Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Laptop anscheinden von Viren oder Trojaner befallen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 25.08.2016, 14:24   #1
vick_stan
 
Laptop anscheinden von Viren oder Trojaner befallen - Standard

Laptop anscheinden von Viren oder Trojaner befallen



Hallo liebe Forum-Mitglieder,

mein Laptop ist seit Tagen sehr langsam, nun fährt er auch nicht mehr runter und geht nicht in den Standby-Modus. Sowohl das Ausführen von Befehlen als auch Surfen im Internet ist sehr langsam. Das System hängt sich öfters auf.

Logfiles sind im Anhang.

Vielen Dank im Voraus!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by Com (administrator) on USER (25-08-2016 14:06:12)
Running from C:\Users\Com\Downloads
Loaded Profiles: Com (Available Profiles: Com)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avp.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avpui.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Intel® Corporation) C:\Program Files\Intel\ConnectCenter\bin\CCFManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\STCServ\STCServ.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSmartGestureDetector64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSGPlusBTServer64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\scalc.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelConnectCenter] => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [90112 2015-03-16] (Intel® Corporation)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [247016 2011-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [74752 2015-09-02] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [204560 2016-08-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [226816 2016-05-23] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67864 2016-08-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [831576 2016-08-25] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\Policies\Explorer: [NoDrives] 0x00000000
IFEO\uninst.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{C79A7648-F485-45BF-BE3C-29E6202DDFA5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FD466CB9-31B0-4EA9-8877-1A184043BC69}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-245667631-3740917297-2571881347-1001 -> DefaultScope {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL =
SearchScopes: HKU\S-1-5-21-245667631-3740917297-2571881347-1001 -> {24E0BF82-5E77-4A8A-A1C7-1F5BCD37122E} URL =
SearchScopes: HKU\S-1-5-21-245667631-3740917297-2571881347-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-09] (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-12-15] (DVDVideoSoft Ltd.)
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-09] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-09] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-09] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-12-15] (DVDVideoSoft Ltd.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)

FireFox:
========
FF ProfilePath: C:\Users\Com\AppData\Roaming\Mozilla\Firefox\Profiles\n5zlkxd7.default
FF NetworkProxy: "ftp", "80.77.29.22"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "80.77.29.22"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "socks", "80.77.29.22"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "80.77.29.22"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF user.js: detected! => C:\Users\Com\AppData\Roaming\Mozilla\Firefox\Profiles\n5zlkxd7.default\user.js [2016-03-27]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Com\AppData\Roaming\Mozilla\Firefox\Profiles\n5zlkxd7.default\Extensions\abs@avira.com [2016-08-19]
FF Extension: German Dictionary - C:\Users\Com\AppData\Roaming\Mozilla\Firefox\Profiles\n5zlkxd7.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2016-08-16]
FF Extension: Diccionario Español Argentina - C:\Users\Com\AppData\Roaming\Mozilla\Firefox\Profiles\n5zlkxd7.default\Extensions\es-AR@dictionaries.addons.mozilla.org [2016-04-06] [not signed]
FF Extension: One Click Proxy - C:\Users\Com\AppData\Roaming\Mozilla\Firefox\Profiles\n5zlkxd7.default\Extensions\jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi [2016-04-19]
FF Extension: Avira SafeSearch Plus - C:\Users\Com\AppData\Roaming\Mozilla\Firefox\Profiles\n5zlkxd7.default\Extensions\safesearchplus2@avira.com [2016-08-19]
FF Extension: Adblock Plus - C:\Users\Com\AppData\Roaming\Mozilla\Firefox\Profiles\n5zlkxd7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-12-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-08-20]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-24] [not signed]

