TimeBrokerServer.dll [262656 2014-11-21] (Microsoft Corporation) [File not signed]
U2 TrkWks; C:\Windows\System32\trkwks.dll [124416 2014-11-21] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [106496 2014-11-21] (Microsoft Corporation) [File not signed]
U2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2604856 2015-02-25] (AVG Technologies)
U3 UI0Detect; C:\Windows\system32\UI0Detect.exe [41984 2014-11-21] (Microsoft Corporation) [File not signed]
U3 UmRdpService; C:\Windows\System32\umrdp.dll [300032 2014-11-21] (Microsoft Corporation) [File not signed]
U3 upnphost; C:\Windows\System32\upnphost.dll [457728 2014-11-21] (Microsoft Corporation) [File not signed]
U3 upnphost; C:\Windows\SysWOW64\upnphost.dll [331776 2014-11-21] (Microsoft Corporation) [File not signed]
U3 VaultSvc; C:\Windows\System32\vaultsvc.dll [260608 2014-11-21] (Microsoft Corporation) [File not signed]
U3 vds; C:\Windows\System32\vds.exe [1313792 2014-11-21] (Microsoft Corporation) [File not signed]
U3 vmicguestinterface; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation) [File not signed]
U3 vmicheartbeat; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation) [File not signed]
U3 vmickvpexchange; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation) [File not signed]
U3 vmicrdv; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation) [File not signed]
U3 vmicshutdown; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation) [File not signed]
U3 vmictimesync; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation) [File not signed]
U3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation) [File not signed]
U3 VSS; C:\Windows\system32\vssvc.exe [1454080 2014-10-21] (Microsoft Corporation) [File not signed]
U3 W32Time; C:\Windows\system32\w32time.dll [411648 2014-11-21] (Microsoft Corporation) [File not signed]
U3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation) [File not signed]
U3 WAS; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2015-03-10] (Microsoft Corporation) [File not signed]
U3 wbengine; C:\Windows\system32\wbengine.exe [1571328 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [465920 2014-11-21] (Microsoft Corporation) [File not signed]
U2 Wcmsvc; C:\Windows\System32\wcmsvc.dll [374784 2014-11-21] (Microsoft Corporation) [File not signed]
U3 wcncsvc; C:\Windows\System32\wcncsvc.dll [465920 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [43520 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [34304 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WdiServiceHost; C:\Windows\system32\wdi.dll [95744 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [84992 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WdiSystemHost; C:\Windows\system32\wdi.dll [95744 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [84992 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-10] (Microsoft Corporation)
U3 WebClient; C:\Windows\System32\webclnt.dll [229376 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WebClient; C:\Windows\SysWOW64\webclnt.dll [199168 2014-11-21] (Microsoft Corporation) [File not signed]
U2 Wecsvc; C:\Windows\system32\wecsvc.dll [209408 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [26112 2014-11-21] (Microsoft Corporation) [File not signed]
U3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84992 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WerSvc; C:\Windows\System32\WerSvc.dll [108544 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WiaRpc; C:\Windows\System32\wiarpc.dll [67584 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-10] (Microsoft Corporation)
U2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [230400 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WinRM; C:\Windows\system32\WsmSvc.dll [2608640 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [2170368 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WlanSvc; C:\Windows\System32\wlansvc.dll [1547264 2014-11-21] (Microsoft Corporation) [File not signed]
U3 wlidsvc; C:\Windows\system32\wlidsvc.dll [1639424 2014-11-21] (Microsoft Corporation) [File not signed]
U3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [201728 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1478144 2014-11-21] (Microsoft Corporation) [File not signed]
U3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1668096 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10240 2014-11-21] (Microsoft Corporation) [File not signed]
U4 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [86528 2014-11-21] (Microsoft Corporation) [File not signed]
U2 wscsvc; C:\Windows\System32\wscsvc.dll [146944 2014-11-21] (Microsoft Corporation) [File not signed]
U2 WSearch; C:\Windows\system32\SearchIndexer.exe [903168 2014-11-21] (Microsoft Corporation) [File not signed]
U2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [710144 2014-11-21] (Microsoft Corporation) [File not signed]
U2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-03-10] ()
U2 wuauserv; C:\Windows\system32\wuaueng.dll [3678720 2015-03-14] (Microsoft Corporation) [File not signed]
U3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [104960 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WwanSvc; C:\Windows\System32\wwansvc.dll [513536 2014-11-21] (Microsoft Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U3 1394ohci; C:\Windows\System32\drivers\1394ohci.sys [231424 2013-08-22] (Microsoft Corporation) [File not signed]
U3 acpipagr; C:\Windows\System32\drivers\acpipagr.sys [10240 2013-08-22] (Microsoft Corporation) [File not signed]
U3 AcpiPmi; C:\Windows\System32\drivers\acpipmi.sys [12288 2013-08-22] (Microsoft Corporation) [File not signed]
U3 acpitime; C:\Windows\System32\drivers\acpitime.sys [10752 2013-08-22] (Microsoft Corporation) [File not signed]
U1 AFD; C:\Windows\system32\drivers\afd.sys [563200 2014-11-21] (Microsoft Corporation) [File not signed]
U1 ahcache; C:\Windows\System32\DRIVERS\ahcache.sys [80384 2015-03-20] (Microsoft Corporation) [File not signed]
U3 AmdK8; C:\Windows\System32\drivers\amdk8.sys [95744 2013-08-22] (Microsoft Corporation) [File not signed]
U0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
U3 amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [18959360 2014-11-21] (Advanced Micro Devices, Inc.) [File not signed]
U3 amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [589312 2014-11-21] (Advanced Micro Devices, Inc.) [File not signed]
U3 AmdPPM; C:\Windows\System32\drivers\amdppm.sys [98816 2013-08-22] (Microsoft Corporation) [File not signed]
U3 AppID; C:\Windows\system32\drivers\appid.sys [82944 2014-11-21] (Microsoft Corporation) [File not signed]
U3 AsyncMac; C:\Windows\system32\DRIVERS\asyncmac.sys [26624 2013-08-22] (Microsoft Corporation) [File not signed]
U3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices) [File not signed]
U0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
U1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
U1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [67040 2015-03-20] (AVG Technologies CZ, s.r.o.)
U1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-09] (AVG Technologies CZ, s.r.o.)
U0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [213984 2015-03-11] (AVG Technologies CZ, s.r.o.)
U1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
U0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [344544 2015-03-11] (AVG Technologies CZ, s.r.o.)
U0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [137184 2015-04-03] (AVG Technologies CZ, s.r.o.)
U0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
U1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [293856 2015-04-07] (AVG Technologies CZ, s.r.o.)
U1 BasicDisplay; C:\Windows\System32\drivers\BasicDisplay.sys [50688 2013-08-22] (Microsoft Corporation) [File not signed]
U1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [33280 2014-11-21] (Microsoft Corporation) [File not signed]
U3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [102912 2013-08-22] (Microsoft Corporation) [File not signed]
U3 BthAvrcpTg; C:\Windows\System32\drivers\BthAvrcpTg.sys [36992 2013-08-22] (Microsoft Corporation) [File not signed]
U3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [57856 2015-03-09] (Microsoft Corporation) [File not signed]
U3 bthhfhid; C:\Windows\System32\drivers\BthHFHid.sys [30720 2013-08-22] (Microsoft Corporation) [File not signed]
U3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [64000 2014-11-21] (Microsoft Corporation) [File not signed]
U4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [88576 2013-08-22] (Microsoft Corporation) [File not signed]
U1 cdrom; C:\Windows\System32\drivers\cdrom.sys [164352 2013-08-22] (Microsoft Corporation) [File not signed]
U3 circlass; C:\Windows\System32\drivers\circlass.sys [44032 2013-08-22] (Microsoft Corporation) [File not signed]
U3 CmBatt; C:\Windows\System32\drivers\CmBatt.sys [25472 2013-08-22] (Microsoft Corporation) [File not signed]
U1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20696 2015-04-01] (COMODO)
U1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820952 2015-04-01] (COMODO)
U1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35080 2015-04-01] (COMODO)
U3 CompositeBus; C:\Windows\System32\drivers\CompositeBus.sys [36352 2013-08-22] (Microsoft Corporation) [File not signed]
U3 condrv; C:\Windows\System32\drivers\condrv.sys [43008 2013-08-22] (Microsoft Corporation) [File not signed]
U3 debutfilter; C:\Windows\system32\DRIVERS\debutfilterx64.sys [34512 2014-12-29] ()
U1 Dfsc; C:\Windows\System32\Drivers\dfsc.sys [134144 2014-11-21] (Microsoft Corporation) [File not signed]
U3 dmvsc; C:\Windows\System32\drivers\dmvsc.sys [29696 2013-08-22] (Microsoft Corporation) [File not signed]
U3 ErrDev; C:\Windows\System32\drivers\errdev.sys [10240 2013-08-22] (Microsoft Corporation) [File not signed]
U3 exfat; C:\Windows\System32\Drivers\exfat.sys [200704 2013-08-22] (Microsoft Corporation) [File not signed]
U3 fdc; C:\Windows\System32\drivers\fdc.sys [30720 2013-08-22] (Microsoft Corporation) [File not signed]
U3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34816 2013-08-22] (Microsoft Corporation) [File not signed]
U3 flpydisk; C:\Windows\System32\drivers\flpydisk.sys [25088 2013-08-22] (Microsoft Corporation) [File not signed]
U3 FxPPM; C:\Windows\System32\drivers\fxppm.sys [27136 2013-08-22] (Microsoft Corporation) [File not signed]
U3 gencounter; C:\Windows\System32\drivers\vmgencounter.sys [11264 2013-08-22] (Microsoft Corporation) [File not signed]
U3 HDAudBus; C:\Windows\System32\drivers\HDAudBus.sys [76800 2014-11-21] (Microsoft Corporation) [File not signed]
U3 HidBatt; C:\Windows\System32\drivers\HidBatt.sys [26624 2013-08-22] (Microsoft Corporation) [File not signed]
U3 HidBth; C:\Windows\System32\drivers\hidbth.sys [97792 2015-03-10] (Microsoft Corporation) [File not signed]
U3 hidi2c; C:\Windows\System32\drivers\hidi2c.sys [41472 2013-08-22] (Microsoft Corporation) [File not signed]
U3 HidIr; C:\Windows\System32\drivers\hidir.sys [45568 2013-08-22] (Microsoft Corporation) [File not signed]
U3 HidUsb; C:\Windows\System32\drivers\hidusb.sys [33280 2014-11-21] (Microsoft Corporation) [File not signed]
U3 hyperkbd; C:\Windows\System32\drivers\hyperkbd.sys [13824 2013-08-22] (Microsoft Corporation) [File not signed]
U3 HyperVideo; C:\Windows\system32\DRIVERS\HyperVideo.sys [22016 2013-08-22] (Microsoft Corporation) [File not signed]
U3 i8042prt; C:\Windows\System32\drivers\i8042prt.sys [108544 2014-11-04] (Microsoft Corporation) [File not signed]
U3 intelppm; C:\Windows\System32\drivers\intelppm.sys [98816 2013-08-22] (Microsoft Corporation) [File not signed]
U3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [84992 2013-08-22] (Microsoft Corporation) [File not signed]
U3 IPMIDRV; C:\Windows\System32\drivers\IPMIDrv.sys [79872 2014-11-21] (Microsoft Corporation) [File not signed]
U3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [142848 2014-11-21] (Microsoft Corporation) [File not signed]
U3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2013-08-22] (Microsoft Corporation) [File not signed]
U3 kbdhid; C:\Windows\System32\drivers\kbdhid.sys [32256 2014-11-04] (Microsoft Corporation) [File not signed]
U3 kdnic; C:\Windows\system32\DRIVERS\kdnic.sys [19456 2013-08-22] (Microsoft Corporation) [File not signed]
U3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [21248 2013-08-22] (Microsoft Corporation) [File not signed]
U2 lltdio; C:\Windows\system32\DRIVERS\lltdio.sys [59392 2013-08-22] (Microsoft Corporation) [File not signed]
U2 luafv; C:\Windows\system32\drivers\luafv.sys [124416 2014-11-21] (Microsoft Corporation) [File not signed]
U2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
U3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
U3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
U3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
U3 MEMSWEEP2; C:\WINDOWS\system32\6044.tmp [6144 2009-06-18] (Sophos Plc) [File not signed]
U3 Modem; C:\Windows\System32\drivers\modem.sys [40960 2013-08-22] (Microsoft Corporation) [File not signed]
U3 monitor; C:\Windows\System32\drivers\monitor.sys [30208 2013-08-22] (Microsoft Corporation) [File not signed]
U3 mouhid; C:\Windows\System32\drivers\mouhid.sys [30208 2014-11-04] (Microsoft Corporation) [File not signed]
U3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [74240 2014-11-21] (Microsoft Corporation) [File not signed]
U3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2015-03-10] (Microsoft Corporation) [File not signed]
U3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [405504 2014-11-21] (Microsoft Corporation) [File not signed]
U2 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [283648 2014-11-21] (Microsoft Corporation) [File not signed]
U3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [202752 2014-11-21] (Microsoft Corporation) [File not signed]
U3 MsBridge; C:\Windows\system32\DRIVERS\bridge.sys [115712 2014-11-21] (Microsoft Corporation) [File not signed]
U3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2013-08-22] (Microsoft Corporation) [File not signed]
U3 mshidumdf; C:\Windows\System32\drivers\mshidumdf.sys [9728 2013-08-22] (Microsoft Corporation) [File not signed]
U3 MSKSSRV; C:\Windows\system32\drivers\MSKSSRV.sys [10624 2013-08-22] (Microsoft Corporation) [File not signed]
U3 MsLldp; C:\Windows\system32\DRIVERS\mslldp.sys [66560 2014-11-21] (Microsoft Corporation) [File not signed]
U3 MSPCLOCK; C:\Windows\system32\drivers\MSPCLOCK.sys [7040 2013-08-22] (Microsoft Corporation) [File not signed]
U3 MSPQM; C:\Windows\system32\drivers\MSPQM.sys [6784 2013-08-22] (Microsoft Corporation) [File not signed]
U3 MSTEE; C:\Windows\system32\drivers\MSTEE.sys [7936 2013-08-22] (Microsoft Corporation) [File not signed]
U3 MTConfig; C:\Windows\System32\drivers\MTConfig.sys [13312 2013-08-22] (Microsoft Corporation) [File not signed]
U3 NativeWifiP; C:\Windows\system32\DRIVERS\nwifi.sys [445440 2014-11-21] (Microsoft Corporation) [File not signed]
U3 NdisCap; C:\Windows\system32\DRIVERS\ndiscap.sys [43008 2014-11-21] (Microsoft Corporation) [File not signed]
U3 NdisImPlatform; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2014-11-21] (Microsoft Corporation) [File not signed]
U3 NdisTapi; C:\Windows\system32\DRIVERS\ndistapi.sys [24576 2014-11-08] (Microsoft Corporation) [File not signed]
U3 Ndisuio; C:\Windows\system32\DRIVERS\ndisuio.sys [60416 2013-08-22] (Microsoft Corporation) [File not signed]
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) [File not signed]
U3 NdisWan; C:\Windows\system32\DRIVERS\ndiswan.sys [220672 2013-08-22] (Microsoft Corporation) [File not signed]
U3 NdisWanLegacy; C:\Windows\system32\DRIVERS\ndiswan.sys [220672 2013-08-22] (Microsoft Corporation) [File not signed]
U2 Ndu; C:\Windows\System32\drivers\Ndu.sys [103424 2014-11-21] (Microsoft Corporation) [File not signed]
U1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [48128 2014-11-21] (Microsoft Corporation) [File not signed]
U1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [282624 2013-08-22] (Microsoft Corporation) [File not signed]
U3 netvsc; C:\Windows\System32\drivers\netvsc63.sys [87040 2014-11-21] (Microsoft Corporation) [File not signed]
U1 npsvctrig; C:\Windows\System32\drivers\npsvctrig.sys [23040 2013-08-22] (Microsoft Corporation) [File not signed]
U1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [39424 2014-11-21] (Microsoft Corporation) [File not signed]
U1 Null; C:\Windows\System32\Drivers\Null.sys [5632 2013-08-22] (Microsoft Corporation) [File not signed]
U3 Parport; C:\Windows\System32\drivers\parport.sys [94208 2013-08-22] (Microsoft Corporation) [File not signed]
U2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [663040 2014-11-21] (Microsoft Corporation) [File not signed]
U3 pimou; C:\Windows\System32\drivers\pimou.sys [23608 2014-01-13] (Christian Gulden)
U3 PptpMiniport; C:\Windows\system32\DRIVERS\raspptp.sys [107520 2013-08-22] (Microsoft Corporation) [File not signed]
U3 Processor; C:\Windows\System32\drivers\processr.sys [92160 2013-08-22] (Microsoft Corporation) [File not signed]
U1 Psched; C:\Windows\system32\DRIVERS\pacer.sys [151040 2014-11-21] (Microsoft Corporation) [File not signed]
U3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [47104 2014-11-21] (Microsoft Corporation) [File not signed]
U3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [17408 2014-11-21] (Microsoft Corporation) [File not signed]
U3 RasAgileVpn; C:\Windows\system32\DRIVERS\AgileVpn.sys [96768 2014-11-10] (Microsoft Corporation) [File not signed]
U3 Rasl2tp; C:\Windows\system32\DRIVERS\rasl2tp.sys [112640 2014-11-08] (Microsoft Corporation) [File not signed]
U3 RasPppoe; C:\Windows\system32\DRIVERS\raspppoe.sys [84992 2013-08-22] (Microsoft Corporation) [File not signed]
U3 RasSstp; C:\Windows\system32\DRIVERS\rassstp.sys [93696 2014-11-21] (Microsoft Corporation) [File not signed]
U1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [408576 2014-11-21] (Microsoft Corporation) [File not signed]
U3 rdpbus; C:\Windows\System32\drivers\rdpbus.sys [22528 2013-08-22] (Microsoft Corporation) [File not signed]
U3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [195584 2014-11-21] (Microsoft Corporation) [File not signed]
U2 rspndr; C:\Windows\system32\DRIVERS\rspndr.sys [80384 2013-08-22] (Microsoft Corporation) [File not signed]
U3 s3cap; C:\Windows\System32\drivers\vms3cap.sys [7168 2013-08-22] (Microsoft Corporation) [File not signed]
U3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [40960 2014-11-21] (Microsoft Corporation) [File not signed]
U2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2013-08-22] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
U3 Serenum; C:\Windows\System32\drivers\serenum.sys [23040 2013-08-22] (Microsoft Corporation) [File not signed]
U3 Serial; C:\Windows\System32\drivers\serial.sys [83456 2013-08-22] (Microsoft Corporation) [File not signed]
U3 sermouse; C:\Windows\System32\drivers\sermouse.sys [26112 2014-11-04] (Microsoft Corporation) [File not signed]
U3 sfloppy; C:\Windows\System32\drivers\sfloppy.sys [17408 2013-08-22] (Microsoft Corporation) [File not signed]
U3 SIVDriver; C:\WINDOWS\system32\Drivers\SIVX64.sys [157944 2015-03-14] (Ray Hinchliffe)
U3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33520 2014-12-04] (Synaptics Incorporated)
