Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ist mein pc virenfrei?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.04.2018, 01:42   #1
Kermit1973
 
Ist mein pc virenfrei? - Standard

Ist mein pc virenfrei?



Hallo liebes Trojaner Board Team,

ich bin gerade dabei den alten PC von meinem Sohn als Not PC zu reaktivieren und wollte sicher gehen ob alles rein und virenfrei ist. Koenntet nihr euch das FRST unten anschauen?

Vielen Dank und Gruss

Kermit

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15.04.2018
Ran by Heiko (administrator) on HEIKO-PC (16-04-2018 12:40:09)
Running from C:\Users\Heiko\Desktop
Loaded Profiles: Heiko (Available Profiles: Heiko)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apache Software Foundation) C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
(Apache Software Foundation) C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
() C:\Windows\System32\PnkBstrB.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Marvell) C:\Program Files\Marvell\61xx\tray\zRaidTray.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL2\KHALMNPR.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-12-20] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [718688 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-04-16] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [393216 2013-12-23] (AMD)
HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [2427400 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\Run: [Skype for Desktop] => C:\Program Files\Microsoft\Skype for Desktop\Skype.exe [50097088 2018-04-09] (Skype Technologies S.A.)
HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\MountPoints2: {fe915653-9825-11e6-aeb1-001bfcd42ddb} - G:\SETUP.EXE
HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\MountPoints2: {fe91565e-9825-11e6-aeb1-001bfcd42ddb} - H:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2009-04-28]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2009-03-20]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ApacheStart.lnk [2014-04-25]
ShortcutTarget: ApacheStart.lnk -> C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe (Apache Software Foundation)
Startup: C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MarvellTray.lnk [2014-04-25]
ShortcutTarget: MarvellTray.lnk -> C:\Program Files\Marvell\61xx\tray\zRaidTray.exe (Marvell)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 0.0.0.0
Tcpip\..\Interfaces\{4E3A8419-EEE8-4EDD-9506-521C71675B26}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{CD77492D-D81D-4621-8C0B-CFE6772DE29B}: [DhcpNameServer] 192.168.1.254 0.0.0.0

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-486867131-26501815-4098484281-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-04-16] (AVAST Software)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

FireFox:
========
FF ProfilePath: C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\sagam84i.default [2018-04-16]
FF Homepage: Mozilla\Firefox\Profiles\sagam84i.default -> www.google.co.nz
FF NewTab: Mozilla\Firefox\Profiles\sagam84i.default -> hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10099_swoc_campaign_160528__yaff
FF Extension: (German Dictionary) - C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\sagam84i.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2016-12-06] [Legacy]
FF Extension: (Avast SafePrice) - C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\sagam84i.default\Extensions\sp@avast.com.xpi [2018-04-16]
FF Extension: (Avast Online Security) - C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\sagam84i.default\Extensions\wrc@avast.com.xpi [2017-12-25]
FF SearchPlugin: C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\sagam84i.default\searchplugins\yahoo-lavasoft.xml [2016-05-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2016-10-22] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-16] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [No File]
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [No File]
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Program Files\Accessories\Burner and Player\TVU Player\TVUPlayer\npTVUAx.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-486867131-26501815-4098484281-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Heiko\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-11] (Unity Technologies ApS)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default [2016-12-25]
CHR Extension: (Stickman Army : The Defenders) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\efppdmlkambkdlajidkapmehfjhnjpfj [2016-10-22]
CHR Extension: (Agar.io Powerups Guide) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfiiapoopclmhaikgpbgddfpmmddmeo [2016-10-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-22]
CHR Extension: (Diep.io Skins, Hacks, Mods, Unblocked) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\olopgffdfchhkiapkeggclgcogkfcpmd [2016-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-18]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5947256 2018-04-16] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [313640 2018-04-16] (AVAST Software)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2008-05-02] (Logitech, Inc.)
S2 Marvell RAID; C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe [61440 2007-04-21] () [File not signed]
R2 MRUWebService; C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe [20539 2007-01-10] (Apache Software Foundation) [File not signed]
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2123104 2017-11-17] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files\Origin\OriginWebHelperService.exe [3002728 2017-11-17] (Electronic Arts)
R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [107832 2009-05-21] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [277544 2009-01-20] (Protect Software GmbH)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167040 2018-04-16] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [185432 2018-04-16] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157368 2018-04-16] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276688 2018-04-16] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50336 2018-04-16] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [180984 2018-04-16] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-04-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [124392 2018-04-16] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100544 2018-04-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [70816 2018-04-16] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [783600 2018-04-16] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [391856 2018-04-16] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [152344 2018-04-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-04-16] (AVAST Software)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [83872 2013-06-08] ()
S3 cpuz132; C:\Windows\system32\drivers\cpuz132_x32.sys [12672 2009-03-27] (Windows (R) Codename Longhorn DDK provider) [File not signed]
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2016-10-22] (Disc Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-06-08] ()
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-19] ()
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [137728 2007-05-25] (Marvell Semiconductor, Inc.)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [734208 2009-05-25] (Ralink Technology Corp.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [716272 2009-03-11] (Duplex Secure Ltd.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-23] (The OpenVPN Project)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2015-06-17] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-16 12:40 - 2018-04-16 12:41 - 000016956 _____ C:\Users\Heiko\Desktop\FRST.txt
2018-04-16 12:39 - 2018-04-16 12:40 - 000000000 ____D C:\FRST
2018-04-16 12:39 - 2018-04-16 12:39 - 001763840 _____ (Farbar) C:\Users\Heiko\Desktop\FRST.exe
2018-04-16 12:03 - 2018-04-16 12:18 - 000000320 _____ C:\Windows\Tasks\HPCeeScheduleForHeiko.job
2018-04-16 11:53 - 2018-03-31 13:39 - 004046528 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-04-16 11:53 - 2018-03-31 13:39 - 003958464 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-04-16 11:53 - 2018-03-31 13:39 - 000190144 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-04-16 11:53 - 2018-03-31 13:39 - 000190144 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-04-16 11:53 - 2018-03-31 13:39 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-04-16 11:53 - 2018-03-31 13:39 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-04-16 11:53 - 2018-03-31 13:39 - 000067264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-04-16 11:53 - 2018-03-31 13:12 - 001310480 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-04-16 11:53 - 2018-03-31 12:51 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-04-16 11:53 - 2018-03-31 12:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-04-16 11:53 - 2018-03-31 12:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-04-16 11:53 - 2018-03-31 12:51 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-04-16 11:53 - 2018-03-31 12:51 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-04-16 11:53 - 2018-03-31 12:49 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-04-16 11:53 - 2018-03-31 12:49 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-04-16 11:53 - 2018-03-31 12:47 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-04-16 11:53 - 2018-03-31 12:47 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-04-16 11:53 - 2018-03-31 12:47 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-04-16 11:53 - 2018-03-31 12:47 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-04-16 11:53 - 2018-03-31 12:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-04-16 11:53 - 2018-03-31 12:47 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-04-16 11:53 - 2018-03-31 12:47 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-04-16 11:53 - 2018-03-28 19:18 - 002404352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-04-16 11:53 - 2018-03-24 05:59 - 000348824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-04-16 11:53 - 2018-03-23 09:26 - 020287488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-04-16 11:53 - 2018-03-23 09:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-04-16 11:53 - 2018-03-23 09:04 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-04-16 11:53 - 2018-03-23 08:52 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-04-16 11:53 - 2018-03-23 08:52 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-04-16 11:53 - 2018-03-23 08:51 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-04-16 11:53 - 2018-03-23 08:51 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-04-16 11:53 - 2018-03-23 08:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-04-16 11:53 - 2018-03-23 08:48 - 002295296 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-04-16 11:53 - 2018-03-23 08:45 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-04-16 11:53 - 2018-03-23 08:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-04-16 11:53 - 2018-03-23 08:43 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-04-16 11:53 - 2018-03-23 08:42 - 000661504 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-04-16 11:53 - 2018-03-23 08:42 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-04-16 11:53 - 2018-03-23 08:42 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-04-16 11:53 - 2018-03-23 08:41 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-04-16 11:53 - 2018-03-23 08:36 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-04-16 11:53 - 2018-03-23 08:33 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-04-16 11:53 - 2018-03-23 08:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-04-16 11:53 - 2018-03-23 08:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-04-16 11:53 - 2018-03-23 08:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-04-16 11:53 - 2018-03-23 08:25 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-04-16 11:53 - 2018-03-23 08:25 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-04-16 11:53 - 2018-03-23 08:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-04-16 11:53 - 2018-03-23 08:22 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-04-16 11:53 - 2018-03-23 08:21 - 004496896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-04-16 11:53 - 2018-03-23 08:20 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-04-16 11:53 - 2018-03-23 08:17 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-04-16 11:53 - 2018-03-23 08:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-04-16 11:53 - 2018-03-23 08:15 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-04-16 11:53 - 2018-03-23 08:14 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-04-16 11:53 - 2018-03-23 08:14 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-04-16 11:53 - 2018-03-23 07:55 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-04-16 11:53 - 2018-03-23 07:52 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-04-16 11:53 - 2018-03-23 07:51 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-04-16 11:53 - 2018-03-11 05:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2018-04-16 11:53 - 2018-03-10 06:18 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-04-16 11:53 - 2018-03-10 06:12 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-04-16 11:53 - 2018-03-10 06:12 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-04-16 11:53 - 2018-03-10 06:12 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-04-16 11:53 - 2018-03-10 06:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-04-16 11:53 - 2018-03-10 05:31 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-04-16 11:53 - 2018-03-07 06:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2018-04-16 11:53 - 2018-03-07 06:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2018-04-16 11:53 - 2018-03-07 06:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2018-04-16 11:53 - 2018-02-22 15:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-04-16 11:53 - 2018-02-19 09:34 - 000535616 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-04-16 11:53 - 2018-02-11 06:49 - 000162496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-04-16 11:53 - 2018-02-11 06:49 - 000154304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-04-16 11:53 - 2018-02-11 06:49 - 000104640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
2018-04-16 11:53 - 2018-02-11 06:49 - 000057024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
2018-04-16 11:53 - 2018-02-11 06:49 - 000053440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2018-04-16 11:53 - 2018-02-11 06:49 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2018-04-16 11:53 - 2018-02-11 06:49 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VIAAGP.SYS
2018-04-16 11:53 - 2018-02-11 06:49 - 000051904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SISAGP.SYS
2018-04-16 11:53 - 2018-02-11 06:49 - 000046272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
2018-04-16 11:53 - 2018-02-11 06:49 - 000032448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
2018-04-16 11:53 - 2018-02-11 06:49 - 000027840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
2018-04-16 11:53 - 2018-02-11 06:49 - 000021696 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
2018-04-16 11:53 - 2018-02-11 06:49 - 000013504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
2018-04-16 11:53 - 2018-02-11 06:49 - 000011840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
2018-04-16 11:53 - 2018-02-11 06:48 - 000274624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2018-04-16 11:53 - 2018-02-11 06:48 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AMDAGP.SYS
2018-04-16 11:53 - 2018-02-11 06:48 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
2018-04-16 11:53 - 2018-02-11 06:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2018-04-16 11:53 - 2018-02-11 06:23 - 000330240 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-04-16 11:53 - 2018-02-11 06:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
2018-04-16 11:53 - 2018-02-11 06:23 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
2018-04-16 11:53 - 2018-02-11 05:36 - 000537600 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2018-04-16 11:53 - 2018-02-11 05:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
2018-04-16 11:53 - 2018-02-11 05:36 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
2018-04-16 11:53 - 2018-02-11 05:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2018-04-16 11:53 - 2018-02-11 05:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
2018-04-16 11:53 - 2018-02-03 06:54 - 000105152 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-04-16 11:53 - 2018-02-03 06:29 - 002365952 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-04-16 11:53 - 2018-02-03 06:29 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2018-04-16 11:53 - 2018-02-03 06:29 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2018-04-16 11:53 - 2018-02-03 06:28 - 001806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-04-16 11:53 - 2018-02-03 06:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-04-16 11:53 - 2018-02-03 05:46 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2018-04-16 11:53 - 2018-01-26 02:04 - 000922944 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000066392 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000022360 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000019800 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-04-16 11:53 - 2018-01-16 07:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-04-16 11:53 - 2018-01-13 04:29 - 001309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-04-16 11:53 - 2018-01-13 04:29 - 000250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-04-16 11:53 - 2018-01-13 04:29 - 000240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-04-16 11:53 - 2018-01-13 04:29 - 000187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-04-16 11:53 - 2018-01-13 04:26 - 000363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2018-04-16 11:53 - 2018-01-13 04:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2018-04-16 11:53 - 2018-01-13 04:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2018-04-16 11:53 - 2018-01-13 04:05 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2018-04-16 11:53 - 2018-01-13 04:05 - 000025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-04-16 11:53 - 2018-01-13 04:05 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2018-04-16 11:53 - 2018-01-12 04:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 012880384 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 001417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 001155584 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000328192 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:54 - 001214184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-04-16 11:53 - 2018-01-01 13:54 - 000712936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-04-16 11:53 - 2018-01-01 13:54 - 000201960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2018-04-16 11:53 - 2018-01-01 13:54 - 000173288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2018-04-16 11:53 - 2018-01-01 13:50 - 000317952 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-04-16 11:53 - 2018-01-01 13:43 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2018-04-16 11:53 - 2018-01-01 13:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-04-16 11:53 - 2018-01-01 13:43 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
2018-04-16 11:53 - 2018-01-01 13:43 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-04-16 11:53 - 2018-01-01 13:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
2018-04-16 11:53 - 2018-01-01 13:41 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-04-16 11:53 - 2018-01-01 13:38 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-04-16 11:53 - 2018-01-01 13:36 - 000314368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-04-16 11:53 - 2018-01-01 13:36 - 000313344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-04-16 11:53 - 2018-01-01 13:35 - 000514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-04-16 11:53 - 2018-01-01 13:35 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-04-16 11:53 - 2018-01-01 13:35 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-04-16 11:53 - 2018-01-01 13:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-04-16 11:53 - 2017-12-06 05:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2018-04-16 11:53 - 2017-12-06 05:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2018-04-16 11:53 - 2017-12-06 05:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2018-04-16 11:53 - 2017-12-06 05:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-04-16 11:53 - 2017-12-06 05:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2018-04-16 11:53 - 2017-12-06 05:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2018-04-16 11:53 - 2017-12-06 05:08 - 000072704 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2018-04-16 11:53 - 2017-12-06 03:54 - 000334848 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2018-04-16 11:53 - 2017-12-06 03:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2018-04-16 11:51 - 2018-03-15 05:18 - 000116928 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-04-16 11:51 - 2018-03-15 05:14 - 000535040 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-04-16 11:51 - 2018-03-15 01:04 - 001893376 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-04-16 11:51 - 2018-03-15 01:04 - 001319424 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-04-16 11:51 - 2018-03-15 01:04 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-04-16 11:51 - 2018-03-15 01:04 - 000507392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-04-16 11:51 - 2018-03-15 01:04 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-04-16 11:51 - 2018-03-15 01:04 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-04-16 11:51 - 2018-03-15 01:04 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-04-16 11:51 - 2018-03-15 01:04 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-04-16 11:23 - 2018-04-16 11:23 - 000320728 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-16 12:38 - 2009-02-23 12:09 - 000000000 ____D C:\Users\Heiko\AppData\Roaming\Skype
2018-04-16 12:38 - 2009-02-23 12:08 - 000000000 ____D C:\ProgramData\Skype
2018-04-16 12:37 - 2018-01-16 17:19 - 000001020 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-04-16 12:36 - 2012-04-05 03:54 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-04-16 12:36 - 2011-05-21 23:37 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-04-16 12:35 - 2009-02-23 11:11 - 000000000 ____D C:\Windows\system32\Macromed
2018-04-16 12:34 - 2016-11-26 09:17 - 000000000 ____D C:\Users\Heiko\AppData\LocalLow\Mozilla
2018-04-16 12:34 - 2009-02-23 10:38 - 000000000 ____D C:\Program Files\Common Files\Adobe AIR
2018-04-16 12:27 - 2016-10-22 18:16 - 000010896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-16 12:27 - 2016-10-22 18:16 - 000010896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-16 12:25 - 2016-10-22 19:14 - 000785794 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-16 12:25 - 2009-07-14 14:37 - 000000000 ____D C:\Windows\inf
2018-04-16 12:18 - 2014-04-25 20:04 - 000000009 _____ C:\Windows\mvraidver.dat
2018-04-16 12:18 - 2009-07-14 16:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-16 12:18 - 2009-07-14 16:33 - 000488296 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-16 12:18 - 2009-02-22 23:43 - 000000160 _____ C:\Windows\system32\61xx.xml
2018-04-16 12:17 - 2016-11-25 15:24 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-04-16 12:17 - 2012-06-11 04:08 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-04-16 12:15 - 2017-03-03 16:12 - 000000000 ____D C:\Windows\system32\appraiser
2018-04-16 12:02 - 2016-10-24 12:09 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-04-16 12:02 - 2013-07-30 06:32 - 000000000 ____D C:\Windows\system32\MRT
2018-04-16 11:56 - 2017-10-13 14:56 - 133987696 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-16 11:56 - 2016-10-22 19:35 - 133987696 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-16 11:45 - 2009-02-24 09:54 - 000000000 ____D C:\Program Files\Common Files\Logitech
2018-04-16 11:44 - 2009-03-20 14:07 - 000000000 ____D C:\Users\Heiko\AppData\Local\Downloaded Installations
2018-04-16 11:41 - 2009-02-22 23:43 - 000452672 _____ C:\Windows\za_mv_raid.ev
2018-04-16 11:25 - 2017-12-25 10:17 - 000124392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-04-16 11:23 - 2017-12-25 10:17 - 000783600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-04-16 11:23 - 2017-12-25 10:17 - 000391856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-04-16 11:23 - 2017-12-25 10:17 - 000310784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-04-16 11:23 - 2017-12-25 10:17 - 000180984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-04-16 11:23 - 2017-12-25 10:17 - 000167040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-04-16 11:23 - 2017-12-25 10:17 - 000152344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-04-16 11:23 - 2017-12-25 10:17 - 000100544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-04-16 11:23 - 2017-12-25 10:17 - 000070816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-04-16 11:23 - 2017-12-25 10:17 - 000042808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-04-16 11:22 - 2017-12-25 10:17 - 000276688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblogx.sys
2018-04-16 11:22 - 2017-12-25 10:17 - 000185432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2018-04-16 11:22 - 2017-12-25 10:17 - 000157368 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidshx.sys
2018-04-16 11:22 - 2017-12-25 10:17 - 000050336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbunivx.sys

