und FRst log
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by elhamzaf (administrator) on ELHAMZAF2 (08-11-2015 16:34:17)
Running from C:\Users\elhamzaf\Downloads
Loaded Profiles: elhamzaf (Available Profiles: elhamzaf & hpadmin & administrateur)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: Englisch (USA)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [McAfee Host Intrusion Prevention Tray] => C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [239848 2015-06-24] (McAfee, Inc.)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [RtsCM] => C:\windows\RTSCM64.EXE [153816 2013-11-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-09-27] (Intel Corporation)
HKLM\...\Run: [BLEServicesCtrl] => c:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "c:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [8628224 2014-09-24] (Broadcom Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816240 2014-04-07] (Synaptics Incorporated)
HKLM\...\Run: [PasswordRegistration] => C:\Windows\system32\MsPwdRegistration.exe [31080 2012-01-29] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-06] (IDT, Inc.)
HKLM\...\Run: [HPRAService] => C:\Program Files\RA2HP\HPRAService.exe [610304 2015-05-22] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [244080 2015-08-20] (McAfee, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2013-12-10] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-20] (Intel Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [AgentUiRunKey] => C:\Program Files (x86)\PC Backup\Agent.exe [239104 2010-09-08] (Iron Mountain Incorporated)
HKLM-x32\...\Run: [eepc_SmartClient] => C:\Program Files (x86)\SmartClient\Smart.exe [139264 2014-08-25] (Hewlett-Packard Company)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2015-09-26] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [MigDetect] => C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\lib\cache\HPQ_MIGRATION_TOOL_EN\MigDetect.exe [448512 2015-09-30] ()
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [337776 2015-02-10] (McAfee, Inc.)
HKLM-x32\...\Run: [IDA] => C:\Program Files (x86)\Hewlett-Packard\PC COE\IDA.EXE [373760 2015-01-26] (Hewlett-Packard Company)
HKLM-x32\...\Run: [JunosPulse] => c:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2537816 2015-02-24] (Juniper Networks, Inc.)
HKLM-x32\...\Run: [myITSupportE] => C:\Program Files (x86)\myITsupportE\myITSupporte.exe [1754112 2015-09-22] (HEWLETT-PACKARD Enterprise)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1957994488-842925246-40105171-1743549\...\Run: [GoogleChromeAutoLaunch_4B4F5D917FAE7DBFD434A8BF47BC31E6] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-20] (Google Inc.)
HKU\S-1-5-21-1957994488-842925246-40105171-1743549\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1957994488-842925246-40105171-1743549\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk [2014-05-21]
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lync Monitor.lnk [2015-07-24]
ShortcutTarget: Lync Monitor.lnk -> C:\Windows\Installer\{642C71D9-6EB3-4B7A-A2F9-043774138614}\NewShortcut41_A542611226524D189A82B5C5C0EA8C73.exe (Flexera Software LLC)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create_shortcut.lnk [2010-11-25]
ShortcutTarget: create_shortcut.lnk -> C:\Users\elhamzaf\create_shortcut.vbs (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reg_off2k7.lnk [2010-11-25]
ShortcutTarget: reg_off2k7.lnk -> C:\Users\elhamzaf\reg_off2k7.vbs (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\set_theme.lnk [2014-06-04]
ShortcutTarget: set_theme.lnk -> C:\Users\elhamzaf\set_theme.vbs (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create_shortcut.lnk [2010-11-25]
ShortcutTarget: create_shortcut.lnk -> C:\Users\elhamzaf\create_shortcut.vbs (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reg_off2k7.lnk [2010-11-25]
ShortcutTarget: reg_off2k7.lnk -> C:\Users\elhamzaf\reg_off2k7.vbs (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\set_theme.lnk [2014-06-04]
ShortcutTarget: set_theme.lnk -> C:\Users\elhamzaf\set_theme.vbs (No File)
Startup: C:\Users\elhamzaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-07-18] ()
Startup: C:\Users\elhamzaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2015-08-06]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office\Office15\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\elhamzaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-11-07]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyScripts: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyServer: [HKLM] => hxxp://autocache.hp.com
AutoConfigURL: [S-1-5-21-1957994488-842925246-40105171-1743549] => hxxp://autocache.hp.com/
Tcpip\..\Interfaces\{61DB6A54-A31E-4D7A-B5E8-137A30C8DC35}: [NameServer] 16.110.135.51,16.110.135.52
Tcpip\..\Interfaces\{B3BA9131-D68E-4432-ACD6-FC43AB21C6F0}: [NameServer] 16.110.135.51,16.110.135.52
Tcpip\..\Interfaces\{CBFCF164-8F70-4593-8BF0-B61D47F572CA}: [DhcpNameServer] 16.110.135.52 16.110.135.51
Tcpip\..\Interfaces\{D29FFDC0-DF00-4BEC-999E-B329551E123A}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1957994488-842925246-40105171-1743549\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1446764286&z=2d54cf74e8fde472708cc9cg6zez2q0m3qaz6ofb7q&from=amt&uid=hgstxhts725050a7e630_tf0500wh1shtnl1shtnlx&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1446764286&z=2d54cf74e8fde472708cc9cg6zez2q0m3qaz6ofb7q&from=amt&uid=hgstxhts725050a7e630_tf0500wh1shtnl1shtnlx&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20150929070614.dll [2015-09-29] (McAfee, Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-11-10] (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20150929070616.dll [2015-09-29] (McAfee, Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-11-10] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1957994488-842925246-40105171-1743549 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {00000035-9593-4264-8B29-930B3E4EDCCD} hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
DPF: HKLM-x32 {AB01FF2E-A848-410C-B47B-CB467C476AD9} hxxps://g4t7453.houston.hp.com/hpSmartCard/HPPKI.cab
DPF: HKLM-x32 {EF991872-9158-4570-A7FF-E7DBB6A4B8E9} hxxp://192.168.128.85/iqweb.ocx
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://sdcvpn02.omc.hp.net/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-01-21] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox
FF NewTab: about:blank
FF DefaultSearchEngine: Startpage HTTPS
FF SelectedSearchEngine: Startpage HTTPS
FF Homepage: about:home
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 4001
FF NetworkProxy: "gopher", "127.0.0.1"
FF NetworkProxy: "gopher_port", 4001
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 4001
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 4001
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 4001
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-11-03] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-11-03] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-11-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2013-11-21] (DigitalPersona, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\blekko-ssl.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick---deutsch.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---deutsch.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---english.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https.xml [2015-02-26]
FF Extension: HTTPS-Everywhere - C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2015-03-07] [not signed]
FF Extension: DownloadHelper - C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-03-07] [not signed]
FF Extension: CanvasBlocker - C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\CanvasBlocker@kkapsner.de.xpi [2015-02-26] [not signed]
FF Extension: JonDoFox - C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi [2015-03-07] [not signed]
FF Extension: NoScript - C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-03-07] [not signed]
FF Extension: Cookie Controller - C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [2015-02-26] [not signed]
FF Extension: Adblock Plus - C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-26] [not signed]
FF Extension: ProfileSwitcher - C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2015-02-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: HP Client Security Manager - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2014-12-31] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-10-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2015-09-30] [not signed]
FF Extension: No Name - C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\AVJYFVOD75109374@HCDE39471360.com [not found]
Chrome:
=======
CHR Profile: C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (TV) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2014-12-11]
CHR Extension: (Google Präsentationen) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcjaemihddenoopkkhaamlcoliiiain [2015-11-07]
CHR Extension: (YouTube) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Präsentationen) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-11-08]
CHR Extension: (Google-Suche) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Google Kalender) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-14]
CHR Extension: (Box) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2015-04-29]
CHR Extension: (Google Präsentationen) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Präsentationen) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (FabCam) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\hejilffmihldhlfocnabcgndjjpgadfl [2015-08-05]
CHR Extension: (Google Maps) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-19]
CHR Extension: (Google Präsentationen) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2015-05-14]
CHR Extension: (Need for Speed World) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk [2014-12-11]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Foto Rulez) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\odahhdimpaeigjcdbgcnhemlkejclmmk [2014-12-11]
CHR Extension: (Google Präsentationen) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2015-11-05]
CHR Extension: (Google Mail) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-09-26]
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2013-11-21]
Opera:
=======
OPR Extension: (CinemaP-1.9cV05.11) - C:\Users\elhamzaf\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-11-05]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
S2 AgentService; C:\Program Files (x86)\PC Backup\AgentService.exe [7595424 2010-09-08] (Iron Mountain Incorporated)
S2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2014-03-31] () [File not signed]
S2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [10571056 2014-06-01] (DisplayLink Corp.)