U2 srv; C:\Windows\System32\DRIVERS\srv.sys [412160 2014-11-21] (Microsoft Corporation) [File not signed]
U3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [678400 2014-11-21] (Microsoft Corporation) [File not signed]
U3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [246272 2014-11-21] (Microsoft Corporation) [File not signed]
U3 STHDA; C:\Windows\system32\DRIVERS\stwrt64.sys [551936 2013-11-20] (IDT, Inc.) [File not signed]
U3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2015-03-21] ()
U2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [49152 2014-11-21] (Microsoft Corporation) [File not signed]
U1 tdx; C:\Windows\system32\DRIVERS\tdx.sys [107520 2013-08-22] (Microsoft Corporation) [File not signed]
U3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [56320 2013-08-22] (Microsoft Corporation) [File not signed]
U3 TsUsbGD; C:\Windows\System32\drivers\TsUsbGD.sys [29696 2014-11-21] (Microsoft Corporation) [File not signed]
U3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2015-01-13] (TuneUp Software)
U3 tunnel; C:\Windows\system32\DRIVERS\tunnel.sys [154112 2013-08-22] (Microsoft Corporation) [File not signed]
U4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [316416 2015-03-13] (Microsoft Corporation) [File not signed]
U3 umbus; C:\Windows\System32\drivers\umbus.sys [46080 2013-08-22] (Microsoft Corporation) [File not signed]
U3 UmPass; C:\Windows\System32\drivers\umpass.sys [11776 2013-08-22] (Microsoft Corporation) [File not signed]
U3 usbaudio; C:\Windows\system32\drivers\usbaudio.sys [121088 2014-11-21] (Microsoft Corporation) [File not signed]
U3 usbcir; C:\Windows\System32\drivers\usbcir.sys [98304 2014-11-21] (Microsoft Corporation) [File not signed]
U3 usbohci; C:\Windows\System32\drivers\usbohci.sys [30208 2013-08-22] (Microsoft Corporation) [File not signed]
U3 usbprint; C:\Windows\System32\drivers\usbprint.sys [26112 2013-08-22] (Microsoft Corporation) [File not signed]
U3 usbuhci; C:\Windows\System32\drivers\usbuhci.sys [37376 2014-11-21] (Microsoft Corporation) [File not signed]
U3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [212736 2014-11-21] (Microsoft Corporation) [File not signed]
U3 VMBusHID; C:\Windows\System32\drivers\VMBusHID.sys [21760 2013-08-22] (Microsoft Corporation) [File not signed]
U3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24576 2013-08-22] (Microsoft Corporation) [File not signed]
U3 WacomPen; C:\Windows\System32\drivers\wacompen.sys [26752 2013-08-22] (Microsoft Corporation) [File not signed]
U3 Wanarp; C:\Windows\system32\DRIVERS\wanarp.sys [80896 2015-01-06] (Microsoft Corporation) [File not signed]
U1 Wanarpv6; C:\Windows\system32\DRIVERS\wanarp.sys [80896 2015-01-06] (Microsoft Corporation) [File not signed]
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-10] (Microsoft Corporation)
U3 WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [78848 2013-08-22] (Microsoft Corporation) [File not signed]
U3 WmiAcpi; C:\Windows\System32\drivers\wmiacpi.sys [16384 2013-08-22] (Microsoft Corporation) [File not signed]
U4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2013-08-22] (Microsoft Corporation) [File not signed]
U3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [113664 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WUDFRd; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation) [File not signed]
U3 GENERICDRV; \??\C:\Users\Kay\AppData\Local\Temp\Rar$EXa0.492\AfuWin64\amifldrv64.sys [X]
U3 MFE_RR; \??\C:\Users\Kay\AppData\Local\Temp\mfe_rr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-14 21:19 - 2015-05-14 21:20 - 00066715 _____ () C:\Users\Kay\Downloads\FRST.txt.txt
2015-05-14 21:18 - 2015-05-14 21:19 - 00000000 ____D () C:\FRST
2015-05-14 21:18 - 2015-05-14 21:18 - 02105856 _____ (Farbar) C:\Users\Kay\Downloads\FRST64.exe
2015-05-14 21:07 - 2015-05-14 21:07 - 00204810 _____ () C:\Users\Kay\Downloads\OTL.Txt
2015-05-14 21:07 - 2015-05-14 21:07 - 00075786 _____ () C:\Users\Kay\Downloads\Extras.Txt
2015-05-14 20:39 - 2015-05-14 20:40 - 00000000 ____D () C:\ProgramData\Sophos
2015-05-14 20:39 - 2015-05-14 20:39 - 00000077 _____ () C:\WINDOWS\setupact.log
2015-05-14 20:39 - 2015-05-14 20:39 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-05-14 20:38 - 2015-05-14 20:38 - 00002280 _____ () C:\WINDOWS\logboot_14.05.2015.tureg.log
2015-05-14 20:36 - 2015-05-14 20:36 - 00002775 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-05-14 20:36 - 2015-05-14 20:36 - 00002775 _____ () C:\ProgramData\Desktop\Sophos Virus Removal Tool.lnk
2015-05-14 20:36 - 2015-05-14 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-05-14 20:22 - 2015-05-14 20:22 - 00295313 _____ () C:\Users\Kay\Downloads\Autoruns.zip
2015-05-14 20:22 - 2015-05-14 20:22 - 00295313 _____ () C:\Users\Kay\Downloads\Autoruns (1).zip
2015-05-14 20:21 - 2015-05-14 20:21 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Software
2015-05-14 20:10 - 2015-05-14 20:10 - 00001282 _____ () C:\Users\Kay\Desktop\Revo Uninstaller.lnk
2015-05-14 20:10 - 2015-05-14 20:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-14 20:08 - 2015-05-14 20:08 - 01203488 _____ () C:\Users\Kay\Downloads\Revo Uninstaller - CHIP-Installer.exe
2015-05-14 19:44 - 2015-05-14 21:01 - 00111875 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-13 03:24 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:24 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:19 - 2015-05-13 03:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 03:18 - 2015-05-13 03:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 03:18 - 2015-05-13 03:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 03:00 - 2015-05-13 03:00 - 00000000 _____ () C:\Users\Kay\Desktop\Neues Textdokument (4).txt
2015-05-13 00:12 - 2015-05-13 00:31 - 303890083 _____ () C:\Users\Kay\Desktop\sugarbaby1.mp4
2015-05-12 20:34 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-12 20:34 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-12 20:33 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-12 20:33 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-12 20:33 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-12 20:33 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-12 20:33 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-12 20:33 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-12 20:33 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-12 20:33 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-12 20:33 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-12 20:33 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-12 20:33 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-12 20:33 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-12 20:33 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-12 20:33 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-12 20:33 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-12 20:33 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-12 20:33 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-12 20:33 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-12 20:33 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-12 20:33 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-12 20:33 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-12 20:33 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-12 20:33 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-12 20:33 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-12 20:33 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-12 20:33 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-12 20:33 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-12 20:33 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-12 20:33 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-12 20:33 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-12 20:33 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-12 20:33 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-12 20:33 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-12 20:33 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-12 20:33 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-12 20:33 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-12 20:33 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-12 20:33 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-12 20:33 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-12 20:33 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-12 20:33 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-12 20:33 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-12 20:33 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-12 20:33 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-12 20:33 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-12 20:33 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-12 20:33 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-12 20:33 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-11 04:06 - 2015-05-11 04:17 - 171822746 _____ () C:\Users\Kay\Desktop\black angel.mp4
2015-05-11 01:38 - 2015-05-11 02:36 - 924734625 _____ () C:\Users\Kay\Desktop\blond jennifer.mp4
2015-05-09 03:42 - 2015-05-09 04:00 - 291529144 _____ () C:\Users\Kay\Desktop\hothot hot.mp4
2015-05-08 18:56 - 2015-05-08 19:19 - 359372269 _____ () C:\Users\Kay\Desktop\sasha.mp4
2015-05-08 02:08 - 2015-05-08 02:08 - 00001045 _____ () C:\Users\Public\Desktop\Free Hide IP.lnk
2015-05-08 02:08 - 2015-05-08 02:08 - 00001045 _____ () C:\ProgramData\Desktop\Free Hide IP.lnk
2015-05-08 01:45 - 2015-05-08 01:45 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Comodo
2015-05-08 01:44 - 2015-05-08 01:44 - 38801392 _____ (COMODO) C:\Users\Kay\Downloads\icedragonsetup.exe
2015-05-08 01:44 - 2015-05-08 01:44 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2015-05-08 01:44 - 2015-05-08 01:44 - 00001152 _____ () C:\Users\Public\Desktop\Comodo IceDragon.lnk
2015-05-08 01:44 - 2015-05-08 01:44 - 00001152 _____ () C:\ProgramData\Desktop\Comodo IceDragon.lnk
2015-05-08 00:22 - 2015-05-08 00:22 - 00365302 _____ () C:\Users\Kay\Downloads\SysInspector-KSIN-150508-0002.zip
2015-05-08 00:17 - 2015-05-08 00:18 - 119275136 _____ (Sophos Limited) C:\Users\Kay\Downloads\sophos_virus_removal_tool.exe
2015-05-08 00:03 - 2015-05-08 00:03 - 00602112 _____ (OldTimer Tools) C:\Users\Kay\Downloads\otl.exe
2015-05-08 00:00 - 2015-05-08 00:01 - 03673800 _____ (ESET) C:\Users\Kay\Downloads\SysInspector.exe
2015-05-07 23:45 - 2015-05-07 23:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe
2015-05-07 23:44 - 2015-05-07 23:45 - 05008664 _____ (Adobe Systems Inc.) C:\Users\Kay\Downloads\Shockwave_Installer_Slim.exe
2015-05-07 23:35 - 2015-05-08 04:45 - 00027400 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll
2015-05-07 23:35 - 2015-05-08 04:45 - 00024328 _____ (COMODO CA Limited) C:\WINDOWS\SysWOW64\certsentry.dll
2015-05-07 23:35 - 2015-05-08 04:45 - 00024296 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.exe
2015-05-07 23:35 - 2015-05-08 04:45 - 00001928 _____ () C:\WINDOWS\System32\Tasks\COMODO CertSentry Updater
2015-05-07 23:35 - 2015-05-08 01:44 - 00000000 ____D () C:\Program Files (x86)\Comodo
2015-05-07 23:35 - 2015-05-07 23:37 - 00001133 _____ () C:\Users\Kay\Desktop\Internet (Chromodo).lnk
2015-05-07 23:30 - 2015-05-07 23:32 - 50556688 _____ (Comodo) C:\Users\Kay\Downloads\chromiumsecuresetup.exe
2015-05-07 23:09 - 2015-05-13 17:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-07 23:09 - 2015-05-13 03:54 - 00001173 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-07 23:09 - 2015-05-13 03:54 - 00001161 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-07 23:09 - 2015-05-13 03:54 - 00001161 _____ () C:\ProgramData\Desktop\Mozilla Firefox.lnk
2015-05-07 23:07 - 2015-05-07 23:07 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\TrojanHunter
2015-05-07 22:53 - 2015-05-07 22:54 - 02204160 _____ () C:\Users\Kay\Downloads\adwcleaner_4.203.exe
2015-05-07 22:52 - 2015-05-07 23:24 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.6
2015-05-07 22:52 - 2015-05-07 22:52 - 00059392 ____R () C:\WINDOWS\SysWOW64\streamhlp.dll
2015-05-07 22:52 - 2015-05-07 22:52 - 00001099 _____ () C:\Users\Kay\Desktop\TrojanHunter.lnk
2015-05-07 22:52 - 2015-05-07 22:52 - 00000000 ____D () C:\ProgramData\TrojanHunter
2015-05-07 22:52 - 2015-05-07 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter
2015-05-07 22:36 - 2015-05-07 22:36 - 00000999 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-05-07 22:36 - 2015-05-07 22:36 - 00000999 _____ () C:\ProgramData\Desktop\AVG 2015.lnk
2015-05-07 22:36 - 2015-05-07 22:36 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\AVG2015
2015-05-07 22:36 - 2015-05-07 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-05-07 22:35 - 2015-05-07 22:36 - 00000000 ____D () C:\ProgramData\AVG2015
2015-05-07 22:35 - 2015-05-07 22:35 - 00000000 ___HD () C:\$AVG
2015-05-07 22:33 - 2015-05-07 22:34 - 00000034 _____ () C:\WINDOWS\AvastEmUpdate.ini
2015-05-07 22:30 - 2015-05-07 22:44 - 00000000 ____D () C:\Users\Kay\AppData\Local\Avg2015
2015-05-07 21:26 - 2015-05-08 01:23 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-05-07 21:26 - 2015-05-08 01:22 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-05-07 21:26 - 2015-05-07 21:26 - 00002537 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-07 21:26 - 2015-05-07 21:26 - 00002537 _____ () C:\ProgramData\Desktop\Google Chrome.lnk
2015-05-07 21:26 - 2015-05-07 21:26 - 00001273 _____ () C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-07 21:26 - 2015-05-07 21:26 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\VOPackage
2015-05-07 21:26 - 2015-05-07 21:26 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\oursurfing
2015-05-07 21:26 - 2015-05-07 21:26 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-05-07 21:26 - 2015-05-07 21:26 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Could not connect. Error code = 0x-1431026818---
2015-05-07 21:26 - 2015-05-07 21:26 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-05-07 21:25 - 2015-05-14 21:18 - 00146674 _____ () C:\WINDOWS\system32\Drivers\fvstore.dat
2015-05-07 21:25 - 2015-05-14 20:21 - 00000000 ___HD () C:\VTRoot
2015-05-07 21:23 - 2014-01-13 23:50 - 00023608 _____ (Christian Gulden) C:\WINDOWS\system32\Drivers\pimou.sys
2015-05-07 21:21 - 2015-01-06 18:03 - 00413960 _____ (Texas Instruments Incorporated) C:\WINDOWS\system32\Drivers\tixhci.sys
2015-05-07 21:04 - 2015-05-07 21:04 - 00000000 ____D () C:\translations
2015-05-07 21:04 - 2015-05-07 21:04 - 00000000 ____D () C:\cis
2015-05-07 21:04 - 2015-04-01 19:45 - 03454680 _____ (Terra Informatica Software, Inc.) C:\cmdhtml.dll
2015-05-07 21:04 - 2015-04-01 19:45 - 01238744 _____ (COMODO) C:\cmdstat.dll
2015-05-07 21:04 - 2015-04-01 19:44 - 00281816 _____ (Igor Pavlov) C:\7za.dll
2015-05-07 21:04 - 2015-04-01 19:43 - 04479704 _____ (COMODO) C:\cmdinstall.exe
2015-05-07 21:04 - 2015-03-24 04:02 - 02378448 _____ (COMODO Security Solutions) C:\bsm_chrome.exe
2015-05-07 21:02 - 2015-05-07 21:04 - 00001512 __RSH () C:\WINDOWS\SysWOW64\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
2015-05-07 21:02 - 2015-05-07 21:04 - 00000642 _____ () C:\WINDOWS\SysWOW64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2015-05-07 21:02 - 2015-05-07 21:02 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2015-05-07 20:49 - 2015-05-14 21:08 - 00016448 _____ () C:\WINDOWS\system32\Drivers\sfi.dat
2015-05-07 20:49 - 2015-05-07 20:49 - 00000000 ____D () C:\WINDOWS\System32\Tasks\COMODO
2015-05-07 20:47 - 2015-05-07 20:47 - 00000000 ____D () C:\ProgramData\Shared Space
2015-05-07 20:45 - 2015-05-08 01:45 - 00000000 ____D () C:\Users\Kay\AppData\Local\Comodo
2015-05-07 20:45 - 2015-05-08 01:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-05-07 20:45 - 2015-05-07 20:47 - 00000000 ____D () C:\Program Files\COMODO
2015-05-07 20:36 - 2015-05-07 20:49 - 00000000 ____D () C:\ProgramData\Comodo
2015-05-07 20:18 - 2015-05-07 20:18 - 00557183 _____ () C:\Users\Kay\Desktop\bookmarks-2015-05-07.json
2015-05-07 03:58 - 2015-05-07 04:11 - 206929475 _____ () C:\Users\Kay\Desktop\sweet alice.mp4
2015-05-07 00:03 - 2015-05-07 20:41 - 00000050 ___RH () C:\Users\Kay\Downloads\GetSusp.opt
2015-05-06 23:35 - 2015-05-06 23:35 - 00000000 ____D () C:\Snort
2015-05-06 23:04 - 2011-06-30 13:52 - 01667584 _____ () C:\Users\Kay\Desktop\ncat.exe
2015-05-06 23:03 - 2015-05-06 23:03 - 00000218 _____ () C:\Users\Kay\AppData\Local\recently-used.xbel
2015-05-06 22:53 - 2015-05-06 23:03 - 00000000 ____D () C:\Users\Kay\.zenmap
2015-05-06 22:52 - 2015-05-07 04:52 - 00000000 ____D () C:\Program Files (x86)\Nmap
2015-05-06 22:39 - 2015-05-06 22:39 - 00425490 _____ () C:\Users\Kay\AppData\Local\census.cache
2015-05-06 22:39 - 2015-05-06 22:39 - 00190976 _____ () C:\Users\Kay\AppData\Local\ars.cache
2015-05-06 22:37 - 2015-05-06 22:39 - 00000000 ____D () C:\ProgramData\SystemExplorer
2015-05-06 22:37 - 2015-05-06 22:37 - 00001100 _____ () C:\Users\Public\Desktop\System Explorer.lnk
2015-05-06 22:37 - 2015-05-06 22:37 - 00001100 _____ () C:\ProgramData\Desktop\System Explorer.lnk
2015-05-06 22:37 - 2015-05-06 22:37 - 00000010 _____ () C:\Users\Kay\AppData\Local\sponge.last.runtime.cache
2015-05-06 22:37 - 2015-05-06 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
2015-05-06 22:37 - 2015-05-06 22:37 - 00000000 ____D () C:\Program Files (x86)\System Explorer
2015-05-06 22:33 - 2015-05-06 22:34 - 00000000 ____D () C:\Users\Kay\Desktop\filme
2015-05-06 22:32 - 2015-05-06 22:32 - 00000036 _____ () C:\Users\Kay\AppData\Local\housecall.guid.cache
2015-05-06 22:32 - 2013-09-28 04:56 - 00285208 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2015-05-06 22:26 - 2015-01-25 20:10 - 00006069 _____ () C:\Users\Kay\Desktop\cports_lng.ini
2015-05-06 22:18 - 2015-05-06 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2015-05-06 22:17 - 2015-05-07 19:10 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Raptr
2015-05-06 21:40 - 2015-05-14 20:37 - 00000000 ____D () C:\AdwCleaner
2015-05-06 20:48 - 2015-05-06 21:44 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Nico Mak Computing
2015-05-06 19:45 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-06 00:28 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-06 00:28 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-06 00:06 - 2015-05-06 00:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-05-05 23:51 - 2015-05-05 23:51 - 00000000 ____D () C:\Users\Kay\Desktop\Neuer Ordner (3)
2015-05-04 23:27 - 2015-05-04 23:27 - 02355356 _____ () C:\Users\Kay\Downloads\FreeHideIP-4.0.4.6.Setup.exe
2015-05-04 23:22 - 2015-05-04 23:22 - 00000000 _____ () C:\WINDOWS\SysWOW64\RENF3B.tmp
2015-04-30 03:48 - 2015-05-06 21:33 - 00001612 _____ () C:\Users\Kay\Desktop\debug.log
2015-04-30 01:37 - 2015-05-07 23:21 - 00000000 ____D () C:\Users\Kay\Desktop\Neuer Ordner (2)
2015-04-29 19:54 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-04-29 19:54 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-04-29 19:54 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-04-29 19:54 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-04-29 19:54 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-04-29 19:54 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-04-29 19:54 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-04-29 19:53 - 2015-03-13 02:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-04-28 04:40 - 2015-04-28 04:40 - 00002729 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