Chrome:
=======
CHR DefaultSearchURL: Profile 2 -> hxxps://search.avira.net/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Profile 2 -> Avira
CHR DefaultSuggestURL: Profile 2 -> hxxps://search.avira.net/suggestions?q={searchTerms}&li=ff&hl=en
CHR Profile: C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-17]
CHR Extension: (Google Docs) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-17]
CHR Extension: (Google Drive) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-17]
CHR Extension: (YouTube) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-17]
CHR Extension: (Google Sheets) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-17]
CHR Extension: (Google Docs Offline) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-17]
CHR Extension: (Gmail) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-17]
CHR Profile: C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-26]
CHR Extension: (Google Docs) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-26]
CHR Extension: (Google Drive) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-26]
CHR Extension: (YouTube) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-26]
CHR Extension: (Google Sheets) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-26]
CHR Extension: (Google Docs Offline) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-26]
CHR Extension: (Gmail) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-26]
CHR Profile: C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-26]
CHR Extension: (Google Docs) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-26]
CHR Extension: (Google Drive) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-26]
CHR Extension: (YouTube) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-26]
CHR Extension: (Google Sheets) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-26]
CHR Extension: (Avira Browser Safety) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-08-20]
CHR Extension: (Google Docs Offline) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-27]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2016-08-20]
CHR Extension: (Kaspersky Protection) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-08-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-26]
CHR Extension: (Gmail) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-26]
CHR Extension: (Chrome Media Router) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [988184 2016-08-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [470600 2016-08-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [470600 2016-08-25] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1453696 2016-08-25] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations) [File not signed]
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1097488 2016-08-18] (AVG Technologies CZ, s.r.o.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [320672 2016-08-04] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [234352 2016-07-29] (Avira Operations GmbH & Co. KG)
R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-09-02] (Freemake) [File not signed]
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 STCServ; C:\Program Files\Intel\STCServ\STCServ.exe [8095456 2015-03-16] (Intel Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4878096 2016-08-19] (AVG Technologies CZ, s.r.o.)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-25] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69904 2015-10-07] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [144664 2016-07-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [154392 2016-07-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-07-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-07-18] (Avira Operations GmbH & Co. KG)
R3 bcmsmbsp; C:\Windows\System32\drivers\bcmsmbsp.sys [40152 2013-09-09] (Broadcom Corporation.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-04] ()
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79752 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [182664 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [237400 2016-08-20] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [992600 2016-08-20] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [51288 2016-04-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
S4 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87984 2016-08-20] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [110424 2016-08-20] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
S3 massfilter; C:\Windows\System32\drivers\ztembbmassfilter.sys [15360 2012-11-23] (MBB Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-25] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-11] (Intel Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-03-29] (AVG Netherlands B.V.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2013-10-31] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [236888 2013-10-31] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 ZTEusbmdm6k; C:\Windows\system32\DRIVERS\ztembbusbmdm.sys [123264 2012-11-23] (ZTE Incorporated)
S3 ZTEusbnmea; C:\Windows\system32\DRIVERS\ztembbusbnmea.sys [123264 2012-11-23] (ZTE Incorporated)
S3 ZTEusbser6K; C:\Windows\system32\DRIVERS\ztembbusbser6k.sys [123264 2012-11-23] (ZTE Incorporated)
S3 ZTEusbvoice; C:\Windows\system32\DRIVERS\ztembbusbvoice.sys [123264 2012-11-23] (ZTE Incorporated)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
S4 nvlddmkm; \SystemRoot\system32\DRIVERS\nvlddmkm.sys [X]
S4 nvpciflt; \SystemRoot\system32\DRIVERS\nvpciflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-25 14:06 - 2016-08-25 14:07 - 00028883 _____ C:\Users\Com\Downloads\FRST.txt
2016-08-25 14:05 - 2016-08-25 14:06 - 00000000 ____D C:\FRST
2016-08-25 14:05 - 2016-08-25 14:05 - 02396672 _____ (Farbar) C:\Users\Com\Downloads\FRST64.exe
2016-08-25 13:23 - 2016-08-25 13:23 - 00000091 ____H C:\Users\Com\Desktop\.~lock.cv roman.doc#
2016-08-25 12:53 - 2016-08-25 12:53 - 00411216 _____ C:\Users\Com\Downloads\ceo_resume_template.pdf
2016-08-25 12:52 - 2016-08-25 12:52 - 00169358 _____ C:\Users\Com\Desktop\sample-CEO-resume.pdf
2016-08-25 12:51 - 2016-08-25 12:51 - 00178626 _____ C:\Users\Com\Downloads\sample-CEO-resume.pdf
2016-08-25 12:30 - 2016-08-25 12:30 - 00012362 _____ C:\Users\Com\Downloads\Sample CV in English.pdf
2016-08-24 16:31 - 2016-08-25 13:14 - 00019186 _____ C:\Users\Com\Desktop\cv roman.odt
2016-08-24 14:45 - 2016-08-24 14:45 - 00096514 _____ C:\Users\Com\Downloads\dfg_initiativ_2012.pdf
2016-08-23 20:43 - 2016-08-23 20:43 - 00154656 _____ C:\Users\Com\Downloads\fb03-0010-frsek-260816(1).pdf
2016-08-23 20:40 - 2016-08-23 20:40 - 00154656 _____ C:\Users\Com\Downloads\fb03-0010-frsek-260816.pdf
2016-08-23 09:33 - 2016-08-25 09:54 - 00001537 _____ C:\Users\Com\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AsusSmartGestureDetector.lnk
2016-08-20 22:30 - 2016-08-20 22:30 - 30166566 _____ C:\Users\Com\Downloads\DSCN1595.MOV
2016-08-20 20:15 - 2016-08-20 20:16 - 91467869 _____ C:\Users\Com\Downloads\DSCN1568.MOV
2016-08-20 20:11 - 2016-08-20 20:11 - 37532381 _____ C:\Users\Com\Downloads\DSCN1547.MOV
2016-08-20 20:10 - 2016-08-20 20:11 - 48410081 _____ C:\Users\Com\Downloads\DSCN1546.MOV
2016-08-20 19:07 - 2016-08-20 19:07 - 21830775 _____ C:\Users\Com\Downloads\DSCN1600.MOV
2016-08-20 19:07 - 2016-08-20 19:07 - 10102483 _____ C:\Users\Com\Downloads\DSCN1553.MOV
2016-08-20 19:06 - 2016-08-20 19:07 - 17810256 _____ C:\Users\Com\Downloads\DSCN1599.MOV
2016-08-20 19:06 - 2016-08-20 19:06 - 11296539 _____ C:\Users\Com\Downloads\DSCN1598.MOV
2016-08-20 19:04 - 2016-08-20 19:04 - 21394464 _____ C:\Users\Com\Downloads\DSCN1597.MOV
2016-08-20 19:03 - 2016-08-20 19:03 - 16439466 _____ C:\Users\Com\Downloads\DSCN1596.MOV
2016-08-20 18:59 - 2016-08-20 19:00 - 48668490 _____ C:\Users\Com\Downloads\DSCN1602.MOV
2016-08-20 14:51 - 2016-08-21 11:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\47F665AA.sys
2016-08-20 14:35 - 2016-08-20 14:35 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\4F505988.sys
2016-08-20 01:04 - 2016-08-20 01:04 - 00002107 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2016-08-20 01:04 - 2016-08-20 01:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2016-08-20 01:03 - 2016-08-25 12:09 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-08-20 01:03 - 2016-08-20 01:03 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-08-20 01:03 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2016-08-20 01:02 - 2016-08-20 12:32 - 00992600 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-08-20 01:02 - 2015-12-11 17:31 - 00182664 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2016-08-20 00:47 - 2016-08-20 00:47 - 01932640 _____ (Kaspersky Lab) C:\Users\Com\Downloads\kav16.0.0.614abcdde_9831.exe
2016-08-20 00:06 - 2016-08-20 00:06 - 02041880 _____ (Kaspersky Lab) C:\Users\Com\Downloads\kav16.0.1.445abcde_10532.exe
2016-08-19 23:50 - 2016-08-19 23:50 - 03143504 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Com\Downloads\AVG_Protection_Free_1606.exe
2016-08-19 23:44 - 2016-08-19 23:44 - 00001068 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira Phantom VPN.lnk
2016-08-19 23:44 - 2016-08-19 23:44 - 00001056 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2016-08-19 23:44 - 2016-08-19 23:44 - 00000000 ____D C:\Users\Com\AppData\Roaming\Avira
2016-08-19 23:40 - 2016-07-18 16:23 - 00154392 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-08-19 23:40 - 2016-07-18 16:23 - 00144664 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-08-19 23:40 - 2016-07-18 16:23 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-08-19 23:40 - 2016-07-18 16:23 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-08-19 23:38 - 2016-08-19 23:38 - 04831216 _____ (Avira Operations GmbH & Co. KG) C:\Users\Com\Downloads\avira_en_av_57b77bc3aa496__ws(1).exe
2016-08-19 23:37 - 2016-08-25 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-08-19 23:37 - 2016-08-19 23:37 - 00001222 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-08-19 23:36 - 2016-08-19 23:36 - 04831216 _____ (Avira Operations GmbH & Co. KG) C:\Users\Com\Downloads\avira_en_av_57b77bc3aa496__ws.exe
2016-08-19 23:25 - 2016-08-25 13:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-19 23:25 - 2016-08-19 23:25 - 00001114 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-08-19 23:25 - 2016-08-19 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-08-19 23:25 - 2016-08-19 23:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-19 23:25 - 2016-08-19 23:25 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-08-19 23:25 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-19 23:25 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-19 23:25 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-19 23:24 - 2016-08-19 23:24 - 22851472 _____ (Malwarebytes ) C:\Users\Com\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-19 18:13 - 2016-08-19 18:13 - 00074187 _____ C:\Users\Com\Downloads\ma_polwis_zugangssatzung.pdf
2016-08-18 21:56 - 2016-08-19 23:25 - 00025156 _____ C:\Users\Com\Desktop\Untitled 1.odt
2016-08-18 20:09 - 2016-08-18 20:09 - 00028158 _____ C:\Users\Com\Downloads\Anlage(1).pdf
2016-08-18 19:48 - 2016-08-18 19:48 - 03746280 _____ C:\Users\Com\Downloads\broschuere-berufsbilder-im-sprachendienst-11-data.pdf
2016-08-16 21:06 - 2016-08-16 21:06 - 00014239 _____ C:\Users\Com\Documents\Untitled 1.odt
2016-08-16 18:28 - 2016-08-16 18:28 - 02397951 _____ C:\Users\Com\Downloads\Veranstaltungsprogramm und Anmeldeformular.als PDF.pdf
2016-08-12 13:15 - 2016-08-12 13:15 - 04014191 _____ C:\Users\Com\Desktop\Bewerbungsmappe_V.Stanislavski_AA Frankfurt.pdf
2016-08-12 12:11 - 2016-08-12 12:18 - 00058981 _____ C:\Users\Com\Desktop\Nachweis Eigenbemühungen V.Stanislavski.pdf
2016-08-12 12:07 - 2016-08-12 12:07 - 00061012 _____ C:\Users\Com\Documents\Nachweis Eigenbemühungen V.Stanislavski.pdf
2016-08-10 21:08 - 2016-08-10 21:08 - 00023214 _____ C:\Users\Com\Documents\AA.odt
2016-08-09 14:49 - 2016-08-09 14:49 - 00129474 _____ C:\Users\Com\Downloads\egov-content438289.pdf
2016-08-09 14:47 - 2016-08-09 14:47 - 00143605 _____ C:\Users\Com\Downloads\l6019022dstbai808947.pdf
2016-08-09 14:32 - 2016-08-09 14:32 - 00676466 _____ C:\Users\Com\Downloads\eb-sgbiii-443-0-pdf.pdf
2016-08-09 12:37 - 2016-08-09 12:37 - 02468086 _____ C:\Users\Com\Downloads\Sfs_Studie.pdf
2016-08-09 01:14 - 2016-08-09 01:14 - 00053785 _____ C:\Users\Com\Downloads\data.pdf
2016-08-09 00:33 - 2016-08-09 00:33 - 08793295 _____ C:\Users\Com\Downloads\6019022dstbai386915.pdf
2016-08-08 14:11 - 2016-08-08 14:11 - 00082002 _____ C:\Users\Com\Downloads\tvoed-bund(1).pdf
2016-08-08 11:58 - 2016-08-08 11:58 - 10046619 _____ C:\Users\Com\Downloads\l6019022dstbai665890.pdf
2016-08-08 07:13 - 2016-08-08 07:13 - 00049485 _____ C:\Users\Com\Documents\Test_translation_2_V.Stanislavski.pdf
2016-08-08 07:13 - 2016-08-08 07:13 - 00048708 _____ C:\Users\Com\Documents\Test_translation_1_V.Stanislavski.pdf
2016-08-06 19:22 - 2016-08-06 19:22 - 04498815 _____ C:\Users\Com\Downloads\Weissbuch2016_barrierefrei.pdf
2016-08-06 19:22 - 2016-08-06 19:22 - 04498815 _____ C:\Users\Com\Downloads\Weissbuch2016_barrierefrei(1).pdf
2016-08-06 18:58 - 2016-08-06 18:58 - 00016473 _____ C:\Users\Com\Downloads\Auswahlverfahren.pdf
2016-08-05 12:44 - 2016-08-05 12:45 - 04235939 _____ C:\Users\Com\Downloads\tpi125_de_en.pdf
2016-08-03 13:44 - 2016-08-03 13:44 - 00121863 _____ C:\Users\Com\Downloads\Form(4).pdf
2016-08-03 13:43 - 2016-08-03 13:43 - 00059748 _____ C:\Users\Com\Downloads\Registrierungsbestätigung.PDF
2016-08-03 13:42 - 2016-08-03 13:42 - 00121863 _____ C:\Users\Com\Downloads\Form(3).pdf
2016-08-03 13:42 - 2016-08-03 13:42 - 00121863 _____ C:\Users\Com\Downloads\Form(2).pdf
2016-08-03 13:41 - 2016-08-03 13:42 - 00122956 _____ C:\Users\Com\Downloads\Form(1).pdf
2016-08-03 13:41 - 2016-08-03 13:41 - 00122956 _____ C:\Users\Com\Downloads\Form.pdf
2016-08-03 12:15 - 2016-08-03 12:15 - 00082002 _____ C:\Users\Com\Downloads\tvoed-bund.pdf
2016-08-02 22:17 - 2016-08-02 22:17 - 00390997 _____ C:\Users\Com\Downloads\UdOe30.pdf
2016-08-01 17:03 - 2016-08-17 00:34 - 00082071 _____ C:\Users\Com\Documents\Übersetzung.odt
2016-08-01 14:29 - 2016-08-01 14:29 - 00339808 _____ C:\Users\Com\Downloads\TOEFL_V.Stanislavski.pdf
2016-07-30 16:55 - 2016-07-30 16:55 - 02172833 _____ C:\Users\Com\Downloads\Arbeitszeugnisse_V.Stanislavski.pdf
2016-07-30 13:17 - 2016-07-30 13:17 - 00118450 _____ C:\Users\Com\Downloads\Merkblatt_SA_in_der_UA_Web_2015-1611.pdf
2016-07-29 12:28 - 2016-07-29 12:28 - 00388067 _____ C:\Users\Com\Downloads\Daten#bersicht
2016-07-29 12:15 - 2016-07-29 12:15 - 02263569 _____ C:\Users\Com\Downloads\160722_Stellenanzeige_Projektmanager_Bremen.pdf
2016-07-29 11:33 - 2016-07-29 11:33 - 01746479 _____ C:\Users\Com\Documents\Bildungszeugnisse_V.Stanislavski.pdf
2016-07-29 11:32 - 2016-07-29 11:32 - 01038107 _____ C:\Users\Com\Documents\Arbeitszeugnisse_V.Stanislavski.pdf
2016-07-29 10:02 - 2016-08-22 21:39 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1e96f7ed57473.job
2016-07-29 10:02 - 2016-08-22 21:39 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-29 10:02 - 2016-08-21 13:22 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d1e96f7ed57473
2016-07-29 10:02 - 2016-08-21 13:22 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 18:10 - 2016-07-28 18:10 - 07422017 _____ C:\Users\Com\Downloads\Bewerbung.pdf
2016-07-28 17:44 - 2016-07-28 17:44 - 07263884 _____ C:\Users\Com\Downloads\Bewerbungsprofil.pdf
2016-07-28 16:35 - 2016-07-28 16:35 - 00840274 _____ C:\Users\Com\Documents\Zeugnisse_V. Stanislavski.pdf
2016-07-28 15:42 - 2016-07-28 15:42 - 00196363 _____ C:\Users\Com\Downloads\2016-06-25_Praktikum_Intendanz_IFB.pdf
2016-07-27 18:43 - 2016-07-27 18:43 - 00088179 _____ C:\Users\Com\Downloads\20160706_Ausschreibung F 44.pdf
2016-07-26 16:58 - 2016-07-26 16:58 - 00925992 _____ C:\Users\Com\Downloads\uepo_300_2010_2013-09-22.pdf
2016-07-26 16:31 - 2016-07-26 16:31 - 05987736 _____ C:\Users\Com\Downloads\infoNRW_1_2014_online.pdf
2016-07-26 15:52 - 2016-07-26 18:34 - 00013568 _____ C:\Users\Com\Documents\Kalkulation_Matrix.ods
2016-07-26 12:05 - 2016-07-26 12:27 - 00968071 _____ C:\Users\Com\Documents\Bewerbungsmappe_V.Stanislavski_AfA_Montabaur.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-25 14:04 - 2014-02-17 04:18 - 00000000 ____D C:\Users\Com\AppData\Roaming\Skype
2016-08-25 13:58 - 2016-04-10 12:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-25 13:26 - 2014-12-29 17:06 - 06140928 ___SH C:\Users\Com\Desktop\Thumbs.db
2016-08-25 13:22 - 2014-12-17 09:00 - 07687168 ___SH C:\Users\Com\Downloads\Thumbs.db
2016-08-25 11:58 - 2014-02-16 13:45 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-245667631-3740917297-2571881347-1001
2016-08-25 11:58 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-08-25 09:59 - 2014-02-17 04:36 - 00000000 ____D C:\Users\Com\AppData\Local\Adobe
2016-08-25 09:58 - 2014-12-16 17:22 - 00003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{73BFAA1B-1E35-478D-B893-0170BDE89573}
2016-08-25 09:56 - 2014-02-16 13:42 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-25 09:54 - 2014-02-16 13:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-25 09:53 - 2016-01-18 19:45 - 00000000 ___DO C:\Users\Com\OneDrive
2016-08-25 09:52 - 2016-06-09 17:00 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-08-25 09:51 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-24 14:54 - 2016-06-14 23:10 - 00033857 _____ C:\Users\Com\Desktop\Untitled 1.ods
2016-08-24 11:39 - 2016-04-27 06:19 - 00000000 ____D C:\Users\Com\Documents\Wichtige Unterlagen
2016-08-24 07:04 - 2016-04-29 07:42 - 00002572 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2016-08-23 00:17 - 2014-02-16 13:39 - 00000000 ____D C:\Users\Com
2016-08-22 21:39 - 2016-05-10 22:45 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1aafcf2bec8d7.job
2016-08-22 21:39 - 2016-05-06 08:37 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1a761d3f62bb1.job
2016-08-22 21:39 - 2016-05-06 08:37 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-21 13:22 - 2016-05-10 22:45 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1aafcf2bec8d7
2016-08-21 13:22 - 2016-05-06 08:38 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1a761d3f62bb1
2016-08-21 13:22 - 2016-05-06 08:37 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-20 22:34 - 2014-12-29 06:46 - 00000000 ____D C:\Users\Com\AppData\Roaming\vlc
2016-08-20 13:28 - 2015-02-21 19:03 - 00000000 ____D C:\Users\Com\AppData\Roaming\uTorrent
2016-08-20 12:32 - 2015-12-03 11:12 - 00110424 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2016-08-20 12:32 - 2015-10-06 22:30 - 00087984 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwfp.sys
2016-08-20 12:25 - 2016-04-29 01:28 - 00237400 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-08-20 01:04 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-08-20 01:03 - 2013-08-22 17:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-08-20 00:11 - 2016-02-28 23:23 - 00000000 ____D C:\ProgramData\Avira
2016-08-20 00:10 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-08-19 23:51 - 2016-04-29 07:40 - 00000000 ____D C:\Users\Com\AppData\Local\AvgSetupLog
2016-08-19 23:44 - 2016-02-28 23:23 - 00000000 ____D C:\Program Files (x86)\Avira
2016-08-19 23:37 - 2015-03-06 10:00 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-19 22:20 - 2016-05-06 08:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-19 16:35 - 2016-04-29 07:42 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe
2016-08-17 12:49 - 2016-04-18 12:55 - 00003350 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2016-08-14 19:25 - 2014-12-29 04:27 - 00450560 ___SH C:\Users\Com\Documents\Thumbs.db
2016-08-10 16:57 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-10 16:57 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-08-09 23:36 - 2014-12-29 04:27 - 00000000 ____D C:\Users\Com\Documents\TranscribeMe
2016-08-09 12:05 - 2016-05-17 10:57 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2014-02-17 04:37 - 2014-02-17 04:37 - 0008194 _____ () C:\Users\Com\AppData\Local\ace11
2015-09-14 21:00 - 2015-09-14 21:00 - 0000016 _____ () C:\ProgramData\mntemp
2015-09-14 21:00 - 2015-09-14 21:00 - 0005050 _____ () C:\ProgramData\wmzddnmb.cix

Some files in TEMP:
====================
C:\Users\Com\AppData\Local\Temp\avgnt.exe
C:\Users\Com\AppData\Local\Temp\avguirn_08666070450.exe
C:\Users\Com\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-25 11:59

==================== End of FRST.txt ============================

FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by Com (25-08-2016 14:08:55)
Running from C:\Users\Com\Downloads
Windows 8.1 Pro (Update) (X64) (2014-02-16 11:39:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-245667631-3740917297-2571881347-500 - Administrator - Disabled)
Com (S-1-5-21-245667631-3740917297-2571881347-1001 - Administrator - Enabled) => C:\Users\Com
Guest (S-1-5-21-245667631-3740917297-2571881347-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-245667631-3740917297-2571881347-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Kaspersky Anti-Virus (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
ASUS Share Link (HKLM-x32\...\{c3bcc1e3-f950-439c-bcae-f01283e9f2a4}_is1) (Version: 1.0.27.0911 - ASUSTEK)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.3.9 - ASUS)
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.52.2.34122 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.52.2 - AVG Technologies) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.19.164 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{6052a753-acc6-4c02-b5a8-70962ff8e0a4}) (Version: 1.2.69.16114 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.2.69.16114 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 1.4.1.19208 - Avira Operations GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Collage Maker (HKLM-x32\...\{05F2884D-89AC-4DE4-A63D-7DB3FE3398DC}) (Version: 3.80 - Galleria Software)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.0909 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FMW 1 (Version: 1.122.3 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel® CCF Manager (HKLM-x32\...\{0f3d8dd5-54af-4404-a01c-4967e485a065}) (Version: 3.0.13.2211 - Intel Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 7.8.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
STCServ (Version: 3.0.0.1783 - Intel Corporation) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-041E-0000-0000000FF1CE}_Office15.PROPLUSR_{465E59BA-9D3A-4FB9-89BF-C76E35513C2A}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BAEE7A38-3C9E-44DC-9E43-19FC94DD77E2}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM-x32\...\{90150000-012B-041E-0000-0000000FF1CE}_Office15.PROPLUSR_{BAEE7A38-3C9E-44DC-9E43-19FC94DD77E2}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{BAEE7A38-3C9E-44DC-9E43-19FC94DD77E2}) (Version:  - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse  (01/13/2015 6.0.0.41) (HKLM\...\E43971232F0609D99713D21682E603E28D0F0518) (Version: 01/13/2015 6.0.0.41 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08E72AF3-7501-4B4F-B0E0-BE3CE2FE6D7C} - System32\Tasks\{6AB09B8F-B131-4D07-8D86-12743C87EC93} => pcalua.exe -a F:\InstallDriver.exe -d F:\
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1E47E74C-BD3E-405D-8300-6DB421C1D436} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-vick_stan@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {26A6FB15-CB65-4F90-8937-E21747A3EA9F} - System32\Tasks\{6CB25420-B91E-438E-A930-4D60F404B1FC} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe"
Task: {2DBE3B49-1AAD-442B-8F0A-293C56D3B6C0} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-10-07] (AsusTek)
Task: {39DD1CD6-E421-45C6-98A4-E4A4FE2F52E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-06] (Google Inc.)
Task: {48A94492-7445-4476-A1C5-B19BCC11BF69} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {4FE62FF8-793E-4EDD-AAE5-0C32F867B018} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-03-20] (Oracle Corporation)
Task: {5EB533CF-8B79-4EF0-B2AA-BADCFE5F31C5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-245667631-3740917297-2571881347-1001Core1d0ce862ca6dde5 => C:\Users\Com\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {5FCD76E9-CE55-4A6D-BD7D-87BDC1418CB9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {6DFFD6BE-A753-4689-93FB-BECD37F387AC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {6F97F18D-E992-4423-84AF-A05ABE810E8C} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2016-08-19] (AVG Technologies CZ, s.r.o.)
Task: {7392A771-4BC9-45E9-9ED3-5AD06A474279} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2015-08-16] (@ByELDI)
Task: {75FA19C2-6086-439C-8DA6-AF955F707B13} - System32\Tasks\GoogleUpdateTaskMachineCore1d1a761d3f62bb1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-06] (Google Inc.)
Task: {8BF9EAED-2377-4882-B34B-95AE104E5A2F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {95C90A6E-E313-43A7-95D9-6273A468583B} - System32\Tasks\ESET Windows 10 upgrade – Refresh settings => C:\Program Files\Common Files\AV\ESET NOD32 Antivirus 7.0\upgrade.exe [2016-08-17] (ESET)
Task: {9E035B9F-4DBB-4578-8996-BA21E55F078D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-245667631-3740917297-2571881347-1001UA1d09092f0f7e3e3 => C:\Users\Com\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {AD98B510-35CD-4BD7-9F58-EB87E8D8D18B} - System32\Tasks\GoogleUpdateTaskMachineCore1d1aafcf2bec8d7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-06] (Google Inc.)
Task: {B36EFE17-BD42-4E1F-9640-CEC49DA41FC3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {BD2164C2-FF6D-426F-BA30-9426826C2FEB} - System32\Tasks\{F055317E-ECB5-431A-A358-5BA0677535DA} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.11.73.102.456/th/abandoninstall?page=tsWLM
Task: {C3153C29-1164-4759-A9D7-E797B2DE4842} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-06] (Google Inc.)
Task: {E30905FF-D3A1-4DE5-BC85-0B76D904F91C} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e96f7ed57473 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-06] (Google Inc.)
Task: {ED4AD7D5-9C4A-46DA-88BC-BD9AB0A76BFC} - System32\Tasks\GoogleUpdateTaskMachineCore1d0ce87a8eff2f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-06] (Google Inc.)
Task: {FB6A0912-FEB5-40B6-944F-4EFB12C92F4C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {FD8626FC-2121-4797-AA2C-096B2068E712} - System32\Tasks\IntelBootstrapCCDashExe => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [2015-03-16] (Intel® Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1a761d3f62bb1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1aafcf2bec8d7.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1e96f7ed57473.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Com\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\твинк2 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"