S2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2013-11-21] (DigitalPersona, Inc.)
S2 enterceptAgent; C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [811480 2015-06-24] (McAfee, Inc.)
S2 FIMPasswordReset; C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe [75608 2012-01-29] (Microsoft Corporation)
S2 HipMgmt; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HipMgmt.exe [240360 2015-06-24] (McAfee, Inc.)
S2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-02-10] (Hewlett-Packard Company)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-09-27] (Intel Corporation)
S2 iClarityQoSService; C:\windows\SysWOW64\\QosServM.exe [233472 2010-11-09] (Avaya Inc.) [File not signed]
S2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
S2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [129904 2015-02-10] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [262544 2015-09-29] (McAfee, Inc.)
S2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [208936 2015-08-20] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-24] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373736 2015-06-24] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-09-29] (McAfee, Inc.)
S2 Radexecd; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe [353480 2014-08-19] (Persistent Systems)
S2 Radsched; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe [263368 2014-08-19] (Persistent Systems)
S2 Radstgms; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe [373960 2014-08-19] (Persistent Systems)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S2 ScreenAgentService; C:\Program Files (x86)\NICE Systems\ScreenAgent\ScreenAgentSvc.exe [386048 2013-01-24] (NICE Systems) [File not signed]
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2013-11-06] (IDT, Inc.) [File not signed]
S2 svctimehpc; C:\Program Files (x86)\Products\Time Service\svctimehpc.exe [13387128 2012-09-11] ()
S2 Tanium Client; C:\Program Files (x86)\Tanium\Tanium Client\TaniumClient.exe [10376480 2014-07-26] (Tanium Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Winpopup Server; C:\Program Files (x86)\Winpopup Server\WinpopupServer.exe [479232 2009-10-17] (Fomine Software) [File not signed]
S2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5878272 2014-09-24] (Broadcom Corporation) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-24] (Broadcom Corporation.)
S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [88376 2013-03-18] (Motorola Solutions, Inc.)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
S3 dc21x4vm; C:\Windows\System32\DRIVERS\dc21x4vm.sys [57344 2009-06-10] (Microsoft Corp.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-03-05] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 FireNfcp; C:\Windows\System32\drivers\FireNfcp.sys [64808 2015-09-24] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\system32\drivers\HipShieldK.sys [216336 2015-06-24] (McAfee, Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-09-27] (Intel Corporation)
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-07-22] ()
R1 jnprns; C:\Windows\System32\DRIVERS\jnprns.sys [507192 2015-02-24] (Juniper Networks)
S4 jnprTdi_808_53815; C:\windows\system32\Drivers\jnprTdi_808_53815.sys [108344 2015-02-24] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [30072 2013-10-28] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2013-10-28] (Juniper Networks, Inc.)
S3 LV_Tracker; C:\Windows\System32\DRIVERS\LV_Tracker64.sys [54824 2010-09-08] ()
S3 Mandiant_Tools; C:\ProgramData\Application Data\Time Service\mktools.sys [25168 2014-05-21] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-09-29] (McAfee, Inc.)
S3 mfeaacsk; C:\Windows\System32\drivers\mfeaacsk.sys [64416 2015-09-29] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2013-12-17] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-09-29] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-09-29] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-09-29] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [87720 2015-06-24] (McAfee, Inc.)
S3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [66080 2015-09-29] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [114880 2015-09-29] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-09-29] (McAfee, Inc.)
R1 NEOFLTR_740_30667; C:\windows\system32\Drivers\NEOFLTR_740_30667.SYS [108344 2014-04-10] (Juniper Networks)
S2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 RadiaMsi; C:\Windows\System32\DRIVERS\radiamsi.sys [41496 2014-05-20] (Persistent Systems)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [429272 2013-08-21] (Realsil Semiconductor Corporation)
S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8876248 2013-11-14] (Realtek Semiconductor Corp.)
S1 SARCXPMirrorDevice; C:\Windows\System32\SARCXPMP64.sys [29328 2012-09-28] ()
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2014-04-07] (Synaptics Incorporated)
S3 TRLNDISMON; C:\Windows\System32\DRIVERS\TRLNDISMON.sys [31392 2015-03-23] (Tarlogic)
S3 JNPRNA; system32\DRIVERS\jnprna6.sys [X]
S4 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S4 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-08 16:34 - 2015-11-08 16:34 - 00038648 _____ C:\Users\elhamzaf\Downloads\FRST.txt
2015-11-08 16:34 - 2015-11-08 16:34 - 00000000 ____D C:\FRST
2015-11-08 16:17 - 2015-11-08 16:33 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-08 16:17 - 2015-11-08 16:17 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-08 16:17 - 2015-11-08 16:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-08 16:16 - 2015-11-08 16:33 - 00000000 ____D C:\Users\elhamzaf\Desktop\mbar
2015-11-08 16:16 - 2015-11-08 16:16 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-11-08 14:35 - 2015-11-08 15:34 - 00000282 _____ C:\windows\Tasks\CFUWrapper.job
2015-11-08 14:35 - 2015-11-08 14:35 - 00003218 _____ C:\windows\System32\Tasks\CFUWrapper
2015-11-08 11:58 - 2015-11-08 13:03 - 416363903 _____ C:\Users\elhamzaf\Downloads\Paragon_Backup_Recovery_14_Free.zip
2015-11-08 11:44 - 2015-11-08 11:45 - 02198528 _____ (Farbar) C:\Users\elhamzaf\Downloads\FRST64.exe
2015-11-07 23:15 - 2015-11-07 23:15 - 00602112 _____ (OldTimer Tools) C:\Users\elhamzaf\Downloads\OTL.exe
2015-11-07 23:11 - 2015-11-07 23:12 - 16563352 _____ (Malwarebytes Corp.) C:\Users\elhamzaf\Downloads\mbar-1.09.3.1001.exe
2015-11-07 23:09 - 2015-11-07 23:09 - 04577440 _____ (Avira Operations GmbH & Co. KG) C:\Users\elhamzaf\Downloads\avira_de_av_563e849102e39__ws.exe
2015-11-07 23:01 - 2015-11-07 23:01 - 11501568 _____ C:\Users\elhamzaf\Desktop\EMET 5.1 Setup.msi
2015-11-06 18:02 - 2015-11-06 18:03 - 00000000 ____D C:\Acrylic Wi-Fi Professional
2015-11-06 17:48 - 2015-11-06 17:49 - 00000000 ____D C:\Users\elhamzaf\AppData\Local\VirtualStore
2015-11-06 17:42 - 2015-11-06 17:44 - 00000000 ____D C:\AdwCleaner