==================== Files in the root of some directories =======

2013-06-28 06:33 - 2013-06-28 06:28 - 000007583 _____ () C:\Program Files\awvIdentifiers.map.bak
2013-06-28 06:33 - 2013-06-28 06:28 - 000192528 _____ () C:\Program Files\bankcodes.map.bak
2013-06-28 06:33 - 2013-04-03 12:00 - 007384209 _____ () C:\Program Files\bic.map.bak
2013-06-28 06:33 - 2013-06-28 06:28 - 000008900 _____ () C:\Program Files\countries.map.bak
2013-06-28 06:27 - 2013-01-03 12:00 - 000039034 _____ () C:\Program Files\efix.exe.manifest
2016-08-07 11:33 - 2016-08-07 11:33 - 007065600 _____ () C:\Program Files\GUT4C0D.tmp
2014-05-10 11:55 - 2014-05-10 11:55 - 006103040 _____ () C:\Program Files\GUTE012.tmp
2013-06-28 06:27 - 2011-10-05 12:00 - 000001346 _____ () C:\Program Files\Migrate.exe.manifest
2013-06-28 06:27 - 2012-09-07 12:00 - 000001602 _____ () C:\Program Files\sepaCategoryPurpose.map
2013-06-28 06:27 - 2009-10-27 12:00 - 000007853 _____ () C:\Program Files\sepaPurposeKeys.map
2013-06-28 06:26 - 2013-06-28 06:27 - 000000234 _____ () C:\Program Files\Update.ini
2013-06-28 06:27 - 2011-08-22 12:00 - 000015176 _____ () C:\Program Files\update_help.html
2013-06-28 06:25 - 2000-12-05 21:31 - 000026614 _____ () C:\Program Files\_update.hlp
2013-06-28 06:25 - 2000-08-25 03:49 - 000102400 _____ (XLAB) C:\Program Files\_updutils.dll
2009-09-28 15:25 - 2016-10-15 21:46 - 000087608 _____ () C:\Users\Heiko\AppData\Roaming\inst.exe
2009-02-24 15:51 - 2016-10-15 21:46 - 000007887 _____ () C:\Users\Heiko\AppData\Roaming\pcouffin.cat
2009-02-24 15:51 - 2016-10-15 21:46 - 000001144 _____ () C:\Users\Heiko\AppData\Roaming\pcouffin.inf
2009-02-24 15:52 - 2016-10-15 21:46 - 000000033 _____ () C:\Users\Heiko\AppData\Roaming\pcouffin.log
2009-02-24 15:51 - 2016-10-15 21:46 - 000047360 _____ (VSO Software) C:\Users\Heiko\AppData\Roaming\pcouffin.sys
2013-10-12 22:36 - 2013-10-12 23:17 - 000000028 _____ () C:\Users\Heiko\AppData\Roaming\PhonerLitesettings.ini
2009-05-21 16:01 - 2009-05-21 16:01 - 000022328 _____ () C:\Users\Heiko\AppData\Roaming\PnkBstrK.sys
2009-08-27 10:17 - 2009-08-27 10:17 - 000000760 _____ () C:\Users\Heiko\AppData\Roaming\setup_ldm.iss
2016-06-04 17:42 - 2016-06-15 17:48 - 000000001 _____ () C:\Users\Heiko\AppData\Roaming\update.dat

Some files in TEMP:
====================
2018-04-16 11:44 - 2018-04-16 11:44 - 001869888 _____ (Logitech, Inc.) C:\Users\Heiko\AppData\Local\Temp\sp_setpoint.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-10-23 09:08

==================== End of FRST.txt ============================
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15.04.2018
Ran by Heiko (16-04-2018 12:41:48)
Running from C:\Users\Heiko\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2016-10-22 07:11:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-486867131-26501815-4098484281-500 - Administrator - Disabled)
Guest (S-1-5-21-486867131-26501815-4098484281-501 - Limited - Disabled)
Heiko (S-1-5-21-486867131-26501815-4098484281-1000 - Administrator - Enabled) => C:\Users\Heiko
HomeGroupUser$ (S-1-5-21-486867131-26501815-4098484281-1074 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AC3Filter (remove only) (HKLM\...\AC3Filter) (Version:  - )
Acrobat.com (HKLM\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 29.0.0.112 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Help Center 2.1 (HKLM\...\{25569723-DC5A-4467-A639-79535BF01B71}) (Version: 2.1 - Adobe Systems)
AMD Catalyst Install Manager (HKLM\...\{CD93C96E-22D5-896A-4FA3-B07F5DBEB5A0}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Attansic Ethernet Utility (HKLM\...\{1F698102-5739-441E-96F0-74F4EA540F06}) (Version: 2.0.60.5 - Attansic)
Attansic L1 Gigabit Ethernet Driver (HKLM\...\{6E19F210-3813-4002-B561-94D66AA182B6}) (Version:  - )
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.3.2333 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CDDRV_Installer (HKLM\...\{0C826C5B-B131-423A-A229-C71B3CACCD6A}) (Version: 4.60 - Logitech) Hidden
Cheat Engine 6.4 (HKLM\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
ContentMod2.6.3 (HKLM\...\ContentMod_2.6.3) (Version:  - )
CPUID CPU-Z 1.51 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hama Black Force Pad (HKLM\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.01.01 - )
HP Officejet Pro 8620 Basic Device Software (HKLM\...\{5044B6E3-91D6-4567-963E-48D282A3A187}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8620 Help (HKLM\...\{9A4D71AB-9C68-4702-A4A2-A4DB7B0FE270}) (Version: 32.0.0 - Hewlett Packard)
HP Support Assistant (HKLM\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.8.47.1 - HP Inc.)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HydraVision (HKLM\...\{8F5DACDD-C4B7-A745-60AC-26274CF1B383}) (Version: 4.2.242.0 - Advanced Micro Devices, Inc.) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{AFA154E8-2D57-4789-AB2D-9761E6AC5988}) (Version: 6.2.3.17 - Apple Inc.)
KhalInstallWrapper (HKLM\...\{3101CB58-3482-4D21-AF1A-7057FC935355}) (Version: 4.60.122 - Logitech) Hidden
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.60 - Logitech)
Logitech Updater (HKLM\...\{53735ECE-E461-4FD0-B742-23A352436D3A}) (Version: 1.70 - Logitech, Inc.)
Marvell MRU (HKLM\...\mv61xxMRU) (Version: 1.2.0.15 - Marvell)
MicroMachines V4 (HKLM\...\{E4511CEC-2E60-4076-95B6-0E193269EB86}) (Version: 2.00.0000 - Codemasters)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}) (Version: 1.20.146.0 - Microsoft)
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 59.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x86 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2.6656 - Mozilla)
MSVC80_x86 (HKLM\...\{212748BB-0DA5-46DE-82A1-403736DC9F27}) (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (HKLM\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (HKLM\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Open Systems Client (HKLM\...\Open Systems Client) (Version:  - )
OpenAL (HKLM\...\OpenAL) (Version:  - )
Origin (HKLM\...\Origin) (Version: 10.5.6.6235 - Electronic Arts, Inc.)
Product Improvement Study for HP Officejet Pro 8620 (HKLM\...\{8E08E6F4-AC4A-448C-BA4D-0FB93DE57BC2}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5391 - Realtek Semiconductor Corp.)
Skype version 8.19 (HKLM\...\Skype_is1) (Version: 8.19 - Skype Technologies S.A.)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
USB game controller (HKLM\...\{350161D2-0582-11D8-B095-009027EC0701}) (Version: 1.14.0000 - Logic 3 International Ltd.) Hidden
USB game controller (HKLM\...\InstallShield_{350161D2-0582-11D8-B095-009027EC0701}) (Version: 1.14.0000 - Logic 3 International Ltd.)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinZip 12.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00-Zukmo-SyncFileModified] -> {23939489-8B41-45ec-90F3-BD36A9644006} =>  -> No File
ShellIconOverlayIdentifiers: [00-Zukmo-SyncFileSuccess] -> {23939488-8B41-45ec-90F3-BD36A9644006} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-16] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-16] (AVAST Software)
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2017-07-14] (Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\Accessories\Packer\Winrar\rarext.dll [2008-09-16] ()
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\Accessories\Packer\Winzip\wzshlstb.dll [2008-09-08] (WinZip Computing, S.L.)
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-16] (AVAST Software)
ContextMenuHandlers3: [ZukmoExplorerShlPlugin] -> {23939488-8B41-45ec-90F3-BD36A9644006} =>  -> No File
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\Accessories\Packer\Winrar\rarext.dll [2008-09-16] ()
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\Accessories\Packer\Winzip\wzshlstb.dll [2008-09-08] (WinZip Computing, S.L.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2013-12-20] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-04-16] (AVAST Software)
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\Accessories\Packer\Winrar\rarext.dll [2008-09-16] ()
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\Accessories\Packer\Winzip\wzshlstb.dll [2008-09-08] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BBD703A-E1ED-4F20-8D6F-DE145CC61819} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {0BF2F537-1A66-42C4-B31F-E0DED0ED7976} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {154293BD-6069-461B-AD27-65DAB5B7D825} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {16DBFEE0-0214-46E0-A1C9-2B30C32AB1B5} - System32\Tasks\GoogleUpdateTaskMachineCore1cf4e15c388b5b0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {2D5FACF8-65B2-4B5B-BEC0-751676F0538B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {337ADA36-47C2-4411-B946-D212DF072AA4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-03-07] (HP Inc.)
Task: {6F6E9D70-312C-4025-B9DC-5E198757556C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {77A2762F-A8BA-435B-B4A8-C2B51807A325} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {83E48F6C-41AC-4A8F-A933-D6B166102A9C} - System32\Tasks\HPCustParticipation HP Officejet Pro 8620 => C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {84B5365E-401A-462D-8FAC-058C4BF24797} - System32\Tasks\HPCeeScheduleForHeiko => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {8D85D651-DF62-4AA0-9566-EAB50F0EF0C2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {921CB712-6E33-4B2E-843C-22C14C1726AF} - System32\Tasks\{B0F6A49D-A91D-4D19-A031-13FCC944AB56} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\sina\SINAWE~1\304~1.2\UNWISE.EXE -c C:\PROGRA~1\sina\SINAWE~1\304~1.2\Install.LOG
Task: {A1D52E07-6D68-4C4F-AD4E-D2674ACEBFB1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {A4EFC974-C25D-4058-9AD0-C5935E5D7E1E} - System32\Tasks\Ad-Aware Update (Daily 4) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {A7CCFDE0-B551-4499-A258-56B34E9881E2} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-26] (Microsoft Corporation)
Task: {BDDF23BB-B853-4630-9600-DAC5E8ADE25A} - System32\Tasks\Ad-Aware Update (Daily 3) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {CCC51E36-7D77-4422-8C8F-9759F451299B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-16] (AVAST Software)
Task: {D13F6EE8-A587-498E-944D-FC1A7733B156} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {D6D2CE03-C7B0-483A-8276-0C08293A696F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {D7B44E82-156E-4B32-ADD5-7ED2E672BC8B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-04-16] (AVAST Software)
Task: {E8230F08-FF57-476F-A020-DC736F30D667} - System32\Tasks\Ad-Aware Update (Daily 1) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {EBCC21A9-D5A4-4F8E-83E8-B106BD8BBB59} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-16] (Adobe Systems Incorporated)
Task: {F708DBDE-831D-490E-BD92-6A753F372544} - System32\Tasks\Ad-Aware Update (Daily 2) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {FB888641-8C58-4BC9-8A50-9B22C21958E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Ad-Aware Update (Daily 1).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Ad-Aware Update (Daily 2).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Ad-Aware Update (Daily 3).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Ad-Aware Update (Daily 4).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHeiko.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-16 11:23 - 2018-04-16 11:23 - 000349912 _____ () C:\Program Files\AVAST Software\Avast\streamback_avast.dll
2018-04-16 11:23 - 2018-04-16 11:23 - 000295640 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-04-16 11:23 - 2018-04-16 11:23 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-04-16 11:21 - 2018-04-16 11:21 - 005816976 _____ () C:\Program Files\AVAST Software\Avast\defs\18041500\algo.dll
2018-04-16 11:23 - 2018-04-16 11:23 - 000763608 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-04-16 11:23 - 2018-04-16 11:23 - 000911064 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-04-16 11:23 - 2018-04-16 11:23 - 000172760 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-04-16 11:23 - 2018-04-16 11:23 - 000969944 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-04-16 11:23 - 2018-04-16 11:23 - 000501464 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2009-03-03 19:04 - 2009-05-21 16:01 - 000107832 _____ () C:\Windows\system32\PnkBstrB.exe
2018-04-16 11:23 - 2018-04-16 11:23 - 000624856 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2009-05-18 17:17 - 2008-09-16 20:18 - 000132608 _____ () C:\Program Files\Accessories\Packer\Winrar\rarext.dll
2018-04-16 11:23 - 2018-04-16 11:23 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-04-16 11:23 - 2018-04-16 11:23 - 000281816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\agentware.net -> hxxps://agentware.net
IE trusted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\rundumsorglos.net -> hxxps://mail.rundumsorglos.net
IE trusted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\sabre.com -> hxxps://sabre.com
IE trusted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\virtual-apps.net -> hxxps://mail.virtual-apps.net
IE trusted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12684 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 22:23 - 2018-01-16 12:25 - 000450722 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1	localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 15464 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-486867131-26501815-4098484281-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Heiko^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dora the Explorer_ Dance to the Rescue Registration.lnk => C:\Windows\pss\Dora the Explorer_ Dance to the Rescue Registration.lnk.Startup
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BitTorrent DNA => "C:\Users\Heiko\Program Files\DNA\btdna.exe"
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: OpScheduler => "C:\Program Files\Accessories\Omnipage\OpScheduler.exe"
MSCONFIG\startupreg: Opware15 => "C:\Program Files\Accessories\Omnipage\Opware15.exe"
MSCONFIG\startupreg: PDF3 Registry Controller => "C:\Program Files\Accessories\Omnipage\PDFConverter3\\RegistryController.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\Steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2398535C-0B73-4C8D-893C-9C74C62AFA37}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B695CC82-0DF8-4405-AB03-877A99FC027E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{7477B0F9-36B3-408E-A92C-43201071D33B}C:\program files\games\micro machines\mmv4.exe] => (Block) C:\program files\games\micro machines\mmv4.exe
FirewallRules: [TCP Query User{0A3BD513-6913-4C2C-A354-19AACD96DD91}C:\program files\games\micro machines\mmv4.exe] => (Block) C:\program files\games\micro machines\mmv4.exe
FirewallRules: [{F9E11C52-496C-445B-91B0-F24B6CEA983F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{032D9D24-CB50-4C30-91A8-72BB7CF55172}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5F6C2DB1-8D73-461F-8552-CF03FFB4BBE8}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{113DED41-366B-4A17-8E71-7404DB16FA70}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{86D27042-BCCD-45DF-A707-B1C47A186E40}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{8EFE99B3-CC25-48AD-9571-9A06532B6410}] => (Allow) C:\Program Files\Steam\steamapps\common\Need for Speed Hot Pursuit\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{0B5CE1C0-69F8-42DC-9417-474C6AC9980B}] => (Allow) C:\Program Files\Steam\steamapps\common\Need for Speed Hot Pursuit\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{A14C1B0F-E6FF-497B-B97C-74A2DCA3733F}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{0CABE169-A2A1-46E1-9E95-218BE1C954C1}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{CB1D0DDB-3167-423D-844C-FF180F613936}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{400CDEE1-7B38-49D4-949E-1B16648DD53E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{2D27C6A1-887F-49DC-B379-A48171081BBC}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{630209DF-00C3-4772-A5AF-69A19672F6E8}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F40C07C3-92A7-4E63-958F-A9EE7D7ADD93}C:\program files\marvell\61xx\apache2\bin\apache.exe] => (Allow) C:\program files\marvell\61xx\apache2\bin\apache.exe
FirewallRules: [TCP Query User{B7E6A63A-3AA9-4D55-B32B-9575C8A301A0}C:\program files\marvell\61xx\apache2\bin\apache.exe] => (Allow) C:\program files\marvell\61xx\apache2\bin\apache.exe
FirewallRules: [UDP Query User{70E77C00-B2C6-4422-9CCE-01881F959FAB}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{1FA1AED8-3F27-4023-9EDC-0217896FB03E}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{139429A6-A651-4B8A-9035-0724BE8A6968}C:\windows\sabserv.exe] => (Allow) C:\windows\sabserv.exe
FirewallRules: [TCP Query User{52E104D8-E2E1-4B09-990A-8F3879708134}C:\windows\sabserv.exe] => (Allow) C:\windows\sabserv.exe
FirewallRules: [UDP Query User{5AD8C1E0-F1E5-4811-9B2F-43A5D3AD894F}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{71D68BCA-C7F2-46E8-A9FC-D896ADA21C1D}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{DA548872-785B-433F-BAF8-D429670AC33C}] => (Allow) C:\Program Files\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{660543A3-D7FC-4641-B2F9-2E80C151EB96}] => (Allow) C:\Program Files\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{1B306820-0F9D-4195-9645-9D79F0CB62A8}] => (Allow) C:\Program Files\DNA\btdna.exe
FirewallRules: [{EB01A9A6-1867-482D-BDCB-CDC4C223FED8}] => (Allow) C:\Program Files\DNA\btdna.exe
FirewallRules: [{F6C50470-FBB4-4A16-B0FE-C53D98ABC6AD}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{F780ECDF-54F6-48FA-80E4-696EAE9E9EAA}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{2D24E018-5323-440E-9147-00C79A78DFA8}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{E645B6B3-0D5B-4F8C-80CC-0CBAAEDB30FE}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [UDP Query User{79EAAEBD-0A31-4B30-AE43-685D321FEB11}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{0D8D36D9-8B5C-470E-89E1-5AC7251E4DB9}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{8EE4C063-700C-42CD-B189-64C0109CD8A9}] => (Allow) LPort=6346
FirewallRules: [{2C3C9619-AA96-40FD-9A13-0293032EA2AF}] => (Allow) LPort=6346
FirewallRules: [{7E558A91-420B-4F54-AC63-0DD1A350B51D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{01844AD2-EE49-40DE-8F97-9F759DA91D3A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{C4A3893F-A070-417B-860A-60C1D3F89CAE}C:\windows\sabserv.exe] => (Allow) C:\windows\sabserv.exe
FirewallRules: [TCP Query User{64F75C53-2404-4680-98E7-6B739E87E7AA}C:\windows\sabserv.exe] => (Allow) C:\windows\sabserv.exe
FirewallRules: [UDP Query User{FA6F7BD6-2527-4DF7-86AB-3707CCBFD912}C:\program files\marvell\61xx\apache2\bin\apache.exe] => (Allow) C:\program files\marvell\61xx\apache2\bin\apache.exe
FirewallRules: [TCP Query User{DF076614-FEFD-4679-B6EE-0D21C1931F45}C:\program files\marvell\61xx\apache2\bin\apache.exe] => (Allow) C:\program files\marvell\61xx\apache2\bin\apache.exe
FirewallRules: [{1AAAD0B4-5ADF-432F-9467-BA92E526DFC7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{7B0CED59-1B78-4388-A949-F1DA0512C80B}] => (Allow) C:\Users\Heiko\AppData\Local\Temp\7zS4CAA\HPDiagnosticCoreUI.exe
FirewallRules: [{9FB7DB8D-D696-4689-88DF-8AD6EB9FA0BE}] => (Allow) C:\Users\Heiko\AppData\Local\Temp\7zS4CAA\HPDiagnosticCoreUI.exe
FirewallRules: [{A7174691-CEE8-48DB-B01C-CA1F9D7BB120}] => (Allow) C:\Users\Heiko\AppData\Local\Temp\7zS4D54\HPDiagnosticCoreUI.exe
FirewallRules: [{C12D9D86-578D-4C85-9913-00F7E21D0717}] => (Allow) C:\Users\Heiko\AppData\Local\Temp\7zS4D54\HPDiagnosticCoreUI.exe
FirewallRules: [{F9C3C2B7-30D8-425C-8E97-89E57FD17A7E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\FaxApplications.exe
FirewallRules: [{FE52B951-7BA8-4C67-A224-85FA0F29D58A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\DigitalWizards.exe
FirewallRules: [{C3F9996E-16E7-4038-BD77-319D4914A6CE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\SendAFax.exe
FirewallRules: [{B87DD732-4C4F-46B8-B3E6-BE847317CB0A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\DeviceSetup.exe
FirewallRules: [{C347065B-7BD6-4A02-A6A9-C62453860158}] => (Allow) LPort=5357
FirewallRules: [{66F31C15-50A5-4D2E-A439-39F3AD550A0A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{FE283725-44E8-46A8-B0D4-12A5B33CCA92}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{694E9433-4DE4-4831-9813-BA4FED8CFC56}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{818FF5AB-0D33-41CF-8CAE-892681C52442}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{485DF269-0681-4064-8B6B-1ED632D3A736}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Accessories\BitTorrent\bittorrent.exe] => Enabled:BitTorrent