==================== Loaded Modules (Whitelisted) ==============

2015-03-16 07:58 - 2015-03-16 07:58 - 00127200 _____ () C:\Program Files\Intel\ConnectCenter\bin\Interop.STCServLib.dll
2015-12-22 02:47 - 2015-12-22 02:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\kpcengine.2.3.dll
2016-04-29 07:41 - 2016-05-01 10:47 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-06-13 15:04 - 2016-05-23 09:25 - 00075264 _____ () C:\Program Files (x86)\PDF24\zlib.dll
2016-06-13 15:04 - 2016-05-23 09:24 - 00053248 _____ () C:\Program Files (x86)\PDF24\OperationUI.dll
2014-08-13 04:27 - 2014-08-13 04:27 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2014-07-29 08:34 - 2014-07-29 08:34 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2016-04-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-245667631-3740917297-2571881347-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Com\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "egui"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "YouCam Service"
HKLM\...\StartupApproved\Run32: => "RemoteControl11"
HKLM\...\StartupApproved\Run32: => "USB Security"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\StartupApproved\Run: => "GoogleDriveSync"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{6FA07808-27D9-4BC9-8FFB-083F603605EB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{7265DD92-93C3-40C1-B168-22E6B68F8560}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{D6BD591D-EE8E-4B73-950D-FAE1109B133E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{956F316A-C72C-42C8-89A6-3F2337760350}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2F0EA5F7-4910-422E-A3BE-3003E1859F34}] => (Allow) F:\All Programe!!\Microsoft Office 2013 Professional Plus 2013 x86x64 EN-TH Volume June 2013\KMSpico Win8.1\KMSELDI.exe
FirewallRules: [{B117B936-D6D5-4C1D-B51E-1D2C53320A5F}] => (Allow) F:\All Programe!!\Microsoft Office 2013 Professional Plus 2013 x86x64 EN-TH Volume June 2013\KMSpico Win8.1\KMSELDI.exe
FirewallRules: [TCP Query User{991A3DC7-A4B0-4147-BF84-5E76ED413930}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{2FA4D120-053B-4389-AD07-E23C99CFD229}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{B42D7907-A860-499B-BEC4-617BB6A828CF}] => (Allow) LPort=1688
FirewallRules: [{6DA601C9-6F28-46E7-9B99-E8EB91078556}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{4645F918-9D04-4F94-A650-311DB161D00B}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{39C8497B-B303-46A2-8A86-6D3CC1443FD6}] => (Allow) C:\Users\Com\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{448D1F70-6CEB-44D2-98D2-0F54BA944C6C}] => (Allow) C:\Users\Com\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E3C4A784-425E-42E0-A9D7-3B040B877B5B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C41C81BD-1C44-45ED-B61D-DDCCF00B1834}] => (Allow) LPort=2869
FirewallRules: [{016F0723-8D9C-42D9-ADF5-9E690178CB45}] => (Allow) LPort=1900
FirewallRules: [{D7FEBC38-8519-4CD5-9DE3-DC392484D17C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{CC778C35-940F-4F37-B4B8-B25FE417D070}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{2A5E5DD1-7414-4596-A626-1BDDCC4350AE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{571D5B1A-DF9F-4BBF-901E-31D0452D6D98}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{0D6B77F1-DC5E-4264-B4CC-B5B2BACF5C54}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3BEF5B9F-D379-48F8-A896-35431477DBDF}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{E1E3F67D-3C1B-47BA-A6AA-25170B158B92}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3F825693-CAA3-40C7-92C1-4522B8834CA2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0757598C-67B2-4EFC-A653-C826F6E009D8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{900112B3-A291-4D79-A589-E1AA40820D24}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{69A09FC3-7B97-48B4-AA62-0A5EF1429D64}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B0291C17-CBF4-48EA-9455-720CCB6D9C39}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EF653321-EAFD-4933-A2B5-681B62D367BC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{52F4976D-ED86-4812-8E66-9BB57F2C3634}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{AC6D8257-545A-4A21-BC37-31280DAD9890}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BFACF0F8-9C23-48EC-B7B2-B3E1161B6DB1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4B8052FA-FAC7-48C7-927B-A3ED8403D7B4}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [{CBA283B8-12D1-46B1-AD8F-1F8E2500025B}] => (Allow) C:\Program Files (x86)\ASUS\Share Link\ShareLink.exe
FirewallRules: [{21EA7987-5666-4BC8-9755-49EA2999B7A5}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [{0CCC8FA2-1097-4AF7-A1D0-D6EF2077CFD7}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [TCP Query User{12F49081-9891-4542-84C8-B433968B6A41}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [UDP Query User{99E5F124-F863-4EF6-A7D3-8612DD32D91A}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [TCP Query User{69CEFFDA-D9B0-4476-B467-08ADCE87FAEF}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [UDP Query User{9220AA4F-1A6D-4E6F-8AC7-BEE9B78F8F81}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [{36203222-D271-42F8-AEC4-B6D4A810D257}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

20-08-2016 16:34:28 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/25/2016 01:46:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2016 01:46:37 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2016 01:46:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2016 01:38:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2016 01:38:12 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2016 01:37:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2016 12:22:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2016 12:22:48 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2016 12:22:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2016 12:06:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (08/25/2016 09:51:08 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 0:24:42 on ‎25/‎8/‎2559 was unexpected.

Error: (08/24/2016 12:11:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/23/2016 09:48:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Freemake Improver service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/23/2016 12:16:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/22/2016 09:42:22 PM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1053WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/22/2016 09:42:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (08/22/2016 09:42:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (08/22/2016 09:42:22 PM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1053WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/22/2016 09:42:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (08/22/2016 09:42:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.


==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU N2930 @ 1.83GHz
Percentage of memory in use: 66%
Total physical RAM: 3982.48 MB
Available physical RAM: 1343.36 MB
Total Virtual: 5390.48 MB
Available Virtual: 1776.95 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:14.18 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:365.76 GB) (Free:301.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C92D9F06)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=365.8 GB) - (Type=05)

==================== End of Addition.txt ============================
         
--- --- ---

Geändert von vick_stan (25.08.2016 um 14:36 Uhr) Grund: Log-Dateien als Anhang statt direkt im Text

Alt 25.08.2016, 14:40   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop anscheinden von Viren oder Trojaner befallen - Standard

Laptop anscheinden von Viren oder Trojaner befallen



Zitat:
C:\Program Files\KMSpico\AutoPico.exe [2015-08-16] (@ByELDI)
Bei dir ist ein gecracktes Microsoft Office installiert. Das muss deinstalliert werden bevor es Support gibt.

Lesestoff:
Illegale Software: Cracks, Keygens und Co

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________

__________________

Alt 25.08.2016, 15:06   #3
vick_stan
 
Laptop anscheinden von Viren oder Trojaner befallen - Standard

Laptop anscheinden von Viren oder Trojaner befallen



Hallo Cosinus,

danke für den Hinweis. Ich wusste nicht, dass das Microsoft Office gecrackt ist. Das Programm war schon auf dem Laptop drauf, als ich es in Thailand gekauft hatte. Ich habe es eh nicht genutzt, weil es alles in Thai ist und ich es nicht lesen kann Ich lösche es gerade. Soll ich danach neuen Log-Dateien versenden?

Danke

V.
__________________

Alt 25.08.2016, 15:11   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop anscheinden von Viren oder Trojaner befallen - Standard

Laptop anscheinden von Viren oder Trojaner befallen



Zitat:
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
Dieses Sch....teil auch gleich deinstallieren, dann neue FRST Logs.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.08.2016, 15:19   #5
vick_stan
 
Laptop anscheinden von Viren oder Trojaner befallen - Standard

Laptop anscheinden von Viren oder Trojaner befallen



Habe das Ding deinstalliert. Hier kommen die neuen Log-Dateien:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by Com (administrator) on USER (25-08-2016 15:13:43)
Running from C:\Users\Com\Downloads
Loaded Profiles: Com (Available Profiles: Com)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avp.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avpui.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Intel® Corporation) C:\Program Files\Intel\ConnectCenter\bin\CCFManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\STCServ\STCServ.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSmartGestureDetector64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSGPlusBTServer64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\scalc.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
(Microsoft Corporation) C:\Config.Msi\11607d5.rbf
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelConnectCenter] => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [90112 2015-03-16] (Intel® Corporation)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [247016 2011-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [74752 2015-09-02] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [204560 2016-08-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [226816 2016-05-23] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67864 2016-08-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [831576 2016-08-25] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\Policies\Explorer: [NoDrives] 0x00000000
IFEO\uninst.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{C79A7648-F485-45BF-BE3C-29E6202DDFA5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FD466CB9-31B0-4EA9-8877-1A184043BC69}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-245667631-3740917297-2571881347-1001 -> DefaultScope {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL =
SearchScopes: HKU\S-1-5-21-245667631-3740917297-2571881347-1001 -> {24E0BF82-5E77-4A8A-A1C7-1F5BCD37122E} URL =
SearchScopes: HKU\S-1-5-21-245667631-3740917297-2571881347-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-12-15] (DVDVideoSoft Ltd.)
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-09] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-09] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-12-15] (DVDVideoSoft Ltd.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)

FireFox:
========
FF ProfilePath: C:\Users\Com\AppData\Roaming\Mozilla\Firefox\Profiles\n5zlkxd7.default
FF NetworkProxy: "ftp", "80.77.29.22"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "80.77.29.22"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "socks", "80.77.29.22"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "80.77.29.22"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF user.js: detected! => C:\Users\Com\AppData\Roaming\Mozilla\Firefox\Profiles\n5zlkxd7.default\user.js [2016-03-27]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Com\AppData\Roaming\Mozilla\Firefox\Profiles\n5zlkxd7.default\Extensions\abs@avira.com [2016-08-19]
FF Extension: German Dictionary - C:\Users\Com\AppData\Roaming\Mozilla\Firefox\Profiles\n5zlkxd7.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2016-08-16]
FF Extension: Diccionario Español Argentina - C:\Users\Com\AppData\Roaming\Mozilla\Firefox\Profiles\n5zlkxd7.default\Extensions\es-AR@dictionaries.addons.mozilla.org [2016-04-06] [not signed]
FF Extension: One Click Proxy - C:\Users\Com\AppData\Roaming\Mozilla\Firefox\Profiles\n5zlkxd7.default\Extensions\jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi [2016-04-19]
FF Extension: Avira SafeSearch Plus - C:\Users\Com\AppData\Roaming\Mozilla\Firefox\Profiles\n5zlkxd7.default\Extensions\safesearchplus2@avira.com [2016-08-19]
FF Extension: Adblock Plus - C:\Users\Com\AppData\Roaming\Mozilla\Firefox\Profiles\n5zlkxd7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-12-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-08-20]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-24] [not signed]