2015-11-05 23:14 - 2015-11-05 23:14 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-11-05 23:00 - 2015-11-06 12:00 - 00000004 _____ C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-11-05 23:00 - 2015-11-05 23:01 - 00000000 ____D C:\Program Files (x86)\6c4bdf9b-d126-43f4-8efc-b4837ed4413d
2015-11-05 22:42 - 2015-03-23 11:00 - 00095312 _____ (Tarlogic) C:\windows\system32\airpcap.dll
2015-11-05 22:42 - 2015-03-23 11:00 - 00076880 _____ (Tarlogic) C:\windows\SysWOW64\airpcap.dll
2015-11-05 22:41 - 2015-11-06 18:02 - 00000000 ____D C:\Users\elhamzaf\AppData\Roaming\Acrylic Wi-Fi Professional
2015-11-05 22:41 - 2015-11-05 23:55 - 00000000 ____D C:\Program Files\Acrylic Wi-Fi Professional
2015-11-05 22:41 - 2015-03-23 11:00 - 00031392 _____ (Tarlogic) C:\windows\system32\Drivers\TRLNDISMON.sys
2015-11-05 16:04 - 2015-11-05 17:24 - 00000000 ____D C:\Users\elhamzaf\Desktop\Ponctions salaires
2015-11-04 10:49 - 2015-11-08 16:10 - 00000278 ____H C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
2015-11-04 10:49 - 2015-11-08 15:34 - 00000370 ____H C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
2015-11-04 10:49 - 2015-11-07 23:53 - 00000338 ____H C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
2015-11-04 10:49 - 2015-11-06 17:47 - 00000374 ____H C:\windows\Tasks\IDA{DDC3038B-D87C-4DE6-AD88-05C6E3962FA0}000.job
2015-11-04 10:49 - 2015-11-06 17:47 - 00000346 ____H C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
2015-11-04 10:49 - 2015-11-06 17:47 - 00000114 ____H C:\windows\Tasks\IDA{EF242085-E950-E7C0-982D-AC0CAEF9D2B1}000.job
2015-11-04 10:49 - 2015-11-06 16:55 - 00003104 _____ C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001
2015-11-04 10:49 - 2015-11-06 16:55 - 00002882 _____ C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000
2015-11-04 10:49 - 2015-11-06 14:35 - 00002978 _____ C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000
2015-11-04 10:49 - 2015-11-06 11:24 - 00003344 _____ C:\windows\System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000
2015-11-04 10:49 - 2015-11-06 11:24 - 00003126 _____ C:\windows\System32\Tasks\IDA{DDC3038B-D87C-4DE6-AD88-05C6E3962FA0}000
2015-11-04 10:49 - 2015-11-06 11:24 - 00003098 _____ C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001
2015-11-04 10:49 - 2015-11-04 10:49 - 00002068 _____ C:\windows\System32\Tasks\IDA{EF242085-E950-E7C0-982D-AC0CAEF9D2B1}000
2015-11-04 10:48 - 2015-11-08 15:29 - 00000392 ____H C:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
2015-11-04 10:48 - 2015-11-08 12:12 - 00000412 ____H C:\windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job
2015-11-04 10:48 - 2015-11-06 17:47 - 00000370 ____H C:\windows\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job
2015-11-04 10:48 - 2015-11-06 12:12 - 00003020 _____ C:\windows\System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000
2015-11-04 10:48 - 2015-11-04 10:48 - 00003122 _____ C:\windows\System32\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000
2015-11-04 10:47 - 2015-11-04 10:47 - 00002882 _____ C:\windows\System32\Tasks\Maint
2015-11-03 22:35 - 2015-11-03 22:35 - 00000000 ____D C:\Users\elhamzaf\AppData\Roaming\LibreOffice
2015-11-03 22:34 - 2015-11-03 22:34 - 00001532 _____ C:\Users\Public\Desktop\LibreOffice 4.4.lnk
2015-11-03 22:34 - 2015-11-03 22:34 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4
2015-11-03 22:33 - 2015-11-03 22:34 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2015-11-03 12:12 - 2015-11-08 15:26 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-11-03 12:12 - 2015-11-03 12:18 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-10-28 20:08 - 2015-10-28 20:08 - 00002755 _____ C:\Users\Public\Desktop\ myITsupport.lnk
2015-10-28 20:08 - 2015-10-28 20:08 - 00002755 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ myITsupport.lnk
2015-10-28 20:08 - 2015-10-28 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myITsupportIcon
2015-10-28 20:08 - 2015-10-28 20:08 - 00000000 ____D C:\Program Files (x86)\myITsupportE
2015-10-28 11:11 - 2015-10-28 11:21 - 00000000 ____D C:\Users\elhamzaf\Desktop\Business
2015-10-27 13:22 - 2015-10-27 13:22 - 00000649 _____ C:\Users\elhamzaf\Desktop\Bitcoin Core (64-bit).lnk
2015-10-27 13:01 - 2015-10-27 13:01 - 00000758 _____ C:\Users\elhamzaf\Desktop\Orga.lnk
2015-10-27 13:00 - 2015-10-27 13:03 - 00000000 ____D C:\Arbeit
2015-10-27 12:07 - 2015-10-27 12:07 - 00002165 _____ C:\Users\elhamzaf\Desktop\BitMinter Client.lnk
2015-10-27 12:07 - 2015-10-27 12:07 - 00000000 ____D C:\Users\elhamzaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitMinter
2015-10-26 14:51 - 2015-10-26 14:51 - 00002471 _____ C:\Users\elhamzaf\Desktop\Marquee.lnk
2015-10-26 14:36 - 2015-10-26 14:36 - 00000422 _____ C:\Users\elhamzaf\Desktop\AIC Global Admin.appref-ms
2015-10-25 15:31 - 2015-11-07 19:33 - 00000000 ____D C:\Outlook Ordner
2015-10-23 23:14 - 2015-10-23 23:16 - 00000000 ____D C:\bitcoin
2015-10-23 23:14 - 2015-10-23 23:14 - 00000000 ____D C:\Users\elhamzaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin Core
2015-10-18 20:31 - 2015-11-06 17:45 - 00000847 _____ C:\Users\elhamzaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2015-10-18 20:31 - 2015-11-06 17:45 - 00000799 _____ C:\Users\elhamzaf\Desktop\Tor.lnk
2015-10-18 20:30 - 2015-11-06 17:45 - 00000000 ____D C:\Users\elhamzaf\Desktop\Tor Browser
2015-10-18 09:27 - 2015-10-18 09:27 - 01204080 _____ C:\windows\Minidump\101815-21091-01.dmp
2015-10-16 08:35 - 2015-10-16 08:35 - 00000000 _____ C:\Users\elhamzaf\AppData\Local\{24500F75-2570-4221-A876-69D5590A1198}
2015-10-14 08:18 - 2015-10-14 08:18 - 00000023 _____ C:\invalid.txt
2015-10-09 12:20 - 2015-02-24 16:55 - 00108344 _____ (Juniper Networks, Inc.) C:\windows\system32\Drivers\jnprTdi_808_53815.sys
2015-10-09 12:20 - 2015-02-24 13:50 - 00507192 _____ (Juniper Networks) C:\windows\system32\Drivers\jnprns.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-08 16:20 - 2015-07-28 14:58 - 01230574 _____ C:\windows\system32\perfh007.dat
2015-11-08 16:20 - 2015-07-28 14:58 - 00339842 _____ C:\windows\system32\perfc007.dat
2015-11-08 16:20 - 2009-07-14 05:13 - 00006742 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-08 16:15 - 2009-07-14 04:51 - 00163994 _____ C:\windows\setupact.log
2015-11-08 16:15 - 2009-07-14 03:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-11-08 16:13 - 2014-09-24 15:59 - 01751817 _____ C:\windows\WindowsUpdate.log
2015-11-08 16:13 - 2009-07-14 04:45 - 00019328 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-08 16:13 - 2009-07-14 04:45 - 00019328 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-08 16:00 - 2014-10-13 15:31 - 00000308 _____ C:\windows\Tasks\pcpm-collector.job
2015-11-08 15:19 - 2014-12-11 23:14 - 00001068 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-08 14:30 - 2014-10-13 15:31 - 00000314 _____ C:\windows\Tasks\pcpm-consolidator.job