==================== Restore Points =========================

16-01-2018 16:38:29 Windows Update
16-04-2018 11:54:28 Windows Update

==================== Faulty Device Manager Devices =============

Name: sptd
Description: sptd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: sptd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2018 12:35:14 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (01/16/2018 05:08:01 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (01/16/2018 12:34:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\HP\HP Officejet Pro 8620\DriverStore\Yeti\V3\amd64\hpinkins7012.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/16/2018 12:34:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\ati technologies\hydravision\HydraMD64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/16/2018 12:34:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\ati technologies\hydravision\HydraDM64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/16/2018 12:34:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\ati technologies\hydravision\Grid64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/16/2018 12:34:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/16/2018 12:32:20 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Program Files\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll".Error in manifest or policy file "C:\Program Files\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll" on line 2.
Invalid Xml syntax.


System errors:
=============
Error: (04/16/2018 12:35:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Marvell RAID Event Agent service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/16/2018 12:18:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
sptd

Error: (04/16/2018 12:18:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (04/16/2018 12:18:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (04/16/2018 12:17:03 PM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (04/16/2018 11:42:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
sptd

Error: (04/16/2018 11:42:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (04/16/2018 11:42:02 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.


Windows Defender:
===================================
Date: 2016-10-22 20:04:35.195
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070003
Error description:The system cannot find the path specified. 
Signature version:0.0.0.0
Engine version:0.0.0.0

CodeIntegrity:
===================================

Date: 2016-10-15 23:16:55.831
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-15 23:16:55.472
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-15 23:16:55.097
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-15 23:16:54.738
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-15 23:16:54.379
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-15 23:16:54.004
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-15 23:16:52.475
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-15 23:16:52.132
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 58%
Total physical RAM: 3071.12 MB
Available physical RAM: 1281.4 MB
Total Virtual: 6140.59 MB
Available Virtual: 4132.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.19 GB) (Free:51.87 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:156.25 GB) (Free:97.69 GB) NTFS
Drive e: () (Fixed) (Total:192.32 GB) (Free:170.2 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 20C53A3A)
Partition 1: (Active) - (Size=117.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=156.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=192.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
         

Alt 16.04.2018, 09:05   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ist mein pc virenfrei? - Standard

Ist mein pc virenfrei?



Lesestoff:
Google Chrome

Offensichtlich nutzt du den Browser Chrome von Google. Ich muss von der Verwendung dieses Browsers aus Datenschutzgründen dringend abraten. Siehe auch Google: Chrome-Browser scannt lokale Dateien auf Windows-PCs

Installiere Mozilla Firefox, damit lassen sich auch Profildaten aus Chrome importieren, anschließend Google Chrome deinstallieren.



Bitte Avast deinstallieren


Wir deinstallieren dann am besten auch gleich weiteren unnötigen oder veralteten Krempel.

Avast können wir einfach nicht mehr guten Gewissens empfehlen. => Antivirensoftware: Schutz Für Ihre Dateien, Aber Auf Kosten Ihrer Privatsphäre? | Emsisoft Blog
Auch andere Freewareanbieter wie Avira, AVG oder Panda springen auf diesen oder ähnlichen Zügen rauf, basteln Junkware in die Setups, arbeiten mit ASK zusammen etc; so was ist bei Sicherheitssoftware einfach inakzeptabel.



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:


    Adobe Acrobat Reader DC

    Adobe AIR

    Adobe Flash Player 29 ActiveX

    Adobe Flash Player 29 NPAPI

    Avast Free Antivirus

    Windows 7 Upgrade Advisor

    WinRAR archiver

    WinZip 12.0


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Gib Bescheid wenn Avast weg ist; wenn wir hier durch sind, kannst du auf einen anderen Virenscanner umsteigen, Infos folgen dann im Abschlussposting. Bitte JETZT nix mehr ohne Absprache installieren!
__________________

__________________

Alt 16.04.2018, 10:22   #3
Kermit1973
 
Ist mein pc virenfrei? - Standard

Ist mein pc virenfrei?



Danke Cosinus...ich habe alle genannten Programme wie beschrieben entfernt. Was ist der naechste Schritt?

Viele Gruesse

Kermit


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15.04.2018
Ran by Heiko (administrator) on HEIKO-PC (16-04-2018 21:21:40)
Running from C:\Users\Heiko\Desktop
Loaded Profiles: Heiko (Available Profiles: Heiko)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Marvell) C:\Program Files\Marvell\61xx\tray\zRaidTray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL2\KHALMNPR.exe
() C:\Windows\System32\PnkBstrB.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-12-20] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [718688 2009-10-01] (Microsoft Corporation)
HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [393216 2013-12-23] (AMD)
HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [2427400 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\MountPoints2: {fe915653-9825-11e6-aeb1-001bfcd42ddb} - G:\SETUP.EXE
HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\MountPoints2: {fe91565e-9825-11e6-aeb1-001bfcd42ddb} - H:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2009-04-28]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2009-03-20]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ApacheStart.lnk [2014-04-25]
ShortcutTarget: ApacheStart.lnk -> C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe (Apache Software Foundation)
Startup: C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MarvellTray.lnk [2014-04-25]
ShortcutTarget: MarvellTray.lnk -> C:\Program Files\Marvell\61xx\tray\zRaidTray.exe (Marvell)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 0.0.0.0
Tcpip\..\Interfaces\{4E3A8419-EEE8-4EDD-9506-521C71675B26}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{CD77492D-D81D-4621-8C0B-CFE6772DE29B}: [DhcpNameServer] 192.168.1.254 0.0.0.0

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-486867131-26501815-4098484281-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

