| |
| |||||||
Log-Analyse und Auswertung: Abstürze und Probleme mit Netzerkkonnektivität bei Outlook, Internet Explorer und ChromeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.08.2013, 23:23
| #1 |
| |  Abstürze und Probleme mit Netzerkkonnektivität bei Outlook, Internet Explorer und Chrome Hallo, folgendes tut sich auf meinem Computer: Outlook hängt beim Senden/Empfangen. Es lässt sich beim Starten, wo das automatisch passiert, noch 1x durchführen danach hängt das Sende/Empfange Fenster. Ich kann dann noch arbeiten aber nicht mehr senden oder empfangen. Beenden lässt sich Outlook dann nur noch über den Taskmanager. (In der Praxis heißt das, dass ich beim Starten von Outlook E-Mails empfangen kann. Schreibe ich eine Antwort, muss ich diese als Entwurf speichern, senden und Outlook über den Taskmanager schließen. Danach starte ich Outlook und Senden/Empfangen funktioniert genau 1x, meine E-Mail ist dann im Postausgang und geht raus. Danach ist wieder nichts mit Senden/Empfangen. Dies betrifft mehrere E-Mails-Konten die eingerichtet sind, genauer gesagt alle. Internet Explorer und Chrome (exakter: Comodo Dragon) laden sporadisch Webseiten. Mal geht es und dann wieder nicht. Internet Explorer hat Probleme beim Download von Dateien: "Smartscreen-Filter kann nicht erreicht warden. Mein dritter Browser, Firefox (exakter: Comodo Dragon), funktioniert immer fehlerfrei. Auch andere Programme wie Skype funktionieren normal. Das Ganze geht seit 1-2 Wochen so. Ich habe Comodo Internet Security und AVG Antivirus deinstalliert und Avira installiert. Leider ohne Wirkung. Mein System: Windows 8 Pro mit Media Center x64 build 6.2.9200 Office 2010 (Outlook 2010) Was könnte das sein? Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2013 02
Ran by *replaced* at 2013-08-22 22:28:45
Running from C:\Users\*replaced*\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
µTorrent (x32 Version: 3.2.0)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
aptics Pointing Device Driver (Version: 15.2.20.0)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
Babylon (x32)
CameraHelperMsi (x32 Version: 13.51.815.0)
Canon MG5200 series MP Drivers
Command & Conquer™ Red Alert™ 3 Uprising (x32 Version: 1.0.1.0)
Comodo Dragon (x32 Version: 28.1.0.0)
Comodo IceDragon (x32 Version: 22.0.0.1)
CrystalDiskInfo 5.4.2 Shizuku Edition (x32 Version: 5.4.2)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
EMET 4.0 (x32 Version: 4.0)
erLT (x32 Version: 1.20.138.34)
Foxit Reader (x32 Version: 6.0.6.722)
GO Contact Sync Mod (x32 Version: 3.5.24)
Google Drive (x32 Version: 1.11.4865.2530)
Google Talk Plugin (x32 Version: 4.4.2.14502)
Google Update Helper (x32 Version: 1.3.21.153)
inSSIDer 3 (x32 Version: 3.0.7.48)
ISO Recorder (Version: 3.1.0)
Logitech Webcam Software (x32 Version: 2.80)
LWS Facebook (x32 Version: 13.50.854.0)
LWS Gallery (x32 Version: 13.51.827.0)
LWS Help_main (x32 Version: 13.51.828.0)
LWS Launcher (x32 Version: 13.51.828.0)
LWS Motion Detection (x32 Version: 13.51.815.0)
LWS Pictures And Video (x32 Version: 13.51.815.0)
LWS Twitter (x32 Version: 13.30.1346.0)
LWS Webcam Software (x32 Version: 13.51.815.0)
LWS WLM Plugin (x32 Version: 1.30.1201.0)
LWS YouTube Plugin (x32 Version: 13.31.1038.0)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Expression Encoder 4 (x32 Version: 4.0.4276.0)
Microsoft Expression Encoder 4 Screen Capture Codec (x32 Version: 4.0.4276.0)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office IME (Chinese (Simplified)) 2010 (Version: 14.0.7015.1000)
Microsoft Office IME (Chinese (Simplified)) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office IME (Chinese (Traditional)) 2010 (Version: 14.0.7015.1000)
Microsoft Office IME (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office IME (Japanese) 2010 (Version: 14.0.7015.1000)
Microsoft Office IME (Japanese) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office IME (Korean) 2010 (Version: 14.0.7015.1000)
Microsoft Office IME (Korean) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Arabic) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Basque) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Bulgarian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Catalan) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Chinese (Simplified)) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Croatian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Czech) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Danish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Dutch) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Estonian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Finnish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Galician) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Greek) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Gujarati) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Hebrew) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Hindi) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Hungarian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Japanese) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Kannada) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Kazakh) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Korean) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Latvian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Lithuanian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Marathi) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Norwegian (Bokmål)) 2010 (x32 Version: 14.0.4999.1028)
Microsoft Office Proof (Norwegian (Nynorsk)) 2010 (x32 Version: 14.0.4999.1028)
Microsoft Office Proof (Polish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Portuguese (Portugal)) 2010 (x32 Version: 14.0.4999.1028)
Microsoft Office Proof (Punjabi) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Romanian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Russian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Serbian (Latin)) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Slovak) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Slovenian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Swedish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Tamil) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Telugu) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Thai) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Turkish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Ukrainian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Urdu) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing Kit 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing Tools Kit Compilation 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office ProofMUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Standard 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Visio 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Visio MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visio Premium 2010 (x32 Version: 14.0.7015.1000)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3505.0912)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
Paint.NET v3.5.11 (Version: 3.61.0)
Password Safe (x32)
Photo Common (x32 Version: 16.4.3505.0912)
Photo Gallery (x32 Version: 16.4.3505.0912)
PrimoPDF -- brought to you by Nitro PDF Software (x32 Version: 5)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6873)
Secunia PSI (3.0.0.4001) (x32 Version: 3.0.0.4001)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Skype™ 6.6 (x32 Version: 6.6.106)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
Trillian (x32)
TrueCrypt (x32 Version: 7.1a)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.7 (Version: 2.0.7)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
==================== Restore Points =========================
18-08-2013 13:14:48 Installed GO Contact Sync Mod
22-08-2013 20:04:25 Installed EMET 4.0
==================== Hosts content: ==========================
2012-07-26 07:26 - 2013-01-08 18:11 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0D01A56C-8C2D-4B7B-8495-4B9A146E7E87} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30] (Google Inc.)