2015-11-08 13:49 - 2015-04-21 20:08 - 00000000 ____D C:\Users\elhamzaf\Desktop\FUN
2015-11-08 13:27 - 2015-02-03 17:54 - 00001970 _____ C:\windows\SysWOW64\QosServ.log
2015-11-08 13:27 - 2014-12-11 23:14 - 00001064 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-08 13:26 - 2014-12-11 18:06 - 00000000 ____D C:\Program Files (x86)\PC Backup
2015-11-08 13:26 - 2009-07-14 05:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-07 19:33 - 2015-05-04 21:01 - 33276928 _____ C:\Users\elhamzaf\Documents\Meine Outlook bis 102015 .pst
2015-11-07 19:20 - 2014-12-22 11:04 - 00000000 ____D C:\Users\elhamzaf\AppData\Local\CrashDumps
2015-11-07 19:13 - 2014-11-10 14:15 - 00000000 ____D C:\windows\system32\appmgmt
2015-11-07 19:02 - 2014-09-24 15:26 - 00000290 _____ C:\windows\Tasks\Maint.job
2015-11-06 17:46 - 2010-11-21 03:47 - 00217854 _____ C:\windows\PFRO.log
2015-11-06 17:45 - 2015-03-07 16:56 - 00000000 ____D C:\Users\elhamzaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JonDoFox
2015-11-06 17:45 - 2014-12-11 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-06 17:44 - 2015-03-03 14:23 - 00000000 ____D C:\Quarantine
2015-11-06 00:10 - 2014-12-29 10:15 - 00000000 ____D C:\Program Files\Samsung
2015-11-06 00:10 - 2014-12-23 09:33 - 00000000 ____D C:\Program Files (x86)\Opera
2015-11-06 00:09 - 2015-02-11 09:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-06 00:01 - 2015-09-17 22:37 - 00000000 ____D C:\Program Files\CyberGhost 5
2015-11-05 23:58 - 2014-12-11 23:14 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-05 23:55 - 2014-12-14 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirDroid
2015-11-05 23:01 - 2014-05-21 13:42 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-05 18:16 - 2014-12-11 17:55 - 00029970 __RSH C:\Users\elhamzaf\ntuser.pol
2015-11-05 18:16 - 2014-12-11 17:08 - 00000000 ____D C:\Users\elhamzaf
2015-11-05 18:16 - 2014-12-11 17:04 - 00003304 _____ C:\windows\system32\config\netlogon.ftl
2015-11-05 18:16 - 2014-05-21 13:29 - 00123728 __RSH C:\ProgramData\ntuser.pol
2015-11-05 16:05 - 2014-05-21 14:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-04 15:00 - 2014-12-13 13:23 - 00003322 _____ C:\windows\System32\Tasks\Smart Client
2015-11-04 10:48 - 2014-10-13 15:31 - 00002906 _____ C:\windows\System32\Tasks\pcpm-consolidator
2015-11-04 10:47 - 2014-12-11 17:08 - 00134984 _____ C:\Users\elhamzaf\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-04 10:47 - 2014-10-13 15:31 - 00003244 _____ C:\windows\System32\Tasks\pcpm-collector
2015-11-04 10:47 - 2014-10-10 17:46 - 00000000 ____D C:\windows\SmartClient
2015-11-04 10:46 - 2014-05-21 12:41 - 00000000 ____D C:\ProgramData\Time Service
2015-11-04 10:46 - 2009-07-14 04:45 - 00569888 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-03 12:17 - 2014-05-21 12:42 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-03 12:17 - 2014-05-21 12:42 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-01 20:39 - 2015-02-21 16:41 - 00000000 ____D C:\Users\elhamzaf\Documents\Simple Sticky Notes
2015-11-01 14:38 - 2015-06-25 11:28 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-28 20:08 - 2014-05-21 10:32 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-10-26 15:28 - 2015-02-21 19:28 - 750288332 _____ C:\windows\MEMORY.DMP
2015-10-26 15:28 - 2014-10-13 15:26 - 00000000 ____D C:\windows\Minidump
2015-10-26 15:01 - 2015-01-27 14:43 - 00000059 _____ C:\windows\cvterm.ini
2015-10-26 14:43 - 2015-01-11 15:49 - 00000000 ____D C:\Users\elhamzaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2015-10-26 14:36 - 2014-12-11 23:13 - 00000000 ____D C:\Users\elhamzaf\AppData\Local\Deployment
2015-10-25 15:37 - 2015-05-26 20:29 - 00000000 ____D C:\Users\elhamzaf\Documents\Outlook Files
2015-10-25 15:37 - 2014-12-10 21:35 - 3756467200 _____ C:\Users\elhamzaf\Documents\Meine Outlook.pst
2015-10-25 11:21 - 2014-05-21 11:30 - 01612450 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2015-10-19 10:08 - 2014-12-15 18:05 - 00000000 ____D C:\Program Files (x86)\Avaya
2015-10-19 10:08 - 2014-12-11 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avaya
2015-10-16 12:32 - 2015-05-16 16:24 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-10-16 12:32 - 2015-05-16 16:09 - 00002055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-10-16 08:37 - 2014-12-11 18:10 - 00000000 ____D C:\windows\HPLogin
2015-10-09 12:18 - 2014-09-24 23:38 - 00000000 ____D C:\Temp
2015-10-09 12:16 - 2014-06-20 12:11 - 00000000 ____D C:\HP
==================== Files in the root of some directories =======
2014-12-11 18:06 - 2014-12-11 18:06 - 0000000 _____ () C:\Program Files (x86)\PC BackupHPSetup.log
2014-12-11 22:25 - 2014-12-11 22:25 - 0000179 _____ () C:\Users\elhamzaf\AppData\Roaming\HP_BITLOCKER_BACKUP2AD.txt
2015-05-25 08:45 - 2015-05-30 17:00 - 0000600 _____ () C:\Users\elhamzaf\AppData\Local\PUTTY.RND
2014-12-11 22:29 - 2014-12-11 22:29 - 0007600 _____ () C:\Users\elhamzaf\AppData\Local\Resmon.ResmonCfg
2015-10-16 08:35 - 2015-10-16 08:35 - 0000000 _____ () C:\Users\elhamzaf\AppData\Local\{24500F75-2570-4221-A876-69D5590A1198}
2015-05-26 09:18 - 2015-05-26 09:18 - 0000000 _____ () C:\Users\elhamzaf\AppData\Local\{E955198A-C33C-41FA-89C6-F89D5AA0A015}
2015-06-10 08:08 - 2015-06-10 08:08 - 0000057 _____ () C:\ProgramData\Ament.ini
Files to move or delete:
====================
C:\Users\Default\create_shortcut.vbs
C:\Users\Default\reg_off2k7.vbs
C:\Users\Default\set_theme.vbs
C:\Users\Default\ThemeTool.exe
Some files in TEMP:
====================
C:\Users\hpadmin\AppData\Local\Temp\CpqMC.dll
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-06 20:06
==================== End of FRST.txt ============================
--- --- ---
--- --- ---
und FRst log
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by elhamzaf (administrator) on ELHAMZAF2 (08-11-2015 16:34:17)
Running from C:\Users\elhamzaf\Downloads
Loaded Profiles: elhamzaf (Available Profiles: elhamzaf & hpadmin & administrateur)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: Englisch (USA)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [McAfee Host Intrusion Prevention Tray] => C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [239848 2015-06-24] (McAfee, Inc.)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [RtsCM] => C:\windows\RTSCM64.EXE [153816 2013-11-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-09-27] (Intel Corporation)
HKLM\...\Run: [BLEServicesCtrl] => c:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "c:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [8628224 2014-09-24] (Broadcom Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816240 2014-04-07] (Synaptics Incorporated)
HKLM\...\Run: [PasswordRegistration] => C:\Windows\system32\MsPwdRegistration.exe [31080 2012-01-29] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-06] (IDT, Inc.)
