MBAM
Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software
Suchlauf Datum: 26.04.2015
Suchlauf-Zeit: 10:17:37
Logdatei: MBAM.txt
Administrator: Ja
Version: 2.01.6.1022
Malware Datenbank: v2015.03.09.05
Rootkit Datenbank: v2015.04.21.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Chris
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 441126
Verstrichene Zeit: 30 Min, 15 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente gefunden)
Module: 0
(Keine schädliche Elemente gefunden)
Registrierungsschlüssel: 3
PUP.Optional.DefaultSearch, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}, In Quarantäne, [5d1cd56e652567cfe37b20106f9660a0],
PUP.Optional.DefaultSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}, In Quarantäne, [0c6d9ea55e2c1521312d6ec2ae571be5],
PUP.Optional.DefaultSearch, HKU\S-1-5-21-4085985054-2234879636-1917438037-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}, In Quarantäne, [1b5e1f240c7e89ad3629003011f4f50b],
Registrierungswerte: 3
PUP.Optional.DefaultSearch, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}|DisplayName, default-search.net, In Quarantäne, [5d1cd56e652567cfe37b20106f9660a0]
PUP.Optional.DefaultSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}|DisplayName, default-search.net, In Quarantäne, [0c6d9ea55e2c1521312d6ec2ae571be5]
PUP.Optional.DefaultSearch, HKU\S-1-5-21-4085985054-2234879636-1917438037-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}|DisplayName, default-search.net, In Quarantäne, [1b5e1f240c7e89ad3629003011f4f50b]
Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)
Ordner: 0
(Keine schädliche Elemente gefunden)
Dateien: 8
PUP.Optional.Softonic.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\dlbr92fn.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.dfltSrch", true);), Ersetzt,[2f4aea597b0f1e182fd9ed32a75f5da3]
PUP.Optional.Softonic.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\dlbr92fn.default\prefs.js, Gut: (), Schlecht: (renmake changes to this file while the applica), Ersetzt,[7dfc9ea52c5e60d66b9d7ba44fb7ce32]
PUP.Optional.Softonic.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\dlbr92fn.default\prefs.js, Gut: (), Schlecht: (ferenmake changes to this file while the app), Ersetzt,[0277b19242488da9d8304bd4b74f54ac]
PUP.Optional.Softonic.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\dlbr92fn.default\prefs.js, Gut: (), Schlecht: (referenmake changes to this file while the app), Ersetzt,[82f78fb4c1c9999d2eda3be45ea8d927]
PUP.Optional.Softonic.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\dlbr92fn.default\prefs.js, Gut: (), Schlecht: (ferenmake changes to this file while the applicaritten when the application exits.
*
* To make a manual change to preferences, you can visit ), Ersetzt,[0a6ffa49cac074c27b8db16eec1a60a0]
PUP.Optional.Softonic.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\dlbr92fn.default\prefs.js, Gut: (), Schlecht: (a manual change to preferences, you can visit t), Ersetzt,[5227d3700c7e4ee88187ef3000068e72]
PUP.Optional.Softonic.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\dlbr92fn.default\prefs.js, Gut: (), Schlecht: (erenmake changes to this file while the applicaritten when the applicati), Ersetzt,[adccb09390fa79bd0107839cda2c06fa]
PUP.Optional.Softonic.A, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\dlbr92fn.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=fa0477a00000000000000016ea58a0f5");), Ersetzt,[c8b10d365535c571e12f829d6b9be818]
Physische Sektoren: 0
(Keine schädliche Elemente gefunden)
(end)
AdwCleaner Logfile:
Code:
# AdwCleaner v4.202 - Bericht erstellt 26/04/2015 um 11:01:59
# Aktualisiert 23/04/2015 von Xplode
# Datenbank : 2015-04-23.2 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64)
# Benutzername : Chris - CHRIS-PC
# Gestarted von : C:\Users\Chris\Downloads\AdwCleaner_4.202.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\AVG Security Toolbar
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\AdTrustMedia
Ordner Gelöscht : C:\Program Files (x86)\AdTrustMedia
Ordner Gelöscht : C:\Program Files (x86)\Cain
Ordner Gelöscht : C:\Program Files\AdTrustMedia
Ordner Gelöscht : C:\Users\Chris\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Chris\AppData\Local\cool_mirage
Ordner Gelöscht : C:\Users\Chris\AppData\Local\AdTrustMedia
Ordner Gelöscht : C:\Users\Chris\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Chris\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Chris\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Chris\AppData\Roaming\RHEng
Ordner Gelöscht : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Ordner Gelöscht : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp
Datei Gelöscht : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\dlbr92fn.default\Extensions\PrivDog@AdTrustMedia.com.xpi
Datei Gelöscht : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage
Datei Gelöscht : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage-journal