Chrome:
=======
CHR DefaultSearchURL: Profile 2 -> hxxps://search.avira.net/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Profile 2 -> Avira
CHR DefaultSuggestURL: Profile 2 -> hxxps://search.avira.net/suggestions?q={searchTerms}&li=ff&hl=en
CHR Profile: C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-17]
CHR Extension: (Google Docs) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-17]
CHR Extension: (Google Drive) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-17]
CHR Extension: (YouTube) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-17]
CHR Extension: (Google Sheets) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-17]
CHR Extension: (Google Docs Offline) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-17]
CHR Extension: (Gmail) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-17]
CHR Profile: C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-26]
CHR Extension: (Google Docs) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-26]
CHR Extension: (Google Drive) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-26]
CHR Extension: (YouTube) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-26]
CHR Extension: (Google Sheets) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-26]
CHR Extension: (Google Docs Offline) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-26]
CHR Extension: (Gmail) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-26]
CHR Profile: C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-26]
CHR Extension: (Google Docs) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-26]
CHR Extension: (Google Drive) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-26]
CHR Extension: (YouTube) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-26]
CHR Extension: (Google Sheets) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-26]
CHR Extension: (Avira Browser Safety) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-08-20]
CHR Extension: (Google Docs Offline) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-27]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2016-08-20]
CHR Extension: (Kaspersky Protection) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-08-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-26]
CHR Extension: (Gmail) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-26]
CHR Extension: (Chrome Media Router) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [988184 2016-08-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [470600 2016-08-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [470600 2016-08-25] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1453696 2016-08-25] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations) [File not signed]
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1097488 2016-08-18] (AVG Technologies CZ, s.r.o.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [320672 2016-08-04] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [234352 2016-07-29] (Avira Operations GmbH & Co. KG)
R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-09-02] (Freemake) [File not signed]
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 STCServ; C:\Program Files\Intel\STCServ\STCServ.exe [8095456 2015-03-16] (Intel Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4878096 2016-08-19] (AVG Technologies CZ, s.r.o.)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-25] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69904 2015-10-07] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [144664 2016-07-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [154392 2016-07-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-07-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-07-18] (Avira Operations GmbH & Co. KG)
R3 bcmsmbsp; C:\Windows\System32\drivers\bcmsmbsp.sys [40152 2013-09-09] (Broadcom Corporation.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-04] ()
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79752 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [182664 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [237400 2016-08-20] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [992600 2016-08-20] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [51288 2016-04-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
S4 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87984 2016-08-20] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [110424 2016-08-20] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
S3 massfilter; C:\Windows\System32\drivers\ztembbmassfilter.sys [15360 2012-11-23] (MBB Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-25] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-11] (Intel Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(???? | ????? ???? ?????.))
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-03-29] (AVG Netherlands B.V.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2013-10-31] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [236888 2013-10-31] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 ZTEusbmdm6k; C:\Windows\system32\DRIVERS\ztembbusbmdm.sys [123264 2012-11-23] (ZTE Incorporated)
S3 ZTEusbnmea; C:\Windows\system32\DRIVERS\ztembbusbnmea.sys [123264 2012-11-23] (ZTE Incorporated)
S3 ZTEusbser6K; C:\Windows\system32\DRIVERS\ztembbusbser6k.sys [123264 2012-11-23] (ZTE Incorporated)
S3 ZTEusbvoice; C:\Windows\system32\DRIVERS\ztembbusbvoice.sys [123264 2012-11-23] (ZTE Incorporated)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
S4 nvlddmkm; \SystemRoot\system32\DRIVERS\nvlddmkm.sys [X]
S4 nvpciflt; \SystemRoot\system32\DRIVERS\nvpciflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-25 14:12 - 2016-08-25 14:12 - 00046533 _____ C:\Users\Com\Desktop\FRST.txt
2016-08-25 14:12 - 2016-08-25 14:12 - 00032675 _____ C:\Users\Com\Desktop\Addition.txt
2016-08-25 14:08 - 2016-08-25 14:11 - 00032675 _____ C:\Users\Com\Downloads\Addition.txt
2016-08-25 14:06 - 2016-08-25 15:14 - 00027722 _____ C:\Users\Com\Downloads\FRST.txt
2016-08-25 14:05 - 2016-08-25 15:13 - 00000000 ____D C:\FRST
2016-08-25 14:05 - 2016-08-25 14:05 - 02396672 _____ (Farbar) C:\Users\Com\Downloads\FRST64.exe
2016-08-25 13:23 - 2016-08-25 13:23 - 00000091 ____H C:\Users\Com\Desktop\.~lock.cv roman.doc#
2016-08-25 12:53 - 2016-08-25 12:53 - 00411216 _____ C:\Users\Com\Downloads\ceo_resume_template.pdf
2016-08-25 12:52 - 2016-08-25 12:52 - 00169358 _____ C:\Users\Com\Desktop\sample-CEO-resume.pdf
2016-08-25 12:51 - 2016-08-25 12:51 - 00178626 _____ C:\Users\Com\Downloads\sample-CEO-resume.pdf
2016-08-25 12:30 - 2016-08-25 12:30 - 00012362 _____ C:\Users\Com\Downloads\Sample CV in English.pdf
2016-08-24 16:31 - 2016-08-25 13:14 - 00019186 _____ C:\Users\Com\Desktop\cv roman.odt
2016-08-24 14:45 - 2016-08-24 14:45 - 00096514 _____ C:\Users\Com\Downloads\dfg_initiativ_2012.pdf
2016-08-23 20:43 - 2016-08-23 20:43 - 00154656 _____ C:\Users\Com\Downloads\fb03-0010-frsek-260816(1).pdf
2016-08-23 20:40 - 2016-08-23 20:40 - 00154656 _____ C:\Users\Com\Downloads\fb03-0010-frsek-260816.pdf
2016-08-23 09:33 - 2016-08-25 09:54 - 00001537 _____ C:\Users\Com\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AsusSmartGestureDetector.lnk
2016-08-20 22:30 - 2016-08-20 22:30 - 30166566 _____ C:\Users\Com\Downloads\DSCN1595.MOV
2016-08-20 20:15 - 2016-08-20 20:16 - 91467869 _____ C:\Users\Com\Downloads\DSCN1568.MOV
2016-08-20 20:11 - 2016-08-20 20:11 - 37532381 _____ C:\Users\Com\Downloads\DSCN1547.MOV
2016-08-20 20:10 - 2016-08-20 20:11 - 48410081 _____ C:\Users\Com\Downloads\DSCN1546.MOV
2016-08-20 19:07 - 2016-08-20 19:07 - 21830775 _____ C:\Users\Com\Downloads\DSCN1600.MOV
2016-08-20 19:07 - 2016-08-20 19:07 - 10102483 _____ C:\Users\Com\Downloads\DSCN1553.MOV
2016-08-20 19:06 - 2016-08-20 19:07 - 17810256 _____ C:\Users\Com\Downloads\DSCN1599.MOV
2016-08-20 19:06 - 2016-08-20 19:06 - 11296539 _____ C:\Users\Com\Downloads\DSCN1598.MOV
2016-08-20 19:04 - 2016-08-20 19:04 - 21394464 _____ C:\Users\Com\Downloads\DSCN1597.MOV
2016-08-20 19:03 - 2016-08-20 19:03 - 16439466 _____ C:\Users\Com\Downloads\DSCN1596.MOV
2016-08-20 18:59 - 2016-08-20 19:00 - 48668490 _____ C:\Users\Com\Downloads\DSCN1602.MOV
2016-08-20 14:51 - 2016-08-21 11:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\47F665AA.sys
2016-08-20 14:35 - 2016-08-20 14:35 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\4F505988.sys
2016-08-20 01:04 - 2016-08-20 01:04 - 00002107 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2016-08-20 01:04 - 2016-08-20 01:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2016-08-20 01:03 - 2016-08-25 14:27 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-08-20 01:03 - 2016-08-20 01:03 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-08-20 01:03 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2016-08-20 01:02 - 2016-08-20 12:32 - 00992600 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-08-20 01:02 - 2015-12-11 17:31 - 00182664 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2016-08-20 00:47 - 2016-08-20 00:47 - 01932640 _____ (Kaspersky Lab) C:\Users\Com\Downloads\kav16.0.0.614abcdde_9831.exe
2016-08-20 00:06 - 2016-08-20 00:06 - 02041880 _____ (Kaspersky Lab) C:\Users\Com\Downloads\kav16.0.1.445abcde_10532.exe
2016-08-19 23:50 - 2016-08-19 23:50 - 03143504 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Com\Downloads\AVG_Protection_Free_1606.exe
2016-08-19 23:44 - 2016-08-19 23:44 - 00001068 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira Phantom VPN.lnk
2016-08-19 23:44 - 2016-08-19 23:44 - 00001056 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2016-08-19 23:44 - 2016-08-19 23:44 - 00000000 ____D C:\Users\Com\AppData\Roaming\Avira
2016-08-19 23:40 - 2016-07-18 16:23 - 00154392 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-08-19 23:40 - 2016-07-18 16:23 - 00144664 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-08-19 23:40 - 2016-07-18 16:23 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-08-19 23:40 - 2016-07-18 16:23 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-08-19 23:38 - 2016-08-19 23:38 - 04831216 _____ (Avira Operations GmbH & Co. KG) C:\Users\Com\Downloads\avira_en_av_57b77bc3aa496__ws(1).exe
2016-08-19 23:37 - 2016-08-25 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-08-19 23:37 - 2016-08-19 23:37 - 00001222 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-08-19 23:36 - 2016-08-19 23:36 - 04831216 _____ (Avira Operations GmbH & Co. KG) C:\Users\Com\Downloads\avira_en_av_57b77bc3aa496__ws.exe
2016-08-19 23:25 - 2016-08-25 14:53 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-19 23:25 - 2016-08-19 23:25 - 00001114 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-08-19 23:25 - 2016-08-19 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-08-19 23:25 - 2016-08-19 23:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-19 23:25 - 2016-08-19 23:25 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-08-19 23:25 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-19 23:25 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-19 23:25 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-19 23:24 - 2016-08-19 23:24 - 22851472 _____ (Malwarebytes ) C:\Users\Com\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-19 18:13 - 2016-08-19 18:13 - 00074187 _____ C:\Users\Com\Downloads\ma_polwis_zugangssatzung.pdf
2016-08-18 21:56 - 2016-08-19 23:25 - 00025156 _____ C:\Users\Com\Desktop\Untitled 1.odt
2016-08-18 20:09 - 2016-08-18 20:09 - 00028158 _____ C:\Users\Com\Downloads\Anlage(1).pdf
2016-08-18 19:48 - 2016-08-18 19:48 - 03746280 _____ C:\Users\Com\Downloads\broschuere-berufsbilder-im-sprachendienst-11-data.pdf
2016-08-16 21:06 - 2016-08-16 21:06 - 00014239 _____ C:\Users\Com\Documents\Untitled 1.odt
2016-08-16 18:28 - 2016-08-16 18:28 - 02397951 _____ C:\Users\Com\Downloads\Veranstaltungsprogramm und Anmeldeformular.als PDF.pdf
2016-08-12 13:15 - 2016-08-12 13:15 - 04014191 _____ C:\Users\Com\Desktop\Bewerbungsmappe_V.Stanislavski_AA Frankfurt.pdf
2016-08-12 12:11 - 2016-08-12 12:18 - 00058981 _____ C:\Users\Com\Desktop\Nachweis Eigenbemühungen V.Stanislavski.pdf
2016-08-12 12:07 - 2016-08-12 12:07 - 00061012 _____ C:\Users\Com\Documents\Nachweis Eigenbemühungen V.Stanislavski.pdf
2016-08-10 21:08 - 2016-08-10 21:08 - 00023214 _____ C:\Users\Com\Documents\AA.odt
2016-08-09 14:49 - 2016-08-09 14:49 - 00129474 _____ C:\Users\Com\Downloads\egov-content438289.pdf
2016-08-09 14:47 - 2016-08-09 14:47 - 00143605 _____ C:\Users\Com\Downloads\l6019022dstbai808947.pdf
2016-08-09 14:32 - 2016-08-09 14:32 - 00676466 _____ C:\Users\Com\Downloads\eb-sgbiii-443-0-pdf.pdf
2016-08-09 12:37 - 2016-08-09 12:37 - 02468086 _____ C:\Users\Com\Downloads\Sfs_Studie.pdf
2016-08-09 01:14 - 2016-08-09 01:14 - 00053785 _____ C:\Users\Com\Downloads\data.pdf
2016-08-09 00:33 - 2016-08-09 00:33 - 08793295 _____ C:\Users\Com\Downloads\6019022dstbai386915.pdf
2016-08-08 14:11 - 2016-08-08 14:11 - 00082002 _____ C:\Users\Com\Downloads\tvoed-bund(1).pdf
2016-08-08 11:58 - 2016-08-08 11:58 - 10046619 _____ C:\Users\Com\Downloads\l6019022dstbai665890.pdf
2016-08-08 07:13 - 2016-08-08 07:13 - 00049485 _____ C:\Users\Com\Documents\Test_translation_2_V.Stanislavski.pdf
2016-08-08 07:13 - 2016-08-08 07:13 - 00048708 _____ C:\Users\Com\Documents\Test_translation_1_V.Stanislavski.pdf
2016-08-06 19:22 - 2016-08-06 19:22 - 04498815 _____ C:\Users\Com\Downloads\Weissbuch2016_barrierefrei.pdf
2016-08-06 19:22 - 2016-08-06 19:22 - 04498815 _____ C:\Users\Com\Downloads\Weissbuch2016_barrierefrei(1).pdf
2016-08-06 18:58 - 2016-08-06 18:58 - 00016473 _____ C:\Users\Com\Downloads\Auswahlverfahren.pdf
2016-08-05 12:44 - 2016-08-05 12:45 - 04235939 _____ C:\Users\Com\Downloads\tpi125_de_en.pdf
2016-08-03 13:44 - 2016-08-03 13:44 - 00121863 _____ C:\Users\Com\Downloads\Form(4).pdf
2016-08-03 13:43 - 2016-08-03 13:43 - 00059748 _____ C:\Users\Com\Downloads\Registrierungsbestätigung.PDF
2016-08-03 13:42 - 2016-08-03 13:42 - 00121863 _____ C:\Users\Com\Downloads\Form(3).pdf
2016-08-03 13:42 - 2016-08-03 13:42 - 00121863 _____ C:\Users\Com\Downloads\Form(2).pdf
2016-08-03 13:41 - 2016-08-03 13:42 - 00122956 _____ C:\Users\Com\Downloads\Form(1).pdf
2016-08-03 13:41 - 2016-08-03 13:41 - 00122956 _____ C:\Users\Com\Downloads\Form.pdf
2016-08-03 12:15 - 2016-08-03 12:15 - 00082002 _____ C:\Users\Com\Downloads\tvoed-bund.pdf
2016-08-02 22:17 - 2016-08-02 22:17 - 00390997 _____ C:\Users\Com\Downloads\UdOe30.pdf
2016-08-01 17:03 - 2016-08-17 00:34 - 00082071 _____ C:\Users\Com\Documents\Übersetzung.odt
2016-08-01 14:29 - 2016-08-01 14:29 - 00339808 _____ C:\Users\Com\Downloads\TOEFL_V.Stanislavski.pdf
2016-07-30 16:55 - 2016-07-30 16:55 - 02172833 _____ C:\Users\Com\Downloads\Arbeitszeugnisse_V.Stanislavski.pdf
2016-07-30 13:17 - 2016-07-30 13:17 - 00118450 _____ C:\Users\Com\Downloads\Merkblatt_SA_in_der_UA_Web_2015-1611.pdf
2016-07-29 12:28 - 2016-07-29 12:28 - 00388067 _____ C:\Users\Com\Downloads\Daten#bersicht
2016-07-29 12:15 - 2016-07-29 12:15 - 02263569 _____ C:\Users\Com\Downloads\160722_Stellenanzeige_Projektmanager_Bremen.pdf
2016-07-29 11:33 - 2016-07-29 11:33 - 01746479 _____ C:\Users\Com\Documents\Bildungszeugnisse_V.Stanislavski.pdf
2016-07-29 11:32 - 2016-07-29 11:32 - 01038107 _____ C:\Users\Com\Documents\Arbeitszeugnisse_V.Stanislavski.pdf
2016-07-29 10:02 - 2016-08-22 21:39 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1e96f7ed57473.job
2016-07-29 10:02 - 2016-08-22 21:39 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-29 10:02 - 2016-08-21 13:22 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d1e96f7ed57473
2016-07-29 10:02 - 2016-08-21 13:22 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 18:10 - 2016-07-28 18:10 - 07422017 _____ C:\Users\Com\Downloads\Bewerbung.pdf
2016-07-28 17:44 - 2016-07-28 17:44 - 07263884 _____ C:\Users\Com\Downloads\Bewerbungsprofil.pdf
2016-07-28 16:35 - 2016-07-28 16:35 - 00840274 _____ C:\Users\Com\Documents\Zeugnisse_V. Stanislavski.pdf
2016-07-28 15:42 - 2016-07-28 15:42 - 00196363 _____ C:\Users\Com\Downloads\2016-06-25_Praktikum_Intendanz_IFB.pdf
2016-07-27 18:43 - 2016-07-27 18:43 - 00088179 _____ C:\Users\Com\Downloads\20160706_Ausschreibung F 44.pdf
2016-07-26 16:58 - 2016-07-26 16:58 - 00925992 _____ C:\Users\Com\Downloads\uepo_300_2010_2013-09-22.pdf
2016-07-26 16:31 - 2016-07-26 16:31 - 05987736 _____ C:\Users\Com\Downloads\infoNRW_1_2014_online.pdf
2016-07-26 15:52 - 2016-07-26 18:34 - 00013568 _____ C:\Users\Com\Documents\Kalkulation_Matrix.ods
2016-07-26 12:05 - 2016-07-26 12:27 - 00968071 _____ C:\Users\Com\Documents\Bewerbungsmappe_V.Stanislavski_AfA_Montabaur.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-25 15:14 - 2014-02-17 04:18 - 00000000 ____D C:\Users\Com\AppData\Roaming\Skype
2016-08-25 15:10 - 2014-02-16 13:45 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-245667631-3740917297-2571881347-1001
2016-08-25 15:07 - 2014-02-16 13:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-08-25 15:05 - 2013-08-22 21:11 - 00000000 ____D C:\Windows\ShellNew
2016-08-25 15:05 - 2013-08-22 17:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-25 14:58 - 2016-04-10 12:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-25 14:57 - 2013-08-22 15:25 - 00000076 _____ C:\Windows\win.ini
2016-08-25 14:54 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-25 14:53 - 2014-12-29 17:06 - 06140928 ___SH C:\Users\Com\Desktop\Thumbs.db
2016-08-25 13:22 - 2014-12-17 09:00 - 07687168 ___SH C:\Users\Com\Downloads\Thumbs.db
2016-08-25 11:58 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-08-25 09:59 - 2014-02-17 04:36 - 00000000 ____D C:\Users\Com\AppData\Local\Adobe
2016-08-25 09:58 - 2014-12-16 17:22 - 00003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{73BFAA1B-1E35-478D-B893-0170BDE89573}
2016-08-25 09:56 - 2014-02-16 13:42 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-25 09:54 - 2014-02-16 13:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-25 09:53 - 2016-01-18 19:45 - 00000000 ___DO C:\Users\Com\OneDrive
2016-08-25 09:52 - 2016-06-09 17:00 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-08-25 09:51 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-24 14:54 - 2016-06-14 23:10 - 00033857 _____ C:\Users\Com\Desktop\Untitled 1.ods
2016-08-24 11:39 - 2016-04-27 06:19 - 00000000 ____D C:\Users\Com\Documents\Wichtige Unterlagen
2016-08-24 07:04 - 2016-04-29 07:42 - 00002572 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2016-08-23 00:17 - 2014-02-16 13:39 - 00000000 ____D C:\Users\Com
2016-08-22 21:39 - 2016-05-10 22:45 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1aafcf2bec8d7.job
2016-08-22 21:39 - 2016-05-06 08:37 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1a761d3f62bb1.job
2016-08-22 21:39 - 2016-05-06 08:37 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-21 13:22 - 2016-05-10 22:45 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1aafcf2bec8d7
2016-08-21 13:22 - 2016-05-06 08:38 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1a761d3f62bb1
2016-08-21 13:22 - 2016-05-06 08:37 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-20 22:34 - 2014-12-29 06:46 - 00000000 ____D C:\Users\Com\AppData\Roaming\vlc
2016-08-20 13:28 - 2015-02-21 19:03 - 00000000 ____D C:\Users\Com\AppData\Roaming\uTorrent
2016-08-20 12:32 - 2015-12-03 11:12 - 00110424 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2016-08-20 12:32 - 2015-10-06 22:30 - 00087984 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwfp.sys
2016-08-20 12:25 - 2016-04-29 01:28 - 00237400 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-08-20 01:04 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-08-20 01:03 - 2013-08-22 17:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-08-20 00:11 - 2016-02-28 23:23 - 00000000 ____D C:\ProgramData\Avira
2016-08-20 00:10 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-08-19 23:51 - 2016-04-29 07:40 - 00000000 ____D C:\Users\Com\AppData\Local\AvgSetupLog
2016-08-19 23:44 - 2016-02-28 23:23 - 00000000 ____D C:\Program Files (x86)\Avira
2016-08-19 23:37 - 2015-03-06 10:00 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-19 22:20 - 2016-05-06 08:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-19 16:35 - 2016-04-29 07:42 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe
2016-08-17 12:49 - 2016-04-18 12:55 - 00003350 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2016-08-14 19:25 - 2014-12-29 04:27 - 00450560 ___SH C:\Users\Com\Documents\Thumbs.db
2016-08-10 16:57 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-10 16:57 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-08-09 23:36 - 2014-12-29 04:27 - 00000000 ____D C:\Users\Com\Documents\TranscribeMe
2016-08-09 12:05 - 2016-05-17 10:57 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2014-02-17 04:37 - 2014-02-17 04:37 - 0008194 _____ () C:\Users\Com\AppData\Local\ace11
2015-09-14 21:00 - 2015-09-14 21:00 - 0000016 _____ () C:\ProgramData\mntemp
2015-09-14 21:00 - 2015-09-14 21:00 - 0005050 _____ () C:\ProgramData\wmzddnmb.cix