FireFox:
========
FF ProfilePath: C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\sagam84i.default [2018-04-16]
FF Homepage: Mozilla\Firefox\Profiles\sagam84i.default -> www.google.co.nz
FF NewTab: Mozilla\Firefox\Profiles\sagam84i.default -> hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10099_swoc_campaign_160528__yaff
FF Extension: (German Dictionary) - C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\sagam84i.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2016-12-06] [Legacy]
FF SearchPlugin: C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\sagam84i.default\searchplugins\yahoo-lavasoft.xml [2016-05-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2016-10-22] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_140.dll [No File]
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [No File]
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [No File]
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Program Files\Accessories\Burner and Player\TVU Player\TVUPlayer\npTVUAx.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin HKU\S-1-5-21-486867131-26501815-4098484281-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Heiko\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-11] (Unity Technologies ApS)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default [2018-04-16]
CHR Extension: (Stickman Army : The Defenders) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\efppdmlkambkdlajidkapmehfjhnjpfj [2016-10-22]
CHR Extension: (Agar.io Powerups Guide) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfiiapoopclmhaikgpbgddfpmmddmeo [2016-10-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-22]
CHR Extension: (Diep.io Skins, Hacks, Mods, Unblocked) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\olopgffdfchhkiapkeggclgcogkfcpmd [2016-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2008-05-02] (Logitech, Inc.)
R2 Marvell RAID; C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe [61440 2007-04-21] () [File not signed]
S2 MRUWebService; C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe [20539 2007-01-10] (Apache Software Foundation) [File not signed]
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2123104 2017-11-17] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files\Origin\OriginWebHelperService.exe [3002728 2017-11-17] (Electronic Arts)
R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [107832 2009-05-21] ()
U2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [277544 2009-01-20] (Protect Software GmbH)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [83872 2013-06-08] ()
S3 cpuz132; C:\Windows\system32\drivers\cpuz132_x32.sys [12672 2009-03-27] (Windows (R) Codename Longhorn DDK provider) [File not signed]
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2016-10-22] (Disc Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-06-08] ()
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-19] ()
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [137728 2007-05-25] (Marvell Semiconductor, Inc.)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [734208 2009-05-25] (Ralink Technology Corp.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [716272 2009-03-11] (Duplex Secure Ltd.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-23] (The OpenVPN Project)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2015-06-17] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-16 21:21 - 2018-04-16 21:24 - 000012852 _____ C:\Users\Heiko\Desktop\FRST.txt
2018-04-16 20:49 - 2018-04-16 20:49 - 000001183 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-04-16 20:49 - 2018-04-16 20:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-04-16 20:49 - 2018-04-16 20:49 - 000000000 ____D C:\Program Files\VS Revo Group
2018-04-16 20:48 - 2018-04-16 20:48 - 007197480 _____ (VS Revo Group ) C:\Users\Heiko\Desktop\revosetup205.exe
2018-04-16 12:39 - 2018-04-16 21:21 - 000000000 ____D C:\FRST
2018-04-16 12:39 - 2018-04-16 12:39 - 001763840 _____ (Farbar) C:\Users\Heiko\Desktop\FRST.exe
2018-04-16 12:03 - 2018-04-16 12:18 - 000000320 _____ C:\Windows\Tasks\HPCeeScheduleForHeiko.job
2018-04-16 11:53 - 2018-03-31 13:39 - 004046528 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-04-16 11:53 - 2018-03-31 13:39 - 003958464 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-04-16 11:53 - 2018-03-31 13:39 - 000190144 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-04-16 11:53 - 2018-03-31 13:39 - 000190144 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-04-16 11:53 - 2018-03-31 13:39 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-04-16 11:53 - 2018-03-31 13:39 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-04-16 11:53 - 2018-03-31 13:39 - 000067264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-04-16 11:53 - 2018-03-31 13:12 - 001310480 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-04-16 11:53 - 2018-03-31 12:51 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-04-16 11:53 - 2018-03-31 12:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-04-16 11:53 - 2018-03-31 12:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-04-16 11:53 - 2018-03-31 12:51 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-04-16 11:53 - 2018-03-31 12:51 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-04-16 11:53 - 2018-03-31 12:49 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-04-16 11:53 - 2018-03-31 12:49 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-04-16 11:53 - 2018-03-31 12:47 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-04-16 11:53 - 2018-03-31 12:47 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-04-16 11:53 - 2018-03-31 12:47 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-04-16 11:53 - 2018-03-31 12:47 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-04-16 11:53 - 2018-03-31 12:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-04-16 11:53 - 2018-03-31 12:47 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-04-16 11:53 - 2018-03-31 12:47 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-04-16 11:53 - 2018-03-28 19:18 - 002404352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-04-16 11:53 - 2018-03-24 05:59 - 000348824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-04-16 11:53 - 2018-03-23 09:26 - 020287488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-04-16 11:53 - 2018-03-23 09:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-04-16 11:53 - 2018-03-23 09:04 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-04-16 11:53 - 2018-03-23 08:52 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-04-16 11:53 - 2018-03-23 08:52 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-04-16 11:53 - 2018-03-23 08:51 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-04-16 11:53 - 2018-03-23 08:51 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-04-16 11:53 - 2018-03-23 08:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-04-16 11:53 - 2018-03-23 08:48 - 002295296 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-04-16 11:53 - 2018-03-23 08:45 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-04-16 11:53 - 2018-03-23 08:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-04-16 11:53 - 2018-03-23 08:43 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-04-16 11:53 - 2018-03-23 08:42 - 000661504 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-04-16 11:53 - 2018-03-23 08:42 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-04-16 11:53 - 2018-03-23 08:42 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-04-16 11:53 - 2018-03-23 08:41 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-04-16 11:53 - 2018-03-23 08:36 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-04-16 11:53 - 2018-03-23 08:33 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-04-16 11:53 - 2018-03-23 08:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-04-16 11:53 - 2018-03-23 08:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-04-16 11:53 - 2018-03-23 08:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-04-16 11:53 - 2018-03-23 08:25 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-04-16 11:53 - 2018-03-23 08:25 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-04-16 11:53 - 2018-03-23 08:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-04-16 11:53 - 2018-03-23 08:22 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-04-16 11:53 - 2018-03-23 08:21 - 004496896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-04-16 11:53 - 2018-03-23 08:20 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-04-16 11:53 - 2018-03-23 08:17 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-04-16 11:53 - 2018-03-23 08:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-04-16 11:53 - 2018-03-23 08:15 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-04-16 11:53 - 2018-03-23 08:14 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-04-16 11:53 - 2018-03-23 08:14 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-04-16 11:53 - 2018-03-23 07:55 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-04-16 11:53 - 2018-03-23 07:52 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-04-16 11:53 - 2018-03-23 07:51 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-04-16 11:53 - 2018-03-11 05:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2018-04-16 11:53 - 2018-03-10 06:18 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-04-16 11:53 - 2018-03-10 06:12 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-04-16 11:53 - 2018-03-10 06:12 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-04-16 11:53 - 2018-03-10 06:12 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-04-16 11:53 - 2018-03-10 06:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-04-16 11:53 - 2018-03-10 05:31 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-04-16 11:53 - 2018-03-07 06:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2018-04-16 11:53 - 2018-03-07 06:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2018-04-16 11:53 - 2018-03-07 06:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2018-04-16 11:53 - 2018-02-22 15:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-04-16 11:53 - 2018-02-19 09:34 - 000535616 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-04-16 11:53 - 2018-02-11 06:49 - 000162496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-04-16 11:53 - 2018-02-11 06:49 - 000154304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-04-16 11:53 - 2018-02-11 06:49 - 000104640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
2018-04-16 11:53 - 2018-02-11 06:49 - 000057024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
2018-04-16 11:53 - 2018-02-11 06:49 - 000053440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2018-04-16 11:53 - 2018-02-11 06:49 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2018-04-16 11:53 - 2018-02-11 06:49 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VIAAGP.SYS
2018-04-16 11:53 - 2018-02-11 06:49 - 000051904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SISAGP.SYS
2018-04-16 11:53 - 2018-02-11 06:49 - 000046272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
2018-04-16 11:53 - 2018-02-11 06:49 - 000032448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
2018-04-16 11:53 - 2018-02-11 06:49 - 000027840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
2018-04-16 11:53 - 2018-02-11 06:49 - 000021696 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
2018-04-16 11:53 - 2018-02-11 06:49 - 000013504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
2018-04-16 11:53 - 2018-02-11 06:49 - 000011840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
2018-04-16 11:53 - 2018-02-11 06:48 - 000274624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2018-04-16 11:53 - 2018-02-11 06:48 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AMDAGP.SYS
2018-04-16 11:53 - 2018-02-11 06:48 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
2018-04-16 11:53 - 2018-02-11 06:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2018-04-16 11:53 - 2018-02-11 06:23 - 000330240 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-04-16 11:53 - 2018-02-11 06:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
2018-04-16 11:53 - 2018-02-11 06:23 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
2018-04-16 11:53 - 2018-02-11 05:36 - 000537600 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2018-04-16 11:53 - 2018-02-11 05:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
2018-04-16 11:53 - 2018-02-11 05:36 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
2018-04-16 11:53 - 2018-02-11 05:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2018-04-16 11:53 - 2018-02-11 05:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
2018-04-16 11:53 - 2018-02-03 06:54 - 000105152 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-04-16 11:53 - 2018-02-03 06:29 - 002365952 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-04-16 11:53 - 2018-02-03 06:29 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2018-04-16 11:53 - 2018-02-03 06:29 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2018-04-16 11:53 - 2018-02-03 06:28 - 001806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-04-16 11:53 - 2018-02-03 06:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-04-16 11:53 - 2018-02-03 05:46 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2018-04-16 11:53 - 2018-01-26 02:04 - 000922944 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000066392 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000022360 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000019800 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-04-16 11:53 - 2018-01-16 07:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-04-16 11:53 - 2018-01-13 04:29 - 001309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-04-16 11:53 - 2018-01-13 04:29 - 000250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-04-16 11:53 - 2018-01-13 04:29 - 000240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-04-16 11:53 - 2018-01-13 04:29 - 000187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-04-16 11:53 - 2018-01-13 04:26 - 000363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2018-04-16 11:53 - 2018-01-13 04:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2018-04-16 11:53 - 2018-01-13 04:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2018-04-16 11:53 - 2018-01-13 04:05 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2018-04-16 11:53 - 2018-01-13 04:05 - 000025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-04-16 11:53 - 2018-01-13 04:05 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2018-04-16 11:53 - 2018-01-12 04:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 012880384 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 001417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 001155584 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000328192 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:54 - 001214184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-04-16 11:53 - 2018-01-01 13:54 - 000712936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-04-16 11:53 - 2018-01-01 13:54 - 000201960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2018-04-16 11:53 - 2018-01-01 13:54 - 000173288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2018-04-16 11:53 - 2018-01-01 13:50 - 000317952 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-04-16 11:53 - 2018-01-01 13:43 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2018-04-16 11:53 - 2018-01-01 13:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-04-16 11:53 - 2018-01-01 13:43 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
2018-04-16 11:53 - 2018-01-01 13:43 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-04-16 11:53 - 2018-01-01 13:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
2018-04-16 11:53 - 2018-01-01 13:41 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-04-16 11:53 - 2018-01-01 13:38 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-04-16 11:53 - 2018-01-01 13:36 - 000314368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-04-16 11:53 - 2018-01-01 13:36 - 000313344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-04-16 11:53 - 2018-01-01 13:35 - 000514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-04-16 11:53 - 2018-01-01 13:35 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-04-16 11:53 - 2018-01-01 13:35 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-04-16 11:53 - 2018-01-01 13:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-04-16 11:53 - 2017-12-06 05:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2018-04-16 11:53 - 2017-12-06 05:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2018-04-16 11:53 - 2017-12-06 05:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2018-04-16 11:53 - 2017-12-06 05:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-04-16 11:53 - 2017-12-06 05:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2018-04-16 11:53 - 2017-12-06 05:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2018-04-16 11:53 - 2017-12-06 05:08 - 000072704 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2018-04-16 11:53 - 2017-12-06 03:54 - 000334848 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2018-04-16 11:53 - 2017-12-06 03:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2018-04-16 11:51 - 2018-03-15 05:18 - 000116928 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-04-16 11:51 - 2018-03-15 05:14 - 000535040 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-04-16 11:51 - 2018-03-15 01:04 - 001893376 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-04-16 11:51 - 2018-03-15 01:04 - 001319424 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-04-16 11:51 - 2018-03-15 01:04 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-04-16 11:51 - 2018-03-15 01:04 - 000507392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-04-16 11:51 - 2018-03-15 01:04 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-04-16 11:51 - 2018-03-15 01:04 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-04-16 11:51 - 2018-03-15 01:04 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-04-16 11:51 - 2018-03-15 01:04 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-16 21:22 - 2016-11-26 09:17 - 000000000 ____D C:\Users\Heiko\AppData\LocalLow\Mozilla
2018-04-16 21:20 - 2014-04-25 20:04 - 000000009 _____ C:\Windows\mvraidver.dat
2018-04-16 21:20 - 2009-07-14 16:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-16 21:20 - 2009-02-22 23:43 - 000453248 _____ C:\Windows\za_mv_raid.ev
2018-04-16 21:20 - 2009-02-22 23:43 - 000000160 _____ C:\Windows\system32\61xx.xml
2018-04-16 21:13 - 2016-10-22 18:16 - 000010896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-16 21:13 - 2016-10-22 18:16 - 000010896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-16 21:12 - 2016-10-22 19:14 - 000785794 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-16 21:12 - 2009-07-14 14:37 - 000000000 ____D C:\Windows\inf
2018-04-16 21:11 - 2009-02-23 13:30 - 000000000 ____D C:\Program Files\Google
2018-04-16 21:10 - 2009-02-24 15:28 - 000000000 ____D C:\Users\Heiko\AppData\Roaming\Apple Computer
2018-04-16 21:10 - 2009-02-24 15:26 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-04-16 21:04 - 2014-04-02 13:33 - 000000000 ____D C:\ProgramData\AVAST Software
2018-04-16 20:56 - 2009-02-23 10:38 - 000000000 ____D C:\Program Files\Adobe
2018-04-16 20:52 - 2009-02-23 10:36 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-04-16 12:38 - 2009-02-23 12:09 - 000000000 ____D C:\Users\Heiko\AppData\Roaming\Skype
2018-04-16 12:38 - 2009-02-23 12:08 - 000000000 ____D C:\ProgramData\Skype
2018-04-16 12:37 - 2018-01-16 17:19 - 000001020 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-04-16 12:36 - 2012-04-05 03:54 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-04-16 12:36 - 2011-05-21 23:37 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-04-16 12:18 - 2009-07-14 16:33 - 000488296 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-16 12:17 - 2016-11-25 15:24 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-04-16 12:17 - 2012-06-11 04:08 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-04-16 12:15 - 2017-03-03 16:12 - 000000000 ____D C:\Windows\system32\appraiser
2018-04-16 12:02 - 2013-07-30 06:32 - 000000000 ____D C:\Windows\system32\MRT
2018-04-16 11:56 - 2017-10-13 14:56 - 133987696 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-16 11:56 - 2016-10-22 19:35 - 133987696 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-16 11:45 - 2009-02-24 09:54 - 000000000 ____D C:\Program Files\Common Files\Logitech
2018-04-16 11:44 - 2009-03-20 14:07 - 000000000 ____D C:\Users\Heiko\AppData\Local\Downloaded Installations

==================== Files in the root of some directories =======

2013-06-28 06:33 - 2013-06-28 06:28 - 000007583 _____ () C:\Program Files\awvIdentifiers.map.bak
2013-06-28 06:33 - 2013-06-28 06:28 - 000192528 _____ () C:\Program Files\bankcodes.map.bak
2013-06-28 06:33 - 2013-04-03 12:00 - 007384209 _____ () C:\Program Files\bic.map.bak
2013-06-28 06:33 - 2013-06-28 06:28 - 000008900 _____ () C:\Program Files\countries.map.bak
2013-06-28 06:27 - 2013-01-03 12:00 - 000039034 _____ () C:\Program Files\efix.exe.manifest
2016-08-07 11:33 - 2016-08-07 11:33 - 007065600 _____ () C:\Program Files\GUT4C0D.tmp
2014-05-10 11:55 - 2014-05-10 11:55 - 006103040 _____ () C:\Program Files\GUTE012.tmp
2013-06-28 06:27 - 2011-10-05 12:00 - 000001346 _____ () C:\Program Files\Migrate.exe.manifest
2013-06-28 06:27 - 2012-09-07 12:00 - 000001602 _____ () C:\Program Files\sepaCategoryPurpose.map
2013-06-28 06:27 - 2009-10-27 12:00 - 000007853 _____ () C:\Program Files\sepaPurposeKeys.map
2013-06-28 06:26 - 2013-06-28 06:27 - 000000234 _____ () C:\Program Files\Update.ini
2013-06-28 06:27 - 2011-08-22 12:00 - 000015176 _____ () C:\Program Files\update_help.html
2013-06-28 06:25 - 2000-12-05 21:31 - 000026614 _____ () C:\Program Files\_update.hlp
2013-06-28 06:25 - 2000-08-25 03:49 - 000102400 _____ (XLAB) C:\Program Files\_updutils.dll
2009-09-28 15:25 - 2016-10-15 21:46 - 000087608 _____ () C:\Users\Heiko\AppData\Roaming\inst.exe
2009-02-24 15:51 - 2016-10-15 21:46 - 000007887 _____ () C:\Users\Heiko\AppData\Roaming\pcouffin.cat
2009-02-24 15:51 - 2016-10-15 21:46 - 000001144 _____ () C:\Users\Heiko\AppData\Roaming\pcouffin.inf
2009-02-24 15:52 - 2016-10-15 21:46 - 000000033 _____ () C:\Users\Heiko\AppData\Roaming\pcouffin.log
2009-02-24 15:51 - 2016-10-15 21:46 - 000047360 _____ (VSO Software) C:\Users\Heiko\AppData\Roaming\pcouffin.sys
2013-10-12 22:36 - 2013-10-12 23:17 - 000000028 _____ () C:\Users\Heiko\AppData\Roaming\PhonerLitesettings.ini
2009-05-21 16:01 - 2009-05-21 16:01 - 000022328 _____ () C:\Users\Heiko\AppData\Roaming\PnkBstrK.sys
2009-08-27 10:17 - 2009-08-27 10:17 - 000000760 _____ () C:\Users\Heiko\AppData\Roaming\setup_ldm.iss
2016-06-04 17:42 - 2016-06-15 17:48 - 000000001 _____ () C:\Users\Heiko\AppData\Roaming\update.dat

Some files in TEMP:
====================
2018-04-16 11:44 - 2018-04-16 11:44 - 001869888 _____ (Logitech, Inc.) C:\Users\Heiko\AppData\Local\Temp\sp_setpoint.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-10-23 09:08