2015-04-28 04:39 - 2015-04-28 04:39 - 00000000 ____D () C:\Program Files (x86)\MSECache
2015-04-28 03:19 - 2013-04-06 00:26 - 01679360 _____ () C:\WINDOWS\SysWOW64\ac3filter.acm.new
2015-04-28 03:17 - 2015-04-28 03:17 - 00000000 ____D () C:\Program Files (x86)\Shark007
2015-04-28 03:16 - 2015-05-06 21:33 - 00000000 ____D () C:\ProgramData\Advanced
2015-04-28 02:42 - 2015-04-28 02:42 - 00000000 ____D () C:\WINDOWS\pss
2015-04-23 23:06 - 2015-05-04 19:55 - 00000000 ____D () C:\WINDOWS\Hewlett-Packard
2015-04-23 10:14 - 2015-05-06 19:44 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-04-23 10:14 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-04-23 10:14 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-04-23 10:14 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-04-23 10:14 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-04-23 10:14 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-04-23 10:14 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-04-23 10:14 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-04-23 10:14 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-04-23 10:14 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-04-23 10:14 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-04-23 10:14 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-04-23 10:14 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-04-23 10:14 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-04-23 10:14 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-04-23 10:14 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-04-23 10:14 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-04-23 00:56 - 2015-05-09 11:09 - 00000892 _____ () C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-04-23 00:56 - 2015-04-23 00:56 - 00003844 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-04-23 00:31 - 2015-04-23 00:32 - 00000000 ____D () C:\Program Files\UltraDefrag
2015-04-23 00:31 - 2015-04-23 00:31 - 00000874 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraDefrag.lnk
2015-04-23 00:25 - 2015-04-23 00:25 - 00003140 _____ () C:\WINDOWS\System32\Tasks\{595F0CC6-78B3-4146-9AF1-D2D1124AF816}
2015-04-21 06:14 - 2015-04-29 19:41 - 00003696 _____ () C:\WINDOWS\System32\Tasks\Adobe Reader and Acrobat Manager
2015-04-21 06:14 - 2015-04-21 06:14 - 00003704 _____ () C:\WINDOWS\System32\Tasks\Java Platform SE Auto Updater
2015-04-19 15:00 - 2015-04-19 15:00 - 00089600 _____ (UltraDefrag Development Team) C:\WINDOWS\system32\udefrag.exe
2015-04-19 15:00 - 2015-04-19 15:00 - 00033792 _____ (UltraDefrag Development Team) C:\WINDOWS\system32\wgx.dll
2015-04-19 15:00 - 2015-04-19 15:00 - 00013312 _____ (UltraDefrag Development Team) C:\WINDOWS\system32\hibernate4win.exe
2015-04-19 15:00 - 2015-04-19 15:00 - 00012288 _____ (UltraDefrag Development Team) C:\WINDOWS\system32\bootexctrl.exe
2015-04-19 14:59 - 2015-04-19 14:59 - 00394752 _____ (UltraDefrag Development Team) C:\WINDOWS\system32\defrag_native.exe
2015-04-19 14:59 - 2015-04-19 14:59 - 00337920 _____ (UltraDefrag Development Team) C:\WINDOWS\system32\zenwinx.dll
2015-04-19 14:59 - 2015-04-19 14:59 - 00132608 _____ () C:\WINDOWS\system32\lua5.1a.dll
2015-04-19 14:59 - 2015-04-19 14:59 - 00055808 _____ (UltraDefrag Development Team) C:\WINDOWS\system32\udefrag.dll
2015-04-16 03:04 - 2015-04-16 07:20 - 00000014 _____ () C:\Users\Kay\Desktop\Neues Textdokument (3).txt
2015-04-15 23:15 - 2015-04-16 07:20 - 00000089 _____ () C:\Users\Kay\Desktop\kreditkarte online daten.txt
2015-04-15 22:49 - 2015-04-15 22:49 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-04-15 22:49 - 2015-04-15 22:49 - 00002041 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-04-15 22:49 - 2015-04-15 22:49 - 00002041 _____ () C:\ProgramData\Desktop\Adobe Reader XI.lnk
2015-04-15 22:21 - 2015-05-07 21:07 - 00001464 _____ () C:\Users\Kay\Desktop\PatchMyPC - Verknüpfung.lnk
2015-04-15 22:17 - 2015-04-28 04:15 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-15 22:17 - 2015-04-15 22:49 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-15 22:17 - 2015-04-15 22:17 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-04-15 22:17 - 2015-04-15 22:17 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-04-15 22:07 - 2015-04-15 22:07 - 00000000 ____D () C:\ProgramData\AmUStor
2015-04-15 22:07 - 2015-04-15 22:07 - 00000000 ____D () C:\Program Files (x86)\AmUStor
2015-04-15 22:07 - 2014-11-19 11:29 - 00876760 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys
2015-04-15 22:07 - 2014-11-19 11:29 - 00073800 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2015-04-15 21:52 - 2015-05-06 21:24 - 00000000 ____D () C:\Program Files\Easeware
2015-04-15 21:52 - 2015-04-15 21:52 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Easeware
2015-04-15 21:48 - 2015-05-03 21:42 - 00554528 _____ (www.patchmypc.net) C:\Users\Kay\Downloads\PatchMyPC.exe
2015-04-15 21:01 - 2015-04-15 21:01 - 00001624 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
2015-04-15 21:00 - 2015-04-15 21:00 - 00000093 _____ () C:\Users\Kay\AppData\Roaming\ARCompanion.log
2015-04-15 15:36 - 2015-01-06 05:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-04-15 15:36 - 2015-01-06 04:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-04-15 15:36 - 2015-01-06 03:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-04-15 15:36 - 2015-01-06 03:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-04-15 13:06 - 2015-04-15 13:06 - 00256992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx64.sys
2015-04-15 12:52 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 12:52 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 12:52 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 12:52 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 12:52 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 12:52 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 12:52 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 12:52 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 12:52 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 12:52 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 12:52 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 12:52 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 12:52 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 12:52 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 12:52 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 12:52 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 12:52 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 12:52 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-14 16:09 - 2014-04-30 08:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2015-04-14 16:09 - 2014-04-30 08:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-14 21:20 - 2015-02-11 04:25 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\SlimBrowser
2015-05-14 21:05 - 2015-03-02 12:50 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-14 21:04 - 2015-03-11 23:16 - 00007622 _____ () C:\Users\Kay\AppData\Local\Resmon.ResmonCfg
2015-05-14 21:03 - 2015-03-10 23:50 - 00003906 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9258BA3B-CC89-4021-B23D-871BCB404B47}
2015-05-14 21:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-14 20:52 - 2015-03-05 23:38 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-05-14 20:44 - 2014-12-10 20:47 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4150589384-1404209100-33404022-1001
2015-05-14 20:39 - 2015-03-24 19:52 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-14 20:39 - 2015-03-10 23:20 - 00000334 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForKay.job
2015-05-14 20:39 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-14 20:38 - 2013-08-22 15:25 - 76546048 _____ () C:\WINDOWS\system32\config\SOFTWARE_tureg_old
2015-05-14 20:38 - 2013-08-22 15:25 - 12582912 _____ () C:\WINDOWS\system32\config\SYSTEM_tureg_old
2015-05-14 20:38 - 2013-08-22 15:25 - 00524288 _____ () C:\WINDOWS\system32\config\DEFAULT_tureg_old
2015-05-14 20:38 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-14 20:38 - 2013-08-22 15:25 - 00024576 _____ () C:\WINDOWS\system32\config\SECURITY_tureg_old
2015-05-14 20:38 - 2013-08-22 15:25 - 00024576 _____ () C:\WINDOWS\system32\config\SAM_tureg_old
2015-05-14 20:35 - 2015-03-02 22:54 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-05-14 20:26 - 2014-12-11 21:36 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Skype
2015-05-14 20:23 - 2014-12-10 20:55 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-14 20:16 - 2015-03-10 23:20 - 00003144 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForKay
2015-05-14 20:01 - 2015-03-22 22:47 - 00000000 ____D () C:\Users\Kay\AppData\Local\CrashDumps
2015-05-14 19:58 - 2015-04-13 21:55 - 00000000 ____D () C:\Program Files (x86)\FreeHideIP
2015-05-14 15:52 - 2015-01-05 18:32 - 00000000 ____D () C:\Users\Kay\AppData\Local\Spotify
2015-05-14 15:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-14 09:14 - 2015-01-05 18:30 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Spotify
2015-05-14 08:41 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-14 08:18 - 2015-03-11 04:58 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-14 08:13 - 2015-03-10 22:39 - 00000000 ____D () C:\Users\Kay
2015-05-13 09:14 - 2014-12-10 20:49 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\vlc
2015-05-13 06:20 - 2014-12-02 21:46 - 00000000 ____D () C:\Users\Kay\Desktop\evaer skype mitschnitte
2015-05-13 03:54 - 2015-04-07 22:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-13 03:53 - 2014-12-10 20:55 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-05-13 03:46 - 2013-08-22 16:44 - 00355136 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-13 03:25 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-13 03:24 - 2014-12-11 11:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-13 03:20 - 2014-12-11 11:00 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-13 03:15 - 2014-11-21 05:13 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-12 23:33 - 2015-01-25 22:28 - 00000000 ____D () C:\Users\Kay\Desktop\Musik Januar 2015
2015-05-08 17:07 - 2015-04-13 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Hide IP
2015-05-08 01:45 - 2014-12-10 20:46 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Mozilla
2015-05-07 22:39 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-07 22:35 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-05-07 22:33 - 2015-03-02 12:54 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-05-07 21:16 - 2015-03-21 17:20 - 00000558 _____ () C:\WINDOWS\wininit.ini
2015-05-07 21:07 - 2015-01-05 18:32 - 00002030 _____ () C:\Users\Kay\Desktop\Spotify.lnk
2015-05-07 20:49 - 2014-11-21 04:45 - 01103942 _____ () C:\WINDOWS\system32\perfh007.dat
2015-05-07 20:49 - 2014-11-21 04:45 - 00278380 _____ () C:\WINDOWS\system32\perfc007.dat
2015-05-07 20:37 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-07 03:39 - 2014-12-12 04:19 - 00003830 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1418350790
2015-05-07 03:39 - 2014-12-12 04:19 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-05-07 00:01 - 2015-02-11 04:25 - 00000000 ____D () C:\Program Files (x86)\SlimBrowser
2015-05-06 22:18 - 2015-03-06 03:41 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-05-06 22:17 - 2015-03-10 21:05 - 00000000 ____D () C:\Program Files\AMD
2015-05-06 22:16 - 2015-03-10 22:38 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-06 21:29 - 2012-11-22 00:24 - 00000000 ____D () C:\Program Files\Intel
2015-05-06 21:29 - 2012-11-22 00:24 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-05-06 00:15 - 2015-03-10 22:45 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-05-06 00:06 - 2015-03-02 22:18 - 00000000 ____D () C:\Program Files\Java
2015-05-05 19:59 - 2014-11-21 13:01 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:59 - 2014-11-21 13:01 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-05 18:34 - 2014-12-11 22:22 - 00002768 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-05-04 23:23 - 2015-03-21 18:47 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-04 23:20 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed
2015-04-29 21:17 - 2015-04-08 22:32 - 00000000 ____D () C:\Users\Kay\Desktop\bilder
2015-04-29 19:39 - 2015-03-12 05:50 - 00009733 _____ () C:\WINDOWS\SysWOW64\Gms.log
2015-04-28 16:55 - 2014-12-11 21:35 - 00000000 ____D () C:\ProgramData\Skype
2015-04-28 16:52 - 2014-12-11 22:22 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-28 16:52 - 2014-12-11 22:22 - 00000836 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2015-04-28 16:52 - 2014-12-11 22:22 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-28 04:40 - 2014-12-18 01:50 - 00012889 ____H () C:\WINDOWS\SysWOW64\BTImages.dat
2015-04-28 04:40 - 2012-11-22 00:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-04-28 04:15 - 2014-12-10 20:54 - 00000000 ____D () C:\Users\Kay\AppData\Local\Adobe
2015-04-28 04:15 - 2014-12-10 20:40 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Adobe
2015-04-28 03:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Registration
2015-04-28 03:10 - 2014-12-10 20:39 - 00000000 ____D () C:\Users\Kay\AppData\Local\Packages
2015-04-28 01:33 - 2015-03-09 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bazooka Scanner
2015-04-25 13:02 - 2014-11-21 05:35 - 01984420 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-23 23:06 - 2012-08-02 05:15 - 00000000 ____D () C:\SWSETUP
2015-04-23 10:15 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-04-23 10:15 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-04-22 20:03 - 2015-03-24 19:52 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-22 20:03 - 2015-03-24 19:52 - 00001116 _____ () C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-22 20:03 - 2015-03-24 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-04-22 20:03 - 2015-03-24 19:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-04-21 17:51 - 2014-12-11 21:58 - 00000959 _____ () C:\Users\Kay\Desktop\Evaer.lnk
2015-04-21 01:56 - 2014-12-10 20:49 - 00000889 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-04-21 01:56 - 2014-12-10 20:49 - 00000889 _____ () C:\ProgramData\Desktop\VLC media player.lnk
2015-04-17 02:15 - 2015-03-12 21:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-15 22:50 - 2015-03-02 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-15 22:30 - 2015-04-07 10:16 - 00000000 ____D () C:\Users\Kay\Desktop\cam neu
2015-04-15 22:07 - 2015-03-12 05:21 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-04-15 22:07 - 2012-11-22 00:24 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-15 21:57 - 2015-03-22 22:52 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-04-15 21:41 - 2015-04-07 01:03 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\422D0373.sys
2015-04-15 21:01 - 2014-12-23 08:28 - 00000000 ____D () C:\Users\Kay\AppData\Local\Citrix
2015-04-15 21:01 - 2014-12-23 08:28 - 00000000 ____D () C:\Program Files (x86)\Citrix
2015-04-15 20:19 - 2014-12-23 08:29 - 00000000 ____D () C:\ProgramData\Citrix
2015-04-14 09:38 - 2015-03-24 19:52 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2015-03-24 19:52 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2015-03-24 19:52 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
==================== Files in the root of some directories =======
2015-04-15 21:00 - 2015-04-15 21:00 - 0000093 _____ () C:\Users\Kay\AppData\Roaming\ARCompanion.log
2014-12-29 22:40 - 2014-12-29 22:40 - 0001167 _____ () C:\Users\Kay\AppData\Roaming\trace_FilterInstaller.txt
2014-12-29 22:40 - 2014-12-29 22:40 - 0000000 _____ () C:\Users\Kay\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2015-05-06 22:39 - 2015-05-06 22:39 - 0190976 _____ () C:\Users\Kay\AppData\Local\ars.cache
2015-05-06 22:39 - 2015-05-06 22:39 - 0425490 _____ () C:\Users\Kay\AppData\Local\census.cache
2015-05-06 22:32 - 2015-05-06 22:32 - 0000036 _____ () C:\Users\Kay\AppData\Local\housecall.guid.cache
2015-05-06 23:03 - 2015-05-06 23:03 - 0000218 _____ () C:\Users\Kay\AppData\Local\recently-used.xbel
2015-03-11 23:16 - 2015-05-14 21:04 - 0007622 _____ () C:\Users\Kay\AppData\Local\Resmon.ResmonCfg
2015-05-06 22:37 - 2015-05-06 22:37 - 0000010 _____ () C:\Users\Kay\AppData\Local\sponge.last.runtime.cache
Some content of TEMP:
====================
C:\Users\Kay\AppData\Local\Temp\Quarantine.exe
C:\Users\Kay\AppData\Local\Temp\sqlite3.dll
C:\Users\Kay\AppData\Local\Temp\E910.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe
[2014-11-21 06:04] - [2014-11-21 06:04] - 0572416 ____A (Microsoft Corporation) EC498BAE1F0D3E0E401C963F8D76C437
C:\Windows\System32\wininit.exe
[2014-11-21 06:03] - [2014-11-21 06:03] - 0145920 ____A (Microsoft Corporation) A570A64292214C43E0BA50E6A72A6380
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll
[2014-11-21 06:03] - [2014-11-21 06:03] - 1376256 ____A (Microsoft Corporation) 76C5CF09F53A3B089B5581B9938F8CAE
C:\Windows\System32\userinit.exe
[2014-11-21 06:03] - [2014-11-21 06:03] - 0026112 ____A (Microsoft Corporation) 5C131534A3EA4A461A793FB507A8004F
C:\Windows\SysWOW64\userinit.exe
[2014-11-21 06:05] - [2014-11-21 06:05] - 0022528 ____A (Microsoft Corporation) D10643FC0095434C819316CA6CD748C0
C:\Windows\System32\rpcss.dll
[2014-11-21 06:03] - [2014-11-21 06:03] - 0817664 ____A (Microsoft Corporation) A6F17C299A03BAFEFB9257C462A19E00
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-12 04:24
==================== End Of Log ============================
|
|
14.05.2015, 22:57
| #6 |
| | Malware - Logfileauswertung - Rechner stürzt ab oder friert einFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 01
Ran by Kay (administrator) on KSIN on 14-05-2015 21:19:14
Running from C:\Users\Kay\Downloads
Loaded Profiles: Kay (Available profiles: Kay & Administrator)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Comodo\IceDragon\icedragon.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Evaer Technology) C:\Program Files (x86)\Evaer\videochannel.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTgui.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(UltraDefrag Development Team) C:\Program Files\UltraDefrag\ultradefrag.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Opera Software) C:\Program Files (x86)\Opera\launcher.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(FlashPeak Inc.) C:\Program Files (x86)\SlimBrowser\sbframe.exe
(FlashPeak Inc.) C:\Program Files (x86)\SlimBrowser\SBRender.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-05-05] (Raptr, Inc)
HKLM-x32\...\Run: [SystemExplorerAutoStart] => C:\Program Files (x86)\System Explorer\SystemExplorer.exe [3391712 2015-04-20] (Mister Group)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745232 2015-04-15] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4150589384-1404209100-33404022-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-4150589384-1404209100-33404022-1001\...\Run: [avichannel] => C:\Program Files (x86)\Evaer\videochannel.exe [1740776 2015-03-08] (Evaer Technology)