Some files in TEMP:
====================
C:\Users\Com\AppData\Local\Temp\avgnt.exe
C:\Users\Com\AppData\Local\Temp\avguirn_08666070450.exe
C:\Users\Com\AppData\Local\Temp\ose00000.exe
C:\Users\Com\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-25 11:59

==================== End of FRST.txt ============================

FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by Com (25-08-2016 15:15:38)
Running from C:\Users\Com\Downloads
Windows 8.1 Pro (Update) (X64) (2014-02-16 11:39:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-245667631-3740917297-2571881347-500 - Administrator - Disabled)
Com (S-1-5-21-245667631-3740917297-2571881347-1001 - Administrator - Enabled) => C:\Users\Com
Guest (S-1-5-21-245667631-3740917297-2571881347-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-245667631-3740917297-2571881347-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Kaspersky Anti-Virus (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
ASUS Share Link (HKLM-x32\...\{c3bcc1e3-f950-439c-bcae-f01283e9f2a4}_is1) (Version: 1.0.27.0911 - ASUSTEK)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.3.9 - ASUS)
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.52.2.34122 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.52.2 - AVG Technologies) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.19.164 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{6052a753-acc6-4c02-b5a8-70962ff8e0a4}) (Version: 1.2.69.16114 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.2.69.16114 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 1.4.1.19208 - Avira Operations GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Collage Maker (HKLM-x32\...\{05F2884D-89AC-4DE4-A63D-7DB3FE3398DC}) (Version: 3.80 - Galleria Software)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.0909 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FMW 1 (Version: 1.122.3 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel® CCF Manager (HKLM-x32\...\{0f3d8dd5-54af-4404-a01c-4967e485a065}) (Version: 3.0.13.2211 - Intel Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 7.8.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
STCServ (Version: 3.0.0.1783 - Intel Corporation) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse  (01/13/2015 6.0.0.41) (HKLM\...\E43971232F0609D99713D21682E603E28D0F0518) (Version: 01/13/2015 6.0.0.41 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08E72AF3-7501-4B4F-B0E0-BE3CE2FE6D7C} - System32\Tasks\{6AB09B8F-B131-4D07-8D86-12743C87EC93} => pcalua.exe -a F:\InstallDriver.exe -d F:\
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1E47E74C-BD3E-405D-8300-6DB421C1D436} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-vick_stan@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {26A6FB15-CB65-4F90-8937-E21747A3EA9F} - System32\Tasks\{6CB25420-B91E-438E-A930-4D60F404B1FC} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe"
Task: {2DBE3B49-1AAD-442B-8F0A-293C56D3B6C0} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-10-07] (AsusTek)
Task: {39DD1CD6-E421-45C6-98A4-E4A4FE2F52E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-06] (Google Inc.)
Task: {48A94492-7445-4476-A1C5-B19BCC11BF69} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {4FE62FF8-793E-4EDD-AAE5-0C32F867B018} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-03-20] (Oracle Corporation)
Task: {5EB533CF-8B79-4EF0-B2AA-BADCFE5F31C5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-245667631-3740917297-2571881347-1001Core1d0ce862ca6dde5 => C:\Users\Com\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {5FCD76E9-CE55-4A6D-BD7D-87BDC1418CB9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {6DFFD6BE-A753-4689-93FB-BECD37F387AC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {6F97F18D-E992-4423-84AF-A05ABE810E8C} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2016-08-19] (AVG Technologies CZ, s.r.o.)
Task: {7392A771-4BC9-45E9-9ED3-5AD06A474279} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2015-08-16] (@ByELDI)
Task: {75FA19C2-6086-439C-8DA6-AF955F707B13} - System32\Tasks\GoogleUpdateTaskMachineCore1d1a761d3f62bb1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-06] (Google Inc.)
Task: {95C90A6E-E313-43A7-95D9-6273A468583B} - System32\Tasks\ESET Windows 10 upgrade – Refresh settings => C:\Program Files\Common Files\AV\ESET NOD32 Antivirus 7.0\upgrade.exe [2016-08-17] (ESET)
Task: {9E035B9F-4DBB-4578-8996-BA21E55F078D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-245667631-3740917297-2571881347-1001UA1d09092f0f7e3e3 => C:\Users\Com\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {AD98B510-35CD-4BD7-9F58-EB87E8D8D18B} - System32\Tasks\GoogleUpdateTaskMachineCore1d1aafcf2bec8d7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-06] (Google Inc.)
Task: {BD2164C2-FF6D-426F-BA30-9426826C2FEB} - System32\Tasks\{F055317E-ECB5-431A-A358-5BA0677535DA} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.11.73.102.456/th/abandoninstall?page=tsWLM
Task: {C3153C29-1164-4759-A9D7-E797B2DE4842} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-06] (Google Inc.)
Task: {E30905FF-D3A1-4DE5-BC85-0B76D904F91C} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e96f7ed57473 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-06] (Google Inc.)
Task: {ED4AD7D5-9C4A-46DA-88BC-BD9AB0A76BFC} - System32\Tasks\GoogleUpdateTaskMachineCore1d0ce87a8eff2f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-06] (Google Inc.)
Task: {FD8626FC-2121-4797-AA2C-096B2068E712} - System32\Tasks\IntelBootstrapCCDashExe => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [2015-03-16] (Intel® Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1a761d3f62bb1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1aafcf2bec8d7.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1e96f7ed57473.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Com\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\твинк2 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"

