Processorgebruik steeds weer 100% maar geheugen geeft proces met max 300.824KB aan

Start OTL opnieuw op met adninistratotorrechetn.

In het venster in het hokje genaamd Processes (onder de Fix - knop) zet je de instelling van "Use safe list" naar "All".

Klik vervolgens links boven op de knop "Run Scan" en post vervolgens de inhoud van de scan.

OTL logfile created on: 25-8-2015 19:35:48 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JM\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17959)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

2,75 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 60,33% Memory free
5,49 Gb Paging File | 4,10 Gb Available in Paging File | 74,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,48 Gb Total Space | 46,69 Gb Free Space | 47,90% Space Free | Partition Type: NTFS
Drive D: | 200,51 Gb Total Space | 73,49 Gb Free Space | 36,65% Space Free | Partition Type: NTFS
Drive E: | 1,95 Gb Total Space | 0,23 Gb Free Space | 11,67% Space Free | Partition Type: FAT

Computer Name: JM-PC | User Name: JM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (All) ==========

PRC - File not found --
PRC - [2015-08-17 18:42:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JM\Desktop\OTL.exe
PRC - [2015-07-21 02:12:30 | 000,815,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2015-06-02 16:09:50 | 005,515,496 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2015-06-02 16:08:40 | 000,343,336 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011-04-07 14:23:34 | 002,672,600 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2011-01-24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
PRC - [2010-08-11 03:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010-07-27 14:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010-06-29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010-06-09 18:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010-01-29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010-01-08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe


========== Modules (No Company Name) ==========

MOD - [2015-06-02 16:08:42 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015-06-02 16:08:41 | 000,104,400 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015-06-02 16:08:40 | 000,081,728 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2010-06-09 18:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Services (SafeList) ==========