HKU\S-1-5-21-4150589384-1404209100-33404022-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-4150589384-1404209100-33404022-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\adobe air application installer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\chromodo.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\icedragon.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\wordview.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Startup: C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-03-12] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-4150589384-1404209100-33404022-1001] => http=;ftp=;https=;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4&q={searchTerms}
HKU\S-1-5-21-4150589384-1404209100-33404022-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4
HKU\S-1-5-21-4150589384-1404209100-33404022-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4
HKU\S-1-5-21-4150589384-1404209100-33404022-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-4150589384-1404209100-33404022-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {BA667243-1B10-47C5-AD89-F7D3CE8B219D} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {BA667243-1B10-47C5-AD89-F7D3CE8B219D} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4150589384-1404209100-33404022-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4150589384-1404209100-33404022-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\732yhgy9.default-1418351222236
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF Homepage: yahoo.de
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-13] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-04-08] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4150589384-1404209100-33404022-1001: hp.com/HPDetect -> C:\Users\Kay\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Kay\AppData\Roaming\mozilla\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\732yhgy9.default-1418351222236\searchplugins\google-avast.xml [2015-03-22]
FF SearchPlugin: C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\732yhgy9.default-1418351222236\searchplugins\google-images.xml [2015-03-02]
FF SearchPlugin: C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\732yhgy9.default-1418351222236\searchplugins\google-maps.xml [2015-03-02]
FF Extension: Free Hide IP - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\732yhgy9.default-1418351222236\Extensions\support@free-hideip.com.xpi [2015-04-13]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-07]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.oursurfing.com/?type=hp&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4
CHR StartupUrls: Default -> "hxxp://www.oursurfing.com/?type=hp&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4"
CHR DefaultSearchKeyword: Default -> oursurfing
CHR DefaultSearchURL: Default -> hxxp://www.oursurfing.com/web/?type=ds&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4&q={searchTerms}
CHR Profile: C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-12]
CHR Extension: (Google Docs) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-12]
CHR Extension: (Google Drive) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-12]
CHR Extension: (YouTube) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-12]
CHR Extension: (Google Search) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-12]
CHR Extension: (Google Sheets) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-12]
CHR Extension: (Bookmark Manager) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-12]
CHR Extension: (Gmail) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-12]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.oursurfing.com/?type=sc&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4
Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.oursurfing.com/?type=sc&ts=1431026774&z=f8a6ac4b2ee8b61da9995afgfzcc8gce4o6q2mfm7w&from=2sq&uid=3219913727_198313_FAD5AFF4
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U2 EventLog; C:\Windows\System32\wevtsvc.dll [1696256 2015-03-06] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\Windows\System32\gpsvc.dll [1360896 2014-11-21] (Microsoft Corporation) [File not signed]
U2 NlaSvc; C:\Windows\System32\nlasvc.dll [391680 2015-03-10] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\System32\nsisvc.dll [28672 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [802816 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WinHttpAutoProxySvc; C:\Windows\SysWOW64\winhttp.dll [631808 2014-11-21] (Microsoft Corporation) [File not signed]
U3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [214528 2014-11-21] (Microsoft Corporation) [File not signed]
U3 ALG; C:\Windows\System32\alg.exe [96768 2014-11-21] (Microsoft Corporation) [File not signed]
U2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [244736 2014-11-21] (AMD) [File not signed]
U2 AppHostSvc; C:\Windows\system32\inetsrv\apphostsvc.dll [66048 2015-03-10] (Microsoft Corporation) [File not signed]
U3 AppIDSvc; C:\Windows\System32\appidsvc.dll [39424 2014-11-21] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\Windows\System32\appinfo.dll [110080 2014-11-21] (Microsoft Corporation) [File not signed]
U3 AppReadiness; C:\Windows\system32\AppReadiness.dll [562688 2014-11-21] (Microsoft Corporation) [File not signed]
U3 AppXSvc; C:\Windows\system32\appxdeploymentserver.dll [1348096 2014-11-21] (Microsoft Corporation) [File not signed]
U2 AudioEndpointBuilder; C:\Windows\System32\AudioEndpointBuilder.dll [229888 2015-03-10] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [911360 2014-11-21] (Microsoft Corporation) [File not signed]
U2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1517480 2015-04-15] (AVG Technologies CZ, s.r.o.)
U2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438032 2015-04-15] (AVG Technologies CZ, s.r.o.)
U2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.)
U3 AxInstSV; C:\Windows\System32\AxInstSV.dll [111104 2014-11-21] (Microsoft Corporation) [File not signed]
U3 BDESVC; C:\Windows\System32\bdesvc.dll [348672 2014-11-21] (Microsoft Corporation) [File not signed]
U2 BFE; C:\Windows\System32\bfe.dll [845312 2014-11-10] (Microsoft Corporation) [File not signed]
U2 BITS; C:\Windows\System32\qmgr.dll [933376 2014-11-21] (Microsoft Corporation) [File not signed]
U2 BrokerInfrastructure; C:\Windows\System32\bisrv.dll [270336 2014-11-21] (Microsoft Corporation) [File not signed]
U3 Browser; C:\Windows\System32\browser.dll [135168 2014-11-21] (Microsoft Corporation) [File not signed]
U3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation) [File not signed]
U3 bthserv; C:\Windows\system32\bthserv.dll [94720 2014-11-21] (Microsoft Corporation) [File not signed]
U2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
U2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
U3 CertPropSvc; C:\Windows\System32\certprop.dll [156160 2014-11-21] (Microsoft Corporation) [File not signed]
U4 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [2306248 2015-03-26] (Comodo)
U2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5540424 2015-04-01] (COMODO)
U3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265816 2015-04-01] (COMODO)
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [131584 2014-11-21] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [817664 2014-11-21] (Microsoft Corporation) [File not signed]
U3 defragsvc; C:\Windows\System32\defragsvc.dll [524288 2014-11-21] (Microsoft Corporation) [File not signed]
U2 DeviceAssociationService; C:\Windows\system32\das.dll [407040 2014-11-21] (Microsoft Corporation) [File not signed]
U3 DeviceInstall; C:\Windows\system32\umpnpmgr.dll [116736 2014-11-21] (Microsoft Corporation) [File not signed]
U2 Dhcp; C:\Windows\system32\dhcpcore.dll [365056 2014-11-21] (Microsoft Corporation) [File not signed]
U2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [292864 2014-11-21] (Microsoft Corporation) [File not signed]
U2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-05-06] (Microsoft Corporation) [File not signed]
U2 Dnscache; C:\Windows\System32\dnsrslvr.dll [252416 2014-11-05] (Microsoft Corporation) [File not signed]
U3 dot3svc; C:\Windows\System32\dot3svc.dll [262144 2014-11-21] (Microsoft Corporation) [File not signed]
U2 DPS; C:\Windows\system32\dps.dll [174080 2014-11-21] (Microsoft Corporation) [File not signed]
U3 DsmSvc; C:\Windows\System32\DeviceSetupManager.dll [206848 2014-11-21] (Microsoft Corporation) [File not signed]
U3 Eaphost; C:\Windows\System32\eapsvc.dll [110592 2014-11-21] (Microsoft Corporation) [File not signed]
U2 EFS; C:\Windows\system32\efssvc.dll [41472 2014-11-21] (Microsoft Corporation) [File not signed]
U2 EventSystem; C:\Windows\system32\es.dll [516608 2014-11-21] (Microsoft Corporation) [File not signed]
U2 EventSystem; C:\Windows\SysWOW64\es.dll [367616 2014-11-21] (Microsoft Corporation) [File not signed]
U3 Fax; C:\Windows\system32\fxssvc.exe [658944 2014-11-21] (Microsoft Corporation) [File not signed]
U3 fdPHost; C:\Windows\system32\fdPHost.dll [22016 2014-11-21] (Microsoft Corporation) [File not signed]
U3 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2014-11-21] (Microsoft Corporation) [File not signed]
U3 fhsvc; C:\Windows\system32\fhsvc.dll [121856 2014-11-21] (Microsoft Corporation) [File not signed]
U4 FontCache; C:\Windows\system32\FntCache.dll [1387008 2015-04-10] (Microsoft Corporation) [File not signed]
U3 hidserv; C:\Windows\system32\hidserv.dll [33792 2014-11-21] (Microsoft Corporation) [File not signed]
U3 hidserv; C:\Windows\SysWOW64\hidserv.dll [30720 2014-11-21] (Microsoft Corporation) [File not signed]
U3 hkmsvc; C:\Windows\system32\kmsvc.dll [101376 2014-11-21] (Microsoft Corporation) [File not signed]
U3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [275968 2014-11-21] (Microsoft Corporation) [File not signed]
U3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [445952 2014-11-21] (Microsoft Corporation) [File not signed]
U3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [366080 2014-11-21] (Microsoft Corporation) [File not signed]
U2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [93184 2014-08-21] (Hewlett-Packard Company) [File not signed]
U4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
U4 IceDragonUpdater; C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe [1821384 2013-12-19] ()
U3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2014-11-21] (Microsoft Corporation) [File not signed]
U2 IKEEXT; C:\Windows\System32\ikeext.dll [1084416 2014-11-10] (Microsoft Corporation) [File not signed]
U2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
U3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
U2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [926208 2014-11-21] (Microsoft Corporation) [File not signed]
U4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
U3 KeyIso; C:\Windows\system32\keyiso.dll [62464 2014-11-21] (Microsoft Corporation) [File not signed]
U3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [46592 2014-11-21] (Microsoft Corporation) [File not signed]
U3 KtmRm; C:\Windows\system32\msdtckrm.dll [373248 2014-11-21] (Microsoft Corporation) [File not signed]
U2 LanmanServer; C:\Windows\system32\srvsvc.dll [329216 2014-11-21] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [289280 2014-11-21] (Microsoft Corporation) [File not signed]
U3 lfsvc; C:\Windows\System32\GeofenceMonitorService.dll [521728 2014-11-21] (Microsoft Corporation) [File not signed]
U3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [367104 2014-11-21] (Microsoft Corporation) [File not signed]
U3 lltdsvc; C:\Windows\System32\lltdsvc.dll [279040 2014-11-21] (Microsoft Corporation) [File not signed]
U2 lmhosts; C:\Windows\System32\lmhsvc.dll [24576 2014-11-21] (Microsoft Corporation) [File not signed]
U2 LSM; C:\Windows\System32\lsm.dll [780800 2015-02-21] (Microsoft Corporation) [File not signed]
U2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
U2 MMCSS; C:\Windows\system32\mmcss.dll [71168 2014-11-21] (Microsoft Corporation) [File not signed]
U2 MpsSvc; C:\Windows\system32\mpssvc.dll [880640 2014-11-21] (Microsoft Corporation) [File not signed]
U4 MSDTC; C:\Windows\System32\msdtc.exe [144384 2014-11-21] (Microsoft Corporation) [File not signed]
U3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [151040 2014-11-21] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\System32\msiexec.exe [64512 2014-11-21] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [59904 2014-11-21] (Microsoft Corporation) [File not signed]
U3 napagent; C:\Windows\system32\qagentRT.dll [446464 2014-11-21] (Microsoft Corporation) [File not signed]
U3 NcaSvc; C:\Windows\System32\ncasvc.dll [166400 2014-11-21] (Microsoft Corporation) [File not signed]
U3 NcbService; C:\Windows\System32\ncbservice.dll [154112 2014-11-21] (Microsoft Corporation) [File not signed]
U3 NcdAutoSetup; C:\Windows\System32\NcdAutoSetup.dll [74752 2014-11-21] (Microsoft Corporation) [File not signed]
U3 Netlogon; C:\Windows\system32\netlogon.dll [838656 2014-11-21] (Microsoft Corporation) [File not signed]
U3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [695296 2014-11-21] (Microsoft Corporation) [File not signed]
U3 Netman; C:\Windows\System32\netman.dll [266752 2014-11-21] (Microsoft Corporation) [File not signed]
U3 netprofm; C:\Windows\System32\netprofmsvc.dll [550912 2014-11-21] (Microsoft Corporation) [File not signed]
U3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [380416 2014-11-21] (Microsoft Corporation) [File not signed]
U4 p2psvc; C:\Windows\system32\p2psvc.dll [440832 2014-11-21] (Microsoft Corporation) [File not signed]
U4 PcaSvc; C:\Windows\System32\pcasvc.dll [474112 2014-11-21] (Microsoft Corporation) [File not signed]
U3 PerfHost; C:\Windows\SysWow64\perfhost.exe [21504 2013-08-22] (Microsoft Corporation) [File not signed]
U3 pla; C:\Windows\system32\pla.dll [1526784 2014-11-21] (Microsoft Corporation) [File not signed]
U3 pla; C:\Windows\SysWOW64\pla.dll [1534464 2014-11-21] (Microsoft Corporation) [File not signed]
U3 PlugPlay; C:\Windows\system32\umpnpmgr.dll [116736 2014-11-21] (Microsoft Corporation) [File not signed]
U4 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [26624 2014-11-21] (Microsoft Corporation) [File not signed]
U4 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [380416 2014-11-21] (Microsoft Corporation) [File not signed]
U3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [397312 2014-11-21] (Microsoft Corporation) [File not signed]
U2 Power; C:\Windows\system32\umpo.dll [80384 2014-11-21] (Microsoft Corporation) [File not signed]
U3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [2987520 2014-11-21] (Microsoft Corporation) [File not signed]
U2 ProfSvc; C:\Windows\system32\profsvc.dll [225280 2015-03-10] (Microsoft Corporation) [File not signed]
U3 QWAVE; C:\Windows\system32\qwave.dll [303104 2014-11-21] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [102912 2014-11-21] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\Windows\System32\rasmans.dll [542208 2014-11-21] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [226816 2014-11-21] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [183296 2014-11-21] (Microsoft Corporation) [File not signed]
U4 RemoteRegistry; C:\Windows\system32\regsvc.dll [166400 2014-11-21] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [80896 2014-11-21] (Microsoft Corporation) [File not signed]
U3 RpcLocator; C:\Windows\system32\locator.exe [10240 2014-11-21] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [817664 2014-11-21] (Microsoft Corporation) [File not signed]
U4 SCardSvr; C:\Windows\System32\SCardSvr.dll [194048 2014-11-21] (Microsoft Corporation) [File not signed]
U3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [131072 2014-11-21] (Microsoft Corporation) [File not signed]
U2 Schedule; C:\Windows\system32\schedsvc.dll [1265152 2014-11-21] (Microsoft Corporation) [File not signed]
U3 SCPolicySvc; C:\Windows\System32\certprop.dll [156160 2014-11-21] (Microsoft Corporation) [File not signed]
U4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
U4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
U4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
U3 seclogon; C:\Windows\system32\seclogon.dll [31744 2014-11-21] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\System32\sens.dll [73728 2014-11-21] (Microsoft Corporation) [File not signed]
U3 SensrSvc; C:\Windows\system32\sensrsvc.dll [243200 2014-11-21] (Microsoft Corporation) [File not signed]
U3 SessionEnv; C:\Windows\system32\sessenv.dll [339968 2014-11-21] (Microsoft Corporation) [File not signed]
U3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [296448 2014-11-21] (Microsoft Corporation) [File not signed]
U4 SharedAccess; C:\Windows\System32\ipnathlp.dll [452608 2014-11-21] (Microsoft Corporation) [File not signed]
U4 ShellHWDetection; C:\Windows\System32\shsvcs.dll [640000 2014-11-21] (Microsoft Corporation) [File not signed]
U4 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [576512 2014-11-21] (Microsoft Corporation) [File not signed]
U3 smphost; C:\Windows\System32\smphost.dll [13312 2014-11-21] (Microsoft Corporation) [File not signed]
U3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2014-11-21] (Microsoft Corporation) [File not signed]
U3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14848 2014-11-21] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [827392 2014-11-04] (Microsoft Corporation) [File not signed]
U3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [249344 2014-11-21] (Microsoft Corporation) [File not signed]
U3 SstpSvc; C:\Windows\system32\sstpsvc.dll [142848 2014-11-21] (Microsoft Corporation) [File not signed]
U4 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [File not signed]
U2 stisvc; C:\Windows\System32\wiaservc.dll [670720 2014-11-21] (Microsoft Corporation) [File not signed]
U3 StorSvc; C:\Windows\system32\storsvc.dll [20480 2014-11-21] (Microsoft Corporation) [File not signed]
U3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [17920 2014-11-21] (Microsoft Corporation) [File not signed]
U3 svsvc; C:\Windows\system32\svsvc.dll [13312 2014-11-21] (Microsoft Corporation) [File not signed]
U4 swprv; C:\Windows\System32\swprv.dll [706048 2014-11-21] (Microsoft Corporation) [File not signed]
U2 SysMain; C:\Windows\system32\sysmain.dll [1217024 2014-11-21] (Microsoft Corporation) [File not signed]
U2 SystemEventsBroker; C:\Windows\System32\SystemEventsBrokerServer.dll [294912 2014-11-21] (Microsoft Corporation) [File not signed]
U3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
U3 TabletInputService; C:\Windows\System32\TabSvc.dll [154624 2014-11-21] (Microsoft Corporation) [File not signed]
U3 TapiSrv; C:\Windows\System32\tapisrv.dll [313344 2014-11-21] (Microsoft Corporation) [File not signed]
U3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [254464 2014-11-21] (Microsoft Corporation) [File not signed]
S3 TermService; C:\Windows\System32\termsrv.dll [1114624 2014-11-21] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [59392 2014-11-21] (Microsoft Corporation) [File not signed]
U3 THREADORDER; C:\Windows\system32\mmcss.dll [71168 2014-11-21] (Microsoft Corporation) [File not signed]