==================== Loaded Modules (Whitelisted) ==============

2015-03-16 07:58 - 2015-03-16 07:58 - 00127200 _____ () C:\Program Files\Intel\ConnectCenter\bin\Interop.STCServLib.dll
2015-12-22 02:47 - 2015-12-22 02:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\kpcengine.2.3.dll
2016-04-29 07:41 - 2016-05-01 10:47 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-06-13 15:04 - 2016-05-23 09:25 - 00075264 _____ () C:\Program Files (x86)\PDF24\zlib.dll
2016-06-13 15:04 - 2016-05-23 09:24 - 00053248 _____ () C:\Program Files (x86)\PDF24\OperationUI.dll
2014-08-13 04:27 - 2014-08-13 04:27 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2014-07-29 08:34 - 2014-07-29 08:34 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2016-04-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-245667631-3740917297-2571881347-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Com\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "egui"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "YouCam Service"
HKLM\...\StartupApproved\Run32: => "RemoteControl11"
HKLM\...\StartupApproved\Run32: => "USB Security"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\StartupApproved\Run: => "GoogleDriveSync"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2F0EA5F7-4910-422E-A3BE-3003E1859F34}] => (Allow) F:\All Programe!!\Microsoft Office 2013 Professional Plus 2013 x86x64 EN-TH Volume June 2013\KMSpico Win8.1\KMSELDI.exe
FirewallRules: [{B117B936-D6D5-4C1D-B51E-1D2C53320A5F}] => (Allow) F:\All Programe!!\Microsoft Office 2013 Professional Plus 2013 x86x64 EN-TH Volume June 2013\KMSpico Win8.1\KMSELDI.exe
FirewallRules: [TCP Query User{991A3DC7-A4B0-4147-BF84-5E76ED413930}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{2FA4D120-053B-4389-AD07-E23C99CFD229}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{B42D7907-A860-499B-BEC4-617BB6A828CF}] => (Allow) LPort=1688
FirewallRules: [{6DA601C9-6F28-46E7-9B99-E8EB91078556}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{4645F918-9D04-4F94-A650-311DB161D00B}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{39C8497B-B303-46A2-8A86-6D3CC1443FD6}] => (Allow) C:\Users\Com\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{448D1F70-6CEB-44D2-98D2-0F54BA944C6C}] => (Allow) C:\Users\Com\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E3C4A784-425E-42E0-A9D7-3B040B877B5B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C41C81BD-1C44-45ED-B61D-DDCCF00B1834}] => (Allow) LPort=2869
FirewallRules: [{016F0723-8D9C-42D9-ADF5-9E690178CB45}] => (Allow) LPort=1900
FirewallRules: [{D7FEBC38-8519-4CD5-9DE3-DC392484D17C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{CC778C35-940F-4F37-B4B8-B25FE417D070}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{2A5E5DD1-7414-4596-A626-1BDDCC4350AE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{571D5B1A-DF9F-4BBF-901E-31D0452D6D98}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{0D6B77F1-DC5E-4264-B4CC-B5B2BACF5C54}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3BEF5B9F-D379-48F8-A896-35431477DBDF}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{E1E3F67D-3C1B-47BA-A6AA-25170B158B92}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3F825693-CAA3-40C7-92C1-4522B8834CA2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0757598C-67B2-4EFC-A653-C826F6E009D8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{900112B3-A291-4D79-A589-E1AA40820D24}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{69A09FC3-7B97-48B4-AA62-0A5EF1429D64}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B0291C17-CBF4-48EA-9455-720CCB6D9C39}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EF653321-EAFD-4933-A2B5-681B62D367BC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{52F4976D-ED86-4812-8E66-9BB57F2C3634}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{AC6D8257-545A-4A21-BC37-31280DAD9890}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BFACF0F8-9C23-48EC-B7B2-B3E1161B6DB1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4B8052FA-FAC7-48C7-927B-A3ED8403D7B4}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [{CBA283B8-12D1-46B1-AD8F-1F8E2500025B}] => (Allow) C:\Program Files (x86)\ASUS\Share Link\ShareLink.exe
FirewallRules: [{21EA7987-5666-4BC8-9755-49EA2999B7A5}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [{0CCC8FA2-1097-4AF7-A1D0-D6EF2077CFD7}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [TCP Query User{12F49081-9891-4542-84C8-B433968B6A41}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [UDP Query User{99E5F124-F863-4EF6-A7D3-8612DD32D91A}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [TCP Query User{69CEFFDA-D9B0-4476-B467-08ADCE87FAEF}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [UDP Query User{9220AA4F-1A6D-4E6F-8AC7-BEE9B78F8F81}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [{36203222-D271-42F8-AEC4-B6D4A810D257}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

20-08-2016 16:34:28 Scheduled Checkpoint
25-08-2016 14:51:58 Removed Microsoft Office Professional Plus 2013
25-08-2016 14:52:45 PROPLUSR

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/25/2016 02:46:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2016 01:46:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2016 01:46:37 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2016 01:46:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2016 01:38:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2016 01:38:12 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2016 01:37:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2016 12:22:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2016 12:22:48 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2016 12:22:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (08/25/2016 09:51:08 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 0:24:42 on ‎25/‎8/‎2559 was unexpected.

Error: (08/24/2016 12:11:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/23/2016 09:48:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Freemake Improver service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/23/2016 12:16:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/22/2016 09:42:22 PM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1053WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/22/2016 09:42:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (08/22/2016 09:42:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (08/22/2016 09:42:22 PM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1053WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/22/2016 09:42:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (08/22/2016 09:42:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.


==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU N2930 @ 1.83GHz
Percentage of memory in use: 70%
Total physical RAM: 3982.48 MB
Available physical RAM: 1186.91 MB
Total Virtual: 5390.48 MB
Available Virtual: 1323.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:23.01 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:365.76 GB) (Free:301.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C92D9F06)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=365.8 GB) - (Type=05)

==================== End of Addition.txt ============================
         
--- --- ---


Alt 25.08.2016, 15:25   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop anscheinden von Viren oder Trojaner befallen - Standard

Laptop anscheinden von Viren oder Trojaner befallen



Bitte die CODE-Tags korrigieren.

Avira ist immer noch drauf. Das sollte runter. Deinstallier auch die Reste von AVG wenn möglich.
__________________
--> Laptop anscheinden von Viren oder Trojaner befallen

Alt 25.08.2016, 16:00   #7
vick_stan
 
Laptop anscheinden von Viren oder Trojaner befallen - Standard

Laptop anscheinden von Viren oder Trojaner befallen



Habe Avira und AVG deinstalliert. Auf ein Neues:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by Com (administrator) on USER (25-08-2016 15:52:35)
Running from C:\Users\Com\Downloads
Loaded Profiles: Com (Available Profiles: Com)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avp.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avpui.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Intel® Corporation) C:\Program Files\Intel\ConnectCenter\bin\CCFManager.exe
(Intel Corporation) C:\Program Files\Intel\STCServ\STCServ.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSGPlusBTServer64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSmartGestureDetector64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Com\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelConnectCenter] => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [90112 2015-03-16] (Intel® Corporation)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [247016 2011-09-09] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [74752 2015-09-02] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [226816 2016-05-23] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\Policies\Explorer: [NoDrives] 0x00000000
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{C79A7648-F485-45BF-BE3C-29E6202DDFA5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FD466CB9-31B0-4EA9-8877-1A184043BC69}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-245667631-3740917297-2571881347-1001 -> DefaultScope {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = 
SearchScopes: HKU\S-1-5-21-245667631-3740917297-2571881347-1001 -> {24E0BF82-5E77-4A8A-A1C7-1F5BCD37122E} URL = 
SearchScopes: HKU\S-1-5-21-245667631-3740917297-2571881347-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-12-15] (DVDVideoSoft Ltd.)
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-09] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-09] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-12-15] (DVDVideoSoft Ltd.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)

FireFox:
========
FF ProfilePath: C:\Users\Com\AppData\Roaming\Mozilla\Firefox\Profiles\n5zlkxd7.default
FF NetworkProxy: "ftp", "80.77.29.22"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "80.77.29.22"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "socks", "80.77.29.22"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "80.77.29.22"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF user.js: detected! => C:\Users\Com\AppData\Roaming\Mozilla\Firefox\Profiles\n5zlkxd7.default\user.js [2016-03-27]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Com\AppData\Roaming\Mozilla\Firefox\Profiles\n5zlkxd7.default\Extensions\abs@avira.com [2016-08-19]
FF Extension: German Dictionary - C:\Users\Com\AppData\Roaming\Mozilla\Firefox\Profiles\n5zlkxd7.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2016-08-16]
FF Extension: Diccionario Español Argentina - C:\Users\Com\AppData\Roaming\Mozilla\Firefox\Profiles\n5zlkxd7.default\Extensions\es-AR@dictionaries.addons.mozilla.org [2016-04-06] [not signed]
FF Extension: One Click Proxy - C:\Users\Com\AppData\Roaming\Mozilla\Firefox\Profiles\n5zlkxd7.default\Extensions\jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi [2016-04-19]
FF Extension: Avira SafeSearch Plus - C:\Users\Com\AppData\Roaming\Mozilla\Firefox\Profiles\n5zlkxd7.default\Extensions\safesearchplus2@avira.com [2016-08-19]
FF Extension: Adblock Plus - C:\Users\Com\AppData\Roaming\Mozilla\Firefox\Profiles\n5zlkxd7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-12-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-08-20]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-24] [not signed]