SRV:64bit: - [2015-07-16 22:21:50 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015-06-02 16:08:40 | 000,343,336 | ---- | M] (Avast Software s.r.o.) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2015-05-25 20:19:13 | 001,255,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2013-05-27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010-06-11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010-01-29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2010-01-22 19:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2015-06-18 08:39:50 | 001,133,880 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014-04-11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014-03-21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2011-01-24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2010-08-11 03:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010-06-29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010-01-08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2015-06-27 11:29:39 | 000,442,264 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2015-06-18 08:41:56 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2015-06-18 08:41:40 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2015-06-02 16:08:43 | 000,272,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2015-06-02 16:08:43 | 000,137,288 | ---- | M] (Avast Software s.r.o.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2015-06-02 16:08:43 | 000,093,528 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2015-06-02 16:08:43 | 000,089,944 | ---- | M] (Avast Software s.r.o.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2015-06-02 16:08:43 | 000,065,736 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2015-06-02 16:08:43 | 000,029,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2015-06-02 16:08:36 | 001,047,320 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013-10-02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012-08-23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-01-17 09:09:58 | 000,334,976 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2011-01-17 08:11:12 | 000,179,976 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctplfw64.sys -- (pctplfw)
DRV:64bit: - [2011-01-12 10:35:40 | 000,119,688 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys -- (PCTFW-PacketFilter)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-08-25 03:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010-07-21 03:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010-07-08 08:49:08 | 000,079,000 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctNdis64.sys -- (pctNdisMP)
DRV:64bit: - [2010-07-08 08:49:08 | 000,079,000 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pctNdis64.sys -- (pctNdis)
DRV:64bit: - [2010-06-04 13:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010-01-22 19:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010-01-22 18:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009-10-19 14:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009-09-30 19:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009-09-18 06:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009-08-24 03:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009-06-10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009-05-06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\JM\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Old Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/
IE - HKCU\..\SearchScopes,DefaultScope = {5E95FE57-C9AB-4142-BF35-9BB59E2BCA99}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5E95FE57-C9AB-4142-BF35-9BB59E2BCA99}: "URL" = http://www.google.nl/search?hl=nl&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "NL"
FF - prefs.js..browser.search.hiddenOneOffs: "Bing,bol.com,DuckDuckGo,Marktplaats.nl,Wikipedia (nl)"
FF - prefs.js..browser.search.region: "NL"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "https://www.google.nl/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:40.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2015-06-02 14:31:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2015-06-02 14:31:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-02 16:08:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 40.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 40.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2015-06-07 11:03:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JM\AppData\Roaming\mozilla\Extensions
[2015-06-07 11:02:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015-08-16 16:47:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2015-08-15 19:44:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (Avast Software s.r.o.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (Avast Software s.r.o.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_18_0_0_160_ActiveX.exe -update activex File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254 195.241.77.55 195.241.77.58
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C15E80B5-3E39-4DFA-A310-C7439DB78ACC}: DhcpNameServer = 192.168.2.254 195.241.77.55 195.241.77.58
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015-08-23 13:15:11 | 000,124,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2015-08-23 13:15:11 | 000,103,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2015-08-23 12:57:37 | 005,568,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015-08-23 12:57:37 | 003,934,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015-08-23 12:57:37 | 001,730,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2015-08-23 12:57:37 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2015-08-23 12:57:35 | 003,989,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015-08-23 12:57:34 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2015-08-23 12:57:34 | 001,216,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2015-08-23 12:57:34 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015-08-23 12:57:34 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2015-08-23 12:57:34 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2015-08-23 12:57:34 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015-08-23 12:57:34 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2015-08-23 12:57:34 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2015-08-23 12:57:34 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2015-08-23 12:57:33 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2015-08-23 12:57:33 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2015-08-23 12:57:33 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2015-08-23 12:57:33 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2015-08-23 12:57:33 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2015-08-23 12:57:33 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015-08-23 12:57:33 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2015-08-23 12:57:33 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2015-08-23 12:57:33 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2015-08-23 12:57:33 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2015-08-23 12:57:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2015-08-23 12:57:33 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2015-08-23 12:57:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2015-08-23 12:57:33 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmmsp.dll
[2015-08-23 12:57:32 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2015-08-23 12:57:32 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2015-08-23 12:57:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2015-08-23 12:57:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2015-08-23 12:57:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2015-08-23 12:57:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2015-08-23 12:57:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2015-08-23 12:57:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2015-08-23 12:57:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2015-08-23 12:57:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2015-08-23 12:57:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2015-08-23 12:57:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2015-08-23 12:57:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2015-08-23 12:57:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2015-08-23 12:57:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2015-08-23 12:57:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2015-08-23 12:57:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2015-08-23 12:57:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2015-08-23 12:57:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2015-08-23 12:57:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2015-08-23 12:57:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2015-08-23 12:57:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2015-08-23 12:57:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2015-08-23 12:57:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2015-08-23 12:57:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2015-08-23 12:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2015-08-23 12:57:31 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2015-08-23 12:57:31 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2015-08-23 12:57:31 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2015-08-23 12:57:31 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2015-08-23 12:53:00 | 007,077,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2015-08-23 12:53:00 | 000,429,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2015-08-23 12:52:59 | 006,131,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2015-08-23 12:52:58 | 001,057,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdvidcrl.dll