U3 TimeBroker; C:\Windows\System32\TimeBrokerServer.dll [262656 2014-11-21] (Microsoft Corporation) [File not signed]
U2 TrkWks; C:\Windows\System32\trkwks.dll [124416 2014-11-21] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [106496 2014-11-21] (Microsoft Corporation) [File not signed]
U2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2604856 2015-02-25] (AVG Technologies)
U3 UI0Detect; C:\Windows\system32\UI0Detect.exe [41984 2014-11-21] (Microsoft Corporation) [File not signed]
U3 UmRdpService; C:\Windows\System32\umrdp.dll [300032 2014-11-21] (Microsoft Corporation) [File not signed]
U3 upnphost; C:\Windows\System32\upnphost.dll [457728 2014-11-21] (Microsoft Corporation) [File not signed]
U3 upnphost; C:\Windows\SysWOW64\upnphost.dll [331776 2014-11-21] (Microsoft Corporation) [File not signed]
U3 VaultSvc; C:\Windows\System32\vaultsvc.dll [260608 2014-11-21] (Microsoft Corporation) [File not signed]
U3 vds; C:\Windows\System32\vds.exe [1313792 2014-11-21] (Microsoft Corporation) [File not signed]
U3 vmicguestinterface; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation) [File not signed]
U3 vmicheartbeat; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation) [File not signed]
U3 vmickvpexchange; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation) [File not signed]
U3 vmicrdv; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation) [File not signed]
U3 vmicshutdown; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation) [File not signed]
U3 vmictimesync; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation) [File not signed]
U3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation) [File not signed]
U3 VSS; C:\Windows\system32\vssvc.exe [1454080 2014-10-21] (Microsoft Corporation) [File not signed]
U3 W32Time; C:\Windows\system32\w32time.dll [411648 2014-11-21] (Microsoft Corporation) [File not signed]
U3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation) [File not signed]
U3 WAS; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2015-03-10] (Microsoft Corporation) [File not signed]
U3 wbengine; C:\Windows\system32\wbengine.exe [1571328 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [465920 2014-11-21] (Microsoft Corporation) [File not signed]
U2 Wcmsvc; C:\Windows\System32\wcmsvc.dll [374784 2014-11-21] (Microsoft Corporation) [File not signed]
U3 wcncsvc; C:\Windows\System32\wcncsvc.dll [465920 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [43520 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [34304 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WdiServiceHost; C:\Windows\system32\wdi.dll [95744 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [84992 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WdiSystemHost; C:\Windows\system32\wdi.dll [95744 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [84992 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-10] (Microsoft Corporation)
U3 WebClient; C:\Windows\System32\webclnt.dll [229376 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WebClient; C:\Windows\SysWOW64\webclnt.dll [199168 2014-11-21] (Microsoft Corporation) [File not signed]
U2 Wecsvc; C:\Windows\system32\wecsvc.dll [209408 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [26112 2014-11-21] (Microsoft Corporation) [File not signed]
U3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84992 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WerSvc; C:\Windows\System32\WerSvc.dll [108544 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WiaRpc; C:\Windows\System32\wiarpc.dll [67584 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-10] (Microsoft Corporation)
U2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [230400 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WinRM; C:\Windows\system32\WsmSvc.dll [2608640 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [2170368 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WlanSvc; C:\Windows\System32\wlansvc.dll [1547264 2014-11-21] (Microsoft Corporation) [File not signed]
U3 wlidsvc; C:\Windows\system32\wlidsvc.dll [1639424 2014-11-21] (Microsoft Corporation) [File not signed]
U3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [201728 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1478144 2014-11-21] (Microsoft Corporation) [File not signed]
U3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1668096 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10240 2014-11-21] (Microsoft Corporation) [File not signed]
U4 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [86528 2014-11-21] (Microsoft Corporation) [File not signed]
U2 wscsvc; C:\Windows\System32\wscsvc.dll [146944 2014-11-21] (Microsoft Corporation) [File not signed]
U2 WSearch; C:\Windows\system32\SearchIndexer.exe [903168 2014-11-21] (Microsoft Corporation) [File not signed]
U2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [710144 2014-11-21] (Microsoft Corporation) [File not signed]
U2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-03-10] ()
U2 wuauserv; C:\Windows\system32\wuaueng.dll [3678720 2015-03-14] (Microsoft Corporation) [File not signed]
U3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [104960 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WwanSvc; C:\Windows\System32\wwansvc.dll [513536 2014-11-21] (Microsoft Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U3 1394ohci; C:\Windows\System32\drivers\1394ohci.sys [231424 2013-08-22] (Microsoft Corporation) [File not signed]
U3 acpipagr; C:\Windows\System32\drivers\acpipagr.sys [10240 2013-08-22] (Microsoft Corporation) [File not signed]
U3 AcpiPmi; C:\Windows\System32\drivers\acpipmi.sys [12288 2013-08-22] (Microsoft Corporation) [File not signed]
U3 acpitime; C:\Windows\System32\drivers\acpitime.sys [10752 2013-08-22] (Microsoft Corporation) [File not signed]
U1 AFD; C:\Windows\system32\drivers\afd.sys [563200 2014-11-21] (Microsoft Corporation) [File not signed]
U1 ahcache; C:\Windows\System32\DRIVERS\ahcache.sys [80384 2015-03-20] (Microsoft Corporation) [File not signed]
U3 AmdK8; C:\Windows\System32\drivers\amdk8.sys [95744 2013-08-22] (Microsoft Corporation) [File not signed]
U0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
U3 amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [18959360 2014-11-21] (Advanced Micro Devices, Inc.) [File not signed]
U3 amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [589312 2014-11-21] (Advanced Micro Devices, Inc.) [File not signed]
U3 AmdPPM; C:\Windows\System32\drivers\amdppm.sys [98816 2013-08-22] (Microsoft Corporation) [File not signed]
U3 AppID; C:\Windows\system32\drivers\appid.sys [82944 2014-11-21] (Microsoft Corporation) [File not signed]
U3 AsyncMac; C:\Windows\system32\DRIVERS\asyncmac.sys [26624 2013-08-22] (Microsoft Corporation) [File not signed]
U3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices) [File not signed]
U0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
U1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
U1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [67040 2015-03-20] (AVG Technologies CZ, s.r.o.)
U1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-09] (AVG Technologies CZ, s.r.o.)
U0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [213984 2015-03-11] (AVG Technologies CZ, s.r.o.)
U1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.)
U0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [344544 2015-03-11] (AVG Technologies CZ, s.r.o.)
U0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [137184 2015-04-03] (AVG Technologies CZ, s.r.o.)
U0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
U1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [293856 2015-04-07] (AVG Technologies CZ, s.r.o.)
U1 BasicDisplay; C:\Windows\System32\drivers\BasicDisplay.sys [50688 2013-08-22] (Microsoft Corporation) [File not signed]
U1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [33280 2014-11-21] (Microsoft Corporation) [File not signed]
U3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [102912 2013-08-22] (Microsoft Corporation) [File not signed]
U3 BthAvrcpTg; C:\Windows\System32\drivers\BthAvrcpTg.sys [36992 2013-08-22] (Microsoft Corporation) [File not signed]
U3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [57856 2015-03-09] (Microsoft Corporation) [File not signed]
U3 bthhfhid; C:\Windows\System32\drivers\BthHFHid.sys [30720 2013-08-22] (Microsoft Corporation) [File not signed]
U3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [64000 2014-11-21] (Microsoft Corporation) [File not signed]
U4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [88576 2013-08-22] (Microsoft Corporation) [File not signed]
U1 cdrom; C:\Windows\System32\drivers\cdrom.sys [164352 2013-08-22] (Microsoft Corporation) [File not signed]
U3 circlass; C:\Windows\System32\drivers\circlass.sys [44032 2013-08-22] (Microsoft Corporation) [File not signed]
U3 CmBatt; C:\Windows\System32\drivers\CmBatt.sys [25472 2013-08-22] (Microsoft Corporation) [File not signed]
U1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20696 2015-04-01] (COMODO)
U1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820952 2015-04-01] (COMODO)
U1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35080 2015-04-01] (COMODO)
U3 CompositeBus; C:\Windows\System32\drivers\CompositeBus.sys [36352 2013-08-22] (Microsoft Corporation) [File not signed]
U3 condrv; C:\Windows\System32\drivers\condrv.sys [43008 2013-08-22] (Microsoft Corporation) [File not signed]
U3 debutfilter; C:\Windows\system32\DRIVERS\debutfilterx64.sys [34512 2014-12-29] ()
U1 Dfsc; C:\Windows\System32\Drivers\dfsc.sys [134144 2014-11-21] (Microsoft Corporation) [File not signed]
U3 dmvsc; C:\Windows\System32\drivers\dmvsc.sys [29696 2013-08-22] (Microsoft Corporation) [File not signed]
U3 ErrDev; C:\Windows\System32\drivers\errdev.sys [10240 2013-08-22] (Microsoft Corporation) [File not signed]
U3 exfat; C:\Windows\System32\Drivers\exfat.sys [200704 2013-08-22] (Microsoft Corporation) [File not signed]
U3 fdc; C:\Windows\System32\drivers\fdc.sys [30720 2013-08-22] (Microsoft Corporation) [File not signed]
U3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34816 2013-08-22] (Microsoft Corporation) [File not signed]
U3 flpydisk; C:\Windows\System32\drivers\flpydisk.sys [25088 2013-08-22] (Microsoft Corporation) [File not signed]
U3 FxPPM; C:\Windows\System32\drivers\fxppm.sys [27136 2013-08-22] (Microsoft Corporation) [File not signed]
U3 gencounter; C:\Windows\System32\drivers\vmgencounter.sys [11264 2013-08-22] (Microsoft Corporation) [File not signed]
U3 HDAudBus; C:\Windows\System32\drivers\HDAudBus.sys [76800 2014-11-21] (Microsoft Corporation) [File not signed]
U3 HidBatt; C:\Windows\System32\drivers\HidBatt.sys [26624 2013-08-22] (Microsoft Corporation) [File not signed]
U3 HidBth; C:\Windows\System32\drivers\hidbth.sys [97792 2015-03-10] (Microsoft Corporation) [File not signed]
U3 hidi2c; C:\Windows\System32\drivers\hidi2c.sys [41472 2013-08-22] (Microsoft Corporation) [File not signed]
U3 HidIr; C:\Windows\System32\drivers\hidir.sys [45568 2013-08-22] (Microsoft Corporation) [File not signed]
U3 HidUsb; C:\Windows\System32\drivers\hidusb.sys [33280 2014-11-21] (Microsoft Corporation) [File not signed]
U3 hyperkbd; C:\Windows\System32\drivers\hyperkbd.sys [13824 2013-08-22] (Microsoft Corporation) [File not signed]
U3 HyperVideo; C:\Windows\system32\DRIVERS\HyperVideo.sys [22016 2013-08-22] (Microsoft Corporation) [File not signed]
U3 i8042prt; C:\Windows\System32\drivers\i8042prt.sys [108544 2014-11-04] (Microsoft Corporation) [File not signed]
U3 intelppm; C:\Windows\System32\drivers\intelppm.sys [98816 2013-08-22] (Microsoft Corporation) [File not signed]
U3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [84992 2013-08-22] (Microsoft Corporation) [File not signed]
U3 IPMIDRV; C:\Windows\System32\drivers\IPMIDrv.sys [79872 2014-11-21] (Microsoft Corporation) [File not signed]
U3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [142848 2014-11-21] (Microsoft Corporation) [File not signed]
U3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2013-08-22] (Microsoft Corporation) [File not signed]
U3 kbdhid; C:\Windows\System32\drivers\kbdhid.sys [32256 2014-11-04] (Microsoft Corporation) [File not signed]
U3 kdnic; C:\Windows\system32\DRIVERS\kdnic.sys [19456 2013-08-22] (Microsoft Corporation) [File not signed]
U3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [21248 2013-08-22] (Microsoft Corporation) [File not signed]
U2 lltdio; C:\Windows\system32\DRIVERS\lltdio.sys [59392 2013-08-22] (Microsoft Corporation) [File not signed]
U2 luafv; C:\Windows\system32\drivers\luafv.sys [124416 2014-11-21] (Microsoft Corporation) [File not signed]
U2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
U3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
U3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
U3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
U3 MEMSWEEP2; C:\WINDOWS\system32\6044.tmp [6144 2009-06-18] (Sophos Plc) [File not signed]
U3 Modem; C:\Windows\System32\drivers\modem.sys [40960 2013-08-22] (Microsoft Corporation) [File not signed]
U3 monitor; C:\Windows\System32\drivers\monitor.sys [30208 2013-08-22] (Microsoft Corporation) [File not signed]
U3 mouhid; C:\Windows\System32\drivers\mouhid.sys [30208 2014-11-04] (Microsoft Corporation) [File not signed]
U3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [74240 2014-11-21] (Microsoft Corporation) [File not signed]
U3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2015-03-10] (Microsoft Corporation) [File not signed]
U3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [405504 2014-11-21] (Microsoft Corporation) [File not signed]
U2 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [283648 2014-11-21] (Microsoft Corporation) [File not signed]
U3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [202752 2014-11-21] (Microsoft Corporation) [File not signed]
U3 MsBridge; C:\Windows\system32\DRIVERS\bridge.sys [115712 2014-11-21] (Microsoft Corporation) [File not signed]
U3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2013-08-22] (Microsoft Corporation) [File not signed]
U3 mshidumdf; C:\Windows\System32\drivers\mshidumdf.sys [9728 2013-08-22] (Microsoft Corporation) [File not signed]
U3 MSKSSRV; C:\Windows\system32\drivers\MSKSSRV.sys [10624 2013-08-22] (Microsoft Corporation) [File not signed]
U3 MsLldp; C:\Windows\system32\DRIVERS\mslldp.sys [66560 2014-11-21] (Microsoft Corporation) [File not signed]
U3 MSPCLOCK; C:\Windows\system32\drivers\MSPCLOCK.sys [7040 2013-08-22] (Microsoft Corporation) [File not signed]
U3 MSPQM; C:\Windows\system32\drivers\MSPQM.sys [6784 2013-08-22] (Microsoft Corporation) [File not signed]
U3 MSTEE; C:\Windows\system32\drivers\MSTEE.sys [7936 2013-08-22] (Microsoft Corporation) [File not signed]
U3 MTConfig; C:\Windows\System32\drivers\MTConfig.sys [13312 2013-08-22] (Microsoft Corporation) [File not signed]
U3 NativeWifiP; C:\Windows\system32\DRIVERS\nwifi.sys [445440 2014-11-21] (Microsoft Corporation) [File not signed]
U3 NdisCap; C:\Windows\system32\DRIVERS\ndiscap.sys [43008 2014-11-21] (Microsoft Corporation) [File not signed]
U3 NdisImPlatform; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2014-11-21] (Microsoft Corporation) [File not signed]
U3 NdisTapi; C:\Windows\system32\DRIVERS\ndistapi.sys [24576 2014-11-08] (Microsoft Corporation) [File not signed]
U3 Ndisuio; C:\Windows\system32\DRIVERS\ndisuio.sys [60416 2013-08-22] (Microsoft Corporation) [File not signed]
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) [File not signed]
U3 NdisWan; C:\Windows\system32\DRIVERS\ndiswan.sys [220672 2013-08-22] (Microsoft Corporation) [File not signed]
U3 NdisWanLegacy; C:\Windows\system32\DRIVERS\ndiswan.sys [220672 2013-08-22] (Microsoft Corporation) [File not signed]
U2 Ndu; C:\Windows\System32\drivers\Ndu.sys [103424 2014-11-21] (Microsoft Corporation) [File not signed]
U1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [48128 2014-11-21] (Microsoft Corporation) [File not signed]
U1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [282624 2013-08-22] (Microsoft Corporation) [File not signed]
U3 netvsc; C:\Windows\System32\drivers\netvsc63.sys [87040 2014-11-21] (Microsoft Corporation) [File not signed]
U1 npsvctrig; C:\Windows\System32\drivers\npsvctrig.sys [23040 2013-08-22] (Microsoft Corporation) [File not signed]
U1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [39424 2014-11-21] (Microsoft Corporation) [File not signed]
U1 Null; C:\Windows\System32\Drivers\Null.sys [5632 2013-08-22] (Microsoft Corporation) [File not signed]
U3 Parport; C:\Windows\System32\drivers\parport.sys [94208 2013-08-22] (Microsoft Corporation) [File not signed]
U2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [663040 2014-11-21] (Microsoft Corporation) [File not signed]
U3 pimou; C:\Windows\System32\drivers\pimou.sys [23608 2014-01-13] (Christian Gulden)
U3 PptpMiniport; C:\Windows\system32\DRIVERS\raspptp.sys [107520 2013-08-22] (Microsoft Corporation) [File not signed]
U3 Processor; C:\Windows\System32\drivers\processr.sys [92160 2013-08-22] (Microsoft Corporation) [File not signed]
U1 Psched; C:\Windows\system32\DRIVERS\pacer.sys [151040 2014-11-21] (Microsoft Corporation) [File not signed]
U3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [47104 2014-11-21] (Microsoft Corporation) [File not signed]
U3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [17408 2014-11-21] (Microsoft Corporation) [File not signed]
U3 RasAgileVpn; C:\Windows\system32\DRIVERS\AgileVpn.sys [96768 2014-11-10] (Microsoft Corporation) [File not signed]
U3 Rasl2tp; C:\Windows\system32\DRIVERS\rasl2tp.sys [112640 2014-11-08] (Microsoft Corporation) [File not signed]
U3 RasPppoe; C:\Windows\system32\DRIVERS\raspppoe.sys [84992 2013-08-22] (Microsoft Corporation) [File not signed]
U3 RasSstp; C:\Windows\system32\DRIVERS\rassstp.sys [93696 2014-11-21] (Microsoft Corporation) [File not signed]
U1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [408576 2014-11-21] (Microsoft Corporation) [File not signed]
U3 rdpbus; C:\Windows\System32\drivers\rdpbus.sys [22528 2013-08-22] (Microsoft Corporation) [File not signed]
U3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [195584 2014-11-21] (Microsoft Corporation) [File not signed]
U2 rspndr; C:\Windows\system32\DRIVERS\rspndr.sys [80384 2013-08-22] (Microsoft Corporation) [File not signed]
U3 s3cap; C:\Windows\System32\drivers\vms3cap.sys [7168 2013-08-22] (Microsoft Corporation) [File not signed]
U3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [40960 2014-11-21] (Microsoft Corporation) [File not signed]
U2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2013-08-22] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
U3 Serenum; C:\Windows\System32\drivers\serenum.sys [23040 2013-08-22] (Microsoft Corporation) [File not signed]
U3 Serial; C:\Windows\System32\drivers\serial.sys [83456 2013-08-22] (Microsoft Corporation) [File not signed]
U3 sermouse; C:\Windows\System32\drivers\sermouse.sys [26112 2014-11-04] (Microsoft Corporation) [File not signed]
U3 sfloppy; C:\Windows\System32\drivers\sfloppy.sys [17408 2013-08-22] (Microsoft Corporation) [File not signed]
U3 SIVDriver; C:\WINDOWS\system32\Drivers\SIVX64.sys [157944 2015-03-14] (Ray Hinchliffe)
