| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Spy Hunter 4 & iStartSurfWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.09.2014, 17:34
| #1 |
 |  Spy Hunter 4 & iStartSurf Hallo zusammen, obwohl ich mich eigentlich für recht vorsichtig (und vernünftig) halte, bin ich aufgrund des iStartSurf auf Spy Hunter 4 gestoßen, welches mir versprochen hat, meine Probleme zu bereinigen. Als ich dafür zahlen sollte wurde ich skeptisch und bin nun sicher, mir einiges eingefangen zu haben. Könnt ihr mir helfen? Sagt mir, wie ernst es wirklich ist. Da ich tagsüber arbeiten gehe, werde ich nicht immer direkt euren Anweisungen folgen können und Antworten posten. Bitte habt Nachsicht. Gruß, Thomas Hier die Ergebnisse von "Farbar Recovery Scan Tool": Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Thomas Ratzke (administrator) on THOMASRATZKE-PC on 10-09-2014 18:25:40
Running from C:\Users\Thomas Ratzke\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\SupTab\HpUI.exe
() C:\Program Files (x86)\SupTab\Loader64.exe
() C:\Program Files (x86)\SupTab\Loader32.exe
(Google Inc.) C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\chrome.exe
(VS Revo Group) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\Run: [GoogleChromeAutoLaunch_42BCF34DF888FA5E24C109D3BA6D368A] => C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\chrome.exe [852808 2014-08-30] (Google Inc.)
HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\MountPoints2: {9c11f84e-35ea-11e4-9322-806e6f6e6963} - D:\LaunchEAW.exe
HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\MountPoints2: {e359f3cd-4686-11e0-a932-806e6f6e6963} - D:\EAWXLauncher.exe
HKU\S-1-5-21-1218043409-3151763047-2122344536-1001\...\MountPoints2: {fd879af9-6716-11e2-9f7d-406186748295} - F:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\Melanie Ratzke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk.disabled
ShortcutTarget: OpenOffice.org 3.3.lnk.disabled -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thomas Ratzke\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1218043409-3151763047-2122344536-1003\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=d39cd938-12e5-4441-9a63-2e34dced778f&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=d39cd938-12e5-4441-9a63-2e34dced778f&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=d39cd938-12e5-4441-9a63-2e34dced778f&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX&q={searchTerms}
SearchScopes: HKCU - DefaultScope {1C06CB70-198C-4D8F-A4F7-F06D2827FF4F} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=d39cd938-12e5-4441-9a63-2e34dced778f&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
SearchScopes: HKCU - {1C06CB70-198C-4D8F-A4F7-F06D2827FF4F} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {4C5BC4C8-BA34-41C5-A20A-897A8166A4CF} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKCU - {7A2E5123-B9D0-403B-B075-CBCF11F90167} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=9ea514a0-ab3f-4281-93d8-ef5edad90d01&apn_sauid=BB8316B0-5C26-408F-B240-F9A7A0F6D6D7
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 80.69.100.206 80.69.100.182
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Thomas Ratzke\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Thomas Ratzke\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Thomas Ratzke\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll No File
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-11-29]
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://www.google.de/?gws_rd=ssl"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj [2012-09-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-26]
CHR Extension: (Auf den Amazon-Wunschzettel) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2013-02-13]
CHR Extension: (Google-Suche) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-26]
CHR Extension: (Google Play Music) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-08-29]
CHR Extension: (Avira Browser Safety) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-16]
CHR Extension: (Google Wallet) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]
CHR Extension: (Google Mail) - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-26]
CHR HKCU\...\Chrome\Extension: [amfclgbdpgndipgoegfpkkgobahigbcl] - C:\Users\Thomas Ratzke\AppData\Local\Smartbar/Application\1Extension.crx []
CHR HKLM-x32\...\Chrome\Extension: [aaaangaohdajkgeopjhpbnlpkehbhmbj] - C:\Users\Thomas Ratzke\AppData\Local\APN\GoogleCRXs\aaaangaohdajkgeopjhpbnlpkehbhmbj_7.15.4.0.crx [2012-09-08]
CHR HKLM-x32\...\Chrome\Extension: [amfclgbdpgndipgoegfpkkgobahigbcl] - C:\Users\Thomas Ratzke\AppData\Local\Smartbar/Application\1Extension.crx [2012-09-08]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-09-06]