[2015-08-23 12:52:58 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdvidcrl.dll
[2015-08-23 12:52:58 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2015-08-23 12:52:58 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2015-08-23 12:52:55 | 001,148,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2015-08-23 12:52:55 | 001,116,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2015-08-23 12:52:55 | 000,774,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2015-08-23 12:52:55 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2015-08-23 12:52:55 | 000,437,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2015-08-23 12:52:55 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2015-08-23 12:52:54 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2015-08-23 12:52:53 | 000,017,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CompatTelRunner.exe
[2015-08-23 12:52:52 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015-08-23 12:52:52 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015-08-23 12:52:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015-08-23 12:52:52 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015-08-23 12:52:52 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015-08-23 12:52:50 | 000,720,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015-08-23 12:52:50 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015-08-23 12:52:50 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015-08-23 12:52:50 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015-08-23 12:52:48 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015-08-23 12:52:48 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015-08-23 12:52:48 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015-08-23 12:52:47 | 000,664,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2015-08-23 12:52:47 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015-08-23 12:52:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015-08-23 12:52:46 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015-08-23 12:52:46 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015-08-23 12:52:46 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015-08-23 12:52:46 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015-08-23 12:52:46 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015-08-23 12:52:45 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015-08-23 12:52:45 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015-08-23 12:52:44 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015-08-23 12:52:43 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015-08-23 12:52:43 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015-08-23 12:52:42 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2015-08-23 12:52:42 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015-08-23 12:52:42 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015-08-23 12:52:42 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015-08-23 12:52:41 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015-08-23 12:52:41 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015-08-23 12:52:40 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015-08-23 12:52:40 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2015-08-23 12:52:40 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015-08-23 12:52:39 | 005,923,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015-08-23 12:52:39 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015-08-23 12:52:38 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2015-08-23 12:52:37 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015-08-23 12:52:37 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015-08-23 12:51:16 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2015-08-23 12:50:21 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\basesrv.dll
[2015-08-23 12:49:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2015-08-23 12:49:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2015-08-23 12:49:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2015-08-23 12:49:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2015-08-23 12:49:46 | 001,648,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2015-08-23 12:49:45 | 000,372,736 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2015-08-23 12:49:45 | 000,299,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2015-08-23 12:49:43 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2015-08-23 12:49:43 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2015-08-23 12:49:43 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2015-08-23 12:49:43 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2015-08-23 12:49:43 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2015-08-23 12:49:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2015-08-23 12:49:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2015-08-23 12:46:49 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2015-08-23 12:46:04 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\notepad.exe
[2015-08-23 12:44:44 | 003,154,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2015-08-23 12:44:44 | 000,696,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2015-08-23 12:44:44 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2015-08-23 12:44:44 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2015-08-23 12:44:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2015-08-23 12:44:44 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2015-08-23 12:44:44 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2015-08-23 12:44:44 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2015-08-23 12:44:44 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2015-08-23 12:44:44 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2015-08-23 12:44:44 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2015-08-23 12:44:44 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2015-08-23 12:44:44 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2015-08-23 12:44:44 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2015-08-23 12:44:44 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2015-08-18 15:37:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2015-08-17 18:42:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JM\Desktop\OTL.exe
[2015-08-15 19:45:05 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2015-08-15 18:23:41 | 000,000,000 | ---D | C] -- C:\Users\JM\Desktop\REDUCER
[2015-08-15 15:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
[2015-08-15 15:20:06 | 000,000,000 | ---D | C] -- C:\ProgramData\9-lab
[2015-08-15 15:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\9-lab
[2015-08-05 16:20:52 | 003,180,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2015-08-05 16:20:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2015-08-05 16:20:51 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2015-08-05 16:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\mquadr.at
[2015-08-05 16:11:51 | 000,648,656 | ---- | C] (/n software inc. - www.nsoftware.com) -- C:\Windows\SysWow64\ipworks6.dll
[2015-08-05 16:11:51 | 000,279,040 | ---- | C] (Nicomsoft Ltd.) -- C:\Windows\SysNative\WiFiMan.dll
[2015-08-05 16:11:51 | 000,238,592 | ---- | C] (Nicomsoft Ltd.) -- C:\Windows\SysWow64\WiFiMan.dll
[2015-08-05 16:11:51 | 000,073,184 | ---- | C] (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) -- C:\Windows\SysWow64\SSDPDiscovery.dll
[2015-08-05 16:11:47 | 000,000,000 | ---D | C] -- C:\Users\JM\AppData\Local\KPN
[2015-08-02 13:54:34 | 000,000,000 | ---D | C] -- C:\Users\JM\Desktop\ENECO