Datei Gelöscht : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage
Datei Gelöscht : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage-journal
Datei Gelöscht : C:\Users\Chris\Favorites\Startfenster.lnk
Datei Gelöscht : C:\Users\Chris\Favorites\Links\Startfenster.lnk
Datei Gelöscht : C:\Users\Chris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Datei Gelöscht : C:\Users\Chris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Startfenster.lnk
Datei Gelöscht : C:\Users\Chris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk
Datei Gelöscht : C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\dlbr92fn.default\invalidprefs.js
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\default-search.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
Datei Gelöscht : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\dlbr92fn.default\user.js
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [PrivDog@AdTrustMedia.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\cmaiofennmphjldldcpphcechfnnohja
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\FTDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1700389
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1703539
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322552274}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{105CE2F6-6C71-4553-95DB-0521A2C0F060}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4AC48E96-EB40-4792-9D9D-70D59D8754BA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5935E203-F846-461D-89DF-435059EFCBB8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6419A700-23B8-46EA-800B-C0EA78E133A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9BC852D3-9D70-4611-9AFC-016840417A4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D0E0D28D-E30C-4854-85A2-B136F6EB8482}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\DriverTuner_Init
Schlüssel Gelöscht : HKCU\Software\DriverTuner
Schlüssel Gelöscht : HKCU\Software\Local AppWizard-Generated Applications
Schlüssel Gelöscht : HKLM\SOFTWARE\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wajam.com
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17689
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
-\\ Mozilla Firefox v24.0 (de)
[dlbr92fn.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.dnsErr", true);
[dlbr92fn.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.hmpg", true);
[dlbr92fn.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.newTab", true);
[dlbr92fn.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.rvrt", "false");
[dlbr92fn.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
-\\ Google Chrome v
[C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=fa0477a00000000000000016ea58a0f5
[C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=A86FC4EA-A9CA-47D9-95DE-3E23D3C19E61&apn_ptnrs=U3&apn_sauid=DA7D0DB1-F0A8-4491-B31E-5D7679BBF6AF&apn_dtid=OSJ000YYAT&q={searchTerms}
[C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=FA040016EA58A0F5&affID=121565&tsp=5020
[C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : cmaiofennmphjldldcpphcechfnnohja
[C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : lfmhcpmkbdkbgbmkjoiopeeegenkdikp
-\\ Opera v28.0.1750.51
*************************
AdwCleaner[R0].txt - [12773 Bytes] - [26/04/2015 10:58:03]
AdwCleaner[R1].txt - [12833 Bytes] - [26/04/2015 11:00:18]
AdwCleaner[S0].txt - [11672 Bytes] - [26/04/2015 11:01:59]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11732 Bytes] ##########
--- --- ---JRT Logfile:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.3 (04.25.2015:1)
OS: Windows 7 Ultimate x64
Ran by Chris on 26.04.2015 at 11:15:00,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\privdogservice
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311551174}
~~~ Files
Successfully deleted: [File] C:\Users\Chris\desktop\ftdownloader.lnk
~~~ Folders
Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.04.2015 at 11:19:10,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- ---
FRST Logfile:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-04-2015 02
Ran by Chris (administrator) on CHRIS-PC on 26-04-2015 11:22:11
Running from C:\Users\Chris\Downloads
Loaded Profiles: Chris (Available profiles: Chris & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(C. Ghisler & Co.) C:\Program Files\totalcmd\TOTALCMD.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4085985054-2234879636-1917438037-1001\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [283608 2015-04-23] (Bitdefender)
HKU\S-1-5-21-4085985054-2234879636-1917438037-1001\...\Run: [GizmoDriveDelegate] => RUNDLL32.EXE C:\PROGRA~2\GIZMO\GDRIVE.DLL,Remount_Startup_Images
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Philips SA19xx Gere-Manager.lnk [2014-11-05]
ShortcutTarget: Philips SA19xx Gere-Manager.lnk -> C:\Program Files (x86)\Philips\GoGear SA19xx Device Manager\main.exe (KeenHigh Tech.)