U3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33520 2014-12-04] (Synaptics Incorporated)
U2 srv; C:\Windows\System32\DRIVERS\srv.sys [412160 2014-11-21] (Microsoft Corporation) [File not signed]
U3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [678400 2014-11-21] (Microsoft Corporation) [File not signed]
U3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [246272 2014-11-21] (Microsoft Corporation) [File not signed]
U3 STHDA; C:\Windows\system32\DRIVERS\stwrt64.sys [551936 2013-11-20] (IDT, Inc.) [File not signed]
U3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2015-03-21] ()
U2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [49152 2014-11-21] (Microsoft Corporation) [File not signed]
U1 tdx; C:\Windows\system32\DRIVERS\tdx.sys [107520 2013-08-22] (Microsoft Corporation) [File not signed]
U3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [56320 2013-08-22] (Microsoft Corporation) [File not signed]
U3 TsUsbGD; C:\Windows\System32\drivers\TsUsbGD.sys [29696 2014-11-21] (Microsoft Corporation) [File not signed]
U3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2015-01-13] (TuneUp Software)
U3 tunnel; C:\Windows\system32\DRIVERS\tunnel.sys [154112 2013-08-22] (Microsoft Corporation) [File not signed]
U4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [316416 2015-03-13] (Microsoft Corporation) [File not signed]
U3 umbus; C:\Windows\System32\drivers\umbus.sys [46080 2013-08-22] (Microsoft Corporation) [File not signed]
U3 UmPass; C:\Windows\System32\drivers\umpass.sys [11776 2013-08-22] (Microsoft Corporation) [File not signed]
U3 usbaudio; C:\Windows\system32\drivers\usbaudio.sys [121088 2014-11-21] (Microsoft Corporation) [File not signed]
U3 usbcir; C:\Windows\System32\drivers\usbcir.sys [98304 2014-11-21] (Microsoft Corporation) [File not signed]
U3 usbohci; C:\Windows\System32\drivers\usbohci.sys [30208 2013-08-22] (Microsoft Corporation) [File not signed]
U3 usbprint; C:\Windows\System32\drivers\usbprint.sys [26112 2013-08-22] (Microsoft Corporation) [File not signed]
U3 usbuhci; C:\Windows\System32\drivers\usbuhci.sys [37376 2014-11-21] (Microsoft Corporation) [File not signed]
U3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [212736 2014-11-21] (Microsoft Corporation) [File not signed]
U3 VMBusHID; C:\Windows\System32\drivers\VMBusHID.sys [21760 2013-08-22] (Microsoft Corporation) [File not signed]
U3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24576 2013-08-22] (Microsoft Corporation) [File not signed]
U3 WacomPen; C:\Windows\System32\drivers\wacompen.sys [26752 2013-08-22] (Microsoft Corporation) [File not signed]
U3 Wanarp; C:\Windows\system32\DRIVERS\wanarp.sys [80896 2015-01-06] (Microsoft Corporation) [File not signed]
U1 Wanarpv6; C:\Windows\system32\DRIVERS\wanarp.sys [80896 2015-01-06] (Microsoft Corporation) [File not signed]
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-10] (Microsoft Corporation)
U3 WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [78848 2013-08-22] (Microsoft Corporation) [File not signed]
U3 WmiAcpi; C:\Windows\System32\drivers\wmiacpi.sys [16384 2013-08-22] (Microsoft Corporation) [File not signed]
U4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2013-08-22] (Microsoft Corporation) [File not signed]
U3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [113664 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WUDFRd; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation) [File not signed]
U3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation) [File not signed]
U3 GENERICDRV; \??\C:\Users\Kay\AppData\Local\Temp\Rar$EXa0.492\AfuWin64\amifldrv64.sys [X]
U3 MFE_RR; \??\C:\Users\Kay\AppData\Local\Temp\mfe_rr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-14 21:19 - 2015-05-14 21:20 - 00066715 _____ () C:\Users\Kay\Downloads\FRST.txt.txt
2015-05-14 21:18 - 2015-05-14 21:19 - 00000000 ____D () C:\FRST
2015-05-14 21:18 - 2015-05-14 21:18 - 02105856 _____ (Farbar) C:\Users\Kay\Downloads\FRST64.exe
2015-05-14 21:07 - 2015-05-14 21:07 - 00204810 _____ () C:\Users\Kay\Downloads\OTL.Txt
2015-05-14 21:07 - 2015-05-14 21:07 - 00075786 _____ () C:\Users\Kay\Downloads\Extras.Txt
2015-05-14 20:39 - 2015-05-14 20:40 - 00000000 ____D () C:\ProgramData\Sophos
2015-05-14 20:39 - 2015-05-14 20:39 - 00000077 _____ () C:\WINDOWS\setupact.log
2015-05-14 20:39 - 2015-05-14 20:39 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-05-14 20:38 - 2015-05-14 20:38 - 00002280 _____ () C:\WINDOWS\logboot_14.05.2015.tureg.log
2015-05-14 20:36 - 2015-05-14 20:36 - 00002775 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-05-14 20:36 - 2015-05-14 20:36 - 00002775 _____ () C:\ProgramData\Desktop\Sophos Virus Removal Tool.lnk
2015-05-14 20:36 - 2015-05-14 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-05-14 20:22 - 2015-05-14 20:22 - 00295313 _____ () C:\Users\Kay\Downloads\Autoruns.zip
2015-05-14 20:22 - 2015-05-14 20:22 - 00295313 _____ () C:\Users\Kay\Downloads\Autoruns (1).zip
2015-05-14 20:21 - 2015-05-14 20:21 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Software
2015-05-14 20:10 - 2015-05-14 20:10 - 00001282 _____ () C:\Users\Kay\Desktop\Revo Uninstaller.lnk
2015-05-14 20:10 - 2015-05-14 20:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-14 20:08 - 2015-05-14 20:08 - 01203488 _____ () C:\Users\Kay\Downloads\Revo Uninstaller - CHIP-Installer.exe
2015-05-14 19:44 - 2015-05-14 21:01 - 00111875 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-13 03:24 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:24 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:19 - 2015-05-13 03:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 03:18 - 2015-05-13 03:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 03:18 - 2015-05-13 03:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 03:00 - 2015-05-13 03:00 - 00000000 _____ () C:\Users\Kay\Desktop\Neues Textdokument (4).txt
2015-05-13 00:12 - 2015-05-13 00:31 - 303890083 _____ () C:\Users\Kay\Desktop\sugarbaby1.mp4
2015-05-12 20:34 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-12 20:34 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-12 20:33 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-12 20:33 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-12 20:33 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-12 20:33 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-12 20:33 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-12 20:33 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-12 20:33 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-12 20:33 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-12 20:33 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-12 20:33 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-12 20:33 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-12 20:33 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-12 20:33 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-12 20:33 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-12 20:33 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-12 20:33 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-12 20:33 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-12 20:33 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-12 20:33 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-12 20:33 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-12 20:33 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-12 20:33 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-12 20:33 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-12 20:33 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-12 20:33 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-12 20:33 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-12 20:33 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-12 20:33 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-12 20:33 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-12 20:33 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-12 20:33 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-12 20:33 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-12 20:33 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-12 20:33 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-12 20:33 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-12 20:33 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-12 20:33 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-12 20:33 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-12 20:33 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-12 20:33 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-12 20:33 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-12 20:33 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-12 20:33 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-12 20:33 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-12 20:33 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-12 20:33 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-12 20:33 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-12 20:33 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-11 04:06 - 2015-05-11 04:17 - 171822746 _____ () C:\Users\Kay\Desktop\black angel.mp4
2015-05-11 01:38 - 2015-05-11 02:36 - 924734625 _____ () C:\Users\Kay\Desktop\blond jennifer.mp4
2015-05-09 03:42 - 2015-05-09 04:00 - 291529144 _____ () C:\Users\Kay\Desktop\hothot hot.mp4
2015-05-08 18:56 - 2015-05-08 19:19 - 359372269 _____ () C:\Users\Kay\Desktop\sasha.mp4
2015-05-08 02:08 - 2015-05-08 02:08 - 00001045 _____ () C:\Users\Public\Desktop\Free Hide IP.lnk
2015-05-08 02:08 - 2015-05-08 02:08 - 00001045 _____ () C:\ProgramData\Desktop\Free Hide IP.lnk
2015-05-08 01:45 - 2015-05-08 01:45 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Comodo
2015-05-08 01:44 - 2015-05-08 01:44 - 38801392 _____ (COMODO) C:\Users\Kay\Downloads\icedragonsetup.exe
2015-05-08 01:44 - 2015-05-08 01:44 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2015-05-08 01:44 - 2015-05-08 01:44 - 00001152 _____ () C:\Users\Public\Desktop\Comodo IceDragon.lnk
2015-05-08 01:44 - 2015-05-08 01:44 - 00001152 _____ () C:\ProgramData\Desktop\Comodo IceDragon.lnk
2015-05-08 00:22 - 2015-05-08 00:22 - 00365302 _____ () C:\Users\Kay\Downloads\SysInspector-KSIN-150508-0002.zip
2015-05-08 00:17 - 2015-05-08 00:18 - 119275136 _____ (Sophos Limited) C:\Users\Kay\Downloads\sophos_virus_removal_tool.exe
2015-05-08 00:03 - 2015-05-08 00:03 - 00602112 _____ (OldTimer Tools) C:\Users\Kay\Downloads\otl.exe
2015-05-08 00:00 - 2015-05-08 00:01 - 03673800 _____ (ESET) C:\Users\Kay\Downloads\SysInspector.exe
2015-05-07 23:45 - 2015-05-07 23:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe
2015-05-07 23:44 - 2015-05-07 23:45 - 05008664 _____ (Adobe Systems Inc.) C:\Users\Kay\Downloads\Shockwave_Installer_Slim.exe
2015-05-07 23:35 - 2015-05-08 04:45 - 00027400 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll
2015-05-07 23:35 - 2015-05-08 04:45 - 00024328 _____ (COMODO CA Limited) C:\WINDOWS\SysWOW64\certsentry.dll
2015-05-07 23:35 - 2015-05-08 04:45 - 00024296 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.exe
2015-05-07 23:35 - 2015-05-08 04:45 - 00001928 _____ () C:\WINDOWS\System32\Tasks\COMODO CertSentry Updater
2015-05-07 23:35 - 2015-05-08 01:44 - 00000000 ____D () C:\Program Files (x86)\Comodo
2015-05-07 23:35 - 2015-05-07 23:37 - 00001133 _____ () C:\Users\Kay\Desktop\Internet (Chromodo).lnk
2015-05-07 23:30 - 2015-05-07 23:32 - 50556688 _____ (Comodo) C:\Users\Kay\Downloads\chromiumsecuresetup.exe
2015-05-07 23:09 - 2015-05-13 17:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-07 23:09 - 2015-05-13 03:54 - 00001173 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-07 23:09 - 2015-05-13 03:54 - 00001161 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-07 23:09 - 2015-05-13 03:54 - 00001161 _____ () C:\ProgramData\Desktop\Mozilla Firefox.lnk
2015-05-07 23:07 - 2015-05-07 23:07 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\TrojanHunter
2015-05-07 22:53 - 2015-05-07 22:54 - 02204160 _____ () C:\Users\Kay\Downloads\adwcleaner_4.203.exe
2015-05-07 22:52 - 2015-05-07 23:24 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.6
2015-05-07 22:52 - 2015-05-07 22:52 - 00059392 ____R () C:\WINDOWS\SysWOW64\streamhlp.dll
2015-05-07 22:52 - 2015-05-07 22:52 - 00001099 _____ () C:\Users\Kay\Desktop\TrojanHunter.lnk
2015-05-07 22:52 - 2015-05-07 22:52 - 00000000 ____D () C:\ProgramData\TrojanHunter
2015-05-07 22:52 - 2015-05-07 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter
2015-05-07 22:36 - 2015-05-07 22:36 - 00000999 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-05-07 22:36 - 2015-05-07 22:36 - 00000999 _____ () C:\ProgramData\Desktop\AVG 2015.lnk
2015-05-07 22:36 - 2015-05-07 22:36 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\AVG2015
2015-05-07 22:36 - 2015-05-07 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-05-07 22:35 - 2015-05-07 22:36 - 00000000 ____D () C:\ProgramData\AVG2015
2015-05-07 22:35 - 2015-05-07 22:35 - 00000000 ___HD () C:\$AVG
2015-05-07 22:33 - 2015-05-07 22:34 - 00000034 _____ () C:\WINDOWS\AvastEmUpdate.ini
2015-05-07 22:30 - 2015-05-07 22:44 - 00000000 ____D () C:\Users\Kay\AppData\Local\Avg2015
2015-05-07 21:26 - 2015-05-08 01:23 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-05-07 21:26 - 2015-05-08 01:22 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-05-07 21:26 - 2015-05-07 21:26 - 00002537 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-07 21:26 - 2015-05-07 21:26 - 00002537 _____ () C:\ProgramData\Desktop\Google Chrome.lnk
2015-05-07 21:26 - 2015-05-07 21:26 - 00001273 _____ () C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-07 21:26 - 2015-05-07 21:26 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\VOPackage
2015-05-07 21:26 - 2015-05-07 21:26 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\oursurfing
2015-05-07 21:26 - 2015-05-07 21:26 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-05-07 21:26 - 2015-05-07 21:26 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Could not connect. Error code = 0x-1431026818---
2015-05-07 21:26 - 2015-05-07 21:26 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-05-07 21:25 - 2015-05-14 21:18 - 00146674 _____ () C:\WINDOWS\system32\Drivers\fvstore.dat
2015-05-07 21:25 - 2015-05-14 20:21 - 00000000 ___HD () C:\VTRoot
2015-05-07 21:23 - 2014-01-13 23:50 - 00023608 _____ (Christian Gulden) C:\WINDOWS\system32\Drivers\pimou.sys
2015-05-07 21:21 - 2015-01-06 18:03 - 00413960 _____ (Texas Instruments Incorporated) C:\WINDOWS\system32\Drivers\tixhci.sys
2015-05-07 21:04 - 2015-05-07 21:04 - 00000000 ____D () C:\translations
2015-05-07 21:04 - 2015-05-07 21:04 - 00000000 ____D () C:\cis
2015-05-07 21:04 - 2015-04-01 19:45 - 03454680 _____ (Terra Informatica Software, Inc.) C:\cmdhtml.dll
2015-05-07 21:04 - 2015-04-01 19:45 - 01238744 _____ (COMODO) C:\cmdstat.dll
2015-05-07 21:04 - 2015-04-01 19:44 - 00281816 _____ (Igor Pavlov) C:\7za.dll
2015-05-07 21:04 - 2015-04-01 19:43 - 04479704 _____ (COMODO) C:\cmdinstall.exe
2015-05-07 21:04 - 2015-03-24 04:02 - 02378448 _____ (COMODO Security Solutions) C:\bsm_chrome.exe
2015-05-07 21:02 - 2015-05-07 21:04 - 00001512 __RSH () C:\WINDOWS\SysWOW64\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
2015-05-07 21:02 - 2015-05-07 21:04 - 00000642 _____ () C:\WINDOWS\SysWOW64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2015-05-07 21:02 - 2015-05-07 21:02 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2015-05-07 20:49 - 2015-05-14 21:08 - 00016448 _____ () C:\WINDOWS\system32\Drivers\sfi.dat
2015-05-07 20:49 - 2015-05-07 20:49 - 00000000 ____D () C:\WINDOWS\System32\Tasks\COMODO
2015-05-07 20:47 - 2015-05-07 20:47 - 00000000 ____D () C:\ProgramData\Shared Space
2015-05-07 20:45 - 2015-05-08 01:45 - 00000000 ____D () C:\Users\Kay\AppData\Local\Comodo
2015-05-07 20:45 - 2015-05-08 01:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-05-07 20:45 - 2015-05-07 20:47 - 00000000 ____D () C:\Program Files\COMODO
2015-05-07 20:36 - 2015-05-07 20:49 - 00000000 ____D () C:\ProgramData\Comodo
2015-05-07 20:18 - 2015-05-07 20:18 - 00557183 _____ () C:\Users\Kay\Desktop\bookmarks-2015-05-07.json
2015-05-07 03:58 - 2015-05-07 04:11 - 206929475 _____ () C:\Users\Kay\Desktop\sweet alice.mp4
2015-05-07 00:03 - 2015-05-07 20:41 - 00000050 ___RH () C:\Users\Kay\Downloads\GetSusp.opt
2015-05-06 23:35 - 2015-05-06 23:35 - 00000000 ____D () C:\Snort
2015-05-06 23:04 - 2011-06-30 13:52 - 01667584 _____ () C:\Users\Kay\Desktop\ncat.exe
2015-05-06 23:03 - 2015-05-06 23:03 - 00000218 _____ () C:\Users\Kay\AppData\Local\recently-used.xbel
2015-05-06 22:53 - 2015-05-06 23:03 - 00000000 ____D () C:\Users\Kay\.zenmap
2015-05-06 22:52 - 2015-05-07 04:52 - 00000000 ____D () C:\Program Files (x86)\Nmap
2015-05-06 22:39 - 2015-05-06 22:39 - 00425490 _____ () C:\Users\Kay\AppData\Local\census.cache
2015-05-06 22:39 - 2015-05-06 22:39 - 00190976 _____ () C:\Users\Kay\AppData\Local\ars.cache
2015-05-06 22:37 - 2015-05-06 22:39 - 00000000 ____D () C:\ProgramData\SystemExplorer
2015-05-06 22:37 - 2015-05-06 22:37 - 00001100 _____ () C:\Users\Public\Desktop\System Explorer.lnk
2015-05-06 22:37 - 2015-05-06 22:37 - 00001100 _____ () C:\ProgramData\Desktop\System Explorer.lnk
2015-05-06 22:37 - 2015-05-06 22:37 - 00000010 _____ () C:\Users\Kay\AppData\Local\sponge.last.runtime.cache
2015-05-06 22:37 - 2015-05-06 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
2015-05-06 22:37 - 2015-05-06 22:37 - 00000000 ____D () C:\Program Files (x86)\System Explorer
2015-05-06 22:33 - 2015-05-06 22:34 - 00000000 ____D () C:\Users\Kay\Desktop\filme
2015-05-06 22:32 - 2015-05-06 22:32 - 00000036 _____ () C:\Users\Kay\AppData\Local\housecall.guid.cache
2015-05-06 22:32 - 2013-09-28 04:56 - 00285208 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2015-05-06 22:26 - 2015-01-25 20:10 - 00006069 _____ () C:\Users\Kay\Desktop\cports_lng.ini
2015-05-06 22:18 - 2015-05-06 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2015-05-06 22:17 - 2015-05-07 19:10 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Raptr
2015-05-06 21:40 - 2015-05-14 20:37 - 00000000 ____D () C:\AdwCleaner
2015-05-06 20:48 - 2015-05-06 21:44 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Nico Mak Computing
2015-05-06 19:45 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-06 00:28 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-06 00:28 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-06 00:06 - 2015-05-06 00:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-05-05 23:51 - 2015-05-05 23:51 - 00000000 ____D () C:\Users\Kay\Desktop\Neuer Ordner (3)
2015-05-04 23:27 - 2015-05-04 23:27 - 02355356 _____ () C:\Users\Kay\Downloads\FreeHideIP-4.0.4.6.Setup.exe
2015-05-04 23:22 - 2015-05-04 23:22 - 00000000 _____ () C:\WINDOWS\SysWOW64\RENF3B.tmp
2015-04-30 03:48 - 2015-05-06 21:33 - 00001612 _____ () C:\Users\Kay\Desktop\debug.log
2015-04-30 01:37 - 2015-05-07 23:21 - 00000000 ____D () C:\Users\Kay\Desktop\Neuer Ordner (2)