========== Files - Modified Within 30 Days ==========

[2015-08-25 18:43:18 | 000,160,694 | ---- | M] () -- C:\Users\JM\Desktop\k
[2015-08-25 11:58:20 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015-08-25 11:58:20 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015-08-25 11:49:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015-08-25 11:49:39 | 2213,154,816 | -HS- | M] () -- C:\hiberfil.sys
[2015-08-23 13:33:14 | 000,407,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015-08-23 10:43:42 | 000,113,880 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015-08-20 15:01:05 | 001,668,596 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015-08-20 15:01:05 | 000,745,258 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2015-08-20 15:01:05 | 000,653,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015-08-20 15:01:05 | 000,153,178 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2015-08-20 15:01:05 | 000,121,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015-08-19 23:02:36 | 000,407,607 | ---- | M] () -- C:\Users\JM\Desktop\781284_pb_01.jpg
[2015-08-17 18:42:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JM\Desktop\OTL.exe
[2015-08-15 19:44:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2015-08-15 13:23:48 | 000,778,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015-08-15 13:23:48 | 000,142,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015-08-12 15:19:03 | 000,003,584 | ---- | M] () -- C:\Users\JM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2015-08-05 18:30:14 | 267,402,344 | ---- | M] () -- C:\Users\JM\Desktop\Adam 13 (278.32) (1).mp3
[2015-08-05 16:28:02 | 000,007,602 | ---- | M] () -- C:\Users\JM\AppData\Local\Resmon.ResmonCfg
[2015-07-30 20:06:57 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2015-07-30 20:06:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2015-07-30 20:06:42 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2015-07-30 20:06:39 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2015-07-30 20:06:35 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2015-07-30 20:06:34 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2015-07-30 19:57:08 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2015-07-30 19:57:02 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2015-07-30 18:52:53 | 000,372,736 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2015-07-30 18:49:55 | 000,299,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2015-07-30 15:13:38 | 000,103,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2015-07-30 15:13:11 | 000,124,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2015-07-28 22:09:44 | 000,017,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\CompatTelRunner.exe
[2015-07-28 22:05:53 | 000,774,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2015-07-28 22:05:50 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2015-07-28 22:05:47 | 000,437,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2015-07-28 22:05:45 | 001,116,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2015-07-28 22:05:44 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2015-07-28 22:05:44 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2015-07-28 21:55:14 | 001,148,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll

========== Files Created - No Company Name ==========

[2015-08-25 18:43:18 | 000,160,694 | ---- | C] () -- C:\Users\JM\Desktop\k
[2015-08-19 23:02:36 | 000,407,607 | ---- | C] () -- C:\Users\JM\Desktop\781284_pb_01.jpg
[2015-08-12 15:19:03 | 000,003,584 | ---- | C] () -- C:\Users\JM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2015-08-05 18:27:48 | 267,402,344 | ---- | C] () -- C:\Users\JM\Desktop\Adam (278.32) (1).mp3
[2015-08-05 16:28:02 | 000,007,602 | ---- | C] () -- C:\Users\JM\AppData\Local\Resmon.ResmonCfg
[2015-06-24 21:16:55 | 001,643,448 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015-06-11 21:04:25 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-JM-PC-Windows-7-Home-Premium-(64-bit).dat
[2015-06-02 23:59:06 | 000,000,267 | ---- | C] () -- C:\Windows\LaunApp.ini
[2015-06-02 23:53:22 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2015-06-02 23:52:32 | 000,001,601 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2015-06-02 14:29:02 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2015-06-02 14:29:02 | 000,051,712 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe
[2015-06-02 14:29:02 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2015-06-02 14:29:02 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2015-06-02 14:20:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010-09-21 20:54:08 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015-07-10 19:51:25 | 014,177,280 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015-07-10 19:34:07 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C31F31E6