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {15D71C0A-BAAD-4C57-A9A3-D9E32B577149} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1976D235-F62E-4255-B0A2-F5C565C83DFE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30] (Google Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {260F3BE6-6062-4B46-B269-8F1BBA899446} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2012-07-26] (Microsoft Corporation)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {3D160C00-B9D2-4E89-A950-B135FB9A0820} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {3F76D881-ADC7-42B2-902D-708643302A91} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-12] (Adobe Systems Incorporated)
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {491B4BCC-39A6-49C4-B411-D62377D6CDBB} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {8F201B27-5AD4-4334-9200-FBD83AC0AECB} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
Task: {9138166D-6253-4A11-8ED4-18471B313B93} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A06967D4-A4A9-4ACA-8931-CBB3B1D072C3} - System32\Tasks\{A61BBC38-7D3F-4ADC-ACA0-3A225A608B5B} => c:\program files\internet explorer\iexplore.exe [2013-07-26] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {A85AC938-65F4-4056-BEED-110A9A9810C2} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {BCE5C217-8F83-4F6D-AAB6-8C01B2F5E9A5} - System32\Tasks\CrystalDiskInfo => C:\Program Files (x86)\CrystalDiskInfo\DiskInfoS.exe [2013-03-06] (Crystal Dew World)
Task: {C171610F-5902-40C8-9E05-2793CBEDB09E} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {C9586687-2D98-42D3-BA0A-D9FD5FA8C13E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {CBA2CD45-976C-49D0-8F00-0FC2982E0A86} - System32\Tasks\User_Feed_Synchronization-{4E6FBDAF-E8FB-47FD-8E08-3703492983D2} => C:\Windows\system32\msfeedssync.exe [2012-07-26] (Microsoft Corporation)
Task: {CD0B4CF4-C3A3-48DE-A72D-70D76B415CAE} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3155787074-1265918781-1706113256-2647
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {D12D7EC5-DD4F-498A-8131-D12427ED71B9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3155787074-1265918781-1706113256-2647UA => C:\Users\*replaced*\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-14] (Google Inc.)
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DC83FEBE-B8A5-4284-BEFA-4A4C05F2543B} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EA1A6717-E388-4EDD-B8CC-E14162021218} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {F7FBDC99-C758-4EAC-A767-F237EBC6FC2B} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {F8640014-7B3D-418C-9EE5-E2F28C9CDFEE} - System32\Tasks\Boot into desktop => C:\Users\*replaced*\Documents\Deskboot.scf [2012-08-27] ()
Task: {FAABE651-EEF3-4773-A65E-3D619F22735E} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe No File
Task: {FAD736F0-3DF4-4296-9034-4BEEC4BFFD57} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3155787074-1265918781-1706113256-2647Core => C:\Users\*replaced*\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-14] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3155787074-1265918781-1706113256-2647Core.job => C:\Users\*replaced*\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3155787074-1265918781-1706113256-2647UA.job => C:\Users\*replaced*\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
==================== Faulty Device Manager Devices =============
Name: Agere Systems HDA Modem
Description: Agere Systems HDA Modem
Class Guid: {4d36e96d-e325-11ce-bfc1-08002be10318}
Manufacturer: Agere
Service: Modem
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/22/2013 10:26:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: *replaced*)
Description: Activation of app 13387RevolutionSoftware.SaveTheDate_ey93dt8f74erj!App failed with error: -2144927140 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/22/2013 10:24:41 PM) (Source: Application Hang) (User: )
Description: The program explorer.exe version 6.2.9200.16628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: cdc
Start Time: 01ce9f7559f87249
Termination Time: 0
Application Path: C:\Windows\explorer.exe
Report Id: de9a562b-0b68-11e3-bfd6-c417fe06ebae
Faulting package full name:
Faulting package-relative application ID:
Error: (08/22/2013 10:22:54 PM) (Source: Application Hang) (User: )
Description: The program OUTLOOK.EXE version 14.0.7012.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 128c
Start Time: 01ce9f741c702f48
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
Report Id: 9fa9b15d-0b68-11e3-bfd6-c417fe06ebae
Faulting package full name:
Faulting package-relative application ID:
Error: (08/22/2013 10:22:40 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.2.9200.16628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: e60
Start Time: 01ce9f73ec07d3d8
Termination Time: 0
Application Path: C:\Windows\Explorer.EXE
Report Id: 969c197f-0b68-11e3-bfd6-c417fe06ebae
Faulting package full name:
Faulting package-relative application ID:
Error: (08/22/2013 10:17:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: aswMBR(1).exe, version: 0.9.9.1771, time stamp: 0x5147644e
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x00051f81
Faulting process id: 0x4dc
Faulting application start time: 0xaswMBR(1).exe0
Faulting application path: aswMBR(1).exe1
Faulting module path: aswMBR(1).exe2
Report Id: aswMBR(1).exe3
Faulting package full name: aswMBR(1).exe4
Faulting package-relative application ID: aswMBR(1).exe5
Error: (08/22/2013 10:10:43 PM) (Source: Application Hang) (User: )
Description: The program OUTLOOK.EXE version 14.0.7012.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: e2c
Start Time: 01ce9f735c45f6c3
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
Report Id: eba3ab1f-0b66-11e3-bfd5-00262d79d176
Faulting package full name:
Faulting package-relative application ID:
Error: (08/22/2013 10:08:19 PM) (Source: Application Hang) (User: )
Description: The program OUTLOOK.EXE version 14.0.7012.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 139c
Start Time: 01ce9f7337205143
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
Report Id: 963cea1a-0b66-11e3-bfd5-00262d79d176
Faulting package full name:
Faulting package-relative application ID:
Error: (08/22/2013 09:56:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: ti94055o.exe, version: 2.1.19163.0, time stamp: 0x515d31f0
Faulting module name: ti94055o.exe, version: 2.1.19163.0, time stamp: 0x515d31f0
Exception code: 0xc0000005
Fault offset: 0x0000218a
Faulting process id: 0x1194
Faulting application start time: 0xti94055o.exe0
Faulting application path: ti94055o.exe1
Faulting module path: ti94055o.exe2
Report Id: ti94055o.exe3
Faulting package full name: ti94055o.exe4
Faulting package-relative application ID: ti94055o.exe5
Error: (08/22/2013 09:48:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: aswMBR(1).exe, version: 0.9.9.1771, time stamp: 0x5147644e
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x00051f81
Faulting process id: 0xb24
Faulting application start time: 0xaswMBR(1).exe0
Faulting application path: aswMBR(1).exe1
Faulting module path: aswMBR(1).exe2
Report Id: aswMBR(1).exe3
Faulting package full name: aswMBR(1).exe4
Faulting package-relative application ID: aswMBR(1).exe5
Error: (08/22/2013 09:46:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: aswMBR(1).exe, version: 0.9.9.1771, time stamp: 0x5147644e
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x00051f81
Faulting process id: 0xe20
Faulting application start time: 0xaswMBR(1).exe0
Faulting application path: aswMBR(1).exe1
Faulting module path: aswMBR(1).exe2
Report Id: aswMBR(1).exe3
Faulting package full name: aswMBR(1).exe4
Faulting package-relative application ID: aswMBR(1).exe5
System errors:
=============
Error: (08/22/2013 10:11:28 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
Error: (08/22/2013 10:02:31 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
Error: (08/22/2013 09:08:02 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
Error: (08/22/2013 08:31:05 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
Error: (08/22/2013 07:41:12 PM) (Source: Microsoft-Windows-GroupPolicy) (User: *replaced*)
Description: The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
Error: (08/22/2013 07:39:59 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
Error: (08/22/2013 07:39:28 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
Error: (08/22/2013 07:38:40 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5
Error: (08/22/2013 07:38:40 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5
Error: (08/22/2013 07:26:13 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
Microsoft Office Sessions:
=========================
Error: (08/22/2013 10:26:54 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: *replaced*)
Description: 13387RevolutionSoftware.SaveTheDate_ey93dt8f74erj!App-2144927140
Error: (08/22/2013 10:24:41 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.2.9200.16628cdc01ce9f7559f872490C:\Windows\explorer.exede9a562b-0b68-11e3-bfd6-c417fe06ebae
Error: (08/22/2013 10:22:54 PM) (Source: Application Hang)(User: )
Description: OUTLOOK.EXE14.0.7012.1000128c01ce9f741c702f484294967295C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE9fa9b15d-0b68-11e3-bfd6-c417fe06ebae
Error: (08/22/2013 10:22:40 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.2.9200.16628e6001ce9f73ec07d3d80C:\Windows\Explorer.EXE969c197f-0b68-11e3-bfd6-c417fe06ebae
Error: (08/22/2013 10:17:52 PM) (Source: Application Error)(User: )
Description: aswMBR(1).exe0.9.9.17715147644entdll.dll6.2.9200.16578515fac6ec000000500051f814dc01ce9f7489c4d054C:\Users\*replaced*\Downloads\aswMBR(1).exeC:\Windows\SYSTEM32\ntdll.dllebe6e4ba-0b67-11e3-bfd6-c417fe06ebae
Error: (08/22/2013 10:10:43 PM) (Source: Application Hang)(User: )
Description: OUTLOOK.EXE14.0.7012.1000e2c01ce9f735c45f6c34294967295C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXEeba3ab1f-0b66-11e3-bfd5-00262d79d176
Error: (08/22/2013 10:08:19 PM) (Source: Application Hang)(User: )
Description: OUTLOOK.EXE14.0.7012.1000139c01ce9f73372051434294967295C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE963cea1a-0b66-11e3-bfd5-00262d79d176
Error: (08/22/2013 09:56:57 PM) (Source: Application Error)(User: )
Description: ti94055o.exe2.1.19163.0515d31f0ti94055o.exe2.1.19163.0515d31f0c00000050000218a119401ce9f717cd2691eC:\Users\*replaced*\Downloads\ti94055o.exeC:\Users\*replaced*\Downloads\ti94055o.exeffdd5a9a-0b64-11e3-bfd4-c417fe06ebae
Error: (08/22/2013 09:48:41 PM) (Source: Application Error)(User: )
Description: aswMBR(1).exe0.9.9.17715147644entdll.dll6.2.9200.16578515fac6ec000000500051f81b2401ce9f707eaabc04C:\Users\*replaced*\Downloads\aswMBR(1).exeC:\Windows\SYSTEM32\ntdll.dlld7d89380-0b63-11e3-bfd4-c417fe06ebae
Error: (08/22/2013 09:46:57 PM) (Source: Application Error)(User: )
Description: aswMBR(1).exe0.9.9.17715147644entdll.dll6.2.9200.16578515fac6ec000000500051f81e2001ce9f70290f7305C:\Users\*replaced*\Downloads\aswMBR(1).exeC:\Windows\SYSTEM32\ntdll.dll99be891d-0b63-11e3-bfd4-c417fe06ebae
CodeIntegrity Errors:
===================================
Date: 2013-08-11 21:23:03.729
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-08-11 21:21:00.839
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-08-11 21:14:35.593
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-08-11 21:12:39.338
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-08-11 21:12:29.682
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-08-11 21:06:26.298
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-08-11 20:40:50.313
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-08-11 20:38:54.843
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-08-11 20:38:44.230
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-08-11 20:37:39.248
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 40%
Total physical RAM: 3956.5 MB
Available physical RAM: 2365.31 MB
Total Pagefile: 7924.5 MB
Available Pagefile: 6217.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:118.9 GB) (Free:21.86 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: F98CCDDD)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:23 on 22/08/2013 (*replaced*)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013 02
Ran by *replaced* (administrator) on 22-08-2013 22:25:49
Running from C:\Users\*replaced*\Downloads
Windows 8 Pro with Media Center (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
() C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\*replaced*\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(SourceForge.net) C:\Program Files (x86)\Password Safe\pwsafe.exe
(Babylon Ltd.) C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
(Cerulean Studios) C:\Program Files (x86)\Trillian\trillian.exe
(Babylon) C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 4.0\EMET_Agent.exe
(Crystal Dew World) C:\Program Files (x86)\CrystalDiskInfo\DiskInfoS.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 4.0\EMET_GUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(COMODO Security Solutions) C:\Program Files (x86)\Comodo\IceDragon\icedragon.exe
(Mozilla Corporation) C:\Program Files (x86)\Comodo\IceDragon\plugin-container.exe
(Google) C:\Users\*replaced*\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2735400 2011-03-31] (Synaptics Incorporated)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20097696 2013-06-27] (Google)
HKCU\...\Run: [Google Update] - C:\Users\*replaced*\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-14] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\*replaced*\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-13] (Spotify Ltd)
MountPoints2: {95bfcafd-13e9-11e2-bedb-00262d79d176} - "E:\LaunchU3.exe" -a
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [Babylon Client] - C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe [3590224 2013-01-14] (Babylon Ltd.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EMET Agent] - C:\Program Files (x86)\EMET 4.0\EMET_agent.exe [78496 2013-06-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\*replaced*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\*replaced*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\*replaced*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk
ShortcutTarget: Password Safe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net)
Startup: C:\Users\*replaced*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *replaced*
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
SearchScopes: HKCU - DefaultScope {DA1D0AAD-4DB6-4893-B6D1-8CF1E2733BA1} URL = https://startpage.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=english
SearchScopes: HKCU - {15E0A161-FCF5-4192-BFB8-90D1669949F9} URL = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
SearchScopes: HKCU - {4715856C-73CD-4C64-AEE8-BF4C3283EC12} URL = hxxp://thepiratebay.org/search/{searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {78460D16-90A3-433B-A5DD-AEC2B68AD55B} URL = hxxp://duckduckgo.com/?q={searchTerms}
SearchScopes: HKCU - {AA34F274-939D-40C3-B835-FEBC03E3107E} URL = https://ixquick.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=english
SearchScopes: HKCU - {AA39126C-36CC-481F-A89F-E73DAD4AB51F} URL = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
SearchScopes: HKCU - {C2C85E21-39AD-4FEE-BEF6-FCE93DA7F0E9} URL = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed§Hdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on
SearchScopes: HKCU - {DA1D0AAD-4DB6-4893-B6D1-8CF1E2733BA1} URL = https://startpage.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=english
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-18] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [811064 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2095808 2013-08-01] ()
R2 IceDragonUpdater; C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe [1821384 2013-07-14] ()
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [158208 2012-04-06] (Samsung Electronics)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130016 2013-07-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-02-26] (Avira Operations GmbH & Co. KG)
S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2012-07-26] (Microsoft Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
S3 ssudobex; C:\Windows\system32\DRIVERS\ssudobex.sys [203104 2012-09-19] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106256 2013-03-15] (Oracle Corporation)
S3 ALSysIO; \??\C:\Users\*replaced*\AppData\Local\Temp\ALSysIO64.sys [x]
S0 dcmwwg; No ImagePath
S0 iswtwq; No ImagePath
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 VMSMP; \SystemRoot\system32\DRIVERS\vmswitch.sys [x]
U3 aswMBR; \??\C:\Users\*replaced*\AppData\Local\Temp\aswMBR.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-22 22:24 - 2013-08-22 22:24 - 01576476 _____ (Farbar) C:\Users\*replaced*\Downloads\FRST64.exe
2013-08-22 22:23 - 2013-08-22 22:23 - 00000472 _____ C:\Users\*replaced*\Downloads\defogger_disable.log
2013-08-22 22:23 - 2013-08-22 22:23 - 00000000 _____ C:\Users\*replaced*\defogger_reenable
2013-08-22 22:19 - 2013-08-22 22:19 - 00050477 _____ C:\Users\*replaced*\Downloads\Defogger.exe
2013-08-22 22:04 - 2013-08-22 22:04 - 00000000 ____D C:\Program Files (x86)\EMET 4.0
2013-08-22 22:01 - 2013-08-22 22:01 - 00000000 ____D C:\Users\*replaced*\Downloads\Enhanced Mitigation Experience Toolkit (EMET) 4.0
2013-08-22 21:54 - 2013-08-22 21:54 - 00377856 _____ C:\Users\*replaced*\Downloads\ti94055o.exe
2013-08-22 21:44 - 2013-08-22 21:45 - 04745728 _____ (AVAST Software) C:\Users\*replaced*\Downloads\aswMBR(1).exe
2013-08-22 21:06 - 2013-08-22 21:08 - 00410642 _____ C:\Users\*replaced*\Downloads\avgremover.log
2013-08-22 21:06 - 2013-08-22 21:06 - 03529160 _____ (AVG Technologies CZ, s.r.o.) C:\Users\*replaced*\Downloads\avg_remover_stf_x64_2013_3341.exe
2013-08-21 02:06 - 2013-08-21 02:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_11_00.Wdf
2013-08-20 22:37 - 2013-08-20 22:39 - 337301504 _____ C:\Users\*replaced*\Downloads\kav_rescue_10.iso
2013-08-20 22:37 - 2013-08-20 22:37 - 00387584 _____ C:\Users\*replaced*\Downloads\rescue2usb.exe
2013-08-20 19:30 - 2013-08-21 02:06 - 00001618 _____ C:\Windows\setupact.log
2013-08-20 19:30 - 2013-08-20 19:30 - 00000000 _____ C:\Windows\setuperr.log
2013-08-19 03:16 - 2013-08-19 03:16 - 00001314 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-18 17:22 - 2013-08-18 17:23 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-18 16:20 - 2013-08-18 16:20 - 115191921 _____ C:\Users\*replaced*\Downloads\CM-10.1-Release-Candidate-v3.0-[OWLPROJECT].zip
2013-08-18 15:26 - 2013-08-18 15:26 - 00001176 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2013-08-18 15:09 - 2013-08-18 15:09 - 02062336 _____ C:\Users\*replaced*\Downloads\GCSMSetup_3_5_24.msi
2013-08-18 15:09 - 2013-08-18 15:09 - 00011348 _____ C:\Users\*replaced*\Downloads\ReadMe.txt
2013-08-17 16:42 - 2013-08-18 15:21 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-14 13:17 - 2013-08-14 13:17 - 00430008 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-14 13:12 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-08-14 13:12 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-08-14 13:12 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-08-14 13:12 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-08-14 13:12 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-08-14 13:12 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-08-14 13:12 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-08-14 13:12 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-08-14 13:12 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-08-14 13:12 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-08-14 13:12 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-08-14 13:12 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-08-14 13:12 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-08-14 13:12 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-08-14 13:12 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-08-14 13:12 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-08-14 13:12 - 2013-07-03 01:51 - 04039680 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-14 13:12 - 2013-07-02 00:08 - 00387583 _____ C:\Windows\system32\ApnDatabase.xml
2013-08-14 13:12 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-08-14 13:12 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-08-14 13:12 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-08-14 13:12 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-08-14 13:12 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-08-14 13:12 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-08-14 13:12 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-08-14 13:12 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-08-14 13:12 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-08-14 13:12 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-08-14 13:12 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-08-14 13:12 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-08-14 13:12 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-08-14 13:12 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-08-14 13:12 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-08-14 13:12 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-08-14 13:12 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-08-14 13:12 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-08-14 13:12 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-08-14 13:12 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-08-14 13:12 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-08-14 13:12 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-08-14 13:12 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-08-14 13:12 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-08-14 13:12 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-08-14 12:57 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 12:57 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 12:57 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-08-14 12:57 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-08-14 12:57 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 12:57 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 12:57 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 12:57 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 12:57 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 12:57 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-08-14 12:57 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 12:57 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 12:57 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 12:57 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 12:57 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 12:57 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 12:57 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 12:57 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 12:57 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 12:57 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 12:57 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 12:57 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-08-14 12:56 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 12:56 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 12:56 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 12:56 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2013-08-14 12:56 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2013-08-14 12:56 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 12:56 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 12:56 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2013-08-14 12:56 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2013-08-14 12:56 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 12:56 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-08-14 12:56 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-08-14 12:56 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 12:56 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 12:41 - 2013-08-14 12:41 - 628826822 _____ C:\Windows\MEMORY.DMP
2013-08-14 12:41 - 2013-08-14 12:41 - 00279072 _____ C:\Windows\Minidump\081413-11281-01.dmp
2013-08-13 22:27 - 2013-08-14 09:37 - 00011876 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 22:26 - 2013-08-13 22:26 - 00000000 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 18:51 - 2013-08-13 18:51 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 16:39 - 2013-08-13 16:39 - 38923112 _____ (R-Tools Technology Inc.) C:\Users\*replaced*\Downloads\RStudioEmg6.exe
2013-08-13 16:39 - 2013-08-13 16:39 - 33469352 _____ (R-Tools Technology Inc.) C:\Users\*replaced*\Downloads\RStudio6.exe
2013-08-13 16:21 - 2013-08-18 15:23 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 09:54 - 2013-08-13 09:54 - 00000165 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 07:37 - 2013-08-13 07:37 - 00008746 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 05:48 - 2013-08-13 05:48 - 00000043 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 05:08 - 2013-08-13 10:54 - 00000000 ____D C:\Users\*replaced*\Downloads\iperf-2.0.5-2-win32
2013-08-13 05:08 - 2013-08-13 05:08 - 01268927 _____ C:\Users\*replaced*\Downloads\iperf-2.0.5-2-win32.zip
2013-08-13 05:03 - 2013-08-13 05:03 - 00248583 _____ C:\Users\*replaced*\Downloads\iperf-2.0.5.tar.gz
2013-08-13 04:50 - 2013-08-13 04:50 - 00002483 _____ C:\Users\Public\Desktop\inSSIDer 3.lnk
2013-08-13 04:50 - 2013-08-13 04:50 - 00000000 ____D C:\Program Files (x86)\MetaGeek
2013-08-12 01:44 - 2013-08-12 01:44 - 00001120 _____ C:\Users\Public\Desktop\Comodo Dragon.lnk
2013-08-12 01:43 - 2013-08-12 01:43 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-08-12 01:43 - 2013-08-12 01:43 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-08-11 21:43 - 2013-08-11 21:43 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\Avira
2013-08-11 21:38 - 2013-08-11 21:38 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-11 21:36 - 2013-08-11 21:36 - 00000000 ____D C:\ProgramData\Avira
2013-08-11 21:36 - 2013-08-11 21:36 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-11 21:36 - 2013-07-18 08:03 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-11 21:36 - 2013-07-18 08:03 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-11 21:36 - 2013-02-26 16:56 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-11 20:36 - 2013-08-11 20:36 - 00000048 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-11 20:09 - 2013-08-18 15:23 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-11 06:28 - 2013-08-11 06:53 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-11 00:13 - 2013-08-11 00:13 - 06639616 _____ C:\Users\*replaced*\Downloads\inSSIDer-installer.msi
2013-08-11 00:13 - 2013-08-11 00:13 - 00000037 ___SH C:\Users\*replaced*\AppData\Local\70149b02515b3bb20dd492.47983420
2013-08-11 00:13 - 2013-08-11 00:13 - 00000000 ____D C:\Users\*replaced*\AppData\Local\MetaGeek,_LLC
2013-08-10 23:44 - 2013-08-10 23:44 - 00001245 _____ C:\Users\*replaced*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Comodo Dragon.lnk
2013-08-10 06:28 - 2013-08-20 15:18 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\vlc
2013-08-10 06:11 - 2013-08-10 06:11 - 00495616 _____ (Simon Tatham) C:\Users\*replaced*\Documents\putty.exe
2013-08-10 06:09 - 2013-08-10 06:09 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-08-10 05:43 - 2013-06-09 21:59 - 00216064 _____ C:\Windows\SysWOW64\gcapi_dll.dll
2013-08-01 21:59 - 2013-08-10 04:15 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-01 01:40 - 2013-08-01 01:40 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-07-26 16:12 - 2013-07-04 15:58 - 00238352 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2013-07-26 16:12 - 2013-07-04 15:57 - 00120080 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2013-07-23 07:20 - 2013-07-23 07:20 - 00000019 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-07-23 04:58 - 2013-07-23 04:58 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
==================== One Month Modified Files and Folders =======
2013-08-22 22:24 - 2013-08-22 22:24 - 01576476 _____ (Farbar) C:\Users\*replaced*\Downloads\FRST64.exe
2013-08-22 22:23 - 2013-08-22 22:23 - 00000472 _____ C:\Users\*replaced*\Downloads\defogger_disable.log
2013-08-22 22:23 - 2013-08-22 22:23 - 00000000 _____ C:\Users\*replaced*\defogger_reenable
2013-08-22 22:23 - 2012-10-03 01:33 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4E6FBDAF-E8FB-47FD-8E08-3703492983D2}
2013-08-22 22:23 - 2012-08-26 13:22 - 00000000 ____D C:\Users\*replaced*
2013-08-22 22:19 - 2013-08-22 22:19 - 00050477 _____ C:\Users\*replaced*\Downloads\Defogger.exe
2013-08-22 22:19 - 2013-06-14 00:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-22 22:16 - 2012-07-26 09:28 - 00852298 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-22 22:13 - 2012-08-27 13:42 - 00000000 ____D C:\Users\*replaced*\Documents\Outlook Files
2013-08-22 22:12 - 2013-01-25 00:39 - 00000000 ____D C:\ProgramData\Babylon
2013-08-22 22:12 - 2012-10-16 20:08 - 00000000 ____D C:\Users\*replaced*\AppData\Local\PasswordSafe
2013-08-22 22:12 - 2012-08-30 11:14 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-22 22:12 - 2012-08-26 22:12 - 00000136 _____ C:\Windows\system32\config\netlogon.ftl
2013-08-22 22:12 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-22 22:12 - 2012-04-26 23:33 - 00000000 ___RD C:\Users\*replaced*\Google Drive
2013-08-22 22:10 - 2012-08-26 22:19 - 01450279 _____ C:\Windows\WindowsUpdate.log
2013-08-22 22:04 - 2013-08-22 22:04 - 00000000 ____D C:\Program Files (x86)\EMET 4.0
2013-08-22 22:02 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-08-22 22:01 - 2013-08-22 22:01 - 00000000 ____D C:\Users\*replaced*\Downloads\Enhanced Mitigation Experience Toolkit (EMET) 4.0
2013-08-22 21:59 - 2012-10-01 21:33 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3155787074-1265918781-1706113256-2647UA.job
2013-08-22 21:54 - 2013-08-22 21:54 - 00377856 _____ C:\Users\*replaced*\Downloads\ti94055o.exe
2013-08-22 21:46 - 2012-08-30 11:14 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-22 21:45 - 2013-08-22 21:44 - 04745728 _____ (AVAST Software) C:\Users\*replaced*\Downloads\aswMBR(1).exe
2013-08-22 21:44 - 2012-08-27 20:46 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\Skype
2013-08-22 21:08 - 2013-08-22 21:06 - 00410642 _____ C:\Users\*replaced*\Downloads\avgremover.log
2013-08-22 21:08 - 2012-08-26 22:11 - 00097236 _____ C:\Windows\PFRO.log
2013-08-22 21:06 - 2013-08-22 21:06 - 03529160 _____ (AVG Technologies CZ, s.r.o.) C:\Users\*replaced*\Downloads\avg_remover_stf_x64_2013_3341.exe
2013-08-22 20:47 - 2013-07-16 17:16 - 00001246 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-22 13:59 - 2012-10-01 21:33 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3155787074-1265918781-1706113256-2647Core.job
2013-08-22 01:30 - 2013-06-19 04:55 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\Spotify
2013-08-21 02:06 - 2013-08-21 02:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_11_00.Wdf
2013-08-21 02:06 - 2013-08-20 19:30 - 00001618 _____ C:\Windows\setupact.log
2013-08-20 23:00 - 2013-04-18 19:27 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\Foxit Scanner Images
2013-08-20 22:39 - 2013-08-20 22:37 - 337301504 _____ C:\Users\*replaced*\Downloads\kav_rescue_10.iso
2013-08-20 22:37 - 2013-08-20 22:37 - 00387584 _____ C:\Users\*replaced*\Downloads\rescue2usb.exe
2013-08-20 19:30 - 2013-08-20 19:30 - 00000000 _____ C:\Windows\setuperr.log
2013-08-20 15:18 - 2013-08-10 06:28 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\vlc
2013-08-20 03:03 - 2013-06-19 04:55 - 00000000 ____D C:\Users\*replaced*\AppData\Local\Spotify
2013-08-19 14:48 - 2012-08-26 13:49 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3155787074-1265918781-1706113256-2647
2013-08-19 14:32 - 2013-05-27 04:50 - 00000000 ____D C:\Users\*replaced*\AppData\Local\Paint.NET
2013-08-19 03:23 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-19 03:16 - 2013-08-19 03:16 - 00001314 _____ C:\Users\*replaced*\Desktop\1.txt
2013-08-19 02:11 - 2011-10-14 16:12 - 00127179 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-18 17:23 - 2013-08-18 17:22 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-18 16:20 - 2013-08-18 16:20 - 115191921 _____ C:\Users\*replaced*\Downloads\CM-10.1-Release-Candidate-v3.0-[OWLPROJECT].zip
2013-08-18 15:57 - 2012-08-26 13:22 - 00000000 ____D C:\Users\*replaced*\AppData\Local\Packages
2013-08-18 15:26 - 2013-08-18 15:26 - 00001176 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2013-08-18 15:26 - 2013-05-27 04:50 - 00000000 ____D C:\Program Files\Paint.NET
2013-08-18 15:23 - 2013-08-13 16:21 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-18 15:23 - 2013-08-11 20:09 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-18 15:21 - 2013-08-17 16:42 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-18 15:09 - 2013-08-18 15:09 - 02062336 _____ C:\Users\*replaced*\Downloads\GCSMSetup_3_5_24.msi
2013-08-18 15:09 - 2013-08-18 15:09 - 00011348 _____ C:\Users\*replaced*\Downloads\ReadMe.txt
2013-08-16 08:03 - 2012-08-27 04:42 - 00002366 ____H C:\Users\*replaced*\Documents\Default.rdp
2013-08-16 06:19 - 2010-04-30 11:44 - 00000000 ____D C:\Users\*replaced*\.VirtualBox
2013-08-14 23:46 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2013-08-14 23:36 - 2012-10-31 23:09 - 00000600 _____ C:\Users\*replaced*\AppData\Local\PUTTY.RND
2013-08-14 15:11 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-08-14 13:17 - 2013-08-14 13:17 - 00430008 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-14 13:13 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-08-14 13:13 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-08-14 13:04 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-14 13:04 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-14 12:59 - 2013-07-10 16:57 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 12:58 - 2012-11-14 05:06 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 12:41 - 2013-08-14 12:41 - 628826822 _____ C:\Windows\MEMORY.DMP
2013-08-14 12:41 - 2013-08-14 12:41 - 00279072 _____ C:\Windows\Minidump\081413-11281-01.dmp
2013-08-14 09:37 - 2013-08-13 22:27 - 00011876 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 22:26 - 2013-08-13 22:26 - 00000000 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 18:51 - 2013-08-13 18:51 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 18:48 - 2012-11-19 22:19 - 00000000 ____D C:\Program Files (x86)\R-Studio
2013-08-13 16:39 - 2013-08-13 16:39 - 38923112 _____ (R-Tools Technology Inc.) C:\Users\*replaced*\Downloads\RStudioEmg6.exe
2013-08-13 16:39 - 2013-08-13 16:39 - 33469352 _____ (R-Tools Technology Inc.) C:\Users\*replaced*\Downloads\RStudio6.exe
2013-08-13 10:54 - 2013-08-13 05:08 - 00000000 ____D C:\Users\*replaced*\Downloads\iperf-2.0.5-2-win32
2013-08-13 09:54 - 2013-08-13 09:54 - 00000165 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 07:37 - 2013-08-13 07:37 - 00008746 _____ C:\Users\*replaced*\Desktop\WiFi *replaced*
2013-08-13 05:48 - 2013-08-13 05:48 - 00000043 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 05:08 - 2013-08-13 05:08 - 01268927 _____ C:\Users\*replaced*\Downloads\iperf-2.0.5-2-win32.zip
2013-08-13 05:03 - 2013-08-13 05:03 - 00248583 _____ C:\Users\*replaced*\Downloads\iperf-2.0.5.tar.gz
2013-08-13 04:50 - 2013-08-13 04:50 - 00002483 _____ C:\Users\Public\Desktop\inSSIDer 3.lnk
2013-08-13 04:50 - 2013-08-13 04:50 - 00000000 ____D C:\Program Files (x86)\MetaGeek
2013-08-12 01:44 - 2013-08-12 01:44 - 00001120 _____ C:\Users\Public\Desktop\Comodo Dragon.lnk
2013-08-12 01:44 - 2013-06-14 00:34 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-12 01:43 - 2013-08-12 01:43 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-08-12 01:43 - 2013-08-12 01:43 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-08-12 01:43 - 2012-10-09 23:37 - 00000000 ____D C:\Users\*replaced*\AppData\Local\Comodo
2013-08-12 01:43 - 2012-10-09 23:37 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-08-11 21:43 - 2013-08-11 21:43 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\Avira
2013-08-11 21:38 - 2013-08-11 21:38 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-11 21:36 - 2013-08-11 21:36 - 00000000 ____D C:\ProgramData\Avira
2013-08-11 21:36 - 2013-08-11 21:36 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-11 21:28 - 2013-01-08 15:39 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2013-08-11 21:21 - 2012-09-10 19:04 - 00000000 ____D C:\Windows\AutoKMS
2013-08-11 21:12 - 2013-01-08 15:38 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2013-08-11 21:12 - 2012-09-10 19:04 - 00003484 _____ C:\Windows\System32\Tasks\AutoKMS
2013-08-11 21:08 - 2013-01-25 00:38 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\Babylon
2013-08-11 20:57 - 2013-01-08 15:39 - 00000593 _____ C:\Users\Public\Desktop\Shared Space.lnk
2013-08-11 20:36 - 2013-08-11 20:36 - 00000048 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-11 17:40 - 2012-08-29 17:25 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\uTorrent
2013-08-11 06:53 - 2013-08-11 06:28 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-11 01:53 - 2013-06-21 15:58 - 00125240 _____ C:\Windows\system32\Drivers\fvstore.dat
2013-08-11 00:13 - 2013-08-11 00:13 - 06639616 _____ C:\Users\*replaced*\Downloads\inSSIDer-installer.msi
2013-08-11 00:13 - 2013-08-11 00:13 - 00000037 ___SH C:\Users\*replaced*\AppData\Local\70149b02515b3bb20dd492.47983420
2013-08-11 00:13 - 2013-08-11 00:13 - 00000000 ____D C:\Users\*replaced*\AppData\Local\MetaGeek,_LLC
2013-08-10 23:44 - 2013-08-10 23:44 - 00001245 _____ C:\Users\*replaced*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Comodo Dragon.lnk
2013-08-10 21:41 - 2012-07-26 07:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2013-08-10 06:11 - 2013-08-10 06:11 - 00495616 _____ (Simon Tatham) C:\Users\*replaced*\Documents\putty.exe
2013-08-10 06:10 - 2013-04-17 17:16 - 00000000 ____D C:\Program Files\VideoLAN
2013-08-10 06:09 - 2013-08-10 06:09 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-08-10 04:15 - 2013-08-01 21:59 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-10 02:53 - 2013-02-10 09:44 - 00000000 ____D C:\Windows\Minidump
2013-08-09 20:07 - 2012-09-29 04:55 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\dvdcss
2013-08-09 17:53 - 2012-08-27 13:21 - 00000000 ___DC C:\Users\*replaced*\AppData\Local\MigWiz
2013-08-08 16:58 - 2013-03-29 13:30 - 00000064 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-07 10:00 - 2012-11-01 23:38 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\Mozilla
2013-08-01 11:55 - 2012-11-15 01:35 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-01 01:40 - 2013-08-01 01:40 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-07-26 07:13 - 2013-08-14 12:57 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-14 12:57 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-14 12:57 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-07-26 07:13 - 2013-08-14 12:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-07-26 07:13 - 2013-08-14 12:57 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-14 12:57 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-14 12:57 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-14 12:57 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-14 12:57 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:13 - 2013-08-14 12:57 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-07-26 05:12 - 2013-08-14 12:57 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-14 12:57 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-14 12:57 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-14 12:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-14 12:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-14 12:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-14 12:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-14 12:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-14 12:57 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-14 12:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-14 12:57 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 02:54 - 2013-08-14 12:57 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-07-25 23:27 - 2012-08-27 14:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-25 23:27 - 2012-07-26 07:26 - 00000167 _____ C:\Windows\win.ini
2013-07-25 23:26 - 2012-08-27 14:20 - 00000039 _____ C:\Windows\vbaddin.ini
2013-07-23 08:22 - 2011-10-02 13:32 - 00000000 ____D C:\Users\*replaced*\Documents\My Safes
2013-07-23 07:20 - 2013-07-23 07:20 - 00000019 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-07-23 04:58 - 2013-07-23 04:58 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-21 03:13
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-22 22:56:52
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002f OCZ-AGILITY4 rev.1.5.2 119,24GB
Running: 14yeu6yl.exe; Driver: C:\Users\*replaced*\AppData\Local\Temp\kxdcypow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\Explorer.EXE[364] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb52db177a 4 bytes [DB, 52, FB, 07]
.text C:\Windows\Explorer.EXE[364] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb52db1782 4 bytes [DB, 52, FB, 07]
.text C:\Windows\Explorer.EXE[364] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb4cdf1532 4 bytes [DF, 4C, FB, 07]
.text C:\Windows\Explorer.EXE[364] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb4cdf153a 4 bytes [DF, 4C, FB, 07]
.text C:\Windows\Explorer.EXE[364] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb4cdf165a 4 bytes [DF, 4C, FB, 07]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [404:420] fffff960009505e8
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -2019940729
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\*replaced*\AppData\Local\Logitech\xae Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe 1
---- EOF - GMER 2.1 ----
|
| Themen zu Abstürze und Probleme mit Netzerkkonnektivität bei Outlook, Internet Explorer und Chrome |
| antivirus, autokms, avg antivirus, avira, browser, computer, desktop, device driver, diagnostics, error, excel, failed, farbar, farbar recovery scan tool, firefox, flash player, hängt, iexplore.exe, internet, internet explorer, minidump, monitor, mozilla, ntdll.dll, registry, rundll, scan, security, server, software, spotify web helper, srtasks.exe, starten, svchost.exe, system, windows;windows8;office;office2010;netzwerkkonnektivität;internetexplorer |
Baum-Darstellung