CHR StartMenuInternet: Google Chrome - C:\Users\Thomas Ratzke\AppData\Local\Google\Chrome\Application\chrome.exe hxxp://www.istartsurf.com/?type=sc&ts=1410023704&from=tugs&uid=HitachiXHDS721010CLA332_JP6940HD3NBT7F3NBT7FX
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
S4 CEEBC40A-FDED-4C59-B354-939132350B01; C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe [96752 2010-08-30] ()
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-09-06] (Cherished Technololgy LIMITED)
S4 LenovoCOMSvc; C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe [49152 2009-09-30] (Lenovo) [File not signed]
S4 LitModeCtrl; C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe [81920 2010-09-09] (Lenovo) [File not signed]
R2 MSSQL$MYMOVIES; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] () [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)
S4 ProtexisLicensing; C:\windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [528896 2014-09-06] (Fuyu LIMITED) [File not signed]
S4 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [278528 2010-01-12] () [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138872 2011-12-04] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138872 2011-12-04] (SlySoft, Inc.)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1037312 2007-04-20] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [17480 2012-12-21] ()
S3 epmntdrv; C:\windows\SysWOW64\epmntdrv.sys [14920 2012-12-21] ()
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [9800 2012-12-21] ()
S3 EuGdiDrv; C:\windows\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] ()
S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2013-03-05] (Siemens Home and Office Communication Devices GmbH & Co. KG)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-07-06] () [File not signed]
R3 USTOR2K; C:\Windows\System32\DRIVERS\ustor2k.sys [52224 2010-02-22] (Genesys Logic)
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)
U3 ayjn4f4a; C:\Windows\System32\Drivers\ayjn4f4a.sys [0 ] (Microsoft Corporation)
S3 CBTNDIS4; \??\C:\windows\system32\CBTNDIS4.SYS [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S2 iPodDrv; \??\C:\windows\system32\drivers\iPodDrv.sys [X]
========================== Drivers MD5 =======================
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\Drivers\AnyDVD.sys 7CE7D6019D0D73F9203BA4FF4BA35B6A
C:\Windows\SysWOW64\Drivers\AnyDVD.sys 7CE7D6019D0D73F9203BA4FF4BA35B6A
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrxusb.sys 4BC451A93DB4915569C97FDAB020E6E7
C:\Windows\system32\drivers\atikmdag.sys 3EFD964D52221360AF0673CD61C2F4F5
C:\Windows\System32\DRIVERS\avgntflt.sys 4663C5AD76FE8E19592DE808156FA07D
C:\Windows\System32\DRIVERS\avipbb.sys 8902AEC2382A37E9E99A4E0D52DBD42B
C:\Windows\System32\DRIVERS\avkmgr.sys 390184FAD8FCC1B6DA25AEBAE928C3B6
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwlhigh664.sys 6FA3557EA5FA09BA705298CC6B0E9F5A
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\System32\DRIVERS\e1c62x64.sys 6BAFD9819D9FEC2EDBAEBC8493C711A4
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ElbyCDIO.sys A05FC7ECA0966EBB70E4D17B855A853B
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\windows\system32\epmntdrv.sys 6106653B08F4F72EEAA7F099E7C408A4
C:\windows\SysWOW64\epmntdrv.sys 093CEE3B45F0954DCE6CB891F6A920F7
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\windows\system32\EuGdiDrv.sys 991C04A31777ED77CB92A4F96F14C2E2
C:\windows\SysWOW64\EuGdiDrv.sys F1DE3EEF501DDA7DDF99F2EDF0C5540E
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys B93252C4C5A3733ECD5522CAF88DE02D
C:\Windows\System32\drivers\grmnusb.sys 2ED7FF3E1ADA4092632393781518B3A7
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ANDROIDUSB.sys F47CEC45FB85791D4AB237563AD0FA8F
C:\Windows\System32\DRIVERS\htcnprot.sys B8B1B284362E1D8135112573395D5DA5
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys F7CE9BE72EDAC499B713ECA6DAE5D26F
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys F5872A11EB4F6DB170D636CD4E53CA9F
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NBVol.sys DACA803A8D732FE5EEAA024EC342F81D
C:\Windows\System32\DRIVERS\NBVolUp.sys 6208F622E9E35860DFB0753DFF56F0C0
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr28ux.sys 618C55B392238B9467F9113E13525C49
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\npf.sys C31FA031335EFF434B2D94278E74BCCE
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda64v.sys E20ABD5B229760158F753CA90B97E090
C:\Windows\System32\DRIVERS\nvlddmkm.sys 91C75FF8000C571CCDCB3D589A4AF0D5
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rtnic64.sys 68DD0457D18FCCEF7384AE84022F0C86