< End of report >

Verwijder volgende programma's:
Acer Updater
\Acer Registration

Ga daarvoor naar Start Configuratiescherm Programma's en onderdelen

Acer registration kon ik via programma en onderdelen verwijderen.
Acer updater stond er niet bij.
In verkenner heb ik die gezocht en de gehele map verwijderd. Was dat goed.....? De toepassingen die erin stonden: Alu notify, Systemlook en SD heb ik ook verwijderd. (heb ik nog wel even in mn prullenbak laten staan overigens)
Het netbook heb ik daarna opnieuw opgestart en na een half uur is het processorgebruik nog niet op 100% geweest. Op dit moment is hij 18%. Erg prettig werken zo.

Klik de volgende keer met rechts op dat proces en kies dan bestandslocatie openenen.

Laat weten welk bestand het dan is en in welke map het zit.

Dat zal ik doen. Maar volgens mij is dat vervelende proces weg. Ik zie hem niet meer op 100% staan.
Nog wel een vraagje: Weet jij waar TrackerUpdate vandaan komt? Ik zie hem sinds ik enkele maanden geleden windows opnieuw erop zette. Het berichtje dat trackerupdate bezig is komt regelmatig rechtsonder in een pop-upje tevoorschijn. Ik klik dan op annuleren als dat kan. Als ik kijk bij systeempictogrammen (via aanpassen rechtsonder dus) dat staat die TrackerUpdate daar. Ik kan niets eraan aanpassen ofzo. Als ik via verkenner zoek vind ik hem niet.

Heb jij onlangs een nieuw programma genstalleerd - die TrackerUpdate komt in geen enkel log voor.

Nee niet gedaan. En het is er al sinds ik de windows opnieuw erop zette. De laatste 2 weken ofzo krijg ik trouwens deze pop-up, zie foto.
Ik klik dan op annuleren dus.

Die Tracker Update heeft vermoedelijk te maken met torrents.
Stel jij zelf bestanden beschikbaar voor Torrents?

Update, ik weet het het al.

Voldoe aan het gegeven om de Tracker Update te upgraden.
Die updater hangt samen met de PDF-reader die jij gebruikt: PDF-XChange Editor - die is van Tracker Software.

Ook voor niet Adobe Reader PDF readers is het belangrijk dat deze up to date worden gehouden.

Weet dat de Locker chantage virussen heel vaak via e-mail met PDF-aanhang worden genstalleerd, doordat ontvangers denken het met een legitieme mail vandoen hebben of gewoon nieuwsgierig zijn.

Oooh bedankt voor jouw update! Ik ga hem updaten al ie weer pop-upt.

Ik open net pdf xchange editor en de pop-up is er weer. Klopt helemaal dus!

Dat is dan ook weer opgelost.
Verder nog vragen of opmerkingen?

Neehoor, ik ben helemaal tevreden. Zijn we er tch uitgekomen.
Dank voor je hulp Abraham!

Klik OTL open en klik dan in het menu op de knop CleanUp - dan worden de laatste grebruikte tools inclusief OTL verwijderd.

Ook nog een tip om Windows nog veiliger te maken:

Download Enhanced Mitigation Experience Toolkit 5.2

Instaleer EMET 5.2 en stel de instelling op "Recommended settings"
Na de installatie vind je EMET 5.2 in Start/Alle programma's/Enhanced Mitigation Experience Toolkit - ook in de systray zie je nu het EMET-symbool.



Omschrijving:
Microsoft heeft een update voor de gratis Enhanced Mitigation Experience Toolkit (EMET) uitgebracht om computers extra te beveiligen. EMET fungeert als een extra beschermingslaag voor Windows en genstalleerde applicaties, wat het lastiger voor een aanvaller moet maken om lekken te misbruiken.