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-09-20]
ShortcutTarget: Dropbox.lnk -> C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2013-11-02]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk [2014-04-12]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4085985054-2234879636-1917438037-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-4085985054-2234879636-1917438037-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4085985054-2234879636-1917438037-1001\Software\Microsoft\Internet Explorer\Main,Start Page = Google
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4085985054-2234879636-1917438037-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll No File
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4085985054-2234879636-1917438037-1001 -> No Name - {134B012B-132D-4516-A786-2395828640B5} - No File
Toolbar: HKU\S-1-5-21-4085985054-2234879636-1917438037-1001 -> No Name - {434D452D-5637-006A-76A7-7A786E7484D7} - No File
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/AT/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} hxxp://www.kps-virtualplanner.de/kpsvp/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\dlbr92fn.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2014-12-12] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-11-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2014-12-12] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-07-17] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-04-24] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-04-24] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-04-24] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4085985054-2234879636-1917438037-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-4085985054-2234879636-1917438037-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-04-24]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-04-24]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-04-24]
Chrome:
=======
CHR HomePage: Default -> hxxp://us.yahoo.com?fr=fpc-comodo
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-27]
CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-27]
CHR Extension: (Bookmark Manager) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (ORF-TVthek - Downloader) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfnehdmbbmcahojnebecpiljbkeaele [2014-10-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2013-03-11]
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-27]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
S2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [31856 2011-01-29] (Arainia Solutions) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-04-22] (McAfee, Inc.)
R2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1445424 2015-04-23] (Bitdefender)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [632832 2011-03-21] (Nokia) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2011-12-15] ()
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20568 2010-07-26] (Devguru Co., Ltd)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-21] (GFI Software)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [32840 2011-01-29] (Arainia Solutions LLC)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [56008 2015-04-24] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [245960 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [842440 2015-04-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [30920 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [57032 2014-10-09] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2011-12-15] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-04-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106120 2015-04-22] (McAfee, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2010-11-30] () [File not signed]
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
S3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [46592 2007-03-28] (Winbond Electronics Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-26 11:19 - 2015-04-26 11:19 - 00001149 _____ () C:\Users\Chris\Desktop\JRT.txt
2015-04-26 11:15 - 2015-04-26 11:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-CHRIS-PC-Windows-7-Ultimate-(64-bit).dat
2015-04-26 11:15 - 2015-04-26 11:15 - 00000000 ____D () C:\RegBackup
2015-04-26 11:14 - 2015-04-26 11:14 - 02686590 _____ (Thisisu) C:\Users\Chris\Downloads\JRT.exe
2015-04-26 10:57 - 2015-04-26 11:02 - 00000000 ____D () C:\AdwCleaner
2015-04-26 10:55 - 2015-04-26 10:55 - 00004347 _____ () C:\MBAM.txt
2015-04-26 10:32 - 2015-04-26 10:32 - 02224640 _____ () C:\Users\Chris\Downloads\AdwCleaner_4.202.exe