HKLM\...\Run: [HPRAService] => C:\Program Files\RA2HP\HPRAService.exe [610304 2015-05-22] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [244080 2015-08-20] (McAfee, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2013-12-10] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-20] (Intel Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [AgentUiRunKey] => C:\Program Files (x86)\PC Backup\Agent.exe [239104 2010-09-08] (Iron Mountain Incorporated)
HKLM-x32\...\Run: [eepc_SmartClient] => C:\Program Files (x86)\SmartClient\Smart.exe [139264 2014-08-25] (Hewlett-Packard Company)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2015-09-26] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [MigDetect] => C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\lib\cache\HPQ_MIGRATION_TOOL_EN\MigDetect.exe [448512 2015-09-30] ()
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [337776 2015-02-10] (McAfee, Inc.)
HKLM-x32\...\Run: [IDA] => C:\Program Files (x86)\Hewlett-Packard\PC COE\IDA.EXE [373760 2015-01-26] (Hewlett-Packard Company)
HKLM-x32\...\Run: [JunosPulse] => c:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2537816 2015-02-24] (Juniper Networks, Inc.)
HKLM-x32\...\Run: [myITSupportE] => C:\Program Files (x86)\myITsupportE\myITSupporte.exe [1754112 2015-09-22] (HEWLETT-PACKARD Enterprise)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1957994488-842925246-40105171-1743549\...\Run: [GoogleChromeAutoLaunch_4B4F5D917FAE7DBFD434A8BF47BC31E6] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-20] (Google Inc.)
HKU\S-1-5-21-1957994488-842925246-40105171-1743549\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1957994488-842925246-40105171-1743549\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk [2014-05-21]
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lync Monitor.lnk [2015-07-24]
ShortcutTarget: Lync Monitor.lnk -> C:\Windows\Installer\{642C71D9-6EB3-4B7A-A2F9-043774138614}\NewShortcut41_A542611226524D189A82B5C5C0EA8C73.exe (Flexera Software LLC)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create_shortcut.lnk [2010-11-25]
ShortcutTarget: create_shortcut.lnk -> C:\Users\elhamzaf\create_shortcut.vbs (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reg_off2k7.lnk [2010-11-25]
ShortcutTarget: reg_off2k7.lnk -> C:\Users\elhamzaf\reg_off2k7.vbs (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\set_theme.lnk [2014-06-04]
ShortcutTarget: set_theme.lnk -> C:\Users\elhamzaf\set_theme.vbs (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create_shortcut.lnk [2010-11-25]
ShortcutTarget: create_shortcut.lnk -> C:\Users\elhamzaf\create_shortcut.vbs (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reg_off2k7.lnk [2010-11-25]
ShortcutTarget: reg_off2k7.lnk -> C:\Users\elhamzaf\reg_off2k7.vbs (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\set_theme.lnk [2014-06-04]
ShortcutTarget: set_theme.lnk -> C:\Users\elhamzaf\set_theme.vbs (No File)
Startup: C:\Users\elhamzaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-07-18] ()
Startup: C:\Users\elhamzaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2015-08-06]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office\Office15\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\elhamzaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-11-07]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyScripts: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyServer: [HKLM] => hxxp://autocache.hp.com
AutoConfigURL: [S-1-5-21-1957994488-842925246-40105171-1743549] => hxxp://autocache.hp.com/
Tcpip\..\Interfaces\{61DB6A54-A31E-4D7A-B5E8-137A30C8DC35}: [NameServer] 16.110.135.51,16.110.135.52
Tcpip\..\Interfaces\{B3BA9131-D68E-4432-ACD6-FC43AB21C6F0}: [NameServer] 16.110.135.51,16.110.135.52
Tcpip\..\Interfaces\{CBFCF164-8F70-4593-8BF0-B61D47F572CA}: [DhcpNameServer] 16.110.135.52 16.110.135.51
Tcpip\..\Interfaces\{D29FFDC0-DF00-4BEC-999E-B329551E123A}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1957994488-842925246-40105171-1743549\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1446764286&z=2d54cf74e8fde472708cc9cg6zez2q0m3qaz6ofb7q&from=amt&uid=hgstxhts725050a7e630_tf0500wh1shtnl1shtnlx&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1446764286&z=2d54cf74e8fde472708cc9cg6zez2q0m3qaz6ofb7q&from=amt&uid=hgstxhts725050a7e630_tf0500wh1shtnl1shtnlx&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20150929070614.dll [2015-09-29] (McAfee, Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-11-10] (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20150929070616.dll [2015-09-29] (McAfee, Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-11-10] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1957994488-842925246-40105171-1743549 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {00000035-9593-4264-8B29-930B3E4EDCCD} hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
DPF: HKLM-x32 {AB01FF2E-A848-410C-B47B-CB467C476AD9} hxxps://g4t7453.houston.hp.com/hpSmartCard/HPPKI.cab
DPF: HKLM-x32 {EF991872-9158-4570-A7FF-E7DBB6A4B8E9} hxxp://192.168.128.85/iqweb.ocx
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://sdcvpn02.omc.hp.net/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-01-21] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox
FF NewTab: about:blank
FF DefaultSearchEngine: Startpage HTTPS
FF SelectedSearchEngine: Startpage HTTPS
FF Homepage: about:home
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 4001
FF NetworkProxy: "gopher", "127.0.0.1"
FF NetworkProxy: "gopher_port", 4001
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 4001
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 4001
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 4001
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-11-03] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-11-03] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-11-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2013-11-21] (DigitalPersona, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\blekko-ssl.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick---deutsch.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---deutsch.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---english.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml [2015-02-26]
FF SearchPlugin: C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https.xml [2015-02-26]
FF Extension: HTTPS-Everywhere - C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2015-03-07] [not signed]
FF Extension: DownloadHelper - C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-03-07] [not signed]
FF Extension: CanvasBlocker - C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\CanvasBlocker@kkapsner.de.xpi [2015-02-26] [not signed]
FF Extension: JonDoFox - C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi [2015-03-07] [not signed]
FF Extension: NoScript - C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-03-07] [not signed]
FF Extension: Cookie Controller - C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [2015-02-26] [not signed]
FF Extension: Adblock Plus - C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-26] [not signed]
FF Extension: ProfileSwitcher - C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2015-02-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: HP Client Security Manager - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2014-12-31] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-10-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2015-09-30] [not signed]
FF Extension: No Name - C:\Users\elhamzaf\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\extensions\AVJYFVOD75109374@HCDE39471360.com [not found]
Chrome:
=======
CHR Profile: C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (TV) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2014-12-11]
CHR Extension: (Google Präsentationen) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcjaemihddenoopkkhaamlcoliiiain [2015-11-07]
CHR Extension: (YouTube) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Präsentationen) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-11-08]
CHR Extension: (Google-Suche) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Google Kalender) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-14]
CHR Extension: (Box) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2015-04-29]
CHR Extension: (Google Präsentationen) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Präsentationen) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (FabCam) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\hejilffmihldhlfocnabcgndjjpgadfl [2015-08-05]
CHR Extension: (Google Maps) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-19]
CHR Extension: (Google Präsentationen) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2015-05-14]
CHR Extension: (Need for Speed World) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk [2014-12-11]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Foto Rulez) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\odahhdimpaeigjcdbgcnhemlkejclmmk [2014-12-11]
CHR Extension: (Google Präsentationen) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2015-11-05]
CHR Extension: (Google Mail) - C:\Users\elhamzaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-09-26]
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2013-11-21]
Opera:
=======
OPR Extension: (CinemaP-1.9cV05.11) - C:\Users\elhamzaf\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-11-05]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
S2 AgentService; C:\Program Files (x86)\PC Backup\AgentService.exe [7595424 2010-09-08] (Iron Mountain Incorporated)
S2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2014-03-31] () [File not signed]
S2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [10571056 2014-06-01] (DisplayLink Corp.)