In EMET 5.2 zijn verschillende verbeteringen en bugfixes doorgevoerd en compatibiliteitsproblemen opgelost. Zo zijn bepaalde beveiligingsmaatregelen extra beveiligd om ze meer bestand tegen aanvallen te maken. Ook zou EMET nu beter moeten werken met Internet Explorer, Adobe Reader, Adobe Flash Player en Mozilla Firefox doordat verschillende compatibiliteitsproblemen tussen deze programma's en de beveiligingsmaatregelen van EMET tot het verleden behoren.

Microsoft roept met name gebruikers van IE11 op Windows 7 en Windows 8.1 op die EMET 5.0 gebruiken om naar EMET 5.2 te upgraden, aangezien er compatibiliteitsproblemen zijn ontdekt met de beveiligingsupdates die vanavond zullen uitkomen en een bepaalde beveiligingsmaatregel van EMET. Verder is de standaard beveiligingsconfiguratie voor Google Chrome en Oracle Java 8 aangescherpt en is het mogelijk om geheugendumps in het geval van een aanval lokaal op te slaan

Bron: Microsoft beschermt Windows met EMET 5.1

Desalniettemin kunnen Windows 7 gebruikers (uit o.a. eigen ondervinding) alsnog bemerken dat IE het niet meer wil doen.
Open dan vervolgens EMET en klik op APS.
Haal vervolgens bij IE onder EAF het vinkje weg en klik op OK.

Ik heb EMET genstalleerd. Ik hoef verder dus niets aan de instellingen te veranderen?

In principe niet inderdaad.

Oke eens kijken.
Had een beetje het idee dat er iets vertraagd in mijn netbook nu ik dit erop heb staan. Dat IE hapert ofzo.
Andere vraag: Ik zou het liefst Mozilla altijd gebruiken omdat ik het idee heb dat die veiliger is dan IE. Maar Mozilla heeft een veel hoger processor/geheugengebruik dan IE zie ik altijd. Kan ik dat niet aanpassen?

Firefox heeft inderdaad een grotere voetafdruk dan IE.

Daar is weinig tot niks aan te doen.
In mijn Windows 7 (Lenovo T530/Intel IvyiBridge i5/16GB werkgeheugen/momenteel 50 processen/Firefox: 585.324kB (10 tabs open)

Zojuist (na paar dagen niet gebruikt) netbook weer aan gezet. 3 tabs Firefox open en 282 of 382 (twijfel even nu) KB. Dus vrij veel.
Daarnaast bleef het processorgebruik weer lang op 100% staan en hostproces voor windowsservices (Acer-windows - system32 -svchost) is hier voor verantwoordelijk. Als ik die sluit keldert het processorgebruik enorm. Er stonden 2 svchost processen bovenaan, 150KB en 85 KB. Dit lijkt toch niet zo hoog. Maar toch. 100% dus.
Even later kwam hij weer met deze 2 processen op 100% te staan en IE opende erg langzaam toen. IE is maar 32 KB, wt een verschil met Firefox he.
Weet je nog iets te doen een de Svchost?

Download Farbar Recovery Scan Tool 32 of 64 bit van n van de onderstaande links
Farbar Recovery Scan Tool 32 bit (x86)
Farbar Recovery Scan Tool 64 bit (x64)
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen!
Opmerkingen: Alle openstaande programma's en webpagina's dienen afgesloten te zijn.

Antivirusprogramma en actieve malwarescanners dienen al voor je FRST.exe start gedeaktiveert zijn!
Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

FRST opstarten:

• Windows 2000 en Windows XP: dubbelklik op FRST.exe.
• Windows Vista, Windows 7 en Windows 8: via rechtsklik op FRST.exe of FRST64.exe en kies voor "Als Administrator uitvoeren".

FRST start op:

• Wanneer het programma is geopend klik dan op de knop Yes bij de disclaimer.
• Druk vervolgens op de Scan knop.
• Aansluitend zal een logbestand (FRST.txt) en de Add-on-txt aangemaakt worden en op het bureaublad opgeslagen worden.
• Post de inhoud van beide logs in jouw volgende bericht

.