2015-04-26 10:17 - 2015-04-26 11:10 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-26 10:17 - 2015-04-26 10:17 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-26 10:17 - 2015-04-26 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-26 10:17 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-26 10:17 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-26 10:17 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-25 21:21 - 2015-04-25 21:22 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Chris\Downloads\mbam-setup-2.1.6.1022.exe
2015-04-25 13:16 - 2015-04-25 13:16 - 00030327 _____ () C:\ComboFix.txt
2015-04-25 12:53 - 2015-04-25 13:16 - 00000000 ____D () C:\Qoobox
2015-04-25 12:53 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-25 12:53 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-25 12:53 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-25 12:53 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-25 12:53 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-25 12:53 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-25 12:53 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-25 12:53 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-25 12:52 - 2015-04-25 13:12 - 00000000 ____D () C:\Windows\erdnt
2015-04-25 12:49 - 2015-04-25 12:49 - 05619466 ____R (Swearware) C:\Users\Chris\Desktop\ComboFix.exe
2015-04-24 12:53 - 2015-04-24 12:53 - 00059869 _____ () C:\Users\Chris\Downloads\Addition (1).txt
2015-04-24 11:38 - 2015-04-24 11:39 - 00059869 _____ () C:\Users\Chris\Downloads\Addition.txt
2015-04-24 11:37 - 2015-04-26 11:22 - 00021447 _____ () C:\Users\Chris\Downloads\FRST.txt
2015-04-24 11:37 - 2015-04-26 11:22 - 00000000 ____D () C:\FRST
2015-04-24 11:36 - 2015-04-24 11:36 - 02099712 _____ (Farbar) C:\Users\Chris\Downloads\FRST64.exe
2015-04-24 00:17 - 2015-04-24 00:17 - 00002294 _____ () C:\Users\Chris\Desktop\Sicherer Zahlungsverkehr.lnk
2015-04-24 00:16 - 2015-04-24 00:16 - 00002100 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-04-24 00:16 - 2015-04-24 00:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-04-24 00:15 - 2015-04-26 11:05 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-24 00:15 - 2015-04-24 00:15 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-04-24 00:15 - 2015-04-24 00:15 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-04-24 00:15 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-04-24 00:14 - 2014-10-22 21:13 - 00245960 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-04-24 00:06 - 2015-04-24 00:06 - 01773376 _____ (Kaspersky Lab) C:\Users\Chris\Downloads\kis15.0.2.361de_7539 (1).exe
2015-04-23 23:44 - 2015-04-23 23:44 - 01773376 _____ (Kaspersky Lab) C:\Users\Chris\Downloads\kis15.0.2.361de_7539.exe
2015-04-23 22:28 - 2015-04-23 22:28 - 00003820 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1429820896
2015-04-23 22:28 - 2015-04-23 22:28 - 00001099 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-04-23 22:28 - 2015-04-23 22:28 - 00001099 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-04-23 22:25 - 2015-04-26 10:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-23 21:07 - 2015-04-23 21:07 - 00003270 _____ () C:\Windows\System32\Tasks\{9234EF06-51CF-4D2C-8D54-D23C396B8A11}
2015-04-23 20:39 - 2015-04-23 20:39 - 00003134 _____ () C:\Windows\System32\Tasks\{9E3400D7-5F02-422E-86FD-D0086FF2633A}
2015-04-23 20:31 - 2015-04-23 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 60-Second Virus Scanner
2015-04-23 20:27 - 2015-04-23 20:27 - 00003270 _____ () C:\Windows\System32\Tasks\{FFFD1A82-5DE2-40A4-87A1-89DD061A792D}
2015-04-23 06:56 - 2015-04-23 06:56 - 00000000 ____D () C:\Users\Chris\AppData\Temp
2015-04-23 06:54 - 2015-04-23 06:54 - 00000385 _____ () C:\Users\Chris\AppData\Roaminguser_gensett.xml
2015-04-23 06:43 - 2015-04-23 06:43 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2015-04-22 22:43 - 2015-04-22 22:43 - 00074000 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2015-04-22 22:12 - 2015-04-22 22:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-04-22 22:12 - 2015-04-22 22:12 - 00000000 ____D () C:\ProgramData\BDLogging
2015-04-22 22:11 - 2015-01-09 11:44 - 00074000 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2015-04-22 22:11 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2015-04-22 22:04 - 2015-04-23 20:31 - 00000000 ____D () C:\ProgramData\Bitdefender
2015-04-22 22:04 - 2015-04-23 20:31 - 00000000 ____D () C:\Program Files\Bitdefender
2015-04-22 22:04 - 2015-01-09 11:44 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUISkin.dll
2015-04-22 22:04 - 2015-01-09 11:44 - 00033360 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUH.dll
2015-04-22 22:03 - 2015-04-22 22:03 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\QuickScan
2015-04-22 22:00 - 2015-04-23 20:30 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-04-22 21:59 - 2015-04-22 21:59 - 02867656 _____ () C:\Users\Chris\Downloads\bitdefender_isecurity_v2015.exe