==================== End of FRST.txt ============================
         
--- --- ---

--- --- ---


[CODE]Additional
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x86) Version: 15.04.2018
Ran by Heiko (16-04-2018 21:24:46)
Running from C:\Users\Heiko\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2016-10-22 07:11:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-486867131-26501815-4098484281-500 - Administrator - Disabled)
Guest (S-1-5-21-486867131-26501815-4098484281-501 - Limited - Disabled)
Heiko (S-1-5-21-486867131-26501815-4098484281-1000 - Administrator - Enabled) => C:\Users\Heiko
HomeGroupUser$ (S-1-5-21-486867131-26501815-4098484281-1074 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AC3Filter (remove only) (HKLM\...\AC3Filter) (Version:  - )
Acrobat.com (HKLM\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Help Center 2.1 (HKLM\...\{25569723-DC5A-4467-A639-79535BF01B71}) (Version: 2.1 - Adobe Systems)
AMD Catalyst Install Manager (HKLM\...\{CD93C96E-22D5-896A-4FA3-B07F5DBEB5A0}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Attansic Ethernet Utility (HKLM\...\{1F698102-5739-441E-96F0-74F4EA540F06}) (Version: 2.0.60.5 - Attansic)
Attansic L1 Gigabit Ethernet Driver (HKLM\...\{6E19F210-3813-4002-B561-94D66AA182B6}) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CDDRV_Installer (HKLM\...\{0C826C5B-B131-423A-A229-C71B3CACCD6A}) (Version: 4.60 - Logitech) Hidden
Cheat Engine 6.4 (HKLM\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
ContentMod2.6.3 (HKLM\...\ContentMod_2.6.3) (Version:  - )
CPUID CPU-Z 1.51 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hama Black Force Pad (HKLM\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.01.01 - )
HP Officejet Pro 8620 Basic Device Software (HKLM\...\{5044B6E3-91D6-4567-963E-48D282A3A187}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8620 Help (HKLM\...\{9A4D71AB-9C68-4702-A4A2-A4DB7B0FE270}) (Version: 32.0.0 - Hewlett Packard)
HP Support Assistant (HKLM\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.8.47.1 - HP Inc.)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HydraVision (HKLM\...\{8F5DACDD-C4B7-A745-60AC-26274CF1B383}) (Version: 4.2.242.0 - Advanced Micro Devices, Inc.) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
KhalInstallWrapper (HKLM\...\{3101CB58-3482-4D21-AF1A-7057FC935355}) (Version: 4.60.122 - Logitech) Hidden
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.60 - Logitech)
Logitech Updater (HKLM\...\{53735ECE-E461-4FD0-B742-23A352436D3A}) (Version: 1.70 - Logitech, Inc.)
Marvell MRU (HKLM\...\mv61xxMRU) (Version: 1.2.0.15 - Marvell)
MicroMachines V4 (HKLM\...\{E4511CEC-2E60-4076-95B6-0E193269EB86}) (Version: 2.00.0000 - Codemasters)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}) (Version: 1.20.146.0 - Microsoft)
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 59.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x86 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2.6656 - Mozilla)
MSVC80_x86 (HKLM\...\{212748BB-0DA5-46DE-82A1-403736DC9F27}) (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (HKLM\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (HKLM\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Open Systems Client (HKLM\...\Open Systems Client) (Version:  - )
OpenAL (HKLM\...\OpenAL) (Version:  - )
Origin (HKLM\...\Origin) (Version: 10.5.6.6235 - Electronic Arts, Inc.)
Product Improvement Study for HP Officejet Pro 8620 (HKLM\...\{8E08E6F4-AC4A-448C-BA4D-0FB93DE57BC2}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5391 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
USB game controller (HKLM\...\{350161D2-0582-11D8-B095-009027EC0701}) (Version: 1.14.0000 - Logic 3 International Ltd.) Hidden
USB game controller (HKLM\...\InstallShield_{350161D2-0582-11D8-B095-009027EC0701}) (Version: 1.14.0000 - Logic 3 International Ltd.)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.1 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00-Zukmo-SyncFileModified] -> {23939489-8B41-45ec-90F3-BD36A9644006} =>  -> No File
ShellIconOverlayIdentifiers: [00-Zukmo-SyncFileSuccess] -> {23939488-8B41-45ec-90F3-BD36A9644006} =>  -> No File
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
ContextMenuHandlers3: [ZukmoExplorerShlPlugin] -> {23939488-8B41-45ec-90F3-BD36A9644006} =>  -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2013-12-20] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BBD703A-E1ED-4F20-8D6F-DE145CC61819} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {0BF2F537-1A66-42C4-B31F-E0DED0ED7976} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {154293BD-6069-461B-AD27-65DAB5B7D825} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {337ADA36-47C2-4411-B946-D212DF072AA4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-03-07] (HP Inc.)
Task: {77A2762F-A8BA-435B-B4A8-C2B51807A325} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {83E48F6C-41AC-4A8F-A933-D6B166102A9C} - System32\Tasks\HPCustParticipation HP Officejet Pro 8620 => C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {84B5365E-401A-462D-8FAC-058C4BF24797} - System32\Tasks\HPCeeScheduleForHeiko => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {8D85D651-DF62-4AA0-9566-EAB50F0EF0C2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {921CB712-6E33-4B2E-843C-22C14C1726AF} - System32\Tasks\{B0F6A49D-A91D-4D19-A031-13FCC944AB56} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\sina\SINAWE~1\304~1.2\UNWISE.EXE -c C:\PROGRA~1\sina\SINAWE~1\304~1.2\Install.LOG
Task: {A4EFC974-C25D-4058-9AD0-C5935E5D7E1E} - System32\Tasks\Ad-Aware Update (Daily 4) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {A7CCFDE0-B551-4499-A258-56B34E9881E2} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-26] (Microsoft Corporation)
Task: {BDDF23BB-B853-4630-9600-DAC5E8ADE25A} - System32\Tasks\Ad-Aware Update (Daily 3) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {D13F6EE8-A587-498E-944D-FC1A7733B156} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {D6D2CE03-C7B0-483A-8276-0C08293A696F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {E8230F08-FF57-476F-A020-DC736F30D667} - System32\Tasks\Ad-Aware Update (Daily 1) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {EBCC21A9-D5A4-4F8E-83E8-B106BD8BBB59} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe
Task: {F708DBDE-831D-490E-BD92-6A753F372544} - System32\Tasks\Ad-Aware Update (Daily 2) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {FB888641-8C58-4BC9-8A50-9B22C21958E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Ad-Aware Update (Daily 1).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Ad-Aware Update (Daily 2).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Ad-Aware Update (Daily 3).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Ad-Aware Update (Daily 4).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHeiko.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2007-04-21 10:40 - 2007-04-21 10:40 - 000061440 _____ () C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
2009-03-03 19:04 - 2009-05-21 16:01 - 000107832 _____ () C:\Windows\system32\PnkBstrB.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\agentware.net -> hxxps://agentware.net
IE trusted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\rundumsorglos.net -> hxxps://mail.rundumsorglos.net
IE trusted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\sabre.com -> hxxps://sabre.com
IE trusted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\virtual-apps.net -> hxxps://mail.virtual-apps.net
IE trusted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12684 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 22:23 - 2018-01-16 12:25 - 000450722 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1	localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 15464 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-486867131-26501815-4098484281-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Heiko^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dora the Explorer_ Dance to the Rescue Registration.lnk => C:\Windows\pss\Dora the Explorer_ Dance to the Rescue Registration.lnk.Startup
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BitTorrent DNA => "C:\Users\Heiko\Program Files\DNA\btdna.exe"
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: OpScheduler => "C:\Program Files\Accessories\Omnipage\OpScheduler.exe"
MSCONFIG\startupreg: Opware15 => "C:\Program Files\Accessories\Omnipage\Opware15.exe"
MSCONFIG\startupreg: PDF3 Registry Controller => "C:\Program Files\Accessories\Omnipage\PDFConverter3\\RegistryController.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\Steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2398535C-0B73-4C8D-893C-9C74C62AFA37}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B695CC82-0DF8-4405-AB03-877A99FC027E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{7477B0F9-36B3-408E-A92C-43201071D33B}C:\program files\games\micro machines\mmv4.exe] => (Block) C:\program files\games\micro machines\mmv4.exe
FirewallRules: [TCP Query User{0A3BD513-6913-4C2C-A354-19AACD96DD91}C:\program files\games\micro machines\mmv4.exe] => (Block) C:\program files\games\micro machines\mmv4.exe
FirewallRules: [{F9E11C52-496C-445B-91B0-F24B6CEA983F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{032D9D24-CB50-4C30-91A8-72BB7CF55172}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5F6C2DB1-8D73-461F-8552-CF03FFB4BBE8}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{113DED41-366B-4A17-8E71-7404DB16FA70}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{86D27042-BCCD-45DF-A707-B1C47A186E40}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{8EFE99B3-CC25-48AD-9571-9A06532B6410}] => (Allow) C:\Program Files\Steam\steamapps\common\Need for Speed Hot Pursuit\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{0B5CE1C0-69F8-42DC-9417-474C6AC9980B}] => (Allow) C:\Program Files\Steam\steamapps\common\Need for Speed Hot Pursuit\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{A14C1B0F-E6FF-497B-B97C-74A2DCA3733F}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{0CABE169-A2A1-46E1-9E95-218BE1C954C1}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{CB1D0DDB-3167-423D-844C-FF180F613936}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{400CDEE1-7B38-49D4-949E-1B16648DD53E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{2D27C6A1-887F-49DC-B379-A48171081BBC}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{630209DF-00C3-4772-A5AF-69A19672F6E8}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F40C07C3-92A7-4E63-958F-A9EE7D7ADD93}C:\program files\marvell\61xx\apache2\bin\apache.exe] => (Allow) C:\program files\marvell\61xx\apache2\bin\apache.exe
FirewallRules: [TCP Query User{B7E6A63A-3AA9-4D55-B32B-9575C8A301A0}C:\program files\marvell\61xx\apache2\bin\apache.exe] => (Allow) C:\program files\marvell\61xx\apache2\bin\apache.exe
FirewallRules: [UDP Query User{70E77C00-B2C6-4422-9CCE-01881F959FAB}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{1FA1AED8-3F27-4023-9EDC-0217896FB03E}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{139429A6-A651-4B8A-9035-0724BE8A6968}C:\windows\sabserv.exe] => (Allow) C:\windows\sabserv.exe
FirewallRules: [TCP Query User{52E104D8-E2E1-4B09-990A-8F3879708134}C:\windows\sabserv.exe] => (Allow) C:\windows\sabserv.exe
FirewallRules: [UDP Query User{5AD8C1E0-F1E5-4811-9B2F-43A5D3AD894F}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{71D68BCA-C7F2-46E8-A9FC-D896ADA21C1D}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{DA548872-785B-433F-BAF8-D429670AC33C}] => (Allow) C:\Program Files\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{660543A3-D7FC-4641-B2F9-2E80C151EB96}] => (Allow) C:\Program Files\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{1B306820-0F9D-4195-9645-9D79F0CB62A8}] => (Allow) C:\Program Files\DNA\btdna.exe
FirewallRules: [{EB01A9A6-1867-482D-BDCB-CDC4C223FED8}] => (Allow) C:\Program Files\DNA\btdna.exe
FirewallRules: [{F6C50470-FBB4-4A16-B0FE-C53D98ABC6AD}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{F780ECDF-54F6-48FA-80E4-696EAE9E9EAA}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{2D24E018-5323-440E-9147-00C79A78DFA8}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{E645B6B3-0D5B-4F8C-80CC-0CBAAEDB30FE}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [UDP Query User{79EAAEBD-0A31-4B30-AE43-685D321FEB11}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{0D8D36D9-8B5C-470E-89E1-5AC7251E4DB9}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{8EE4C063-700C-42CD-B189-64C0109CD8A9}] => (Allow) LPort=6346
FirewallRules: [{2C3C9619-AA96-40FD-9A13-0293032EA2AF}] => (Allow) LPort=6346
FirewallRules: [{7E558A91-420B-4F54-AC63-0DD1A350B51D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{01844AD2-EE49-40DE-8F97-9F759DA91D3A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{C4A3893F-A070-417B-860A-60C1D3F89CAE}C:\windows\sabserv.exe] => (Allow) C:\windows\sabserv.exe
FirewallRules: [TCP Query User{64F75C53-2404-4680-98E7-6B739E87E7AA}C:\windows\sabserv.exe] => (Allow) C:\windows\sabserv.exe
FirewallRules: [UDP Query User{FA6F7BD6-2527-4DF7-86AB-3707CCBFD912}C:\program files\marvell\61xx\apache2\bin\apache.exe] => (Allow) C:\program files\marvell\61xx\apache2\bin\apache.exe
FirewallRules: [TCP Query User{DF076614-FEFD-4679-B6EE-0D21C1931F45}C:\program files\marvell\61xx\apache2\bin\apache.exe] => (Allow) C:\program files\marvell\61xx\apache2\bin\apache.exe
FirewallRules: [{1AAAD0B4-5ADF-432F-9467-BA92E526DFC7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{7B0CED59-1B78-4388-A949-F1DA0512C80B}] => (Allow) C:\Users\Heiko\AppData\Local\Temp\7zS4CAA\HPDiagnosticCoreUI.exe
FirewallRules: [{9FB7DB8D-D696-4689-88DF-8AD6EB9FA0BE}] => (Allow) C:\Users\Heiko\AppData\Local\Temp\7zS4CAA\HPDiagnosticCoreUI.exe
FirewallRules: [{A7174691-CEE8-48DB-B01C-CA1F9D7BB120}] => (Allow) C:\Users\Heiko\AppData\Local\Temp\7zS4D54\HPDiagnosticCoreUI.exe
FirewallRules: [{C12D9D86-578D-4C85-9913-00F7E21D0717}] => (Allow) C:\Users\Heiko\AppData\Local\Temp\7zS4D54\HPDiagnosticCoreUI.exe
FirewallRules: [{F9C3C2B7-30D8-425C-8E97-89E57FD17A7E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\FaxApplications.exe
FirewallRules: [{FE52B951-7BA8-4C67-A224-85FA0F29D58A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\DigitalWizards.exe
FirewallRules: [{C3F9996E-16E7-4038-BD77-319D4914A6CE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\SendAFax.exe
FirewallRules: [{B87DD732-4C4F-46B8-B3E6-BE847317CB0A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\DeviceSetup.exe
FirewallRules: [{C347065B-7BD6-4A02-A6A9-C62453860158}] => (Allow) LPort=5357
FirewallRules: [{66F31C15-50A5-4D2E-A439-39F3AD550A0A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{FE283725-44E8-46A8-B0D4-12A5B33CCA92}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{694E9433-4DE4-4831-9813-BA4FED8CFC56}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Accessories\BitTorrent\bittorrent.exe] => Enabled:BitTorrent

==================== Restore Points =========================

16-01-2018 16:38:29 Windows Update
16-04-2018 11:54:28 Windows Update
16-04-2018 20:50:57 Revo Uninstaller's restore point - Adobe Acrobat Reader DC
16-04-2018 20:56:15 Revo Uninstaller's restore point - Adobe AIR
16-04-2018 20:57:58 Revo Uninstaller's restore point - Adobe Flash Player 29 ActiveX
16-04-2018 20:59:36 Revo Uninstaller's restore point - Avast Free Antivirus
16-04-2018 21:08:10 Revo Uninstaller's restore point - Google Chrome
16-04-2018 21:10:06 Revo Uninstaller's restore point - iCloud
16-04-2018 21:13:45 Revo Uninstaller's restore point - Skype version 8.19
16-04-2018 21:14:41 Revo Uninstaller's restore point - Windows 7 Upgrade Advisor
16-04-2018 21:15:08 Removed Windows 7 Upgrade Advisor
16-04-2018 21:16:21 Revo Uninstaller's restore point - WinRAR archiver
16-04-2018 21:16:50 Revo Uninstaller's restore point - WinZip 12.0
16-04-2018 21:17:33 Removed WinZip 12.0

==================== Faulty Device Manager Devices =============

Name: sptd
Description: sptd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: sptd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2018 12:35:14 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (01/16/2018 05:08:01 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (01/16/2018 12:34:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\HP\HP Officejet Pro 8620\DriverStore\Yeti\V3\amd64\hpinkins7012.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/16/2018 12:34:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\ati technologies\hydravision\HydraMD64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/16/2018 12:34:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\ati technologies\hydravision\HydraDM64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/16/2018 12:34:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\ati technologies\hydravision\Grid64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/16/2018 12:34:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/16/2018 12:32:20 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Program Files\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll".Error in manifest or policy file "C:\Program Files\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll" on line 2.
Invalid Xml syntax.


System errors:
=============
Error: (04/16/2018 09:21:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
sptd

Error: (04/16/2018 09:21:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (04/16/2018 09:21:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (04/16/2018 09:20:36 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The MRU Web Service service terminated with service-specific error Incorrect function.
.

Error: (04/16/2018 09:19:57 PM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (04/16/2018 09:05:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
sptd

Error: (04/16/2018 09:05:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (04/16/2018 09:05:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.


Windows Defender:
===================================
Date: 2016-10-22 20:04:35.195
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070003
Error description:The system cannot find the path specified. 
Signature version:0.0.0.0
Engine version:0.0.0.0

CodeIntegrity:
===================================

Date: 2016-10-15 23:16:55.831
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-15 23:16:55.472
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-15 23:16:55.097
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-15 23:16:54.738
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-15 23:16:54.379
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-15 23:16:54.004
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-15 23:16:52.475
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-15 23:16:52.132
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 57%
Total physical RAM: 3071.12 MB
Available physical RAM: 1303.1 MB
Total Virtual: 6140.59 MB
Available Virtual: 4258.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.19 GB) (Free:51.78 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:156.25 GB) (Free:97.69 GB) NTFS
Drive e: () (Fixed) (Total:192.32 GB) (Free:170.2 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 20C53A3A)
Partition 1: (Active) - (Size=117.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=156.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=192.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
         
--- --- ---

--- --- ---
__________________

Alt 16.04.2018, 10:29   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ist mein pc virenfrei? - Standard

Ist mein pc virenfrei?



Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.04.2018, 22:11   #5
Kermit1973
 
Ist mein pc virenfrei? - Standard

Ist mein pc virenfrei?



alles erledigt :-)

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2018.04.16.07
  rootkit: v2018.04.05.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.18977
Heiko :: HEIKO-PC [administrator]

17/04/2018 8:39:56 a.m.
mbar-log-2018-04-17 (08-39-56).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 230137
Time elapsed: 29 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         


Alt 16.04.2018, 22:12   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ist mein pc virenfrei? - Standard

Ist mein pc virenfrei?



Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!




adwCleaner v7.1

Downloade Dir bitte AdwCleaner auf deinen Desktop (Bebilderte Anleitung).
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Einstellungen, scrolle nach unten und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • Tracing Schlüssel löschen
    • Prefetch-Dateien löschen
    • Proxy wiederherstellen
    • IE-Policies wiederherstellen
    • Chrome-Policies wiederherstellen
    • Winsock wiederherstellen
  • Klicke nun auf Dashboard, dann auf Jetzt scannen und warte bis der Suchlauf abgeschlossen ist.
  • Klicke nun auf Bereinigen & Reparieren und bestätige mit Jetzt bereinigen.
  • WICHTIG:
    Sollte AdwCleaner nichts finden, klicke auf Grundlegende Reparatur ausführen und anschließend auf Jetzt bereinigen.
  • Nach dem Neustart öffnet sich AdwCleaner automatisch. Klicke auf Log-Datei ansehen.
  • Poste mir deren Inhalt der Log-Datei mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt. (xx = fortlaufende Nummer).
__________________
--> Ist mein pc virenfrei?

Alt 17.04.2018, 03:34   #7
Kermit1973
 
Ist mein pc virenfrei? - Standard

Ist mein pc virenfrei?



erledigt :-)

Code:
ATTFilter
# -------------------------------
# Malwarebytes AdwCleaner 7.1.0.0
# -------------------------------
# Build:    04-12-2018
# Database: 2018-04-16.1
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-17-2018
# Duration: 00:00:03
# OS:       Windows 7 Home Premium
# Cleaned:  9
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Users\Heiko\AppData\Roaming\chportu

***** [ Files ] *****

Deleted       C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\sagam84i.default\searchplugins\yahoo-lavasoft.xml
Deleted       C:\Windows\System32\LavasoftTcpServiceOff.ini
Deleted       C:\Windows\System32\lavasofttcpservice.dll

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKLM\Software\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       Ask
Deleted       AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Proxy Settings
[+] Reset Winsock

*************************


########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
         

Alt 17.04.2018, 10:31   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ist mein pc virenfrei? - Standard

Ist mein pc virenfrei?



adwcleaner bitte zwecks Kontrolle wiederholen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.04.2018, 11:21   #9
Kermit1973
 
Ist mein pc virenfrei? - Standard

Ist mein pc virenfrei?



all done :-)

Code:
ATTFilter
# -------------------------------
# Malwarebytes AdwCleaner 7.1.0.0
# -------------------------------
# Build:    04-12-2018
# Database: 2018-04-16.1
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-17-2018
# Duration: 00:00:01
# OS:       Windows 7 Home Premium
# Cleaned:  0
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Proxy Settings
[+] Reset Winsock

*************************


########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
         

Alt 17.04.2018, 12:15   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ist mein pc virenfrei? - Standard

Ist mein pc virenfrei?



Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.04.2018, 21:17   #11
Kermit1973
 
Ist mein pc virenfrei? - Standard

Ist mein pc virenfrei?



Hallo Cosinus,

anbei schicke ich dir das neue FRST:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15.04.2018
Ran by Heiko (administrator) on HEIKO-PC (18-04-2018 08:14:33)
Running from C:\Users\Heiko\Desktop
Loaded Profiles: Heiko (Available Profiles: Heiko)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
(Apache Software Foundation) C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
(Apache Software Foundation) C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Marvell) C:\Program Files\Marvell\61xx\tray\zRaidTray.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL2\KHALMNPR.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Windows\System32\PnkBstrB.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-12-20] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [718688 2009-10-01] (Microsoft Corporation)
HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [393216 2013-12-23] (AMD)
HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [2427400 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\MountPoints2: {fe915653-9825-11e6-aeb1-001bfcd42ddb} - G:\SETUP.EXE
HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\MountPoints2: {fe91565e-9825-11e6-aeb1-001bfcd42ddb} - H:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2009-04-28]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2009-03-20]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ApacheStart.lnk [2014-04-25]
ShortcutTarget: ApacheStart.lnk -> C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe (Apache Software Foundation)
Startup: C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MarvellTray.lnk [2014-04-25]
ShortcutTarget: MarvellTray.lnk -> C:\Program Files\Marvell\61xx\tray\zRaidTray.exe (Marvell)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 0.0.0.0
Tcpip\..\Interfaces\{4E3A8419-EEE8-4EDD-9506-521C71675B26}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{CD77492D-D81D-4621-8C0B-CFE6772DE29B}: [DhcpNameServer] 192.168.1.254 0.0.0.0

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-486867131-26501815-4098484281-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

FireFox:
========
FF ProfilePath: C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\sagam84i.default [2018-04-17]
FF Homepage: Mozilla\Firefox\Profiles\sagam84i.default -> www.google.co.nz
FF NewTab: Mozilla\Firefox\Profiles\sagam84i.default -> hxxps://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10099_swoc_campaign_160528__yaff
FF Extension: (German Dictionary) - C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\sagam84i.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2016-12-06] [Legacy]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\sagam84i.default\features\{4429be4a-281c-4611-9ade-1d9840785699}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-04-17] [Legacy]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2016-10-22] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_140.dll [No File]
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [No File]
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [No File]
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Program Files\Accessories\Burner and Player\TVU Player\TVUPlayer\npTVUAx.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin HKU\S-1-5-21-486867131-26501815-4098484281-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Heiko\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-11] (Unity Technologies ApS)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default [2018-04-16]
CHR Extension: (Stickman Army : The Defenders) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\efppdmlkambkdlajidkapmehfjhnjpfj [2016-10-22]
CHR Extension: (Agar.io Powerups Guide) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfiiapoopclmhaikgpbgddfpmmddmeo [2016-10-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-22]
CHR Extension: (Diep.io Skins, Hacks, Mods, Unblocked) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\olopgffdfchhkiapkeggclgcogkfcpmd [2016-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Heiko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2008-05-02] (Logitech, Inc.)
R2 Marvell RAID; C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe [61440 2007-04-21] () [File not signed]
R2 MRUWebService; C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe [20539 2007-01-10] (Apache Software Foundation) [File not signed]
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2123104 2017-11-17] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files\Origin\OriginWebHelperService.exe [3002728 2017-11-17] (Electronic Arts)
R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [107832 2009-05-21] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [277544 2009-01-20] (Protect Software GmbH)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [83872 2013-06-08] ()
S3 cpuz132; C:\Windows\system32\drivers\cpuz132_x32.sys [12672 2009-03-27] (Windows (R) Codename Longhorn DDK provider) [File not signed]
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2016-10-22] (Disc Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-06-08] ()
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-19] ()
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [137728 2007-05-25] (Marvell Semiconductor, Inc.)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [734208 2009-05-25] (Ralink Technology Corp.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [716272 2009-03-11] (Duplex Secure Ltd.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-23] (The OpenVPN Project)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2015-06-17] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-18 08:14 - 2018-04-18 08:15 - 000013052 _____ C:\Users\Heiko\Desktop\FRST.txt
2018-04-17 14:10 - 2018-04-17 14:10 - 007256272 _____ (Malwarebytes) C:\Users\Heiko\Desktop\adwcleaner_7.1.0.0.exe
2018-04-17 08:39 - 2018-04-17 08:39 - 000222648 _____ (Malwarebytes) C:\Windows\system32\Drivers\34123341.sys
2018-04-17 08:38 - 2018-04-17 09:16 - 000000000 ____D C:\Users\Heiko\Desktop\mbar
2018-04-17 08:38 - 2018-04-17 08:39 - 000166848 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2018-04-17 08:37 - 2018-04-17 08:37 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Heiko\Desktop\mbar-1.10.3.1001.exe
2018-04-16 20:49 - 2018-04-16 20:49 - 000001183 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-04-16 20:49 - 2018-04-16 20:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-04-16 20:49 - 2018-04-16 20:49 - 000000000 ____D C:\Program Files\VS Revo Group
2018-04-16 12:39 - 2018-04-18 08:14 - 000000000 ____D C:\FRST
2018-04-16 12:39 - 2018-04-16 12:39 - 001763840 _____ (Farbar) C:\Users\Heiko\Desktop\FRST.exe
2018-04-16 12:03 - 2018-04-17 13:56 - 000000320 _____ C:\Windows\Tasks\HPCeeScheduleForHeiko.job
2018-04-16 11:53 - 2018-03-31 13:39 - 004046528 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-04-16 11:53 - 2018-03-31 13:39 - 003958464 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-04-16 11:53 - 2018-03-31 13:39 - 000190144 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-04-16 11:53 - 2018-03-31 13:39 - 000190144 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-04-16 11:53 - 2018-03-31 13:39 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-04-16 11:53 - 2018-03-31 13:39 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-04-16 11:53 - 2018-03-31 13:39 - 000067264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-04-16 11:53 - 2018-03-31 13:12 - 001310480 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-04-16 11:53 - 2018-03-31 13:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-04-16 11:53 - 2018-03-31 12:51 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-04-16 11:53 - 2018-03-31 12:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-04-16 11:53 - 2018-03-31 12:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-04-16 11:53 - 2018-03-31 12:51 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-04-16 11:53 - 2018-03-31 12:51 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-04-16 11:53 - 2018-03-31 12:49 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-04-16 11:53 - 2018-03-31 12:49 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-04-16 11:53 - 2018-03-31 12:47 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-04-16 11:53 - 2018-03-31 12:47 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-04-16 11:53 - 2018-03-31 12:47 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-04-16 11:53 - 2018-03-31 12:47 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-04-16 11:53 - 2018-03-31 12:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-04-16 11:53 - 2018-03-31 12:47 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-04-16 11:53 - 2018-03-31 12:47 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-04-16 11:53 - 2018-03-28 19:18 - 002404352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-04-16 11:53 - 2018-03-24 05:59 - 000348824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-04-16 11:53 - 2018-03-23 09:26 - 020287488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-04-16 11:53 - 2018-03-23 09:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-04-16 11:53 - 2018-03-23 09:04 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-04-16 11:53 - 2018-03-23 08:52 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-04-16 11:53 - 2018-03-23 08:52 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-04-16 11:53 - 2018-03-23 08:51 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-04-16 11:53 - 2018-03-23 08:51 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-04-16 11:53 - 2018-03-23 08:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-04-16 11:53 - 2018-03-23 08:48 - 002295296 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-04-16 11:53 - 2018-03-23 08:45 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-04-16 11:53 - 2018-03-23 08:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-04-16 11:53 - 2018-03-23 08:43 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-04-16 11:53 - 2018-03-23 08:42 - 000661504 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-04-16 11:53 - 2018-03-23 08:42 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-04-16 11:53 - 2018-03-23 08:42 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-04-16 11:53 - 2018-03-23 08:41 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-04-16 11:53 - 2018-03-23 08:36 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-04-16 11:53 - 2018-03-23 08:33 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-04-16 11:53 - 2018-03-23 08:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-04-16 11:53 - 2018-03-23 08:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-04-16 11:53 - 2018-03-23 08:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-04-16 11:53 - 2018-03-23 08:25 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-04-16 11:53 - 2018-03-23 08:25 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-04-16 11:53 - 2018-03-23 08:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-04-16 11:53 - 2018-03-23 08:22 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-04-16 11:53 - 2018-03-23 08:21 - 004496896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-04-16 11:53 - 2018-03-23 08:20 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-04-16 11:53 - 2018-03-23 08:17 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-04-16 11:53 - 2018-03-23 08:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-04-16 11:53 - 2018-03-23 08:15 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-04-16 11:53 - 2018-03-23 08:14 - 002059776 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-04-16 11:53 - 2018-03-23 08:14 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-04-16 11:53 - 2018-03-23 07:55 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-04-16 11:53 - 2018-03-23 07:52 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-04-16 11:53 - 2018-03-23 07:51 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-04-16 11:53 - 2018-03-11 05:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2018-04-16 11:53 - 2018-03-10 06:18 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-04-16 11:53 - 2018-03-10 06:12 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-04-16 11:53 - 2018-03-10 06:12 - 000071680 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-04-16 11:53 - 2018-03-10 06:12 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-04-16 11:53 - 2018-03-10 06:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-04-16 11:53 - 2018-03-10 05:31 - 000034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-04-16 11:53 - 2018-03-07 06:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2018-04-16 11:53 - 2018-03-07 06:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2018-04-16 11:53 - 2018-03-07 06:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2018-04-16 11:53 - 2018-02-22 15:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-04-16 11:53 - 2018-02-19 09:34 - 000535616 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-04-16 11:53 - 2018-02-11 06:49 - 000162496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-04-16 11:53 - 2018-02-11 06:49 - 000154304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-04-16 11:53 - 2018-02-11 06:49 - 000104640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
2018-04-16 11:53 - 2018-02-11 06:49 - 000057024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
2018-04-16 11:53 - 2018-02-11 06:49 - 000053440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2018-04-16 11:53 - 2018-02-11 06:49 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2018-04-16 11:53 - 2018-02-11 06:49 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VIAAGP.SYS
2018-04-16 11:53 - 2018-02-11 06:49 - 000051904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SISAGP.SYS
2018-04-16 11:53 - 2018-02-11 06:49 - 000046272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
2018-04-16 11:53 - 2018-02-11 06:49 - 000032448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
2018-04-16 11:53 - 2018-02-11 06:49 - 000027840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
2018-04-16 11:53 - 2018-02-11 06:49 - 000021696 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
2018-04-16 11:53 - 2018-02-11 06:49 - 000013504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
2018-04-16 11:53 - 2018-02-11 06:49 - 000011840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
2018-04-16 11:53 - 2018-02-11 06:48 - 000274624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2018-04-16 11:53 - 2018-02-11 06:48 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AMDAGP.SYS
2018-04-16 11:53 - 2018-02-11 06:48 - 000052928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
2018-04-16 11:53 - 2018-02-11 06:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2018-04-16 11:53 - 2018-02-11 06:23 - 000330240 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-04-16 11:53 - 2018-02-11 06:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
2018-04-16 11:53 - 2018-02-11 06:23 - 000102912 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
2018-04-16 11:53 - 2018-02-11 05:36 - 000537600 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2018-04-16 11:53 - 2018-02-11 05:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
2018-04-16 11:53 - 2018-02-11 05:36 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
2018-04-16 11:53 - 2018-02-11 05:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2018-04-16 11:53 - 2018-02-11 05:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
2018-04-16 11:53 - 2018-02-03 06:54 - 000105152 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-04-16 11:53 - 2018-02-03 06:29 - 002365952 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-04-16 11:53 - 2018-02-03 06:29 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2018-04-16 11:53 - 2018-02-03 06:29 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2018-04-16 11:53 - 2018-02-03 06:28 - 001806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-04-16 11:53 - 2018-02-03 06:28 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-04-16 11:53 - 2018-02-03 05:46 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2018-04-16 11:53 - 2018-01-26 02:04 - 000922944 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000066392 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000022360 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000019800 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-04-16 11:53 - 2018-01-26 02:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-04-16 11:53 - 2018-01-16 07:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-04-16 11:53 - 2018-01-13 04:29 - 001309928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-04-16 11:53 - 2018-01-13 04:29 - 000250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2018-04-16 11:53 - 2018-01-13 04:29 - 000240872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-04-16 11:53 - 2018-01-13 04:29 - 000187624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-04-16 11:53 - 2018-01-13 04:26 - 000363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2018-04-16 11:53 - 2018-01-13 04:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2018-04-16 11:53 - 2018-01-13 04:16 - 003405824 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2018-04-16 11:53 - 2018-01-13 04:05 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2018-04-16 11:53 - 2018-01-13 04:05 - 000025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2018-04-16 11:53 - 2018-01-13 04:05 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2018-04-16 11:53 - 2018-01-12 04:22 - 000805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 012880384 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 001417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 001155584 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000328192 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
2018-04-16 11:53 - 2018-01-01 14:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:54 - 001214184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-04-16 11:53 - 2018-01-01 13:54 - 000712936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-04-16 11:53 - 2018-01-01 13:54 - 000201960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2018-04-16 11:53 - 2018-01-01 13:54 - 000173288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2018-04-16 11:53 - 2018-01-01 13:50 - 000317952 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-04-16 11:53 - 2018-01-01 13:43 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2018-04-16 11:53 - 2018-01-01 13:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-04-16 11:53 - 2018-01-01 13:43 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
2018-04-16 11:53 - 2018-01-01 13:43 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-04-16 11:53 - 2018-01-01 13:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
2018-04-16 11:53 - 2018-01-01 13:41 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-04-16 11:53 - 2018-01-01 13:38 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-04-16 11:53 - 2018-01-01 13:36 - 000314368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-04-16 11:53 - 2018-01-01 13:36 - 000313344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-04-16 11:53 - 2018-01-01 13:35 - 000514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-04-16 11:53 - 2018-01-01 13:35 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-04-16 11:53 - 2018-01-01 13:35 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-04-16 11:53 - 2018-01-01 13:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-04-16 11:53 - 2018-01-01 13:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-04-16 11:53 - 2017-12-06 05:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2018-04-16 11:53 - 2017-12-06 05:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2018-04-16 11:53 - 2017-12-06 05:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2018-04-16 11:53 - 2017-12-06 05:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-04-16 11:53 - 2017-12-06 05:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2018-04-16 11:53 - 2017-12-06 05:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2018-04-16 11:53 - 2017-12-06 05:08 - 000072704 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2018-04-16 11:53 - 2017-12-06 03:54 - 000334848 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2018-04-16 11:53 - 2017-12-06 03:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2018-04-16 11:51 - 2018-03-15 05:18 - 000116928 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-04-16 11:51 - 2018-03-15 05:14 - 000535040 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-04-16 11:51 - 2018-03-15 01:04 - 001893376 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-04-16 11:51 - 2018-03-15 01:04 - 001319424 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-04-16 11:51 - 2018-03-15 01:04 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-04-16 11:51 - 2018-03-15 01:04 - 000507392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-04-16 11:51 - 2018-03-15 01:04 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-04-16 11:51 - 2018-03-15 01:04 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-04-16 11:51 - 2018-03-15 01:04 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-04-16 11:51 - 2018-03-15 01:04 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-18 08:13 - 2014-04-25 20:04 - 000000009 _____ C:\Windows\mvraidver.dat
2018-04-18 08:13 - 2009-07-14 16:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-18 08:13 - 2009-02-22 23:43 - 000454592 _____ C:\Windows\za_mv_raid.ev
2018-04-18 08:13 - 2009-02-22 23:43 - 000000160 _____ C:\Windows\system32\61xx.xml
2018-04-18 08:07 - 2016-10-22 18:16 - 000010896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-18 08:07 - 2016-10-22 18:16 - 000010896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-18 07:59 - 2016-10-22 19:14 - 000785794 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-18 07:59 - 2009-07-14 14:37 - 000000000 ____D C:\Windows\inf
2018-04-17 22:28 - 2016-11-26 09:17 - 000000000 ____D C:\Users\Heiko\AppData\LocalLow\Mozilla
2018-04-17 14:39 - 2010-03-07 10:31 - 000000370 _____ C:\Windows\Tasks\Ad-Aware Update (Daily 1).job
2018-04-17 14:12 - 2015-12-05 09:11 - 000000000 ____D C:\AdwCleaner
2018-04-17 09:16 - 2015-08-14 14:44 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-04-17 08:39 - 2014-04-02 22:46 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-17 08:39 - 2010-03-07 10:31 - 000000370 _____ C:\Windows\Tasks\Ad-Aware Update (Daily 4).job
2018-04-16 21:11 - 2009-02-23 13:30 - 000000000 ____D C:\Program Files\Google
2018-04-16 21:10 - 2009-02-24 15:28 - 000000000 ____D C:\Users\Heiko\AppData\Roaming\Apple Computer
2018-04-16 21:10 - 2009-02-24 15:26 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-04-16 21:04 - 2014-04-02 13:33 - 000000000 ____D C:\ProgramData\AVAST Software
2018-04-16 20:56 - 2009-02-23 10:38 - 000000000 ____D C:\Program Files\Adobe
2018-04-16 20:52 - 2009-02-23 10:36 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-04-16 12:38 - 2009-02-23 12:09 - 000000000 ____D C:\Users\Heiko\AppData\Roaming\Skype
2018-04-16 12:38 - 2009-02-23 12:08 - 000000000 ____D C:\ProgramData\Skype
2018-04-16 12:37 - 2018-01-16 17:19 - 000001020 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-04-16 12:36 - 2012-04-05 03:54 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-04-16 12:36 - 2011-05-21 23:37 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-04-16 12:18 - 2009-07-14 16:33 - 000488296 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-16 12:17 - 2016-11-25 15:24 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-04-16 12:17 - 2012-06-11 04:08 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-04-16 12:15 - 2017-03-03 16:12 - 000000000 ____D C:\Windows\system32\appraiser
2018-04-16 12:02 - 2013-07-30 06:32 - 000000000 ____D C:\Windows\system32\MRT
2018-04-16 11:56 - 2017-10-13 14:56 - 133987696 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-16 11:56 - 2016-10-22 19:35 - 133987696 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-16 11:45 - 2009-02-24 09:54 - 000000000 ____D C:\Program Files\Common Files\Logitech
2018-04-16 11:44 - 2009-03-20 14:07 - 000000000 ____D C:\Users\Heiko\AppData\Local\Downloaded Installations