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scmndisp.sys 6011CDF54BB6F4C69F38FACCDAD73D7E
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\system32\drivers\usb8023x.sys 70D05EE263568A742D14E1876DF80532
C:\Windows\System32\DRIVERS\ustor2k.sys 88CE07826F25B851E824ED2E57106323
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vpchbus.sys B4A73CA4EF9A02B9738CEA9AD5FE5917
C:\Windows\System32\DRIVERS\vpcnfltr.sys E675FB2B48C54F09895482E2253B289C
C:\Windows\System32\DRIVERS\vpcusb.sys 5FB42082B0D19A0268705F1DD343DF20
C:\Windows\System32\drivers\vpcvmm.sys 207B6539799CC1C112661A9B620DD233
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\drivers\DDCDrv.sys 66C365B542195C1F6E2FF4A7D8F3827C
C:\Windows\SysWOW64\drivers\DDCDrv.sys 16EB81E08165D5B2BF18E9D50E35237F
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys AD12F5C7251BB8D575D560894E73CBBA
C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys AD12F5C7251BB8D575D560894E73CBBA
C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys AD12F5C7251BB8D575D560894E73CBBA
C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys AD12F5C7251BB8D575D560894E73CBBA
C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys AD12F5C7251BB8D575D560894E73CBBA
C:\Windows\System32\DRIVERS\wsvd.sys 83575C43B2BFE9AB0661A7F957E843C0
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\yk62x64.sys B3EEACF62445E24FBB2CD4B0FB4DB026
C:\Windows\System32\Drivers\ayjn4f4a.sys
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-10 18:25 - 2014-09-10 18:27 - 00045110 _____ () C:\Users\Thomas Ratzke\Downloads\FRST.txt
2014-09-10 18:25 - 2014-09-10 18:25 - 00000000 ____D () C:\FRST
2014-09-10 18:24 - 2014-09-10 18:25 - 02105856 _____ (Farbar) C:\Users\Thomas Ratzke\Downloads\FRST64.exe
2014-09-10 18:07 - 2014-09-10 18:07 - 00464381 _____ () C:\Users\Thomas Ratzke\Downloads\SpyHunterKiller.exe
2014-09-10 17:59 - 2014-09-10 17:59 - 00001268 _____ () C:\Users\Thomas Ratzke\Desktop\Revo Uninstaller.lnk
2014-09-10 17:59 - 2014-09-10 17:59 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-10 17:58 - 2014-09-10 17:59 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Thomas Ratzke\Downloads\revosetup95.exe
2014-09-10 17:39 - 2014-09-10 18:03 - 00000112 _____ () C:\windows\setupact.log
2014-09-10 17:39 - 2014-09-10 17:39 - 00000000 _____ () C:\windows\setuperr.log
2014-09-10 17:38 - 2014-09-10 17:38 - 00402328 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-09 17:25 - 2014-09-09 17:26 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Thomas Ratzke\Downloads\sh-remover.exe
2014-09-07 15:57 - 2014-09-07 15:57 - 00120224 _____ () C:\Users\Thomas Ratzke\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-07 15:57 - 2014-09-07 15:57 - 00000000 _____ () C:\autoexec.bat
2014-09-07 15:56 - 2014-09-10 17:57 - 00000000 ____D () C:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-07 15:56 - 2014-09-07 15:56 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-07 15:55 - 2014-09-07 15:55 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Thomas Ratzke\Downloads\SpyHunter-Installer.exe
2014-09-07 15:35 - 2012-09-06 21:38 - 00444231 _____ () C:\windows\system32\Drivers\etc\hosts.20140907-153520.backup
2014-09-07 15:34 - 2012-09-06 21:38 - 00444231 _____ () C:\windows\system32\Drivers\etc\hosts.20140907-153412.backup
2014-09-07 07:28 - 2014-09-07 07:28 - 00141401 _____ () C:\Users\Thomas Ratzke\Downloads\Anhänge_201497.zip
2014-09-06 20:43 - 2012-09-06 21:38 - 00444231 _____ () C:\windows\system32\Drivers\etc\hosts.20140906-204344.backup
2014-09-06 19:44 - 2014-09-06 19:44 - 00000000 ____D () C:\Users\Thomas Ratzke\Documents\ProcAlyzer Dumps
2014-09-06 19:42 - 2014-09-06 19:42 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-09-06 19:41 - 2014-09-06 19:47 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-06 19:41 - 2014-09-06 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-06 19:41 - 2014-09-06 19:41 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-06 19:41 - 2014-09-06 19:41 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-06 19:41 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2014-09-06 19:32 - 2014-09-06 19:32 - 00000000 ____D () C:\Program Files (x86)\predm
2014-09-06 19:17 - 2014-09-06 19:17 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Local\com
2014-09-06 19:16 - 2014-09-06 19:16 - 00004056 _____ () C:\windows\System32\Tasks\LaunchSignup
2014-09-06 19:16 - 2014-09-06 19:16 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-09-06 19:16 - 2014-09-06 19:16 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-09-06 19:16 - 2014-09-06 19:16 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-09-06 19:15 - 2014-09-06 19:35 - 00000000 ____D () C:\Program Files (x86)\ver9Re-markit