2015-04-22 21:34 - 2015-04-22 21:36 - 124062480 ____N (Symantec Corporation) C:\Users\Chris\Downloads\NS_22.0.2_2363_SYMTB_PROMO_4_MRFTT_BB010_11431-DE-DE.exe
2015-04-22 21:18 - 2015-04-22 21:18 - 00000114 ___RH () C:\Users\Chris\Downloads\Stinger.opt
2015-04-22 20:45 - 2015-04-22 20:45 - 00864072 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2015-04-22 20:45 - 2015-04-22 20:45 - 00250672 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-04-22 20:45 - 2015-04-22 20:45 - 00106120 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdet.sys
2015-04-22 20:44 - 2015-04-22 21:06 - 00000853 _____ () C:\Users\Chris\Downloads\Stinger_22042015_204416.html
2015-04-22 20:44 - 2015-04-22 20:44 - 00000000 ____D () C:\Program Files\McAfee
2015-04-22 20:43 - 2015-04-22 21:18 - 00000000 ____D () C:\Program Files\stinger
2015-04-22 20:39 - 2015-04-22 20:41 - 15268208 _____ (McAfee Inc) C:\Users\Chris\Downloads\stinger64_12.1.0.1480.exe
2015-04-22 10:30 - 2015-04-22 10:30 - 00000000 ____D () C:\Users\Chris\AppData\Local\MFAData
2015-04-22 10:24 - 2015-04-22 10:29 - 171931928 _____ (AVG Technologies) C:\Users\Chris\Downloads\avg_free_x86_all_2015_ltst_222_5941.exe
2015-04-22 09:49 - 2015-04-22 09:49 - 00042703 _____ () C:\Users\Chris\Documents\CisReport_x64_v8.2.0.4508_20150422-094920.zip
2015-04-22 09:24 - 2015-04-22 09:29 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-04-22 09:24 - 2015-04-22 09:29 - 00000000 ____D () C:\Windows\system32\vbox
2015-04-22 09:18 - 2015-04-22 10:16 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-22 09:14 - 2015-04-22 09:17 - 152642224 _____ (Avast Software s.r.o.) C:\Users\Chris\Downloads\avast_free_antivirus_setup.exe
2015-04-15 06:08 - 2012-11-24 00:20 - 01034216 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2015-04-15 06:08 - 2012-11-24 00:20 - 00916456 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2015-04-14 17:43 - 2015-04-14 17:55 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-14 17:43 - 2015-04-14 17:43 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-14 17:37 - 2015-01-09 01:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-04-14 17:37 - 2015-01-09 01:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-04-14 16:59 - 2015-04-14 16:59 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 16:59 - 2015-04-14 16:59 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 16:59 - 2015-04-14 16:59 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 16:59 - 2015-04-14 16:59 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-04-14 16:59 - 2015-04-14 16:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-04-14 16:59 - 2015-04-14 16:59 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-04-14 16:59 - 2015-04-14 16:59 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-04-14 16:59 - 2015-04-14 16:59 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 16:59 - 2015-04-14 16:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 16:59 - 2015-04-14 16:59 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 16:59 - 2015-04-14 16:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 16:59 - 2015-04-14 16:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 16:59 - 2015-04-14 16:59 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 16:59 - 2015-04-14 16:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-04-14 16:58 - 2015-04-14 16:58 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-04-14 16:58 - 2015-04-14 16:58 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-04-14 16:58 - 2015-04-14 16:58 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-04-14 16:58 - 2015-04-14 16:58 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 16:58 - 2015-04-14 16:58 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-04-14 16:58 - 2015-04-14 16:58 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-04-14 16:58 - 2015-04-14 16:58 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 16:58 - 2015-04-14 16:58 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-04-14 16:58 - 2015-04-14 16:58 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-04-14 16:58 - 2015-04-14 16:58 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-04-14 16:58 - 2015-04-14 16:58 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-04-14 16:58 - 2015-04-14 16:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-04-14 16:58 - 2015-04-14 16:58 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-04-14 16:58 - 2015-04-14 16:58 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-04-14 16:58 - 2015-04-14 16:58 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-04-14 16:58 - 2015-04-14 16:58 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-04-14 16:58 - 2015-04-14 16:58 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-04-14 16:58 - 2015-04-14 16:58 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-04-14 16:58 - 2015-04-14 16:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-04-14 16:58 - 2015-04-14 16:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-04-14 16:57 - 2015-04-14 16:57 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-14 16:57 - 2015-04-14 16:57 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-04-14 16:57 - 2015-04-14 16:57 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-14 16:57 - 2015-04-14 16:57 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-04-14 16:57 - 2015-04-14 16:57 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-14 16:57 - 2015-04-14 16:57 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-04-14 16:57 - 2015-04-14 16:57 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-04-14 16:57 - 2015-04-14 16:57 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-04-14 16:57 - 2015-04-14 16:57 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-04-14 16:57 - 2015-04-14 16:57 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-04-14 16:57 - 2015-04-14 16:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-04-14 16:57 - 2015-04-14 16:57 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-04-14 16:57 - 2015-04-14 16:57 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-04-14 16:57 - 2015-04-14 16:57 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-04-14 16:57 - 2015-04-14 16:57 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-04-14 16:57 - 2015-04-14 16:57 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-04-14 16:57 - 2015-04-14 16:57 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 16:56 - 2015-04-14 16:56 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 16:56 - 2015-04-14 16:56 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 16:56 - 2015-04-14 16:56 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 16:56 - 2015-04-14 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-04-14 16:56 - 2015-04-14 16:56 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 16:56 - 2015-04-14 16:56 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-04-14 16:56 - 2015-04-14 16:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 16:56 - 2015-04-14 16:56 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 16:56 - 2015-04-14 16:56 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-14 16:56 - 2015-04-14 16:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-04-14 16:56 - 2015-04-14 16:56 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-04-14 16:56 - 2015-04-14 16:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-04-14 16:56 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 16:56 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 16:56 - 2014-10-30 04:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-26 11:14 - 2009-07-14 06:45 - 00021024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-26 11:14 - 2009-07-14 06:45 - 00021024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-26 11:08 - 2014-01-05 10:51 - 00000000 ___RD () C:\Users\Chris\Dropbox
2015-04-26 11:08 - 2014-01-05 10:46 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Dropbox
2015-04-26 11:04 - 2010-11-11 21:05 - 01602678 _____ () C:\Windows\PFRO.log
2015-04-26 11:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-26 11:04 - 2009-07-14 06:51 - 00310527 _____ () C:\Windows\setupact.log
2015-04-26 11:03 - 2010-11-11 20:45 - 02002705 _____ () C:\Windows\WindowsUpdate.log
2015-04-26 10:39 - 2010-11-23 22:26 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-26 10:33 - 2012-06-27 17:24 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4085985054-2234879636-1917438037-1001UA.job
2015-04-25 13:16 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-25 13:11 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-25 08:58 - 2012-06-27 17:24 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4085985054-2234879636-1917438037-1001Core.job
2015-04-24 00:19 - 2014-12-13 18:21 - 00842440 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-04-24 00:19 - 2014-08-19 12:31 - 00056008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kldisk.sys
2015-04-23 23:13 - 2012-07-11 18:52 - 00000000 ____D () C:\Windows\Sun
2015-04-23 22:28 - 2010-11-11 22:34 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-04-23 22:25 - 2014-02-13 18:24 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Malwarebytes
2015-04-23 22:25 - 2014-02-13 18:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-23 22:25 - 2014-02-13 18:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-04-23 21:59 - 2014-01-05 10:51 - 00001017 _____ () C:\Users\Chris\Desktop\Dropbox.lnk
2015-04-23 21:59 - 2014-01-05 10:49 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-23 07:20 - 2010-11-11 20:53 - 00001425 _____ () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-23 06:54 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-23 06:40 - 2013-08-21 09:05 - 00000000 ____D () C:\ProgramData\Avira