==================== Files in the root of some directories =======

2013-06-28 06:33 - 2013-06-28 06:28 - 000007583 _____ () C:\Program Files\awvIdentifiers.map.bak
2013-06-28 06:33 - 2013-06-28 06:28 - 000192528 _____ () C:\Program Files\bankcodes.map.bak
2013-06-28 06:33 - 2013-04-03 12:00 - 007384209 _____ () C:\Program Files\bic.map.bak
2013-06-28 06:33 - 2013-06-28 06:28 - 000008900 _____ () C:\Program Files\countries.map.bak
2013-06-28 06:27 - 2013-01-03 12:00 - 000039034 _____ () C:\Program Files\efix.exe.manifest
2016-08-07 11:33 - 2016-08-07 11:33 - 007065600 _____ () C:\Program Files\GUT4C0D.tmp
2014-05-10 11:55 - 2014-05-10 11:55 - 006103040 _____ () C:\Program Files\GUTE012.tmp
2013-06-28 06:27 - 2011-10-05 12:00 - 000001346 _____ () C:\Program Files\Migrate.exe.manifest
2013-06-28 06:27 - 2012-09-07 12:00 - 000001602 _____ () C:\Program Files\sepaCategoryPurpose.map
2013-06-28 06:27 - 2009-10-27 12:00 - 000007853 _____ () C:\Program Files\sepaPurposeKeys.map
2013-06-28 06:26 - 2013-06-28 06:27 - 000000234 _____ () C:\Program Files\Update.ini
2013-06-28 06:27 - 2011-08-22 12:00 - 000015176 _____ () C:\Program Files\update_help.html
2013-06-28 06:25 - 2000-12-05 21:31 - 000026614 _____ () C:\Program Files\_update.hlp
2013-06-28 06:25 - 2000-08-25 03:49 - 000102400 _____ (XLAB) C:\Program Files\_updutils.dll
2009-09-28 15:25 - 2016-10-15 21:46 - 000087608 _____ () C:\Users\Heiko\AppData\Roaming\inst.exe
2009-02-24 15:51 - 2016-10-15 21:46 - 000007887 _____ () C:\Users\Heiko\AppData\Roaming\pcouffin.cat
2009-02-24 15:51 - 2016-10-15 21:46 - 000001144 _____ () C:\Users\Heiko\AppData\Roaming\pcouffin.inf
2009-02-24 15:52 - 2016-10-15 21:46 - 000000033 _____ () C:\Users\Heiko\AppData\Roaming\pcouffin.log
2009-02-24 15:51 - 2016-10-15 21:46 - 000047360 _____ (VSO Software) C:\Users\Heiko\AppData\Roaming\pcouffin.sys
2013-10-12 22:36 - 2013-10-12 23:17 - 000000028 _____ () C:\Users\Heiko\AppData\Roaming\PhonerLitesettings.ini
2009-05-21 16:01 - 2009-05-21 16:01 - 000022328 _____ () C:\Users\Heiko\AppData\Roaming\PnkBstrK.sys
2009-08-27 10:17 - 2009-08-27 10:17 - 000000760 _____ () C:\Users\Heiko\AppData\Roaming\setup_ldm.iss
2016-06-04 17:42 - 2016-06-15 17:48 - 000000001 _____ () C:\Users\Heiko\AppData\Roaming\update.dat

Some files in TEMP:
====================
2018-04-16 11:44 - 2018-04-16 11:44 - 001869888 _____ (Logitech, Inc.) C:\Users\Heiko\AppData\Local\Temp\sp_setpoint.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-10-23 09:08

==================== End of FRST.txt ============================
         
--- --- ---

--- --- ---


[CODE]Additional
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x86) Version: 15.04.2018
Ran by Heiko (18-04-2018 08:16:24)
Running from C:\Users\Heiko\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2016-10-22 07:11:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-486867131-26501815-4098484281-500 - Administrator - Disabled)
Guest (S-1-5-21-486867131-26501815-4098484281-501 - Limited - Disabled)
Heiko (S-1-5-21-486867131-26501815-4098484281-1000 - Administrator - Enabled) => C:\Users\Heiko
HomeGroupUser$ (S-1-5-21-486867131-26501815-4098484281-1074 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AC3Filter (remove only) (HKLM\...\AC3Filter) (Version:  - )
Acrobat.com (HKLM\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Help Center 2.1 (HKLM\...\{25569723-DC5A-4467-A639-79535BF01B71}) (Version: 2.1 - Adobe Systems)
AMD Catalyst Install Manager (HKLM\...\{CD93C96E-22D5-896A-4FA3-B07F5DBEB5A0}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Attansic Ethernet Utility (HKLM\...\{1F698102-5739-441E-96F0-74F4EA540F06}) (Version: 2.0.60.5 - Attansic)
Attansic L1 Gigabit Ethernet Driver (HKLM\...\{6E19F210-3813-4002-B561-94D66AA182B6}) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CDDRV_Installer (HKLM\...\{0C826C5B-B131-423A-A229-C71B3CACCD6A}) (Version: 4.60 - Logitech) Hidden
Cheat Engine 6.4 (HKLM\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
ContentMod2.6.3 (HKLM\...\ContentMod_2.6.3) (Version:  - )
CPUID CPU-Z 1.51 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hama Black Force Pad (HKLM\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.01.01 - )
HP Officejet Pro 8620 Basic Device Software (HKLM\...\{5044B6E3-91D6-4567-963E-48D282A3A187}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8620 Help (HKLM\...\{9A4D71AB-9C68-4702-A4A2-A4DB7B0FE270}) (Version: 32.0.0 - Hewlett Packard)
HP Support Assistant (HKLM\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.8.47.1 - HP Inc.)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HydraVision (HKLM\...\{8F5DACDD-C4B7-A745-60AC-26274CF1B383}) (Version: 4.2.242.0 - Advanced Micro Devices, Inc.) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
KhalInstallWrapper (HKLM\...\{3101CB58-3482-4D21-AF1A-7057FC935355}) (Version: 4.60.122 - Logitech) Hidden
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.60 - Logitech)
Logitech Updater (HKLM\...\{53735ECE-E461-4FD0-B742-23A352436D3A}) (Version: 1.70 - Logitech, Inc.)
Marvell MRU (HKLM\...\mv61xxMRU) (Version: 1.2.0.15 - Marvell)
MicroMachines V4 (HKLM\...\{E4511CEC-2E60-4076-95B6-0E193269EB86}) (Version: 2.00.0000 - Codemasters)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}) (Version: 1.20.146.0 - Microsoft)
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 59.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x86 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2.6656 - Mozilla)
MSVC80_x86 (HKLM\...\{212748BB-0DA5-46DE-82A1-403736DC9F27}) (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (HKLM\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (HKLM\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Open Systems Client (HKLM\...\Open Systems Client) (Version:  - )
OpenAL (HKLM\...\OpenAL) (Version:  - )
Origin (HKLM\...\Origin) (Version: 10.5.6.6235 - Electronic Arts, Inc.)
Product Improvement Study for HP Officejet Pro 8620 (HKLM\...\{8E08E6F4-AC4A-448C-BA4D-0FB93DE57BC2}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5391 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
USB game controller (HKLM\...\{350161D2-0582-11D8-B095-009027EC0701}) (Version: 1.14.0000 - Logic 3 International Ltd.) Hidden
USB game controller (HKLM\...\InstallShield_{350161D2-0582-11D8-B095-009027EC0701}) (Version: 1.14.0000 - Logic 3 International Ltd.)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.1 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-486867131-26501815-4098484281-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00-Zukmo-SyncFileModified] -> {23939489-8B41-45ec-90F3-BD36A9644006} =>  -> No File
ShellIconOverlayIdentifiers: [00-Zukmo-SyncFileSuccess] -> {23939488-8B41-45ec-90F3-BD36A9644006} =>  -> No File
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
ContextMenuHandlers3: [ZukmoExplorerShlPlugin] -> {23939488-8B41-45ec-90F3-BD36A9644006} =>  -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2013-12-20] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BBD703A-E1ED-4F20-8D6F-DE145CC61819} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {0BF2F537-1A66-42C4-B31F-E0DED0ED7976} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {154293BD-6069-461B-AD27-65DAB5B7D825} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {337ADA36-47C2-4411-B946-D212DF072AA4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-03-07] (HP Inc.)
Task: {77A2762F-A8BA-435B-B4A8-C2B51807A325} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {83E48F6C-41AC-4A8F-A933-D6B166102A9C} - System32\Tasks\HPCustParticipation HP Officejet Pro 8620 => C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {8D85D651-DF62-4AA0-9566-EAB50F0EF0C2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {921CB712-6E33-4B2E-843C-22C14C1726AF} - System32\Tasks\{B0F6A49D-A91D-4D19-A031-13FCC944AB56} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~1\sina\SINAWE~1\304~1.2\UNWISE.EXE -c C:\PROGRA~1\sina\SINAWE~1\304~1.2\Install.LOG
Task: {A4EFC974-C25D-4058-9AD0-C5935E5D7E1E} - System32\Tasks\Ad-Aware Update (Daily 4) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {A7CCFDE0-B551-4499-A258-56B34E9881E2} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-26] (Microsoft Corporation)
Task: {B0E89306-476E-49C3-B2E9-B969E2F2E23A} - System32\Tasks\HPCeeScheduleForHeiko => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {BDDF23BB-B853-4630-9600-DAC5E8ADE25A} - System32\Tasks\Ad-Aware Update (Daily 3) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {D13F6EE8-A587-498E-944D-FC1A7733B156} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {D6D2CE03-C7B0-483A-8276-0C08293A696F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {E8230F08-FF57-476F-A020-DC736F30D667} - System32\Tasks\Ad-Aware Update (Daily 1) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {EBCC21A9-D5A4-4F8E-83E8-B106BD8BBB59} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe
Task: {F708DBDE-831D-490E-BD92-6A753F372544} - System32\Tasks\Ad-Aware Update (Daily 2) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {FB888641-8C58-4BC9-8A50-9B22C21958E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-02-07] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Ad-Aware Update (Daily 1).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Ad-Aware Update (Daily 2).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Ad-Aware Update (Daily 3).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Ad-Aware Update (Daily 4).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHeiko.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2007-04-21 10:40 - 2007-04-21 10:40 - 000061440 _____ () C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
2009-03-03 19:04 - 2009-05-21 16:01 - 000107832 _____ () C:\Windows\system32\PnkBstrB.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\agentware.net -> hxxps://agentware.net
IE trusted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\rundumsorglos.net -> hxxps://mail.rundumsorglos.net
IE trusted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\sabre.com -> hxxps://sabre.com
IE trusted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\virtual-apps.net -> hxxps://mail.virtual-apps.net
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-486867131-26501815-4098484281-1000\...\1-2005-search.com -> www.1-2005-search.com

There are 12684 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 22:23 - 2018-01-16 12:25 - 000450722 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1	localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 15464 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-486867131-26501815-4098484281-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Heiko\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Heiko^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dora the Explorer_ Dance to the Rescue Registration.lnk => C:\Windows\pss\Dora the Explorer_ Dance to the Rescue Registration.lnk.Startup
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BitTorrent DNA => "C:\Users\Heiko\Program Files\DNA\btdna.exe"
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: OpScheduler => "C:\Program Files\Accessories\Omnipage\OpScheduler.exe"
MSCONFIG\startupreg: Opware15 => "C:\Program Files\Accessories\Omnipage\Opware15.exe"
MSCONFIG\startupreg: PDF3 Registry Controller => "C:\Program Files\Accessories\Omnipage\PDFConverter3\\RegistryController.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\Steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2398535C-0B73-4C8D-893C-9C74C62AFA37}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B695CC82-0DF8-4405-AB03-877A99FC027E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{7477B0F9-36B3-408E-A92C-43201071D33B}C:\program files\games\micro machines\mmv4.exe] => (Block) C:\program files\games\micro machines\mmv4.exe
FirewallRules: [TCP Query User{0A3BD513-6913-4C2C-A354-19AACD96DD91}C:\program files\games\micro machines\mmv4.exe] => (Block) C:\program files\games\micro machines\mmv4.exe
FirewallRules: [{F9E11C52-496C-445B-91B0-F24B6CEA983F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{032D9D24-CB50-4C30-91A8-72BB7CF55172}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5F6C2DB1-8D73-461F-8552-CF03FFB4BBE8}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{113DED41-366B-4A17-8E71-7404DB16FA70}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{86D27042-BCCD-45DF-A707-B1C47A186E40}] => (Allow) C:\Windows\System32\muzapp.exe
FirewallRules: [{8EFE99B3-CC25-48AD-9571-9A06532B6410}] => (Allow) C:\Program Files\Steam\steamapps\common\Need for Speed Hot Pursuit\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{0B5CE1C0-69F8-42DC-9417-474C6AC9980B}] => (Allow) C:\Program Files\Steam\steamapps\common\Need for Speed Hot Pursuit\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{A14C1B0F-E6FF-497B-B97C-74A2DCA3733F}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{0CABE169-A2A1-46E1-9E95-218BE1C954C1}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{CB1D0DDB-3167-423D-844C-FF180F613936}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{400CDEE1-7B38-49D4-949E-1B16648DD53E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{2D27C6A1-887F-49DC-B379-A48171081BBC}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{630209DF-00C3-4772-A5AF-69A19672F6E8}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F40C07C3-92A7-4E63-958F-A9EE7D7ADD93}C:\program files\marvell\61xx\apache2\bin\apache.exe] => (Allow) C:\program files\marvell\61xx\apache2\bin\apache.exe
FirewallRules: [TCP Query User{B7E6A63A-3AA9-4D55-B32B-9575C8A301A0}C:\program files\marvell\61xx\apache2\bin\apache.exe] => (Allow) C:\program files\marvell\61xx\apache2\bin\apache.exe
FirewallRules: [UDP Query User{70E77C00-B2C6-4422-9CCE-01881F959FAB}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{1FA1AED8-3F27-4023-9EDC-0217896FB03E}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{139429A6-A651-4B8A-9035-0724BE8A6968}C:\windows\sabserv.exe] => (Allow) C:\windows\sabserv.exe
FirewallRules: [TCP Query User{52E104D8-E2E1-4B09-990A-8F3879708134}C:\windows\sabserv.exe] => (Allow) C:\windows\sabserv.exe
FirewallRules: [UDP Query User{5AD8C1E0-F1E5-4811-9B2F-43A5D3AD894F}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{71D68BCA-C7F2-46E8-A9FC-D896ADA21C1D}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{DA548872-785B-433F-BAF8-D429670AC33C}] => (Allow) C:\Program Files\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{660543A3-D7FC-4641-B2F9-2E80C151EB96}] => (Allow) C:\Program Files\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{1B306820-0F9D-4195-9645-9D79F0CB62A8}] => (Allow) C:\Program Files\DNA\btdna.exe
FirewallRules: [{EB01A9A6-1867-482D-BDCB-CDC4C223FED8}] => (Allow) C:\Program Files\DNA\btdna.exe
FirewallRules: [{F6C50470-FBB4-4A16-B0FE-C53D98ABC6AD}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{F780ECDF-54F6-48FA-80E4-696EAE9E9EAA}] => (Allow) C:\Windows\System32\PnkBstrB.exe
FirewallRules: [{2D24E018-5323-440E-9147-00C79A78DFA8}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [{E645B6B3-0D5B-4F8C-80CC-0CBAAEDB30FE}] => (Allow) C:\Windows\System32\PnkBstrA.exe
FirewallRules: [UDP Query User{79EAAEBD-0A31-4B30-AE43-685D321FEB11}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{0D8D36D9-8B5C-470E-89E1-5AC7251E4DB9}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{8EE4C063-700C-42CD-B189-64C0109CD8A9}] => (Allow) LPort=6346
FirewallRules: [{2C3C9619-AA96-40FD-9A13-0293032EA2AF}] => (Allow) LPort=6346
FirewallRules: [{7E558A91-420B-4F54-AC63-0DD1A350B51D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{01844AD2-EE49-40DE-8F97-9F759DA91D3A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{C4A3893F-A070-417B-860A-60C1D3F89CAE}C:\windows\sabserv.exe] => (Allow) C:\windows\sabserv.exe
FirewallRules: [TCP Query User{64F75C53-2404-4680-98E7-6B739E87E7AA}C:\windows\sabserv.exe] => (Allow) C:\windows\sabserv.exe
FirewallRules: [UDP Query User{FA6F7BD6-2527-4DF7-86AB-3707CCBFD912}C:\program files\marvell\61xx\apache2\bin\apache.exe] => (Allow) C:\program files\marvell\61xx\apache2\bin\apache.exe
FirewallRules: [TCP Query User{DF076614-FEFD-4679-B6EE-0D21C1931F45}C:\program files\marvell\61xx\apache2\bin\apache.exe] => (Allow) C:\program files\marvell\61xx\apache2\bin\apache.exe
FirewallRules: [{1AAAD0B4-5ADF-432F-9467-BA92E526DFC7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{7B0CED59-1B78-4388-A949-F1DA0512C80B}] => (Allow) C:\Users\Heiko\AppData\Local\Temp\7zS4CAA\HPDiagnosticCoreUI.exe
FirewallRules: [{9FB7DB8D-D696-4689-88DF-8AD6EB9FA0BE}] => (Allow) C:\Users\Heiko\AppData\Local\Temp\7zS4CAA\HPDiagnosticCoreUI.exe
FirewallRules: [{A7174691-CEE8-48DB-B01C-CA1F9D7BB120}] => (Allow) C:\Users\Heiko\AppData\Local\Temp\7zS4D54\HPDiagnosticCoreUI.exe
FirewallRules: [{C12D9D86-578D-4C85-9913-00F7E21D0717}] => (Allow) C:\Users\Heiko\AppData\Local\Temp\7zS4D54\HPDiagnosticCoreUI.exe
FirewallRules: [{F9C3C2B7-30D8-425C-8E97-89E57FD17A7E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\FaxApplications.exe
FirewallRules: [{FE52B951-7BA8-4C67-A224-85FA0F29D58A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\DigitalWizards.exe
FirewallRules: [{C3F9996E-16E7-4038-BD77-319D4914A6CE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\SendAFax.exe
FirewallRules: [{B87DD732-4C4F-46B8-B3E6-BE847317CB0A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\DeviceSetup.exe
FirewallRules: [{C347065B-7BD6-4A02-A6A9-C62453860158}] => (Allow) LPort=5357
FirewallRules: [{66F31C15-50A5-4D2E-A439-39F3AD550A0A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{FE283725-44E8-46A8-B0D4-12A5B33CCA92}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{694E9433-4DE4-4831-9813-BA4FED8CFC56}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Accessories\BitTorrent\bittorrent.exe] => Enabled:BitTorrent