2014-09-06 19:15 - 2014-09-06 19:15 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-09-06 19:15 - 2014-09-06 19:15 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\istartsurf
2014-09-06 19:14 - 2014-09-06 19:34 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-09-06 19:12 - 2014-09-06 19:12 - 01527016 _____ () C:\Users\Thomas Ratzke\Downloads\Setup.exe
2014-09-05 20:02 - 2014-09-05 20:04 - 21070065 _____ (LucasArts) C:\Users\Thomas Ratzke\Downloads\focupdate1_1.exe
2014-09-05 20:00 - 2014-09-05 20:04 - 11841286 _____ () C:\Users\Thomas Ratzke\Downloads\eaw-mappack_1-4_setup.zip
2014-09-05 19:59 - 2014-09-05 20:01 - 05926152 _____ () C:\Users\Thomas Ratzke\Downloads\eawmapeditor.zip
2014-09-05 19:34 - 2014-09-05 19:34 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\Petroglyph
2014-09-05 19:33 - 2014-09-05 19:35 - 22706524 _____ (LucasArts) C:\Users\Thomas Ratzke\Downloads\eawupdate1_5.exe
2014-09-05 19:29 - 2014-09-07 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
2014-09-05 19:29 - 2014-09-07 16:21 - 00000000 ____D () C:\Program Files (x86)\LucasArts
2014-09-03 18:06 - 2014-09-03 18:15 - 116901014 _____ () C:\Users\Thomas Ratzke\Downloads\SS_DE_1.00_1.10_Patch.zip
2014-09-03 17:43 - 2014-09-03 17:43 - 00178800 _____ (Sony DADC Austria AG.) C:\windows\SysWOW64\CmdLineExt_x64.dll
2014-09-03 17:27 - 2014-09-03 17:27 - 00003068 _____ () C:\windows\System32\Tasks\{5711C5F7-3642-4CFD-80F9-9937DDC340FB}
2014-09-03 17:25 - 2014-09-03 17:25 - 00735456 _____ () C:\Users\Thomas Ratzke\Downloads\SS_DE_1.10_1.20_Patch.exe
2014-08-31 19:28 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-08-31 19:28 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-08-30 05:57 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-08-30 05:57 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-30 05:57 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-30 05:57 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-08-30 05:57 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-08-30 05:57 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-08-30 05:57 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-08-30 05:57 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-08-30 05:57 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-08-30 05:57 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-08-30 05:57 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-08-30 05:57 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-08-30 05:57 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-08-30 05:57 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-08-30 05:57 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-08-30 05:57 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-08-30 05:56 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-08-30 05:56 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-08-30 05:54 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-30 05:54 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-30 05:54 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-29 20:13 - 2014-08-29 20:13 - 00000679 _____ () C:\Users\Public\Desktop\Dark Crusade.lnk
2014-08-29 20:12 - 2014-08-29 20:12 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\InstallShield
2014-08-29 19:58 - 2014-08-29 20:27 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Local\Battle.net
2014-08-29 19:58 - 2014-08-29 20:10 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\Battle.net
2014-08-29 19:57 - 2014-08-29 19:57 - 00001122 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-08-29 19:57 - 2014-08-29 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-08-29 19:57 - 2014-08-29 19:57 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-29 17:17 - 2014-08-29 17:17 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\Program Files\iTunes
2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\Program Files\iPod
2014-08-29 17:04 - 2014-08-29 17:07 - 113492816 _____ (Apple Inc.) C:\Users\Thomas Ratzke\Downloads\iTunes64Setup.exe