2015-04-23 06:40 - 2013-08-21 09:05 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-23 06:40 - 2013-06-18 19:50 - 00000000 ____D () C:\ProgramData\Norton
2015-04-23 06:40 - 2010-11-11 23:25 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-22 14:57 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-22 12:16 - 2014-01-03 21:12 - 00000000 ____D () C:\Users\Chris\Desktop\Winload
2015-04-22 11:19 - 2011-09-22 18:28 - 00000000 ____D () C:\Program Files (x86)\PantsOff
2015-04-22 10:50 - 2010-11-12 14:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-22 10:41 - 2013-09-30 13:36 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\TuneUp Software
2015-04-22 09:30 - 2013-10-16 18:02 - 00000000 __SHD () C:\Users\Chris\AppData\Roaming\athajces
2015-04-22 07:45 - 2009-07-14 19:58 - 01185530 _____ () C:\Windows\system32\perfh007.dat
2015-04-22 07:45 - 2009-07-14 19:58 - 00429264 _____ () C:\Windows\system32\perfc007.dat
2015-04-15 20:53 - 2009-07-14 07:13 - 01763010 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-15 06:09 - 2013-10-21 06:03 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-15 06:08 - 2014-11-12 20:28 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-15 06:08 - 2012-11-24 00:20 - 00000000 ____D () C:\Program Files\Java
2015-04-15 06:06 - 2012-11-24 00:20 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-04-15 06:06 - 2012-11-24 00:20 - 00207272 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-04-15 06:06 - 2012-11-24 00:20 - 00206760 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-04-15 06:06 - 2012-11-24 00:20 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-04-15 06:04 - 2014-11-12 20:28 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-15 06:04 - 2013-10-21 06:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-14 20:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-14 17:48 - 2009-07-14 06:45 - 00429472 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-14 17:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-04-14 17:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-04-14 17:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-14 17:38 - 2010-11-12 07:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-14 17:24 - 2013-08-22 05:55 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-14 17:11 - 2010-11-11 21:22 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 17:09 - 2010-11-11 21:20 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-04-08 21:42 - 2014-04-21 20:26 - 00000000 ____D () C:\Users\Chris\Desktop\Buchhaltung
2015-04-02 21:11 - 2011-09-15 17:41 - 00000000 ____D () C:\Program Files\Google
2015-04-02 21:11 - 2010-11-23 22:25 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-01 19:48 - 2011-10-19 20:23 - 00041248 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2015-04-01 19:47 - 2014-04-02 19:04 - 00358104 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2015-04-01 19:46 - 2014-04-02 19:04 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2015-04-01 19:45 - 2014-04-02 19:04 - 00288472 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2015-04-01 19:45 - 2014-04-02 19:04 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2015-03-29 21:00 - 2014-12-03 21:17 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\vlc
==================== Files in the root of some directories =======
2010-11-28 22:04 - 2010-11-30 21:28 - 0000002 _____ () C:\Users\Chris\AppData\Roaming\ceville_console_history.txt
2013-12-03 19:59 - 2013-12-03 19:59 - 0038429 _____ () C:\Users\Chris\AppData\Roaming\Microsoft Access 97-2003.ADR
2013-12-01 19:56 - 2014-02-13 14:04 - 0038427 _____ () C:\Users\Chris\AppData\Roaming\Microsoft Excel 97-2003.ADR
2011-05-25 16:43 - 2011-05-25 16:43 - 0001236 ___SH () C:\Users\Chris\AppData\Local\5awakcl8q0v0tns627yg
2011-06-21 20:20 - 2011-07-24 18:49 - 0006144 _____ () C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-13 19:00 - 2013-12-13 10:16 - 0007605 _____ () C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
2011-02-19 20:58 - 2011-02-19 20:58 - 0000000 _____ () C:\Users\Chris\AppData\Local\rx_image32.Cache
2011-01-29 10:19 - 2013-10-29 13:18 - 0000085 ___SH () C:\ProgramData\.zreglib
2011-05-25 16:43 - 2011-05-25 16:43 - 0001236 ___SH () C:\ProgramData\5awakcl8q0v0tns627yg
2014-04-12 09:11 - 2014-04-12 09:11 - 0000057 _____ () C:\ProgramData\Ament.ini
Files to move or delete:
====================
C:\Users\Chris\kta_ei.dat
Some content of TEMP:
====================
C:\Users\Chris\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpz117or.dll
C:\Users\Chris\AppData\Local\Temp\Quarantine.exe
C:\Users\Chris\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-24 03:28
==================== End Of Log ============================
--- --- ---
--- --- ---