==================== Restore Points =========================

16-01-2018 16:38:29 Windows Update
16-04-2018 11:54:28 Windows Update
16-04-2018 20:50:57 Revo Uninstaller's restore point - Adobe Acrobat Reader DC
16-04-2018 20:56:15 Revo Uninstaller's restore point - Adobe AIR
16-04-2018 20:57:58 Revo Uninstaller's restore point - Adobe Flash Player 29 ActiveX
16-04-2018 20:59:36 Revo Uninstaller's restore point - Avast Free Antivirus
16-04-2018 21:08:10 Revo Uninstaller's restore point - Google Chrome
16-04-2018 21:10:06 Revo Uninstaller's restore point - iCloud
16-04-2018 21:13:45 Revo Uninstaller's restore point - Skype version 8.19
16-04-2018 21:14:41 Revo Uninstaller's restore point - Windows 7 Upgrade Advisor
16-04-2018 21:15:08 Removed Windows 7 Upgrade Advisor
16-04-2018 21:16:21 Revo Uninstaller's restore point - WinRAR archiver
16-04-2018 21:16:50 Revo Uninstaller's restore point - WinZip 12.0
16-04-2018 21:17:33 Removed WinZip 12.0

==================== Faulty Device Manager Devices =============

Name: sptd
Description: sptd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: sptd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2018 12:35:14 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (01/16/2018 05:08:01 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (01/16/2018 12:34:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\HP\HP Officejet Pro 8620\DriverStore\Yeti\V3\amd64\hpinkins7012.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/16/2018 12:34:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\ati technologies\hydravision\HydraMD64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/16/2018 12:34:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\ati technologies\hydravision\HydraDM64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/16/2018 12:34:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\ati technologies\hydravision\Grid64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/16/2018 12:34:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/16/2018 12:32:20 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Program Files\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll".Error in manifest or policy file "C:\Program Files\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll" on line 2.
Invalid Xml syntax.


System errors:
=============
Error: (04/18/2018 08:14:11 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
sptd

Error: (04/18/2018 08:14:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (04/18/2018 08:14:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (04/18/2018 08:13:25 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:09:21 AM on ‎4/‎18/‎2018 was unexpected.

Error: (04/18/2018 08:13:00 AM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (04/18/2018 07:54:09 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
sptd

Error: (04/18/2018 07:54:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (04/18/2018 07:54:07 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.


Windows Defender:
===================================
Date: 2016-10-22 20:04:35.195
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070003
Error description:The system cannot find the path specified. 
Signature version:0.0.0.0
Engine version:0.0.0.0

CodeIntegrity:
===================================

Date: 2016-10-15 23:16:55.831
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-15 23:16:55.472
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-15 23:16:55.097
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-15 23:16:54.738
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-15 23:16:54.379
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-15 23:16:54.004
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-15 23:16:52.475
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-10-15 23:16:52.132
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 33%
Total physical RAM: 3071.12 MB
Available physical RAM: 2036.39 MB
Total Virtual: 6140.59 MB
Available Virtual: 4990.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.19 GB) (Free:51.03 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:156.25 GB) (Free:97.69 GB) NTFS
Drive e: () (Fixed) (Total:192.32 GB) (Free:170.2 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 20C53A3A)
Partition 1: (Active) - (Size=117.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=156.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=192.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
         
--- --- ---

--- --- ---

Alt 18.04.2018, 08:24   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ist mein pc virenfrei? - Standard

Ist mein pc virenfrei?



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
ShellIconOverlayIdentifiers: [00-Zukmo-SyncFileModified] -> {23939489-8B41-45ec-90F3-BD36A9644006} =>  -> No File
ShellIconOverlayIdentifiers: [00-Zukmo-SyncFileSuccess] -> {23939488-8B41-45ec-90F3-BD36A9644006} =>  -> No File
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
ContextMenuHandlers3: [ZukmoExplorerShlPlugin] -> {23939488-8B41-45ec-90F3-BD36A9644006} =>  -> No File
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
hosts:
emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 18.04.2018, 22:01   #13
Kermit1973
 
Ist mein pc virenfrei? - Standard

Ist mein pc virenfrei?



Hallo Cosinus,

anbei schicke ich dir den Log:

Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x86) Version: 15.04.2018
Ran by Heiko (19-04-2018 08:58:03) Run:1
Running from C:\Users\Heiko\Desktop
Loaded Profiles: Heiko (Available Profiles: Heiko)
Boot Mode: Normal

==============================================

fixlist content:
*****************
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
ShellIconOverlayIdentifiers: [00-Zukmo-SyncFileModified] -> {23939489-8B41-45ec-90F3-BD36A9644006} =>  -> No File
ShellIconOverlayIdentifiers: [00-Zukmo-SyncFileSuccess] -> {23939488-8B41-45ec-90F3-BD36A9644006} =>  -> No File
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
ContextMenuHandlers3: [ZukmoExplorerShlPlugin] -> {23939488-8B41-45ec-90F3-BD36A9644006} =>  -> No File
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
hosts:
emptytemp:
         
*****************

C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00-Zukmo-SyncFileModified" => removed successfully.
HKLM\Software\Classes\CLSID\{23939489-8B41-45ec-90F3-BD36A9644006} => not found
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00-Zukmo-SyncFileSuccess" => removed successfully.
HKLM\Software\Classes\CLSID\{23939488-8B41-45ec-90F3-BD36A9644006} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\LavasoftShellExt" => removed successfully.
HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => not found
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\LavasoftShellExt" => removed successfully.
HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\ZukmoExplorerShlPlugin" => removed successfully.
HKLM\Software\Classes\CLSID\{23939488-8B41-45ec-90F3-BD36A9644006} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\LavasoftShellExt" => removed successfully.
HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10008434 B
Java, Flash, Steam htmlcache => 110079249 B
Windows/system/drivers => 761275100 B
Edge => 0 B
Chrome => 63201203 B
Firefox => 427537968 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 29568153 B
LocalService => 3130892 B
NetworkService => 181572 B
Heiko => 47132791 B

RecycleBin => 1214779625 B
EmptyTemp: => 2.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:59:39 ====
         

Alt 18.04.2018, 22:05   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ist mein pc virenfrei? - Standard

Ist mein pc virenfrei?



Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte:


1. Schritt: Malwarebytes Version 3

Downloade Dir bitte Malwarebytes Anti-Malware 3
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM nach dem Neustart, klicke auf Berichte.
  • Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
  • Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



2. Schritt: ESET

Downloade Dir bitte ESET Online Scanner (Bebilderte Anleitung)
  • Starte die Installationsdatei.
  • Akzeptiere die Nutzungsbedingungen.
  • Wähle Erkennung evtl. unerwünschter Anwendungen aktivieren aus und klicke auf Scannen.
  • Zuerst werden die notwendigen Signaturen heruntergeladen, anschließend startet ESET automatisch den Suchlauf.
  • Am Ende des Suchlaufs werden gegebenenfalls die gefundenen Elemente aufgelistet.
  • Schließe den ESET Online Scanner rechts oben [ X ] und klicke anschließend auf Schließen.
  • Drücke bitte die Tastenkombination WIN+R zum Ausführen und kopiere folgenden Text in die Zeile und drücke im Anschluss auf OK:
    Code:
    ATTFilter
    notepad "%tmp%\log.txt"
             
  • Kopiere den gesamten Text mittels STRG+A und STRG+C hier in deine Antwort in CODE-Tags



3. Schritt: SecurityCheck

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.04.2018, 08:40   #15
Kermit1973
 
Ist mein pc virenfrei? - Standard

Ist mein pc virenfrei?



Hallo Cosinus,

anbei schicke ich dir die drei bestellten logs:

Malwarebytes
Code:
ATTFilter
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 23.04.18
Scan-Zeit: 16:34
Protokolldatei: 8dd193e6-46af-11e8-8be9-001bfcd42ddb.json
Administrator: Ja

-Softwaredaten-
Version: 3.4.5.2467
Komponentenversion: 1.0.342
Version des Aktualisierungspakets: 1.0.4842
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Heiko-PC\Heiko

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 240826
Erkannte Bedrohungen: 1
In die Quarantäne verschobene Bedrohungen: 1
Abgelaufene Zeit: 17 Min., 39 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 1
PUP.Optional.GameHack, C:\PROGRAM FILES\CHEAT ENGINE 6.4\STANDALONEPHASE1.DAT, In Quarantäne, [8242], [393793],1.0.4842

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)
         
Eset
Code:
ATTFilter
17:02:05 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.19.0
# EOSSerial=c1d408ec5aa94449840b4ae46c777414
# end=init
# utc_time=2018-04-23 05:02:03
# local_time=2018-04-23 17:02:03 (+1200, New Zealand Standard Time)
# country="New Zealand"
# osver=6.1.7601 NT Service Pack 1
17:02:10 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.19.0
# EOSSerial=c1d408ec5aa94449840b4ae46c777414
# end=init
# utc_time=2018-04-23 05:02:09
# local_time=2018-04-23 17:02:09 (+1200, New Zealand Standard Time)
# country="New Zealand"
# osver=6.1.7601 NT Service Pack 1
17:03:03 Updating
17:03:03 Update Init
17:03:04 Update Download
17:13:20 esets_scanner_reload returned 0
17:13:20 g_uiModuleBuild: 37134
17:13:20 Update Finalize
17:13:20 Call m_esets_charon_send
17:13:20 Call m_esets_charon_destroy
17:13:20 Updated modules version: 37134
17:13:31 Call m_esets_charon_setup_create
17:13:31 Call m_esets_charon_create
17:13:31 m_esets_charon_create OK
17:13:31 Call m_esets_charon_start_send_thread
17:13:31 Call m_esets_charon_setup_set
17:13:31 m_esets_charon_setup_set OK
17:13:31 Scanner engine: 37134
19:16:29 # product=EOS
# version=8
# flags=0
# esetonlinescanner_deu.exe=2.0.19.0
# EOSSerial=c1d408ec5aa94449840b4ae46c777414
# engine=37134
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# sfx_checked=true
# utc_time=2018-04-23 07:16:28
# local_time=2018-04-23 19:16:28 (+1200, New Zealand Standard Time)
# country="New Zealand"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 15328470 276102579 0 0
# scanned=2
# found=1
# cleaned=0
# scan_time=7386
sh=308C88456D0CB94A8F74521E7E0567C257833403 ft=1 fh=0000000000000000 vn="Variante von Win32/UwS.DriverTuner.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DriverTuner\DriverTuner.exe.vir"
19:19:44 Call m_esets_charon_send
19:19:44 Call m_esets_charon_destroy
19:19:45 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Heiko\AppData\Local\ESET\ESETOnlineScanner\Quarantine\
         
Security Check
Code:
ATTFilter
 Results of screen317's Security Check version 1.009  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Malwarebytes   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 	29.0.0.140  
 Mozilla Firefox (59.0.2) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamtray.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 5% 
````````````````````End of Log``````````````````````
         

Antwort

Themen zu Ist mein pc virenfrei?
ad-aware, adware, antivirus, askbar, bonjour, browser, failed, firefox, flash player, google, helper, home, homepage, iexplore.exe, mozilla, mp3, pdfconverter, registry, scan, security, software, svchost.exe, system, trojaner, trojaner board, udp, windows




Ähnliche Themen: Ist mein pc virenfrei?


  1. Windows 10: Ist mein Computer nach Neuaufsetzung jetzt Virenfrei?
    Log-Analyse und Auswertung - 25.03.2016 (2)
  2. Trojan.Ransom.ED gelöscht. Ist mein PC nun Virenfrei?
    Plagegeister aller Art und deren Bekämpfung - 11.05.2015 (4)
  3. Virenfrei durch Schrauber
    Lob, Kritik und Wünsche - 08.05.2015 (1)
  4. Virenfrei nach Systemwiederherstellung?
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (1)
  5. Bin ich jetzt wirklich Virenfrei?
    Log-Analyse und Auswertung - 04.07.2010 (4)
  6. Virenfrei?
    Log-Analyse und Auswertung - 30.12.2009 (1)
  7. Ist mein System virenfrei?
    Log-Analyse und Auswertung - 01.06.2009 (5)
  8. HijackThis Virenfrei ?!?
    Log-Analyse und Auswertung - 27.05.2009 (2)
  9. Hijack This Log , Virenfrei ?
    Log-Analyse und Auswertung - 25.05.2009 (6)
  10. PC jetzt virenfrei?
    Mülltonne - 31.08.2008 (0)
  11. Bin ich Virenfrei?
    Mülltonne - 23.05.2008 (0)
  12. Systemwiederherstellung virenfrei halten?
    Plagegeister aller Art und deren Bekämpfung - 15.03.2008 (1)
  13. Ist mein System virenfrei?
    Log-Analyse und Auswertung - 27.01.2008 (9)
  14. wieder virenfrei?
    Mülltonne - 27.11.2007 (0)
  15. mein Log - Virenfrei?
    Log-Analyse und Auswertung - 14.09.2006 (3)
  16. Ist mein PC Virenfrei?
    Log-Analyse und Auswertung - 09.12.2005 (4)
  17. Virenfrei??
    Log-Analyse und Auswertung - 11.10.2004 (4)

Zum Thema Ist mein pc virenfrei? - Hallo liebes Trojaner Board Team, ich bin gerade dabei den alten PC von meinem Sohn als Not PC zu reaktivieren und wollte sicher gehen ob alles rein und virenfrei ist. - Ist mein pc virenfrei?...
Archiv
Du betrachtest: Ist mein pc virenfrei? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.