2014-08-27 10:39 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-27 10:39 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-27 10:39 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-27 10:39 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-27 10:39 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-27 10:39 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-27 10:39 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-27 10:39 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-27 10:39 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-27 10:39 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-27 10:39 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-27 10:39 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-27 10:39 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-27 10:39 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-08-23 17:32 - 2014-08-23 17:32 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-16 03:02 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-16 03:02 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-16 03:02 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-16 03:02 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-16 03:02 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-16 03:02 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-16 03:02 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-16 03:02 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-16 00:39 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-16 00:39 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-16 00:39 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-16 00:39 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-16 00:39 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-16 00:39 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-16 00:39 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-16 00:39 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-16 00:39 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-16 00:38 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-16 00:38 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-16 00:38 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-16 00:38 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-16 00:38 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-16 00:38 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-16 00:38 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-16 00:38 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-16 00:38 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-16 00:38 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-16 00:38 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-16 00:38 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-16 00:38 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-16 00:38 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-16 00:38 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-16 00:38 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-16 00:38 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-16 00:38 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-16 00:38 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-16 00:38 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-16 00:38 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-16 00:38 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-16 00:38 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-16 00:38 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-16 00:38 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-16 00:38 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-16 00:38 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-16 00:38 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-16 00:38 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-16 00:38 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-16 00:38 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-16 00:38 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-16 00:38 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-16 00:38 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-16 00:38 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-16 00:38 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-16 00:38 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-16 00:38 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-16 00:38 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-16 00:38 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-16 00:38 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-16 00:38 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-16 00:38 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-16 00:38 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-16 00:38 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-16 00:38 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-16 00:38 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-16 00:38 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-16 00:38 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-16 00:38 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-16 00:38 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-16 