2015-04-29 19:54 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-04-29 19:54 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-04-29 19:54 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-04-29 19:54 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-04-29 19:54 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-04-29 19:54 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-04-29 19:54 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-04-29 19:53 - 2015-03-13 02:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-04-28 04:40 - 2015-04-28 04:40 - 00002729 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
2015-04-28 04:39 - 2015-04-28 04:39 - 00000000 ____D () C:\Program Files (x86)\MSECache
2015-04-28 03:19 - 2013-04-06 00:26 - 01679360 _____ () C:\WINDOWS\SysWOW64\ac3filter.acm.new
2015-04-28 03:17 - 2015-04-28 03:17 - 00000000 ____D () C:\Program Files (x86)\Shark007
2015-04-28 03:16 - 2015-05-06 21:33 - 00000000 ____D () C:\ProgramData\Advanced
2015-04-28 02:42 - 2015-04-28 02:42 - 00000000 ____D () C:\WINDOWS\pss
2015-04-23 23:06 - 2015-05-04 19:55 - 00000000 ____D () C:\WINDOWS\Hewlett-Packard
2015-04-23 10:14 - 2015-05-06 19:44 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-04-23 10:14 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-04-23 10:14 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-04-23 10:14 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-04-23 10:14 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-04-23 10:14 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-04-23 10:14 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-04-23 10:14 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-04-23 10:14 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-04-23 10:14 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-04-23 10:14 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-04-23 10:14 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-04-23 10:14 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-04-23 10:14 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-04-23 10:14 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-04-23 10:14 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-04-23 10:14 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-04-23 00:56 - 2015-05-09 11:09 - 00000892 _____ () C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-04-23 00:56 - 2015-04-23 00:56 - 00003844 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-04-23 00:31 - 2015-04-23 00:32 - 00000000 ____D () C:\Program Files\UltraDefrag
2015-04-23 00:31 - 2015-04-23 00:31 - 00000874 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraDefrag.lnk
2015-04-23 00:25 - 2015-04-23 00:25 - 00003140 _____ () C:\WINDOWS\System32\Tasks\{595F0CC6-78B3-4146-9AF1-D2D1124AF816}
2015-04-21 06:14 - 2015-04-29 19:41 - 00003696 _____ () C:\WINDOWS\System32\Tasks\Adobe Reader and Acrobat Manager
2015-04-21 06:14 - 2015-04-21 06:14 - 00003704 _____ () C:\WINDOWS\System32\Tasks\Java Platform SE Auto Updater
2015-04-19 15:00 - 2015-04-19 15:00 - 00089600 _____ (UltraDefrag Development Team) C:\WINDOWS\system32\udefrag.exe
2015-04-19 15:00 - 2015-04-19 15:00 - 00033792 _____ (UltraDefrag Development Team) C:\WINDOWS\system32\wgx.dll
2015-04-19 15:00 - 2015-04-19 15:00 - 00013312 _____ (UltraDefrag Development Team) C:\WINDOWS\system32\hibernate4win.exe
2015-04-19 15:00 - 2015-04-19 15:00 - 00012288 _____ (UltraDefrag Development Team) C:\WINDOWS\system32\bootexctrl.exe
2015-04-19 14:59 - 2015-04-19 14:59 - 00394752 _____ (UltraDefrag Development Team) C:\WINDOWS\system32\defrag_native.exe
2015-04-19 14:59 - 2015-04-19 14:59 - 00337920 _____ (UltraDefrag Development Team) C:\WINDOWS\system32\zenwinx.dll
2015-04-19 14:59 - 2015-04-19 14:59 - 00132608 _____ () C:\WINDOWS\system32\lua5.1a.dll
2015-04-19 14:59 - 2015-04-19 14:59 - 00055808 _____ (UltraDefrag Development Team) C:\WINDOWS\system32\udefrag.dll
2015-04-16 03:04 - 2015-04-16 07:20 - 00000014 _____ () C:\Users\Kay\Desktop\Neues Textdokument (3).txt
2015-04-15 23:15 - 2015-04-16 07:20 - 00000089 _____ () C:\Users\Kay\Desktop\kreditkarte online daten.txt
2015-04-15 22:49 - 2015-04-15 22:49 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-04-15 22:49 - 2015-04-15 22:49 - 00002041 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-04-15 22:49 - 2015-04-15 22:49 - 00002041 _____ () C:\ProgramData\Desktop\Adobe Reader XI.lnk
2015-04-15 22:21 - 2015-05-07 21:07 - 00001464 _____ () C:\Users\Kay\Desktop\PatchMyPC - Verknüpfung.lnk
2015-04-15 22:17 - 2015-04-28 04:15 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-15 22:17 - 2015-04-15 22:49 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-15 22:17 - 2015-04-15 22:17 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-04-15 22:17 - 2015-04-15 22:17 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-04-15 22:07 - 2015-04-15 22:07 - 00000000 ____D () C:\ProgramData\AmUStor
2015-04-15 22:07 - 2015-04-15 22:07 - 00000000 ____D () C:\Program Files (x86)\AmUStor
2015-04-15 22:07 - 2014-11-19 11:29 - 00876760 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys
2015-04-15 22:07 - 2014-11-19 11:29 - 00073800 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2015-04-15 21:52 - 2015-05-06 21:24 - 00000000 ____D () C:\Program Files\Easeware
2015-04-15 21:52 - 2015-04-15 21:52 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Easeware
2015-04-15 21:48 - 2015-05-03 21:42 - 00554528 _____ (www.patchmypc.net) C:\Users\Kay\Downloads\PatchMyPC.exe
2015-04-15 21:01 - 2015-04-15 21:01 - 00001624 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
2015-04-15 21:00 - 2015-04-15 21:00 - 00000093 _____ () C:\Users\Kay\AppData\Roaming\ARCompanion.log
2015-04-15 15:36 - 2015-01-06 05:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-04-15 15:36 - 2015-01-06 04:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-04-15 15:36 - 2015-01-06 03:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-04-15 15:36 - 2015-01-06 03:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-04-15 13:06 - 2015-04-15 13:06 - 00256992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx64.sys
2015-04-15 12:52 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 12:52 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 12:52 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 12:52 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 12:52 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 12:52 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 12:52 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 12:52 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 12:52 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 12:52 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 12:52 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 12:52 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 12:52 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 12:52 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 12:52 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 12:52 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 12:52 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 12:52 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-14 16:09 - 2014-04-30 08:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2015-04-14 16:09 - 2014-04-30 08:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-14 21:20 - 2015-02-11 04:25 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\SlimBrowser
2015-05-14 21:05 - 2015-03-02 12:50 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-14 21:04 - 2015-03-11 23:16 - 00007622 _____ () C:\Users\Kay\AppData\Local\Resmon.ResmonCfg
2015-05-14 21:03 - 2015-03-10 23:50 - 00003906 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9258BA3B-CC89-4021-B23D-871BCB404B47}
2015-05-14 21:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-14 20:52 - 2015-03-05 23:38 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-05-14 20:44 - 2014-12-10 20:47 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4150589384-1404209100-33404022-1001
2015-05-14 20:39 - 2015-03-24 19:52 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-14 20:39 - 2015-03-10 23:20 - 00000334 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForKay.job
2015-05-14 20:39 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-14 20:38 - 2013-08-22 15:25 - 76546048 _____ () C:\WINDOWS\system32\config\SOFTWARE_tureg_old
2015-05-14 20:38 - 2013-08-22 15:25 - 12582912 _____ () C:\WINDOWS\system32\config\SYSTEM_tureg_old
2015-05-14 20:38 - 2013-08-22 15:25 - 00524288 _____ () C:\WINDOWS\system32\config\DEFAULT_tureg_old
2015-05-14 20:38 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-14 20:38 - 2013-08-22 15:25 - 00024576 _____ () C:\WINDOWS\system32\config\SECURITY_tureg_old
2015-05-14 20:38 - 2013-08-22 15:25 - 00024576 _____ () C:\WINDOWS\system32\config\SAM_tureg_old
2015-05-14 20:35 - 2015-03-02 22:54 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-05-14 20:26 - 2014-12-11 21:36 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Skype
2015-05-14 20:23 - 2014-12-10 20:55 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-14 20:16 - 2015-03-10 23:20 - 00003144 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForKay
2015-05-14 20:01 - 2015-03-22 22:47 - 00000000 ____D () C:\Users\Kay\AppData\Local\CrashDumps
2015-05-14 19:58 - 2015-04-13 21:55 - 00000000 ____D () C:\Program Files (x86)\FreeHideIP
2015-05-14 15:52 - 2015-01-05 18:32 - 00000000 ____D () C:\Users\Kay\AppData\Local\Spotify
2015-05-14 15:09 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-14 09:14 - 2015-01-05 18:30 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Spotify
2015-05-14 08:41 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-14 08:18 - 2015-03-11 04:58 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-14 08:13 - 2015-03-10 22:39 - 00000000 ____D () C:\Users\Kay
2015-05-13 09:14 - 2014-12-10 20:49 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\vlc
2015-05-13 06:20 - 2014-12-02 21:46 - 00000000 ____D () C:\Users\Kay\Desktop\evaer skype mitschnitte
2015-05-13 03:54 - 2015-04-07 22:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-13 03:53 - 2014-12-10 20:55 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-05-13 03:46 - 2013-08-22 16:44 - 00355136 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-13 03:25 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-13 03:24 - 2014-12-11 11:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-13 03:20 - 2014-12-11 11:00 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-13 03:15 - 2014-11-21 05:13 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-12 23:33 - 2015-01-25 22:28 - 00000000 ____D () C:\Users\Kay\Desktop\Musik Januar 2015
2015-05-08 17:07 - 2015-04-13 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Hide IP
2015-05-08 01:45 - 2014-12-10 20:46 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Mozilla
2015-05-07 22:39 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-07 22:35 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-05-07 22:33 - 2015-03-02 12:54 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-05-07 21:16 - 2015-03-21 17:20 - 00000558 _____ () C:\WINDOWS\wininit.ini
2015-05-07 21:07 - 2015-01-05 18:32 - 00002030 _____ () C:\Users\Kay\Desktop\Spotify.lnk
2015-05-07 20:49 - 2014-11-21 04:45 - 01103942 _____ () C:\WINDOWS\system32\perfh007.dat
2015-05-07 20:49 - 2014-11-21 04:45 - 00278380 _____ () C:\WINDOWS\system32\perfc007.dat
2015-05-07 20:37 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-07 03:39 - 2014-12-12 04:19 - 00003830 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1418350790
2015-05-07 03:39 - 2014-12-12 04:19 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-05-07 00:01 - 2015-02-11 04:25 - 00000000 ____D () C:\Program Files (x86)\SlimBrowser
2015-05-06 22:18 - 2015-03-06 03:41 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-05-06 22:17 - 2015-03-10 21:05 - 00000000 ____D () C:\Program Files\AMD
2015-05-06 22:16 - 2015-03-10 22:38 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-06 21:29 - 2012-11-22 00:24 - 00000000 ____D () C:\Program Files\Intel
2015-05-06 21:29 - 2012-11-22 00:24 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-05-06 00:15 - 2015-03-10 22:45 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-05-06 00:06 - 2015-03-02 22:18 - 00000000 ____D () C:\Program Files\Java
2015-05-05 19:59 - 2014-11-21 13:01 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:59 - 2014-11-21 13:01 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-05 18:34 - 2014-12-11 22:22 - 00002768 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-05-04 23:23 - 2015-03-21 18:47 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-04 23:20 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed
2015-04-29 21:17 - 2015-04-08 22:32 - 00000000 ____D () C:\Users\Kay\Desktop\bilder
2015-04-29 19:39 - 2015-03-12 05:50 - 00009733 _____ () C:\WINDOWS\SysWOW64\Gms.log
2015-04-28 16:55 - 2014-12-11 21:35 - 00000000 ____D () C:\ProgramData\Skype
2015-04-28 16:52 - 2014-12-11 22:22 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-28 16:52 - 2014-12-11 22:22 - 00000836 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2015-04-28 16:52 - 2014-12-11 22:22 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-28 04:40 - 2014-12-18 01:50 - 00012889 ____H () C:\WINDOWS\SysWOW64\BTImages.dat
2015-04-28 04:40 - 2012-11-22 00:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-04-28 04:15 - 2014-12-10 20:54 - 00000000 ____D () C:\Users\Kay\AppData\Local\Adobe
2015-04-28 04:15 - 2014-12-10 20:40 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Adobe
2015-04-28 03:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Registration
2015-04-28 03:10 - 2014-12-10 20:39 - 00000000 ____D () C:\Users\Kay\AppData\Local\Packages
2015-04-28 01:33 - 2015-03-09 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bazooka Scanner
2015-04-25 13:02 - 2014-11-21 05:35 - 01984420 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-23 23:06 - 2012-08-02 05:15 - 00000000 ____D () C:\SWSETUP
2015-04-23 10:15 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-04-23 10:15 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-04-22 20:03 - 2015-03-24 19:52 - 00001116 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-22 20:03 - 2015-03-24 19:52 - 00001116 _____ () C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-22 20:03 - 2015-03-24 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-04-22 20:03 - 2015-03-24 19:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-04-21 17:51 - 2014-12-11 21:58 - 00000959 _____ () C:\Users\Kay\Desktop\Evaer.lnk
2015-04-21 01:56 - 2014-12-10 20:49 - 00000889 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-04-21 01:56 - 2014-12-10 20:49 - 00000889 _____ () C:\ProgramData\Desktop\VLC media player.lnk
2015-04-17 02:15 - 2015-03-12 21:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-15 22:50 - 2015-03-02 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-15 22:30 - 2015-04-07 10:16 - 00000000 ____D () C:\Users\Kay\Desktop\cam neu
2015-04-15 22:07 - 2015-03-12 05:21 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-04-15 22:07 - 2012-11-22 00:24 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-15 21:57 - 2015-03-22 22:52 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-04-15 21:41 - 2015-04-07 01:03 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\422D0373.sys
2015-04-15 21:01 - 2014-12-23 08:28 - 00000000 ____D () C:\Users\Kay\AppData\Local\Citrix
2015-04-15 21:01 - 2014-12-23 08:28 - 00000000 ____D () C:\Program Files (x86)\Citrix
2015-04-15 20:19 - 2014-12-23 08:29 - 00000000 ____D () C:\ProgramData\Citrix
2015-04-14 09:38 - 2015-03-24 19:52 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2015-03-24 19:52 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2015-03-24 19:52 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
==================== Files in the root of some directories =======
2015-04-15 21:00 - 2015-04-15 21:00 - 0000093 _____ () C:\Users\Kay\AppData\Roaming\ARCompanion.log
2014-12-29 22:40 - 2014-12-29 22:40 - 0001167 _____ () C:\Users\Kay\AppData\Roaming\trace_FilterInstaller.txt
2014-12-29 22:40 - 2014-12-29 22:40 - 0000000 _____ () C:\Users\Kay\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2015-05-06 22:39 - 2015-05-06 22:39 - 0190976 _____ () C:\Users\Kay\AppData\Local\ars.cache
2015-05-06 22:39 - 2015-05-06 22:39 - 0425490 _____ () C:\Users\Kay\AppData\Local\census.cache
2015-05-06 22:32 - 2015-05-06 22:32 - 0000036 _____ () C:\Users\Kay\AppData\Local\housecall.guid.cache
2015-05-06 23:03 - 2015-05-06 23:03 - 0000218 _____ () C:\Users\Kay\AppData\Local\recently-used.xbel
2015-03-11 23:16 - 2015-05-14 21:04 - 0007622 _____ () C:\Users\Kay\AppData\Local\Resmon.ResmonCfg
2015-05-06 22:37 - 2015-05-06 22:37 - 0000010 _____ () C:\Users\Kay\AppData\Local\sponge.last.runtime.cache
Some content of TEMP:
====================
C:\Users\Kay\AppData\Local\Temp\Quarantine.exe
C:\Users\Kay\AppData\Local\Temp\sqlite3.dll
C:\Users\Kay\AppData\Local\Temp\E910.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe
[2014-11-21 06:04] - [2014-11-21 06:04] - 0572416 ____A (Microsoft Corporation) EC498BAE1F0D3E0E401C963F8D76C437
C:\Windows\System32\wininit.exe
[2014-11-21 06:03] - [2014-11-21 06:03] - 0145920 ____A (Microsoft Corporation) A570A64292214C43E0BA50E6A72A6380
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll
[2014-11-21 06:03] - [2014-11-21 06:03] - 1376256 ____A (Microsoft Corporation) 76C5CF09F53A3B089B5581B9938F8CAE
C:\Windows\System32\userinit.exe
[2014-11-21 06:03] - [2014-11-21 06:03] - 0026112 ____A (Microsoft Corporation) 5C131534A3EA4A461A793FB507A8004F
C:\Windows\SysWOW64\userinit.exe
[2014-11-21 06:05] - [2014-11-21 06:05] - 0022528 ____A (Microsoft Corporation) D10643FC0095434C819316CA6CD748C0
C:\Windows\System32\rpcss.dll
[2014-11-21 06:03] - [2014-11-21 06:03] - 0817664 ____A (Microsoft Corporation) A6F17C299A03BAFEFB9257C462A19E00
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-12 04:24
==================== End Of Log ============================
[/CODE] |
|
14.05.2015, 23:00
| #7 |
| | Malware - Logfileauswertung - Rechner stürzt ab oder friert ein FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2015 01
Ran by Kay at 2015-05-14 21:20:37
Running from C:\Users\Kay\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4150589384-1404209100-33404022-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-4150589384-1404209100-33404022-501 - Limited - Disabled)
Kay (S-1-5-21-4150589384-1404209100-33404022-1001 - Administrator - Enabled) => C:\Users\Kay
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
6660 (HKLM\...\{d1e17d14-cabc-4f6f-9f46-c7ecf813645e}.sdb) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{0E3C52E0-B4F1-4D1E-B172-E390813BD9FE}) (Version: 12.1.8.158 - Adobe Systems, Inc)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5941 - AVG Technologies)
AVG 2015 (Version: 15.0.4342 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5941 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (de-DE) (x32 Version: 15.0.1001.403 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.403 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.403 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Chromodo (HKLM-x32\...\Chromodo) (Version: 36.7.0.8 - Comodo)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.100.14 - Citrix Systems, Inc.)