S2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2013-11-21] (DigitalPersona, Inc.)
S2 enterceptAgent; C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [811480 2015-06-24] (McAfee, Inc.)
S2 FIMPasswordReset; C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe [75608 2012-01-29] (Microsoft Corporation)
S2 HipMgmt; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HipMgmt.exe [240360 2015-06-24] (McAfee, Inc.)
S2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-02-10] (Hewlett-Packard Company)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-09-27] (Intel Corporation)
S2 iClarityQoSService; C:\windows\SysWOW64\\QosServM.exe [233472 2010-11-09] (Avaya Inc.) [File not signed]
S2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
S2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [129904 2015-02-10] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [262544 2015-09-29] (McAfee, Inc.)
S2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [208936 2015-08-20] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-24] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373736 2015-06-24] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-09-29] (McAfee, Inc.)
S2 Radexecd; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe [353480 2014-08-19] (Persistent Systems)
S2 Radsched; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe [263368 2014-08-19] (Persistent Systems)
S2 Radstgms; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe [373960 2014-08-19] (Persistent Systems)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S2 ScreenAgentService; C:\Program Files (x86)\NICE Systems\ScreenAgent\ScreenAgentSvc.exe [386048 2013-01-24] (NICE Systems) [File not signed]
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2013-11-06] (IDT, Inc.) [File not signed]
S2 svctimehpc; C:\Program Files (x86)\Products\Time Service\svctimehpc.exe [13387128 2012-09-11] ()
S2 Tanium Client; C:\Program Files (x86)\Tanium\Tanium Client\TaniumClient.exe [10376480 2014-07-26] (Tanium Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Winpopup Server; C:\Program Files (x86)\Winpopup Server\WinpopupServer.exe [479232 2009-10-17] (Fomine Software) [File not signed]
S2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5878272 2014-09-24] (Broadcom Corporation) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-24] (Broadcom Corporation.)
S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [88376 2013-03-18] (Motorola Solutions, Inc.)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
S3 dc21x4vm; C:\Windows\System32\DRIVERS\dc21x4vm.sys [57344 2009-06-10] (Microsoft Corp.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-03-05] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 FireNfcp; C:\Windows\System32\drivers\FireNfcp.sys [64808 2015-09-24] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\system32\drivers\HipShieldK.sys [216336 2015-06-24] (McAfee, Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-09-27] (Intel Corporation)
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-07-22] ()
R1 jnprns; C:\Windows\System32\DRIVERS\jnprns.sys [507192 2015-02-24] (Juniper Networks)
S4 jnprTdi_808_53815; C:\windows\system32\Drivers\jnprTdi_808_53815.sys [108344 2015-02-24] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [30072 2013-10-28] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2013-10-28] (Juniper Networks, Inc.)
S3 LV_Tracker; C:\Windows\System32\DRIVERS\LV_Tracker64.sys [54824 2010-09-08] ()
S3 Mandiant_Tools; C:\ProgramData\Application Data\Time Service\mktools.sys [25168 2014-05-21] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-09-29] (McAfee, Inc.)
S3 mfeaacsk; C:\Windows\System32\drivers\mfeaacsk.sys [64416 2015-09-29] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2013-12-17] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-09-29] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-09-29] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-09-29] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [87720 2015-06-24] (McAfee, Inc.)
S3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [66080 2015-09-29] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [114880 2015-09-29] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-09-29] (McAfee, Inc.)
R1 NEOFLTR_740_30667; C:\windows\system32\Drivers\NEOFLTR_740_30667.SYS [108344 2014-04-10] (Juniper Networks)
S2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 RadiaMsi; C:\Windows\System32\DRIVERS\radiamsi.sys [41496 2014-05-20] (Persistent Systems)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [429272 2013-08-21] (Realsil Semiconductor Corporation)
S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8876248 2013-11-14] (Realtek Semiconductor Corp.)
S1 SARCXPMirrorDevice; C:\Windows\System32\SARCXPMP64.sys [29328 2012-09-28] ()
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2014-04-07] (Synaptics Incorporated)
S3 TRLNDISMON; C:\Windows\System32\DRIVERS\TRLNDISMON.sys [31392 2015-03-23] (Tarlogic)
S3 JNPRNA; system32\DRIVERS\jnprna6.sys [X]
S4 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S4 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-08 16:34 - 2015-11-08 16:34 - 00038648 _____ C:\Users\elhamzaf\Downloads\FRST.txt
2015-11-08 16:34 - 2015-11-08 16:34 - 00000000 ____D C:\FRST
2015-11-08 16:17 - 2015-11-08 16:33 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-08 16:17 - 2015-11-08 16:17 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-08 16:17 - 2015-11-08 16:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-08 16:16 - 2015-11-08 16:33 - 00000000 ____D C:\Users\elhamzaf\Desktop\mbar
2015-11-08 16:16 - 2015-11-08 16:16 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-11-08 14:35 - 2015-11-08 15:34 - 00000282 _____ C:\windows\Tasks\CFUWrapper.job
2015-11-08 14:35 - 2015-11-08 14:35 - 00003218 _____ C:\windows\System32\Tasks\CFUWrapper
2015-11-08 11:58 - 2015-11-08 13:03 - 416363903 _____ C:\Users\elhamzaf\Downloads\Paragon_Backup_Recovery_14_Free.zip
2015-11-08 11:44 - 2015-11-08 11:45 - 02198528 _____ (Farbar) C:\Users\elhamzaf\Downloads\FRST64.exe
2015-11-07 23:15 - 2015-11-07 23:15 - 00602112 _____ (OldTimer Tools) C:\Users\elhamzaf\Downloads\OTL.exe
2015-11-07 23:11 - 2015-11-07 23:12 - 16563352 _____ (Malwarebytes Corp.) C:\Users\elhamzaf\Downloads\mbar-1.09.3.1001.exe
2015-11-07 23:09 - 2015-11-07 23:09 - 04577440 _____ (Avira Operations GmbH & Co. KG) C:\Users\elhamzaf\Downloads\avira_de_av_563e849102e39__ws.exe