00:38 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-16 00:38 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-16 00:38 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-16 00:38 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-16 00:38 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-16 00:38 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-16 00:38 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-16 00:38 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-16 00:36 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-16 00:36 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-16 00:36 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-16 00:36 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-10 18:27 - 2014-09-10 18:25 - 00045110 _____ () C:\Users\Thomas Ratzke\Downloads\FRST.txt
2014-09-10 18:25 - 2014-09-10 18:25 - 00000000 ____D () C:\FRST
2014-09-10 18:25 - 2014-09-10 18:24 - 02105856 _____ (Farbar) C:\Users\Thomas Ratzke\Downloads\FRST64.exe
2014-09-10 18:20 - 2010-12-18 00:02 - 01248305 _____ () C:\windows\WindowsUpdate.log
2014-09-10 18:15 - 2011-04-20 22:08 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-10 18:15 - 2009-07-14 06:45 - 00025600 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-10 18:15 - 2009-07-14 06:45 - 00025600 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-10 18:14 - 2011-05-08 19:55 - 00001152 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1218043409-3151763047-2122344536-1001UA.job
2014-09-10 18:13 - 2014-07-09 09:13 - 00000298 _____ () C:\windows\Tasks\FF Watcher {2045BB1D-AD29-4B58-9A06-E8FC5881A1D8}.job
2014-09-10 18:10 - 2011-04-20 19:55 - 00003990 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{73A8952D-2499-43E8-851C-D88DA5E487FD}
2014-09-10 18:07 - 2014-09-10 18:07 - 00464381 _____ () C:\Users\Thomas Ratzke\Downloads\SpyHunterKiller.exe
2014-09-10 18:04 - 2011-04-20 22:08 - 00001120 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-10 18:03 - 2014-09-10 17:39 - 00000112 _____ () C:\windows\setupact.log
2014-09-10 18:03 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-10 17:59 - 2014-09-10 17:59 - 00001268 _____ () C:\Users\Thomas Ratzke\Desktop\Revo Uninstaller.lnk
2014-09-10 17:59 - 2014-09-10 17:59 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-10 17:59 - 2014-09-10 17:58 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Thomas Ratzke\Downloads\revosetup95.exe
2014-09-10 17:57 - 2014-09-07 15:56 - 00000000 ____D () C:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-10 17:39 - 2014-09-10 17:39 - 00000000 _____ () C:\windows\setuperr.log
2014-09-10 17:39 - 2013-03-16 11:53 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-10 17:38 - 2014-09-10 17:38 - 00402328 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-09 17:34 - 2011-05-08 19:55 - 00001100 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1218043409-3151763047-2122344536-1001Core.job
2014-09-09 17:34 - 2011-04-21 21:09 - 00050176 _____ () C:\Users\Thomas Ratzke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-09 17:26 - 2014-09-09 17:25 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Thomas Ratzke\Downloads\sh-remover.exe
2014-09-07 18:08 - 2011-04-30 11:16 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Local\DVD Profiler
2014-09-07 16:21 - 2014-09-05 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
2014-09-07 16:21 - 2014-09-05 19:29 - 00000000 ____D () C:\Program Files (x86)\LucasArts
2014-09-07 16:21 - 2010-12-18 00:01 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-07 15:57 - 2014-09-07 15:57 - 00120224 _____ () C:\Users\Thomas Ratzke\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-07 15:57 - 2014-09-07 15:57 - 00000000 _____ () C:\autoexec.bat
2014-09-07 15:56 - 2014-09-07 15:56 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-07 15:55 - 2014-09-07 15:55 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Thomas Ratzke\Downloads\SpyHunter-Installer.exe
2014-09-07 15:53 - 2011-05-20 22:24 - 00003850 _____ () C:\windows\System32\Tasks\Scheduled Update for Ask Toolbar
2014-09-07 15:52 - 2013-03-16 11:53 - 00003824 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-07 15:37 - 2011-04-25 11:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-07 15:32 - 2014-05-23 21:53 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-07 15:32 - 2011-05-08 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-07 15:32 - 2011-05-08 18:50 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-07 07:30 - 2011-04-22 11:39 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Local\Windows Live
2014-09-07 07:28 - 2014-09-07 07:28 - 00141401 _____ () C:\Users\Thomas Ratzke\Downloads\Anhänge_201497.zip