Chrome: 
=======
CHR DefaultSearchURL: Profile 2 -> hxxps://search.avira.net/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Profile 2 -> Avira
CHR DefaultSuggestURL: Profile 2 -> hxxps://search.avira.net/suggestions?q={searchTerms}&li=ff&hl=en
CHR Profile: C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-17]
CHR Extension: (Google Docs) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-17]
CHR Extension: (Google Drive) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-17]
CHR Extension: (YouTube) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-17]
CHR Extension: (Google Sheets) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-17]
CHR Extension: (Google Docs Offline) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-17]
CHR Extension: (Gmail) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-17]
CHR Profile: C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-26]
CHR Extension: (Google Docs) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-26]
CHR Extension: (Google Drive) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-26]
CHR Extension: (YouTube) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-26]
CHR Extension: (Google Sheets) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-26]
CHR Extension: (Google Docs Offline) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-26]
CHR Extension: (Gmail) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-26]
CHR Profile: C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-26]
CHR Extension: (Google Docs) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-26]
CHR Extension: (Google Drive) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-26]
CHR Extension: (YouTube) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-26]
CHR Extension: (Google Sheets) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-26]
CHR Extension: (Avira Browser Safety) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-08-20]
CHR Extension: (Google Docs Offline) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-27]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2016-08-20]
CHR Extension: (Kaspersky Protection) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-08-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-26]
CHR Extension: (Gmail) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-26]
CHR Extension: (Chrome Media Router) - C:\Users\Com\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations) [File not signed]
R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-09-02] (Freemake) [File not signed]
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 STCServ; C:\Program Files\Intel\STCServ\STCServ.exe [8095456 2015-03-16] (Intel Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2013-09-25] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69904 2015-10-07] (ASUS Corporation)
R3 bcmsmbsp; C:\Windows\System32\drivers\bcmsmbsp.sys [40152 2013-09-09] (Broadcom Corporation.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-04] ()
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79752 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [182664 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [237400 2016-08-20] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [992600 2016-08-20] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [51288 2016-04-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
S4 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87984 2016-08-20] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [110424 2016-08-20] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
S3 massfilter; C:\Windows\System32\drivers\ztembbmassfilter.sys [15360 2012-11-23] (MBB Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-25] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-11] (Intel Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2013-10-31] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [236888 2013-10-31] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 ZTEusbmdm6k; C:\Windows\system32\DRIVERS\ztembbusbmdm.sys [123264 2012-11-23] (ZTE Incorporated)
S3 ZTEusbnmea; C:\Windows\system32\DRIVERS\ztembbusbnmea.sys [123264 2012-11-23] (ZTE Incorporated)
S3 ZTEusbser6K; C:\Windows\system32\DRIVERS\ztembbusbser6k.sys [123264 2012-11-23] (ZTE Incorporated)
S3 ZTEusbvoice; C:\Windows\system32\DRIVERS\ztembbusbvoice.sys [123264 2012-11-23] (ZTE Incorporated)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
S4 nvlddmkm; \SystemRoot\system32\DRIVERS\nvlddmkm.sys [X]
S4 nvpciflt; \SystemRoot\system32\DRIVERS\nvpciflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-25 15:52 - 2016-08-25 15:52 - 02396672 _____ (Farbar) C:\Users\Com\Downloads\FRST64(1).exe
2016-08-25 14:08 - 2016-08-25 15:17 - 00030414 _____ C:\Users\Com\Downloads\Addition.txt
2016-08-25 14:06 - 2016-08-25 15:52 - 00024294 _____ C:\Users\Com\Downloads\FRST.txt
2016-08-25 14:05 - 2016-08-25 15:52 - 00000000 ____D C:\FRST
2016-08-25 14:05 - 2016-08-25 14:05 - 02396672 _____ (Farbar) C:\Users\Com\Downloads\FRST64.exe
2016-08-25 13:23 - 2016-08-25 13:23 - 00000091 ____H C:\Users\Com\Desktop\.~lock.cv roman.doc#
2016-08-25 12:53 - 2016-08-25 12:53 - 00411216 _____ C:\Users\Com\Downloads\ceo_resume_template.pdf
2016-08-25 12:52 - 2016-08-25 12:52 - 00169358 _____ C:\Users\Com\Desktop\sample-CEO-resume.pdf
2016-08-25 12:51 - 2016-08-25 12:51 - 00178626 _____ C:\Users\Com\Downloads\sample-CEO-resume.pdf
2016-08-25 12:30 - 2016-08-25 12:30 - 00012362 _____ C:\Users\Com\Downloads\Sample CV in English.pdf
2016-08-24 16:31 - 2016-08-25 13:14 - 00019186 _____ C:\Users\Com\Desktop\cv roman.odt
2016-08-24 14:45 - 2016-08-24 14:45 - 00096514 _____ C:\Users\Com\Downloads\dfg_initiativ_2012.pdf
2016-08-23 20:43 - 2016-08-23 20:43 - 00154656 _____ C:\Users\Com\Downloads\fb03-0010-frsek-260816(1).pdf
2016-08-23 20:40 - 2016-08-23 20:40 - 00154656 _____ C:\Users\Com\Downloads\fb03-0010-frsek-260816.pdf
2016-08-23 09:33 - 2016-08-25 15:44 - 00001537 _____ C:\Users\Com\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AsusSmartGestureDetector.lnk
2016-08-20 22:30 - 2016-08-20 22:30 - 30166566 _____ C:\Users\Com\Downloads\DSCN1595.MOV
2016-08-20 20:15 - 2016-08-20 20:16 - 91467869 _____ C:\Users\Com\Downloads\DSCN1568.MOV
2016-08-20 20:11 - 2016-08-20 20:11 - 37532381 _____ C:\Users\Com\Downloads\DSCN1547.MOV
2016-08-20 20:10 - 2016-08-20 20:11 - 48410081 _____ C:\Users\Com\Downloads\DSCN1546.MOV
2016-08-20 19:07 - 2016-08-20 19:07 - 21830775 _____ C:\Users\Com\Downloads\DSCN1600.MOV
2016-08-20 19:07 - 2016-08-20 19:07 - 10102483 _____ C:\Users\Com\Downloads\DSCN1553.MOV
2016-08-20 19:06 - 2016-08-20 19:07 - 17810256 _____ C:\Users\Com\Downloads\DSCN1599.MOV
2016-08-20 19:06 - 2016-08-20 19:06 - 11296539 _____ C:\Users\Com\Downloads\DSCN1598.MOV
2016-08-20 19:04 - 2016-08-20 19:04 - 21394464 _____ C:\Users\Com\Downloads\DSCN1597.MOV
2016-08-20 19:03 - 2016-08-20 19:03 - 16439466 _____ C:\Users\Com\Downloads\DSCN1596.MOV
2016-08-20 18:59 - 2016-08-20 19:00 - 48668490 _____ C:\Users\Com\Downloads\DSCN1602.MOV
2016-08-20 14:51 - 2016-08-21 11:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\47F665AA.sys
2016-08-20 14:35 - 2016-08-20 14:35 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\4F505988.sys
2016-08-20 01:04 - 2016-08-20 01:04 - 00002107 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2016-08-20 01:04 - 2016-08-20 01:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2016-08-20 01:03 - 2016-08-25 15:43 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-08-20 01:03 - 2016-08-20 01:03 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-08-20 01:03 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2016-08-20 01:02 - 2016-08-20 12:32 - 00992600 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-08-20 01:02 - 2015-12-11 17:31 - 00182664 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2016-08-20 00:47 - 2016-08-20 00:47 - 01932640 _____ (Kaspersky Lab) C:\Users\Com\Downloads\kav16.0.0.614abcdde_9831.exe
2016-08-20 00:06 - 2016-08-20 00:06 - 02041880 _____ (Kaspersky Lab) C:\Users\Com\Downloads\kav16.0.1.445abcde_10532.exe
2016-08-19 23:50 - 2016-08-19 23:50 - 03143504 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Com\Downloads\AVG_Protection_Free_1606.exe
2016-08-19 23:38 - 2016-08-19 23:38 - 04831216 _____ (Avira Operations GmbH & Co. KG) C:\Users\Com\Downloads\avira_en_av_57b77bc3aa496__ws(1).exe
2016-08-19 23:36 - 2016-08-19 23:36 - 04831216 _____ (Avira Operations GmbH & Co. KG) C:\Users\Com\Downloads\avira_en_av_57b77bc3aa496__ws.exe
2016-08-19 23:25 - 2016-08-25 15:43 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-19 23:25 - 2016-08-19 23:25 - 00001114 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-08-19 23:25 - 2016-08-19 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-08-19 23:25 - 2016-08-19 23:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-19 23:25 - 2016-08-19 23:25 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-08-19 23:25 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-19 23:25 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-19 23:25 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-19 23:24 - 2016-08-19 23:24 - 22851472 _____ (Malwarebytes ) C:\Users\Com\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-19 18:13 - 2016-08-19 18:13 - 00074187 _____ C:\Users\Com\Downloads\ma_polwis_zugangssatzung.pdf
2016-08-18 21:56 - 2016-08-19 23:25 - 00025156 _____ C:\Users\Com\Desktop\Untitled 1.odt
2016-08-18 20:09 - 2016-08-18 20:09 - 00028158 _____ C:\Users\Com\Downloads\Anlage(1).pdf
2016-08-18 19:48 - 2016-08-18 19:48 - 03746280 _____ C:\Users\Com\Downloads\broschuere-berufsbilder-im-sprachendienst-11-data.pdf
2016-08-16 21:06 - 2016-08-16 21:06 - 00014239 _____ C:\Users\Com\Documents\Untitled 1.odt
2016-08-16 18:28 - 2016-08-16 18:28 - 02397951 _____ C:\Users\Com\Downloads\Veranstaltungsprogramm und Anmeldeformular.als PDF.pdf
2016-08-12 13:15 - 2016-08-12 13:15 - 04014191 _____ C:\Users\Com\Documents\Bewerbungsmappe_V.Stanislavski_AA Frankfurt.pdf
2016-08-12 12:11 - 2016-08-12 12:18 - 00058981 _____ C:\Users\Com\Documents\Nachweis Eigenbemühungen V.Stanislavski.pdf
2016-08-10 21:08 - 2016-08-10 21:08 - 00023214 _____ C:\Users\Com\Documents\AA.odt
2016-08-09 14:49 - 2016-08-09 14:49 - 00129474 _____ C:\Users\Com\Downloads\egov-content438289.pdf
2016-08-09 14:47 - 2016-08-09 14:47 - 00143605 _____ C:\Users\Com\Downloads\l6019022dstbai808947.pdf
2016-08-09 14:32 - 2016-08-09 14:32 - 00676466 _____ C:\Users\Com\Downloads\eb-sgbiii-443-0-pdf.pdf
2016-08-09 12:37 - 2016-08-09 12:37 - 02468086 _____ C:\Users\Com\Downloads\Sfs_Studie.pdf
2016-08-09 01:14 - 2016-08-09 01:14 - 00053785 _____ C:\Users\Com\Downloads\data.pdf
2016-08-09 00:33 - 2016-08-09 00:33 - 08793295 _____ C:\Users\Com\Downloads\6019022dstbai386915.pdf
2016-08-08 14:11 - 2016-08-08 14:11 - 00082002 _____ C:\Users\Com\Downloads\tvoed-bund(1).pdf
2016-08-08 11:58 - 2016-08-08 11:58 - 10046619 _____ C:\Users\Com\Downloads\l6019022dstbai665890.pdf
2016-08-08 07:13 - 2016-08-08 07:13 - 00049485 _____ C:\Users\Com\Documents\Test_translation_2_V.Stanislavski.pdf
2016-08-08 07:13 - 2016-08-08 07:13 - 00048708 _____ C:\Users\Com\Documents\Test_translation_1_V.Stanislavski.pdf
2016-08-06 19:22 - 2016-08-06 19:22 - 04498815 _____ C:\Users\Com\Downloads\Weissbuch2016_barrierefrei.pdf
2016-08-06 19:22 - 2016-08-06 19:22 - 04498815 _____ C:\Users\Com\Downloads\Weissbuch2016_barrierefrei(1).pdf
2016-08-06 18:58 - 2016-08-06 18:58 - 00016473 _____ C:\Users\Com\Downloads\Auswahlverfahren.pdf
2016-08-05 12:44 - 2016-08-05 12:45 - 04235939 _____ C:\Users\Com\Downloads\tpi125_de_en.pdf
2016-08-03 13:44 - 2016-08-03 13:44 - 00121863 _____ C:\Users\Com\Downloads\Form(4).pdf
2016-08-03 13:43 - 2016-08-03 13:43 - 00059748 _____ C:\Users\Com\Downloads\Registrierungsbestätigung.PDF
2016-08-03 13:42 - 2016-08-03 13:42 - 00121863 _____ C:\Users\Com\Downloads\Form(3).pdf
2016-08-03 13:42 - 2016-08-03 13:42 - 00121863 _____ C:\Users\Com\Downloads\Form(2).pdf
2016-08-03 13:41 - 2016-08-03 13:42 - 00122956 _____ C:\Users\Com\Downloads\Form(1).pdf
2016-08-03 13:41 - 2016-08-03 13:41 - 00122956 _____ C:\Users\Com\Downloads\Form.pdf
2016-08-03 12:15 - 2016-08-03 12:15 - 00082002 _____ C:\Users\Com\Downloads\tvoed-bund.pdf
2016-08-02 22:17 - 2016-08-02 22:17 - 00390997 _____ C:\Users\Com\Downloads\UdOe30.pdf
2016-08-01 17:03 - 2016-08-17 00:34 - 00082071 _____ C:\Users\Com\Documents\Übersetzung.odt
2016-08-01 14:29 - 2016-08-01 14:29 - 00339808 _____ C:\Users\Com\Downloads\TOEFL_V.Stanislavski.pdf
2016-07-30 16:55 - 2016-07-30 16:55 - 02172833 _____ C:\Users\Com\Downloads\Arbeitszeugnisse_V.Stanislavski.pdf
2016-07-30 13:17 - 2016-07-30 13:17 - 00118450 _____ C:\Users\Com\Downloads\Merkblatt_SA_in_der_UA_Web_2015-1611.pdf
2016-07-29 12:28 - 2016-07-29 12:28 - 00388067 _____ C:\Users\Com\Downloads\Daten#bersicht
2016-07-29 12:15 - 2016-07-29 12:15 - 02263569 _____ C:\Users\Com\Downloads\160722_Stellenanzeige_Projektmanager_Bremen.pdf
2016-07-29 11:33 - 2016-07-29 11:33 - 01746479 _____ C:\Users\Com\Documents\Bildungszeugnisse_V.Stanislavski.pdf
2016-07-29 11:32 - 2016-07-29 11:32 - 01038107 _____ C:\Users\Com\Documents\Arbeitszeugnisse_V.Stanislavski.pdf
2016-07-29 10:02 - 2016-08-25 15:45 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d1e96f7ed57473
2016-07-29 10:02 - 2016-08-25 15:45 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-29 10:02 - 2016-08-25 15:45 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1e96f7ed57473.job
2016-07-29 10:02 - 2016-08-25 15:45 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-28 18:10 - 2016-07-28 18:10 - 07422017 _____ C:\Users\Com\Downloads\Bewerbung.pdf
2016-07-28 17:44 - 2016-07-28 17:44 - 07263884 _____ C:\Users\Com\Downloads\Bewerbungsprofil.pdf
2016-07-28 16:35 - 2016-07-28 16:35 - 00840274 _____ C:\Users\Com\Documents\Zeugnisse_V. Stanislavski.pdf
2016-07-28 15:42 - 2016-07-28 15:42 - 00196363 _____ C:\Users\Com\Downloads\2016-06-25_Praktikum_Intendanz_IFB.pdf
2016-07-27 18:43 - 2016-07-27 18:43 - 00088179 _____ C:\Users\Com\Downloads\20160706_Ausschreibung F 44.pdf
2016-07-26 16:58 - 2016-07-26 16:58 - 00925992 _____ C:\Users\Com\Downloads\uepo_300_2010_2013-09-22.pdf
2016-07-26 16:31 - 2016-07-26 16:31 - 05987736 _____ C:\Users\Com\Downloads\infoNRW_1_2014_online.pdf
2016-07-26 15:52 - 2016-07-26 18:34 - 00013568 _____ C:\Users\Com\Documents\Kalkulation_Matrix.ods
2016-07-26 12:05 - 2016-07-26 12:27 - 00968071 _____ C:\Users\Com\Documents\Bewerbungsmappe_V.Stanislavski_AfA_Montabaur.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-25 15:49 - 2014-02-16 13:42 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-25 15:49 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-08-25 15:48 - 2014-02-16 13:45 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-245667631-3740917297-2571881347-1001
2016-08-25 15:47 - 2016-04-29 07:41 - 00000000 ____D C:\Program Files (x86)\AVG
2016-08-25 15:46 - 2016-04-29 07:40 - 00000000 ____D C:\Users\Com\AppData\Local\AvgSetupLog
2016-08-25 15:46 - 2014-02-16 13:50 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-08-25 15:45 - 2016-05-10 22:45 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1aafcf2bec8d7
2016-08-25 15:45 - 2016-05-10 22:45 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1aafcf2bec8d7.job
2016-08-25 15:45 - 2016-05-06 08:38 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d1a761d3f62bb1
2016-08-25 15:45 - 2016-05-06 08:37 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-25 15:45 - 2016-05-06 08:37 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1a761d3f62bb1.job
2016-08-25 15:45 - 2016-05-06 08:37 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-25 15:45 - 2016-02-28 23:23 - 00000000 ____D C:\ProgramData\Avira
2016-08-25 15:45 - 2015-03-06 10:00 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-25 15:43 - 2016-06-09 17:00 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-08-25 15:43 - 2016-01-18 19:45 - 00000000 ___DO C:\Users\Com\OneDrive
2016-08-25 15:42 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-25 15:41 - 2016-04-25 08:43 - 05380392 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-25 15:40 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-08-25 15:37 - 2014-02-17 04:18 - 00000000 ____D C:\Users\Com\AppData\Roaming\Skype
2016-08-25 15:34 - 2014-12-29 06:46 - 00000000 ____D C:\Users\Com\AppData\Roaming\vlc
2016-08-25 15:07 - 2014-02-16 13:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-08-25 15:05 - 2013-08-22 21:11 - 00000000 ____D C:\Windows\ShellNew
2016-08-25 15:05 - 2013-08-22 17:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-25 14:58 - 2016-04-10 12:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-25 14:57 - 2013-08-22 15:25 - 00000076 _____ C:\Windows\win.ini
2016-08-25 14:54 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-25 14:53 - 2014-12-29 17:06 - 06140928 ___SH C:\Users\Com\Desktop\Thumbs.db
2016-08-25 13:22 - 2014-12-17 09:00 - 07687168 ___SH C:\Users\Com\Downloads\Thumbs.db
2016-08-25 09:59 - 2014-02-17 04:36 - 00000000 ____D C:\Users\Com\AppData\Local\Adobe
2016-08-25 09:58 - 2014-12-16 17:22 - 00003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{73BFAA1B-1E35-478D-B893-0170BDE89573}
2016-08-25 09:54 - 2014-02-16 13:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-24 14:54 - 2016-06-14 23:10 - 00033857 _____ C:\Users\Com\Desktop\Untitled 1.ods
2016-08-24 11:39 - 2016-04-27 06:19 - 00000000 ____D C:\Users\Com\Documents\Wichtige Unterlagen
2016-08-23 00:17 - 2014-02-16 13:39 - 00000000 ____D C:\Users\Com
2016-08-20 13:28 - 2015-02-21 19:03 - 00000000 ____D C:\Users\Com\AppData\Roaming\uTorrent
2016-08-20 12:32 - 2015-12-03 11:12 - 00110424 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2016-08-20 12:32 - 2015-10-06 22:30 - 00087984 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwfp.sys
2016-08-20 12:25 - 2016-04-29 01:28 - 00237400 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-08-20 01:04 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-08-20 01:03 - 2013-08-22 17:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-08-19 22:20 - 2016-05-06 08:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-17 12:49 - 2016-04-18 12:55 - 00003350 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2016-08-14 19:25 - 2014-12-29 04:27 - 00450560 ___SH C:\Users\Com\Documents\Thumbs.db
2016-08-10 16:57 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-10 16:57 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-08-09 23:36 - 2014-12-29 04:27 - 00000000 ____D C:\Users\Com\Documents\TranscribeMe
2016-08-09 12:05 - 2016-05-17 10:57 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2014-02-17 04:37 - 2014-02-17 04:37 - 0008194 _____ () C:\Users\Com\AppData\Local\ace11
2015-09-14 21:00 - 2015-09-14 21:00 - 0000016 _____ () C:\ProgramData\mntemp
2015-09-14 21:00 - 2015-09-14 21:00 - 0005050 _____ () C:\ProgramData\wmzddnmb.cix

Some files in TEMP:
====================
C:\Users\Com\AppData\Local\Temp\avgnt.exe
C:\Users\Com\AppData\Local\Temp\avguirn_08666070450.exe
C:\Users\Com\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-25 11:59