2015-11-07 23:01 - 2015-11-07 23:01 - 11501568 _____ C:\Users\elhamzaf\Desktop\EMET 5.1 Setup.msi
2015-11-06 18:02 - 2015-11-06 18:03 - 00000000 ____D C:\Acrylic Wi-Fi Professional
2015-11-06 17:48 - 2015-11-06 17:49 - 00000000 ____D C:\Users\elhamzaf\AppData\Local\VirtualStore
2015-11-06 17:42 - 2015-11-06 17:44 - 00000000 ____D C:\AdwCleaner
2015-11-05 23:14 - 2015-11-05 23:14 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-11-05 23:00 - 2015-11-06 12:00 - 00000004 _____ C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-11-05 23:00 - 2015-11-05 23:01 - 00000000 ____D C:\Program Files (x86)\6c4bdf9b-d126-43f4-8efc-b4837ed4413d
2015-11-05 22:42 - 2015-03-23 11:00 - 00095312 _____ (Tarlogic) C:\windows\system32\airpcap.dll
2015-11-05 22:42 - 2015-03-23 11:00 - 00076880 _____ (Tarlogic) C:\windows\SysWOW64\airpcap.dll
2015-11-05 22:41 - 2015-11-06 18:02 - 00000000 ____D C:\Users\elhamzaf\AppData\Roaming\Acrylic Wi-Fi Professional
2015-11-05 22:41 - 2015-11-05 23:55 - 00000000 ____D C:\Program Files\Acrylic Wi-Fi Professional
2015-11-05 22:41 - 2015-03-23 11:00 - 00031392 _____ (Tarlogic) C:\windows\system32\Drivers\TRLNDISMON.sys
2015-11-05 16:04 - 2015-11-05 17:24 - 00000000 ____D C:\Users\elhamzaf\Desktop\Ponctions salaires
2015-11-04 10:49 - 2015-11-08 16:10 - 00000278 ____H C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
2015-11-04 10:49 - 2015-11-08 15:34 - 00000370 ____H C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
2015-11-04 10:49 - 2015-11-07 23:53 - 00000338 ____H C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
2015-11-04 10:49 - 2015-11-06 17:47 - 00000374 ____H C:\windows\Tasks\IDA{DDC3038B-D87C-4DE6-AD88-05C6E3962FA0}000.job
2015-11-04 10:49 - 2015-11-06 17:47 - 00000346 ____H C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
2015-11-04 10:49 - 2015-11-06 17:47 - 00000114 ____H C:\windows\Tasks\IDA{EF242085-E950-E7C0-982D-AC0CAEF9D2B1}000.job
2015-11-04 10:49 - 2015-11-06 16:55 - 00003104 _____ C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001
2015-11-04 10:49 - 2015-11-06 16:55 - 00002882 _____ C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000
2015-11-04 10:49 - 2015-11-06 14:35 - 00002978 _____ C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000
2015-11-04 10:49 - 2015-11-06 11:24 - 00003344 _____ C:\windows\System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000
2015-11-04 10:49 - 2015-11-06 11:24 - 00003126 _____ C:\windows\System32\Tasks\IDA{DDC3038B-D87C-4DE6-AD88-05C6E3962FA0}000
2015-11-04 10:49 - 2015-11-06 11:24 - 00003098 _____ C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001
2015-11-04 10:49 - 2015-11-04 10:49 - 00002068 _____ C:\windows\System32\Tasks\IDA{EF242085-E950-E7C0-982D-AC0CAEF9D2B1}000
2015-11-04 10:48 - 2015-11-08 15:29 - 00000392 ____H C:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
2015-11-04 10:48 - 2015-11-08 12:12 - 00000412 ____H C:\windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job
2015-11-04 10:48 - 2015-11-06 17:47 - 00000370 ____H C:\windows\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job
2015-11-04 10:48 - 2015-11-06 12:12 - 00003020 _____ C:\windows\System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000
2015-11-04 10:48 - 2015-11-04 10:48 - 00003122 _____ C:\windows\System32\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000
2015-11-04 10:47 - 2015-11-04 10:47 - 00002882 _____ C:\windows\System32\Tasks\Maint
2015-11-03 22:35 - 2015-11-03 22:35 - 00000000 ____D C:\Users\elhamzaf\AppData\Roaming\LibreOffice
2015-11-03 22:34 - 2015-11-03 22:34 - 00001532 _____ C:\Users\Public\Desktop\LibreOffice 4.4.lnk
2015-11-03 22:34 - 2015-11-03 22:34 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4
2015-11-03 22:33 - 2015-11-03 22:34 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2015-11-03 12:12 - 2015-11-08 15:26 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-11-03 12:12 - 2015-11-03 12:18 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-10-28 20:08 - 2015-10-28 20:08 - 00002755 _____ C:\Users\Public\Desktop\ myITsupport.lnk
2015-10-28 20:08 - 2015-10-28 20:08 - 00002755 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ myITsupport.lnk
2015-10-28 20:08 - 2015-10-28 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myITsupportIcon
2015-10-28 20:08 - 2015-10-28 20:08 - 00000000 ____D C:\Program Files (x86)\myITsupportE
2015-10-28 11:11 - 2015-10-28 11:21 - 00000000 ____D C:\Users\elhamzaf\Desktop\Business
2015-10-27 13:22 - 2015-10-27 13:22 - 00000649 _____ C:\Users\elhamzaf\Desktop\Bitcoin Core (64-bit).lnk
2015-10-27 13:01 - 2015-10-27 13:01 - 00000758 _____ C:\Users\elhamzaf\Desktop\Orga.lnk
2015-10-27 13:00 - 2015-10-27 13:03 - 00000000 ____D C:\Arbeit
2015-10-27 12:07 - 2015-10-27 12:07 - 00002165 _____ C:\Users\elhamzaf\Desktop\BitMinter Client.lnk
2015-10-27 12:07 - 2015-10-27 12:07 - 00000000 ____D C:\Users\elhamzaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitMinter
2015-10-26 14:51 - 2015-10-26 14:51 - 00002471 _____ C:\Users\elhamzaf\Desktop\Marquee.lnk
2015-10-26 14:36 - 2015-10-26 14:36 - 00000422 _____ C:\Users\elhamzaf\Desktop\AIC Global Admin.appref-ms
2015-10-25 15:31 - 2015-11-07 19:33 - 00000000 ____D C:\Outlook Ordner
2015-10-23 23:14 - 2015-10-23 23:16 - 00000000 ____D C:\bitcoin
2015-10-23 23:14 - 2015-10-23 23:14 - 00000000 ____D C:\Users\elhamzaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin Core
2015-10-18 20:31 - 2015-11-06 17:45 - 00000847 _____ C:\Users\elhamzaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2015-10-18 20:31 - 2015-11-06 17:45 - 00000799 _____ C:\Users\elhamzaf\Desktop\Tor.lnk
2015-10-18 20:30 - 2015-11-06 17:45 - 00000000 ____D C:\Users\elhamzaf\Desktop\Tor Browser
2015-10-18 09:27 - 2015-10-18 09:27 - 01204080 _____ C:\windows\Minidump\101815-21091-01.dmp
2015-10-16 08:35 - 2015-10-16 08:35 - 00000000 _____ C:\Users\elhamzaf\AppData\Local\{24500F75-2570-4221-A876-69D5590A1198}
2015-10-14 08:18 - 2015-10-14 08:18 - 00000023 _____ C:\invalid.txt
2015-10-09 12:20 - 2015-02-24 16:55 - 00108344 _____ (Juniper Networks, Inc.) C:\windows\system32\Drivers\jnprTdi_808_53815.sys
2015-10-09 12:20 - 2015-02-24 13:50 - 00507192 _____ (Juniper Networks) C:\windows\system32\Drivers\jnprns.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-08 16:20 - 2015-07-28 14:58 - 01230574 _____ C:\windows\system32\perfh007.dat
2015-11-08 16:20 - 2015-07-28 14:58 - 00339842 _____ C:\windows\system32\perfc007.dat