2014-09-07 07:28 - 2009-09-14 08:03 - 03030668 _____ () C:\windows\system32\perfh007.dat
2014-09-07 07:28 - 2009-09-14 08:03 - 00885842 _____ () C:\windows\system32\perfc007.dat
2014-09-07 07:28 - 2009-07-14 07:13 - 00006458 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-06 20:47 - 2011-04-25 11:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-09-06 19:48 - 2014-07-09 09:13 - 00000000 ____D () C:\Program Files\V-bates
2014-09-06 19:47 - 2014-09-06 19:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-06 19:44 - 2014-09-06 19:44 - 00000000 ____D () C:\Users\Thomas Ratzke\Documents\ProcAlyzer Dumps
2014-09-06 19:42 - 2014-09-06 19:42 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-09-06 19:42 - 2014-09-06 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-06 19:41 - 2014-09-06 19:41 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-06 19:41 - 2014-09-06 19:41 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-06 19:35 - 2014-09-06 19:15 - 00000000 ____D () C:\Program Files (x86)\ver9Re-markit
2014-09-06 19:34 - 2014-09-06 19:14 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-09-06 19:32 - 2014-09-06 19:32 - 00000000 ____D () C:\Program Files (x86)\predm
2014-09-06 19:23 - 2011-04-25 11:40 - 00000000 ____D () C:\windows\pss
2014-09-06 19:17 - 2014-09-06 19:17 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Local\com
2014-09-06 19:16 - 2014-09-06 19:16 - 00004056 _____ () C:\windows\System32\Tasks\LaunchSignup
2014-09-06 19:16 - 2014-09-06 19:16 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-09-06 19:16 - 2014-09-06 19:16 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-09-06 19:16 - 2014-09-06 19:16 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-09-06 19:15 - 2014-09-06 19:15 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-09-06 19:15 - 2014-09-06 19:15 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\istartsurf
2014-09-06 19:15 - 2013-05-25 12:51 - 00001655 _____ () C:\Users\Thomas Ratzke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-06 19:15 - 2011-04-20 19:13 - 00002557 _____ () C:\Users\Thomas Ratzke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (32 Bit).lnk
2014-09-06 19:14 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-09-06 19:12 - 2014-09-06 19:12 - 01527016 _____ () C:\Users\Thomas Ratzke\Downloads\Setup.exe
2014-09-06 18:43 - 2010-12-18 00:42 - 00000000 ____D () C:\ProgramData\InstallShield
2014-09-06 18:42 - 2011-04-28 21:39 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-09-05 20:04 - 2014-09-05 20:02 - 21070065 _____ (LucasArts) C:\Users\Thomas Ratzke\Downloads\focupdate1_1.exe
2014-09-05 20:04 - 2014-09-05 20:00 - 11841286 _____ () C:\Users\Thomas Ratzke\Downloads\eaw-mappack_1-4_setup.zip
2014-09-05 20:01 - 2014-09-05 19:59 - 05926152 _____ () C:\Users\Thomas Ratzke\Downloads\eawmapeditor.zip
2014-09-05 19:35 - 2014-09-05 19:33 - 22706524 _____ (LucasArts) C:\Users\Thomas Ratzke\Downloads\eawupdate1_5.exe
2014-09-05 19:34 - 2014-09-05 19:34 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\Petroglyph
2014-09-04 19:47 - 2014-07-09 09:13 - 00000045 _____ () C:\user.js
2014-09-03 18:15 - 2014-09-03 18:06 - 116901014 _____ () C:\Users\Thomas Ratzke\Downloads\SS_DE_1.00_1.10_Patch.zip
2014-09-03 17:43 - 2014-09-03 17:43 - 00178800 _____ (Sony DADC Austria AG.) C:\windows\SysWOW64\CmdLineExt_x64.dll
2014-09-03 17:40 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-09-03 17:27 - 2014-09-03 17:27 - 00003068 _____ () C:\windows\System32\Tasks\{5711C5F7-3642-4CFD-80F9-9937DDC340FB}
2014-09-03 17:25 - 2014-09-03 17:25 - 00735456 _____ () C:\Users\Thomas Ratzke\Downloads\SS_DE_1.10_1.20_Patch.exe
2014-08-31 21:00 - 2011-04-22 11:40 - 00000000 ____D () C:\Users\Thomas Ratzke\E-Mail
2014-08-31 20:40 - 2013-03-02 15:25 - 00000000 ____D () C:\Program Files (x86)\The GodFather
2014-08-30 05:50 - 2013-01-11 21:03 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-08-29 20:27 - 2014-08-29 19:58 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Local\Battle.net
2014-08-29 20:13 - 2014-08-29 20:13 - 00000679 _____ () C:\Users\Public\Desktop\Dark Crusade.lnk
2014-08-29 20:13 - 2011-04-29 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2014-08-29 20:12 - 2014-08-29 20:12 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\InstallShield
2014-08-29 20:12 - 2011-04-20 21:44 - 00000000 ____D () C:\Games
2014-08-29 20:10 - 2014-08-29 19:58 - 00000000 ____D () C:\Users\Thomas Ratzke\AppData\Roaming\Battle.net