Comodo IceDragon (HKLM-x32\...\Comodo IceDragon) (Version: 26.0.0.2 - COMODO)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Evaer Video Recorder for Skype 1.6.2.81 (HKLM-x32\...\Evaer Video Recorder for Skype) (Version: 1.6.2.81 - Evaer Technology)
FFsplit version 0.7 (HKLM-x32\...\{82458834-6226-4A34-AE96-6907354F9F36}_is1) (Version: 0.7 - FFsplit Team)
FlashPeak SlimBrowser (HKLM-x32\...\SlimBrowser) (Version: 7.00.118 - FlashPeak Inc.)
Free Driver Scout (Version: 1.0.0.0 - Covus Freemium) Hidden
Free Hide IP (HKLM-x32\...\FreeHideIP) (Version: 4.0.4.6 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{904822F1-6C7D-4B91-B936-6A1C0810544C}) (Version: 7.7.34.34 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6486.0 - IDT)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 38.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0 (x86 de)) (Version: 38.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0 - Mozilla)
Online Plug-in (x32 Version: 14.2.100.14 - Citrix Systems, Inc.) Hidden
Opera Stable 29.0.1795.47 (HKLM-x32\...\Opera 29.0.1795.47) (Version: 29.0.1795.47 - Opera Software ASA)
oursurfing uninstall (HKLM-x32\...\oursurfing uninstall) (Version: - oursurfing)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.37.1119.2014 - Realtek)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Self-Service Plug-in (x32 Version: 4.2.100.5943 - Citrix Systems, Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Spotify (HKU\S-1-5-21-4150589384-1404209100-33404022-1001\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Explorer 6.4.1 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version: - Mister Group)
TrojanHunter 5.6 (HKLM-x32\...\TrojanHunter_is1) (Version: 5.6 - Bytelayer AB)
Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 6.1.0 - UltraDefrag Development Team)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )
Wisdom-soft AutoScreenRecorder 3.1 Free (HKLM-x32\...\Wisdom-soft AutoScreenRecorder 3.1 Free) (Version: - Wisdom Software Inc.)
Xvid MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version: - Xvid Development Team)
Z-defragRAM (HKLM-x32\...\{0F9F096B-9EF0-43A2-91C8-4613835312F7}) (Version: 2.7 - IMU Andreas Baumann)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
Could not list restore points.
Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0166BE92-E85C-4D58-B42B-76A223744E9C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {041E3B49-7645-4026-A126-550A4F7FCB57} - System32\Tasks\Opera scheduled Autoupdate 1418350790 => C:\Program Files (x86)\Opera\launcher.exe [2015-04-17] (Opera Software)
Task: {064D544E-534E-47B2-B378-BF8AC99A5BE7} - System32\Tasks\HPCeeScheduleForKay => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {06FD6947-C07D-43F5-917D-96949ECCBEC8} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-01] (COMODO)
Task: {0B8CCDA9-8FBF-4DFC-A0F2-6E26AB9B3798} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12] (Google Inc.)
Task: {0EE85968-70F1-45C8-A9BC-49D9D46CD2AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {1FA4C652-384D-49C2-911B-2D72E042B4C8} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-02-25] (AVG Technologies)
Task: {26574986-3D89-42A8-A421-E9C937822A2B} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-03] (Adobe Systems Incorporated)
Task: {2A158B0E-909D-477E-A637-86C3CEB069FF} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-01] (COMODO)
Task: {2AB7EB56-7A16-41FD-844C-7CBF242FA9E2} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {2BAA0D1B-F4AF-49FD-A059-0B2C46B35B0C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-13] (Adobe Systems Incorporated)
Task: {358C9648-FDB2-4354-AB2F-B6C166B35434} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {378BA3E7-102C-44D5-B8FE-21E368AF4E35} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-30] (Oracle Corporation)
Task: {56A94B60-6CA2-41FD-8E50-47909C2084FD} - System32\Tasks\{FFB1F607-491A-4BB5-BD8F-B674B307B6E7} => pcalua.exe -a C:\Users\Kay\Downloads\sp64086(1).exe -d C:\Users\Kay\Downloads
Task: {62E2B738-3E10-4DFF-A696-F7F415F7DA05} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
Task: {699BC7E8-E8AC-4B6B-AFA7-36E97400DC97} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-13] (Microsoft Corporation)
Task: {80837993-11F6-47A7-905A-249E85792F49} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
Task: {816F858A-D31F-46A0-9D94-44787E7DE0F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {89DB0D18-2D4E-4442-A0B4-DEFE51E20E00} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-01] (COMODO)
Task: {90C5894D-9DE5-48CE-918D-8F336012C85B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {9B9C5E8A-551C-46C8-A782-13F72AA7B463} - System32\Tasks\COMODO CertSentry Updater => C:\WINDOWS\system32\certsentry.exe [2015-05-08] (COMODO CA Limited)
Task: {A75A3471-5E14-4321-BE99-96B460BE53AA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {A7D94A89-1BD8-4078-9A5D-EB0D7F809612} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {B6BE3E9D-420C-4E52-A558-A193669AD63F} - System32\Tasks\{595F0CC6-78B3-4146-9AF1-D2D1124AF816} => pcalua.exe -a C:\Users\Kay\Downloads\ultradefrag-6.1.0.bin.i386.exe -d C:\Users\Kay\Downloads
Task: {BD495CD7-EA9D-4847-AE18-9F5E91F28F32} - System32\Tasks\avastBCLRestartS-1-5-21-4150589384-1404209100-33404022-1001 => Chrome.exe
Task: {BF5C0672-B11C-4F2C-8302-C97B7DD378C2} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-04-01] (COMODO)
Task: {CB1D8795-F139-4B62-A189-165E9D9CAE98} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {D87BE9EA-77F1-4ADC-9280-1EC2BB4B01FC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {DEBA5FD9-AB37-43AC-9480-F9F90958B718} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {E8A1F6AF-37BF-435C-859B-ED07A53F949F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
Task: {EEC3A223-5751-411C-AE2E-2A415B1B5C1D} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-04-01] (COMODO)
Task: {F75CACC1-193C-49EB-A874-B0B72B36024B} - System32\Tasks\{324F385C-BCCB-4650-A3D8-964679D07F3A} => pcalua.exe -a C:\Users\Kay\Downloads\sp63931.exe -d C:\Users\Kay\Downloads
Task: {F7BBBECA-2B8C-497F-9A2F-8AE2D00666D4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe [2015-04-23] (Adobe Systems Incorporated)
Task: {F8269183-E0D9-4033-B4DF-166413BCBA97} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {FF35A80F-6C9C-4F7C-814A-5AE345D88CCB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForKay.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) ==============
2015-03-02 13:00 - 2015-03-10 19:58 - 00620056 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2015-02-25 10:25 - 2015-02-25 10:25 - 00712504 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2015-02-25 10:25 - 2015-02-25 10:25 - 00855864 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00143891 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 02750483 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00618515 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00079379 _____ () C:\Program Files\VideoLAN\VLC\libgcc_s_seh-1.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00038419 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00035347 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00083987 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00075795 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 02479123 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00111123 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00259603 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00083475 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00051731 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00066579 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00672275 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00825363 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00132627 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00047635 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\librar_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00018963 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00142867 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 01597459 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00341523 _____ () C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 01478163 _____ () C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00021011 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00060435 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00032275 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00044051 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00331795 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00021011 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00192019 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 12272659 _____ () C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00837139 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00020499 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00027667 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00088083 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00027667 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00042003 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00036883 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00229907 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00026643 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00101395 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00078355 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00101395 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00041491 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00086547 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00022547 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00024595 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00030739 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00030739 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00023571 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00021523 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_hevc_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 14624275 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00023571 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00323091 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00023571 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00345619 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 01513491 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00025107 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00042003 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00048659 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00430099 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00031251 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 01805331 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00418835 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00024083 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2015-04-16 16:15 - 2015-04-16 16:15 - 00018963 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00026643 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00141331 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00188947 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00083987 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 01507859 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00029203 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00017939 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00018963 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00024595 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00018451 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00022035 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2015-04-16 16:16 - 2015-04-16 16:16 - 00043539 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
2015-04-19 14:59 - 2015-04-19 14:59 - 00132608 _____ () C:\WINDOWS\SYSTEM32\lua5.1a.dll
2015-03-02 13:00 - 2015-03-02 13:00 - 01718808 ____N () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2012-05-17 06:26 - 2012-05-17 06:26 - 00088496 _____ () C:\Program Files (x86)\SlimBrowser\easyhook32.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Kay\Desktop\black_tribal_tattoo.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Kay\Desktop\sassdaa.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Kay\Downloads\adwcleaner_4.203.exe:$CmdZnID
AlternateDataStreams: C:\Users\Kay\Downloads\Autoruns (1).zip:$CmdZnID
AlternateDataStreams: C:\Users\Kay\Downloads\Autoruns.zip:$CmdZnID
AlternateDataStreams: C:\Users\Kay\Downloads\chromiumsecuresetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Kay\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Kay\Downloads\icedragonsetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Kay\Downloads\otl.exe:$CmdZnID
AlternateDataStreams: C:\Users\Kay\Downloads\Revo Uninstaller - CHIP-Installer.exe:$CmdZnID
AlternateDataStreams: C:\Users\Kay\Downloads\Shockwave_Installer_Slim.exe:$CmdZnID
AlternateDataStreams: C:\Users\Kay\Downloads\sophos_virus_removal_tool.exe:$CmdZnID
AlternateDataStreams: C:\Users\Kay\Downloads\SysInspector.exe:$CmdZnID
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4150589384-1404209100-33404022-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: SkypeUpdate => 2
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-4150589384-1404209100-33404022-1001\...\StartupApproved\StartupFolder: => "AutoScreenRecorder 3.1 Free.lnk"
HKU\S-1-5-21-4150589384-1404209100-33404022-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-4150589384-1404209100-33404022-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4150589384-1404209100-33404022-1001\...\StartupApproved\Run: => "Spotify Web Helper"
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{11189F26-0567-4EAD-8DEC-065C0E500B94}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C15D427E-7245-4311-A2A2-0823D446884E}] => (Allow) LPort=1900
FirewallRules: [{7BBBF20C-8427-471C-8163-C8B14EDA7063}] => (Allow) LPort=2869
FirewallRules: [{B9F23C03-0218-4924-9BF7-2A9600C41CC7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B208889F-EA77-40BD-A9DC-EF6F84E54B43}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{2746DFA3-8E75-4A21-B2E0-6088586AC4E2}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{EC17DA98-F648-460F-A1F5-FCED05921420}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{16145710-DF37-4723-A721-94AF14F39A05}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{42D29625-663D-41F3-83C4-5102FA09D31C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{58C496BC-E370-4C45-8444-6C705B5A8550}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{7E85E69F-BF2A-4950-9EC6-269B281350A6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{4372AED9-14E1-4E7E-A662-B1CF2951A241}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{DCBB82DB-C64C-4E37-8150-BB2D806802E4}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{5A2C32DC-D1B7-4201-9458-E6FC9D4A1980}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{C3B8D569-0F0B-4EAA-829E-22DF6FC7ED05}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{2AF5E779-91AA-46DC-8521-B30797CEA16A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{21CA1512-EF44-4184-8616-DD249BE6541B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{1A44EE7A-3F6F-4B8B-88D8-0C4E522DD61D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
Could not list Devices. Check "winmgmt" service or repair WMI.
==================== Event log errors: =========================
Could not start eventlog service, could not read events.
Systemfehler 123 aufgetreten.
Die Syntax f?r den Dateinamen, Verzeichnisnamen oder die Datentr?gerbezeichnung ist falsch.
[0x7FFD4D7318E0] ANOMALY: meaningless REX prefix used
[0x7FFD4D7318E0] ANOMALY: meaningless REX prefix used
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 42%
Total physical RAM: 6099.11 MB
Available physical RAM: 3529.47 MB
Total Pagefile: 15297.11 MB
Available Pagefile: 12269.74 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:918.27 GB) (Free:750.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:10.98 GB) (Free:1.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: EFCCAA97)
Partition: GPT Partition Type.
==================== End Of Log ============================
[/CODE] |
|
14.05.2015, 23:02
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware - Logfileauswertung - Rechner stürzt ab oder friert ein Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.05.2015, 23:08
| #9 |
| | Malware - Logfileauswertung - Rechner stürzt ab oder friert ein Revo uninstaller habe ich bereits auf meinem Rechner. Allerdings finde ich da nirgends den Eintrag REMOTE Destop Access |
|
15.05.2015, 00:31
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware - Logfileauswertung - Rechner stürzt ab oder friert ein Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Malware - Logfileauswertung - Rechner stürzt ab oder friert ein |
| adobe, adobe flash player, avast, avg, bho, error, explorer, firefox, flash player, format, helper, install.exe, malware, mozilla, opera, ordner, programme, realtek, registry, scan, security, shark, software, stürzt ab, virus, windows |
dann auf 
und dann auf 
. 
Linear-Darstellung