==================== End of FRST.txt ============================
         
--- --- ---

--- --- ---


[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by Com (25-08-2016 15:59:32)
Running from C:\Users\Com\Downloads
Windows 8.1 Pro (Update) (X64) (2014-02-16 11:39:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-245667631-3740917297-2571881347-500 - Administrator - Disabled)
Com (S-1-5-21-245667631-3740917297-2571881347-1001 - Administrator - Enabled) => C:\Users\Com
Guest (S-1-5-21-245667631-3740917297-2571881347-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-245667631-3740917297-2571881347-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
ASUS Share Link (HKLM-x32\...\{c3bcc1e3-f950-439c-bcae-f01283e9f2a4}_is1) (Version: 1.0.27.0911 - ASUSTEK)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.3.9 - ASUS)
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Collage Maker (HKLM-x32\...\{05F2884D-89AC-4DE4-A63D-7DB3FE3398DC}) (Version: 3.80 - Galleria Software)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.0909 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel® CCF Manager (HKLM-x32\...\{0f3d8dd5-54af-4404-a01c-4967e485a065}) (Version: 3.0.13.2211 - Intel Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 7.8.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
STCServ (Version: 3.0.0.1783 - Intel Corporation) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse  (01/13/2015 6.0.0.41) (HKLM\...\E43971232F0609D99713D21682E603E28D0F0518) (Version: 01/13/2015 6.0.0.41 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08E72AF3-7501-4B4F-B0E0-BE3CE2FE6D7C} - System32\Tasks\{6AB09B8F-B131-4D07-8D86-12743C87EC93} => pcalua.exe -a F:\InstallDriver.exe -d F:\
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1E47E74C-BD3E-405D-8300-6DB421C1D436} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-vick_stan@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {26A6FB15-CB65-4F90-8937-E21747A3EA9F} - System32\Tasks\{6CB25420-B91E-438E-A930-4D60F404B1FC} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe"
Task: {2DBE3B49-1AAD-442B-8F0A-293C56D3B6C0} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-10-07] (AsusTek)
Task: {39DD1CD6-E421-45C6-98A4-E4A4FE2F52E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-06] (Google Inc.)
Task: {48A94492-7445-4476-A1C5-B19BCC11BF69} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {4FE62FF8-793E-4EDD-AAE5-0C32F867B018} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-03-20] (Oracle Corporation)
Task: {5EB533CF-8B79-4EF0-B2AA-BADCFE5F31C5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-245667631-3740917297-2571881347-1001Core1d0ce862ca6dde5 => C:\Users\Com\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {5FCD76E9-CE55-4A6D-BD7D-87BDC1418CB9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {6DFFD6BE-A753-4689-93FB-BECD37F387AC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {6F97F18D-E992-4423-84AF-A05ABE810E8C} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {7392A771-4BC9-45E9-9ED3-5AD06A474279} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2015-08-16] (@ByELDI)
Task: {75FA19C2-6086-439C-8DA6-AF955F707B13} - System32\Tasks\GoogleUpdateTaskMachineCore1d1a761d3f62bb1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-06] (Google Inc.)
Task: {95C90A6E-E313-43A7-95D9-6273A468583B} - System32\Tasks\ESET Windows 10 upgrade – Refresh settings => C:\Program Files\Common Files\AV\ESET NOD32 Antivirus 7.0\upgrade.exe [2016-08-17] (ESET)
Task: {9E035B9F-4DBB-4578-8996-BA21E55F078D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-245667631-3740917297-2571881347-1001UA1d09092f0f7e3e3 => C:\Users\Com\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {AD98B510-35CD-4BD7-9F58-EB87E8D8D18B} - System32\Tasks\GoogleUpdateTaskMachineCore1d1aafcf2bec8d7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-06] (Google Inc.)
Task: {BD2164C2-FF6D-426F-BA30-9426826C2FEB} - System32\Tasks\{F055317E-ECB5-431A-A358-5BA0677535DA} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.11.73.102.456/th/abandoninstall?page=tsWLM
Task: {C3153C29-1164-4759-A9D7-E797B2DE4842} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-06] (Google Inc.)
Task: {E30905FF-D3A1-4DE5-BC85-0B76D904F91C} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e96f7ed57473 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-06] (Google Inc.)
Task: {ED4AD7D5-9C4A-46DA-88BC-BD9AB0A76BFC} - System32\Tasks\GoogleUpdateTaskMachineCore1d0ce87a8eff2f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-06] (Google Inc.)
Task: {FD8626FC-2121-4797-AA2C-096B2068E712} - System32\Tasks\IntelBootstrapCCDashExe => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [2015-03-16] (Intel® Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1a761d3f62bb1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1aafcf2bec8d7.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d1e96f7ed57473.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Com\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\твинк2 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"

==================== Loaded Modules (Whitelisted) ==============

2015-03-16 07:58 - 2015-03-16 07:58 - 00127200 _____ () C:\Program Files\Intel\ConnectCenter\bin\Interop.STCServLib.dll
2015-12-22 02:47 - 2015-12-22 02:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.1\kpcengine.2.3.dll
2016-06-13 15:04 - 2016-05-23 09:25 - 00075264 _____ () C:\Program Files (x86)\PDF24\zlib.dll
2016-06-13 15:04 - 2016-05-23 09:24 - 00053248 _____ () C:\Program Files (x86)\PDF24\OperationUI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2016-04-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-245667631-3740917297-2571881347-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Com\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "egui"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "YouCam Service"
HKLM\...\StartupApproved\Run32: => "RemoteControl11"
HKLM\...\StartupApproved\Run32: => "USB Security"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-245667631-3740917297-2571881347-1001\...\StartupApproved\Run: => "GoogleDriveSync"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2F0EA5F7-4910-422E-A3BE-3003E1859F34}] => (Allow) F:\All Programe!!\Microsoft Office 2013 Professional Plus 2013 x86x64 EN-TH Volume June 2013\KMSpico Win8.1\KMSELDI.exe
FirewallRules: [{B117B936-D6D5-4C1D-B51E-1D2C53320A5F}] => (Allow) F:\All Programe!!\Microsoft Office 2013 Professional Plus 2013 x86x64 EN-TH Volume June 2013\KMSpico Win8.1\KMSELDI.exe
FirewallRules: [TCP Query User{991A3DC7-A4B0-4147-BF84-5E76ED413930}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{2FA4D120-053B-4389-AD07-E23C99CFD229}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{B42D7907-A860-499B-BEC4-617BB6A828CF}] => (Allow) LPort=1688
FirewallRules: [{6DA601C9-6F28-46E7-9B99-E8EB91078556}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{4645F918-9D04-4F94-A650-311DB161D00B}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{39C8497B-B303-46A2-8A86-6D3CC1443FD6}] => (Allow) C:\Users\Com\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{448D1F70-6CEB-44D2-98D2-0F54BA944C6C}] => (Allow) C:\Users\Com\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E3C4A784-425E-42E0-A9D7-3B040B877B5B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C41C81BD-1C44-45ED-B61D-DDCCF00B1834}] => (Allow) LPort=2869
FirewallRules: [{016F0723-8D9C-42D9-ADF5-9E690178CB45}] => (Allow) LPort=1900
FirewallRules: [{D7FEBC38-8519-4CD5-9DE3-DC392484D17C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{CC778C35-940F-4F37-B4B8-B25FE417D070}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{2A5E5DD1-7414-4596-A626-1BDDCC4350AE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{571D5B1A-DF9F-4BBF-901E-31D0452D6D98}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{0D6B77F1-DC5E-4264-B4CC-B5B2BACF5C54}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3BEF5B9F-D379-48F8-A896-35431477DBDF}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{E1E3F67D-3C1B-47BA-A6AA-25170B158B92}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3F825693-CAA3-40C7-92C1-4522B8834CA2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0757598C-67B2-4EFC-A653-C826F6E009D8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{900112B3-A291-4D79-A589-E1AA40820D24}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{69A09FC3-7B97-48B4-AA62-0A5EF1429D64}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B0291C17-CBF4-48EA-9455-720CCB6D9C39}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EF653321-EAFD-4933-A2B5-681B62D367BC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{52F4976D-ED86-4812-8E66-9BB57F2C3634}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{AC6D8257-545A-4A21-BC37-31280DAD9890}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BFACF0F8-9C23-48EC-B7B2-B3E1161B6DB1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4B8052FA-FAC7-48C7-927B-A3ED8403D7B4}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [{CBA283B8-12D1-46B1-AD8F-1F8E2500025B}] => (Allow) C:\Program Files (x86)\ASUS\Share Link\ShareLink.exe
FirewallRules: [{21EA7987-5666-4BC8-9755-49EA2999B7A5}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [{0CCC8FA2-1097-4AF7-A1D0-D6EF2077CFD7}] => (Allow) C:\Program Files\Intel\STCServ\STCServ.exe
FirewallRules: [TCP Query User{12F49081-9891-4542-84C8-B433968B6A41}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [UDP Query User{99E5F124-F863-4EF6-A7D3-8612DD32D91A}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [TCP Query User{69CEFFDA-D9B0-4476-B467-08ADCE87FAEF}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [UDP Query User{9220AA4F-1A6D-4E6F-8AC7-BEE9B78F8F81}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [{36203222-D271-42F8-AEC4-B6D4A810D257}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

20-08-2016 16:34:28 Scheduled Checkpoint
25-08-2016 14:51:58 Removed Microsoft Office Professional Plus 2013
25-08-2016 14:52:45 PROPLUSR

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/25/2016 03:44:25 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/25/2016 03:44:25 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (08/25/2016 02:46:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2016 01:46:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2016 01:46:37 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2016 01:46:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2016 01:38:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2016 01:38:12 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2016 01:37:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2016 12:22:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (08/25/2016 03:38:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/25/2016 09:51:08 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 0:24:42 on ‎25/‎8/‎2559 was unexpected.

Error: (08/24/2016 12:11:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/23/2016 09:48:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Freemake Improver service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/23/2016 12:16:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/22/2016 09:42:22 PM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1053WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/22/2016 09:42:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (08/22/2016 09:42:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (08/22/2016 09:42:22 PM) (Source: DCOM) (EventID: 10005) (User: USER)
Description: 1053WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/22/2016 09:42:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.


==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU N2930 @ 1.83GHz
Percentage of memory in use: 55%
Total physical RAM: 3982.48 MB
Available physical RAM: 1773.62 MB
Total Virtual: 5390.48 MB
Available Virtual: 2988.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:24.49 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:365.76 GB) (Free:301.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C92D9F06)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=365.8 GB) - (Type=05)

==================== End of Addition.txt ============================
         
--- --- ---

Alt 25.08.2016, 19:15   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop anscheinden von Viren oder Trojaner befallen - Standard

Laptop anscheinden von Viren oder Trojaner befallen



Ok weiter mit MBAR

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.08.2016, 20:33   #9
vick_stan
 
Laptop anscheinden von Viren oder Trojaner befallen - Standard

Laptop anscheinden von Viren oder Trojaner befallen



Es kam die Meldung: Congratulation! No clean up is required.

No malware found

Alt 25.08.2016, 22:47   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Laptop anscheinden von Viren oder Trojaner befallen - Standard

Laptop anscheinden von Viren oder Trojaner befallen



bitte immer die logfiles posten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Laptop anscheinden von Viren oder Trojaner befallen
anlage, ausführen, befallen, befehle, befehlen, esgscanner.sys, geht nicht, hängt, inter, interne, internet, langsam, laptop, liebe, nicht mehr, nodrives, nvpciflt.sys, runter, schei, sehr langsam, surfe, surfen, system, system hängt, tagen, troja, trojaner, viren, öfters



Ähnliche Themen: Laptop anscheinden von Viren oder Trojaner befallen


  1. viren befall ?? oder malware oder unerwuenschte software ?? oder ....
    Plagegeister aller Art und deren Bekämpfung - 20.05.2015 (6)
  2. Windows 7 - Befallen von Malware oder Trojaner!
    Log-Analyse und Auswertung - 29.01.2015 (23)
  3. Laptop mit browser defender Trojaner befallen.
    Log-Analyse und Auswertung - 23.08.2013 (7)
  4. Laptop wurde vom GVU Virus/Trojaner befallen
    Plagegeister aller Art und deren Bekämpfung - 19.02.2013 (73)
  5. GVU-Trojaner mit Kamera - Laptop befallen
    Log-Analyse und Auswertung - 03.01.2013 (14)
  6. Laptop von Trojaner Virus atraps.gen 2 / TR/Small.FI befallen
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (18)
  7. Malware oder Viren oder Trojaner Schutz..Begriffverwirrung
    Antiviren-, Firewall- und andere Schutzprogramme - 12.07.2012 (1)
  8. WINNT.exe befallen mit einem Trojaner was kann oder muss ich tun
    Plagegeister aller Art und deren Bekämpfung - 28.07.2011 (3)
  9. Laptop mit Viren befalLen. was tun?
    Plagegeister aller Art und deren Bekämpfung - 14.12.2010 (4)
  10. Alter HP Laptop von Trojaner befallen und Neuformatierung anscheinend nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 31.10.2010 (18)
  11. Laptop von Maleware und Trojaner befallen!
    Mülltonne - 09.10.2010 (3)
  12. habe warscheinlich viren und /oder trojana on board (laptop)
    Log-Analyse und Auswertung - 05.08.2010 (3)
  13. Laptop ist von Viren und Trojanern Befallen was nun ?
    Plagegeister aller Art und deren Bekämpfung - 27.02.2010 (6)
  14. Laptop auf einmal sehr langsam, Trojaner oder andere Viren?
    Log-Analyse und Auswertung - 17.01.2010 (14)
  15. ein Virus oder Trojaner hat mein PC befallen (aber ich kenne mich nicht aus)
    Plagegeister aller Art und deren Bekämpfung - 16.03.2009 (1)
  16. Ist mein Pc Befallen von Viren bzw Trojaner?
    Log-Analyse und Auswertung - 27.05.2008 (1)
  17. Laptop saulangsam diverse Trojaner, Viren...
    Log-Analyse und Auswertung - 16.03.2007 (5)

Zum Thema Laptop anscheinden von Viren oder Trojaner befallen - Hallo liebe Forum-Mitglieder, mein Laptop ist seit Tagen sehr langsam, nun fährt er auch nicht mehr runter und geht nicht in den Standby-Modus. Sowohl das Ausführen von Befehlen als auch - Laptop anscheinden von Viren oder Trojaner befallen...
Archiv
Du betrachtest: Laptop anscheinden von Viren oder Trojaner befallen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.