2014-08-29 19:57 - 2014-08-29 19:57 - 00001122 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-08-29 19:57 - 2014-08-29 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-08-29 19:57 - 2014-08-29 19:57 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-29 17:17 - 2014-08-29 17:17 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\Program Files\iTunes
2014-08-29 17:17 - 2014-08-29 17:17 - 00000000 ____D () C:\Program Files\iPod
2014-08-29 17:17 - 2011-11-18 22:10 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-29 17:07 - 2014-08-29 17:04 - 113492816 _____ (Apple Inc.) C:\Users\Thomas Ratzke\Downloads\iTunes64Setup.exe
2014-08-23 17:33 - 2014-05-16 07:12 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-23 17:32 - 2014-08-23 17:32 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-23 17:32 - 2012-11-16 23:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-23 17:32 - 2012-11-16 23:07 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-23 04:07 - 2014-08-30 05:54 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-30 05:54 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-30 05:54 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-20 10:57 - 2011-05-09 19:00 - 00000000 ___RD () C:\Users\Melanie Ratzke\Virtual Machines
2014-08-16 09:39 - 2011-04-25 11:52 - 00000000 ___RD () C:\Users\Thomas Ratzke\Virtual Machines
2014-08-16 03:38 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-16 03:16 - 2013-08-15 09:56 - 00000000 ____D () C:\windows\system32\MRT
2014-08-16 03:09 - 2011-04-20 21:32 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-16 03:01 - 2014-05-08 03:19 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-15 19:44 - 2012-11-16 23:07 - 00000000 ____D () C:\ProgramData\Avira
Files to move or delete:
====================
C:\ProgramData\flashax10.exe
C:\Users\Public\dcmsvcsetup.exe
C:\Users\Public\invokesi.exe
Some content of TEMP:
====================
C:\Users\Luke Ratzke\AppData\Local\Temp\AskSLib.dll
C:\Users\Melanie Ratzke\AppData\Local\Temp\AskSLib.dll
C:\Users\Melanie Ratzke\AppData\Local\Temp\avgnt.exe
C:\Users\Thomas Ratzke\AppData\Local\Temp\avgnt.exe
C:\Users\Thomas Ratzke\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Thomas Ratzke\AppData\Local\Temp\SHSetup.exe
C:\Users\Thomas Ratzke\AppData\Local\Temp\_is3F50.exe
C:\Users\Thomas Ratzke\AppData\Local\Temp\_isB220.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
==================== BCD ================================
Windows-Start-Manager
---------------------
Bezeichner {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale de-DE
inherit {globalsettings}
default {current}
resumeobject {c0409721-0a72-11e0-b6cf-40618672ea2c}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Windows-Startladeprogramm
-------------------------
Bezeichner {current}
device partition=C:
path \windows\system32\winload.exe
description Windows 7
locale de-DE
inherit {bootloadersettings}
recoverysequence {c0409723-0a72-11e0-b6cf-40618672ea2c}
recoveryenabled Yes
osdevice partition=C:
systemroot \windows
resumeobject {c0409721-0a72-11e0-b6cf-40618672ea2c}
nx OptIn
Windows-Startladeprogramm
-------------------------
Bezeichner {c0409723-0a72-11e0-b6cf-40618672ea2c}
device ramdisk=[C:]\Recovery\c0409723-0a72-11e0-b6cf-40618672ea2c\Winre.wim,{c0409724-0a72-11e0-b6cf-40618672ea2c}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\c0409723-0a72-11e0-b6cf-40618672ea2c\Winre.wim,{c0409724-0a72-11e0-b6cf-40618672ea2c}
systemroot \windows
nx OptIn
winpe Yes
Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner {c0409721-0a72-11e0-b6cf-40618672ea2c}
device partition=C:
path \windows\system32\winresume.exe
description Windows Resume Application
locale de-DE
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Windows-Speichertestprogramm
----------------------------
Bezeichner {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale de-DE
inherit {globalsettings}
badmemoryaccess Yes
EMS-Einstellungen
-----------------
Bezeichner {emssettings}
bootems Yes
Debuggereinstellungen
---------------------
Bezeichner {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM-Defekte
-----------
Bezeichner {badmemory}
Globale Einstellungen
---------------------
Bezeichner {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Startladeprogramm-Einstellungen
-------------------------------
Bezeichner {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisoreinstellungen
-------------------
Bezeichner {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner {resumeloadersettings}
inherit {globalsettings}
Ger„teoptionen
--------------
Bezeichner {c0409724-0a72-11e0-b6cf-40618672ea2c}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\c0409723-0a72-11e0-b6cf-40618672ea2c\boot.sdi
LastRegBack: 2014-07-28 12:43
==================== End Of Log ============================
|
Baum-Darstellung