2015-11-08 16:20 - 2009-07-14 05:13 - 00006742 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-08 16:15 - 2009-07-14 04:51 - 00163994 _____ C:\windows\setupact.log
2015-11-08 16:15 - 2009-07-14 03:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-11-08 16:13 - 2014-09-24 15:59 - 01751817 _____ C:\windows\WindowsUpdate.log
2015-11-08 16:13 - 2009-07-14 04:45 - 00019328 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-08 16:13 - 2009-07-14 04:45 - 00019328 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-08 16:00 - 2014-10-13 15:31 - 00000308 _____ C:\windows\Tasks\pcpm-collector.job
2015-11-08 15:19 - 2014-12-11 23:14 - 00001068 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-08 14:30 - 2014-10-13 15:31 - 00000314 _____ C:\windows\Tasks\pcpm-consolidator.job
2015-11-08 13:49 - 2015-04-21 20:08 - 00000000 ____D C:\Users\elhamzaf\Desktop\FUN
2015-11-08 13:27 - 2015-02-03 17:54 - 00001970 _____ C:\windows\SysWOW64\QosServ.log
2015-11-08 13:27 - 2014-12-11 23:14 - 00001064 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-08 13:26 - 2014-12-11 18:06 - 00000000 ____D C:\Program Files (x86)\PC Backup
2015-11-08 13:26 - 2009-07-14 05:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-07 19:33 - 2015-05-04 21:01 - 33276928 _____ C:\Users\elhamzaf\Documents\Meine Outlook bis 102015 .pst
2015-11-07 19:20 - 2014-12-22 11:04 - 00000000 ____D C:\Users\elhamzaf\AppData\Local\CrashDumps
2015-11-07 19:13 - 2014-11-10 14:15 - 00000000 ____D C:\windows\system32\appmgmt
2015-11-07 19:02 - 2014-09-24 15:26 - 00000290 _____ C:\windows\Tasks\Maint.job
2015-11-06 17:46 - 2010-11-21 03:47 - 00217854 _____ C:\windows\PFRO.log
2015-11-06 17:45 - 2015-03-07 16:56 - 00000000 ____D C:\Users\elhamzaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JonDoFox
2015-11-06 17:45 - 2014-12-11 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-06 17:44 - 2015-03-03 14:23 - 00000000 ____D C:\Quarantine
2015-11-06 00:10 - 2014-12-29 10:15 - 00000000 ____D C:\Program Files\Samsung
2015-11-06 00:10 - 2014-12-23 09:33 - 00000000 ____D C:\Program Files (x86)\Opera
2015-11-06 00:09 - 2015-02-11 09:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-06 00:01 - 2015-09-17 22:37 - 00000000 ____D C:\Program Files\CyberGhost 5
2015-11-05 23:58 - 2014-12-11 23:14 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-05 23:55 - 2014-12-14 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirDroid
2015-11-05 23:01 - 2014-05-21 13:42 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-05 18:16 - 2014-12-11 17:55 - 00029970 __RSH C:\Users\elhamzaf\ntuser.pol
2015-11-05 18:16 - 2014-12-11 17:08 - 00000000 ____D C:\Users\elhamzaf
2015-11-05 18:16 - 2014-12-11 17:04 - 00003304 _____ C:\windows\system32\config\netlogon.ftl
2015-11-05 18:16 - 2014-05-21 13:29 - 00123728 __RSH C:\ProgramData\ntuser.pol
2015-11-05 16:05 - 2014-05-21 14:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-04 15:00 - 2014-12-13 13:23 - 00003322 _____ C:\windows\System32\Tasks\Smart Client
2015-11-04 10:48 - 2014-10-13 15:31 - 00002906 _____ C:\windows\System32\Tasks\pcpm-consolidator
2015-11-04 10:47 - 2014-12-11 17:08 - 00134984 _____ C:\Users\elhamzaf\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-04 10:47 - 2014-10-13 15:31 - 00003244 _____ C:\windows\System32\Tasks\pcpm-collector
2015-11-04 10:47 - 2014-10-10 17:46 - 00000000 ____D C:\windows\SmartClient
2015-11-04 10:46 - 2014-05-21 12:41 - 00000000 ____D C:\ProgramData\Time Service
2015-11-04 10:46 - 2009-07-14 04:45 - 00569888 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-03 12:17 - 2014-05-21 12:42 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-03 12:17 - 2014-05-21 12:42 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-01 20:39 - 2015-02-21 16:41 - 00000000 ____D C:\Users\elhamzaf\Documents\Simple Sticky Notes
2015-11-01 14:38 - 2015-06-25 11:28 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-28 20:08 - 2014-05-21 10:32 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-10-26 15:28 - 2015-02-21 19:28 - 750288332 _____ C:\windows\MEMORY.DMP
2015-10-26 15:28 - 2014-10-13 15:26 - 00000000 ____D C:\windows\Minidump
2015-10-26 15:01 - 2015-01-27 14:43 - 00000059 _____ C:\windows\cvterm.ini
2015-10-26 14:43 - 2015-01-11 15:49 - 00000000 ____D C:\Users\elhamzaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2015-10-26 14:36 - 2014-12-11 23:13 - 00000000 ____D C:\Users\elhamzaf\AppData\Local\Deployment
2015-10-25 15:37 - 2015-05-26 20:29 - 00000000 ____D C:\Users\elhamzaf\Documents\Outlook Files
2015-10-25 15:37 - 2014-12-10 21:35 - 3756467200 _____ C:\Users\elhamzaf\Documents\Meine Outlook.pst
2015-10-25 11:21 - 2014-05-21 11:30 - 01612450 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2015-10-19 10:08 - 2014-12-15 18:05 - 00000000 ____D C:\Program Files (x86)\Avaya
2015-10-19 10:08 - 2014-12-11 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avaya
2015-10-16 12:32 - 2015-05-16 16:24 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-10-16 12:32 - 2015-05-16 16:09 - 00002055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-10-16 08:37 - 2014-12-11 18:10 - 00000000 ____D C:\windows\HPLogin
2015-10-09 12:18 - 2014-09-24 23:38 - 00000000 ____D C:\Temp
2015-10-09 12:16 - 2014-06-20 12:11 - 00000000 ____D C:\HP
==================== Files in the root of some directories =======
2014-12-11 18:06 - 2014-12-11 18:06 - 0000000 _____ () C:\Program Files (x86)\PC BackupHPSetup.log
2014-12-11 22:25 - 2014-12-11 22:25 - 0000179 _____ () C:\Users\elhamzaf\AppData\Roaming\HP_BITLOCKER_BACKUP2AD.txt
2015-05-25 08:45 - 2015-05-30 17:00 - 0000600 _____ () C:\Users\elhamzaf\AppData\Local\PUTTY.RND
2014-12-11 22:29 - 2014-12-11 22:29 - 0007600 _____ () C:\Users\elhamzaf\AppData\Local\Resmon.ResmonCfg
2015-10-16 08:35 - 2015-10-16 08:35 - 0000000 _____ () C:\Users\elhamzaf\AppData\Local\{24500F75-2570-4221-A876-69D5590A1198}
2015-05-26 09:18 - 2015-05-26 09:18 - 0000000 _____ () C:\Users\elhamzaf\AppData\Local\{E955198A-C33C-41FA-89C6-F89D5AA0A015}
2015-06-10 08:08 - 2015-06-10 08:08 - 0000057 _____ () C:\ProgramData\Ament.ini
Files to move or delete:
====================
C:\Users\Default\create_shortcut.vbs
C:\Users\Default\reg_off2k7.vbs
C:\Users\Default\set_theme.vbs
C:\Users\Default\ThemeTool.exe
Some files in TEMP:
====================
C:\Users\hpadmin\AppData\Local\Temp\CpqMC.dll
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-06 20:06
==================== End of FRST.txt ============================
--- --- ---
--- --- ---
--- --- --- |
FRST 32-Bit | FRST 64-Bit
So funktioniert es: