|
Log-Analyse und Auswertung: Win 7 - Firefox - Bundespolizei "ihr browser hat gesperrt"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.01.2014, 14:35 | #1 |
| Win 7 - Firefox - Bundespolizei "ihr browser hat gesperrt" Hallöchen, ich habe seit zwei Tagen o. genanntes Problem. Firefox lässt sich nur noch über den Taskmanager schließen. Ansonsten kann ich ganz normal mit dem PC arbeiten. Rechner mit Windows 7 CD (Windows 7 Home Premium 64 Bit) gestartet - Computerreparatur ausgewählt... Zuerst probierte ich Frst32. Fehlerhinweis: Das zum Unterstützen des Abbildtyps erforderliche Subsystem ist nicht vorhanden. Systemscan mit Frst64 (Prog. vorhin erst heruntergeladen) Frst.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014 Ran by SYSTEM on MININT-ERQBN51 on 07-01-2014 14:03:50 Running from I:\ Microsoft Windows XP (X64) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet002 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ATTENTION!:=====> THE OPERATING SYSTEM IS A X86 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X64 SYSTEM DISK. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] - [x] HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.exe [16143872 2006-04-17] (Realtek Semiconductor Corp.) HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [nwiz] - nwiz.exe /install HKLM\...\Run: [ccApp] - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe [84640 2006-09-03] (Symantec Corporation) HKLM\...\Run: [avgnt] - C:\Programme\Avira\AntiVir Desktop\avgnt.exe [281768 2010-12-13] (Avira GmbH) HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe,,C:\Programme\SUVOTdeDïÏNšËgfvcermb.exe\gfvcermb.exe HKLM-x32\...\Winlogon: [Userinit] [x] HKLM\...\Winlogon: [Shell] Explorer.exe HKLM-x32\...\Winlogon: [Shell] [ ] () <=== ATTENTION HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [515072 2006-06-01] ( (Microsoft Corporation)) Winlogon\Notify\crypt32chain: C:\Windows\system32\crypt32.dll (Microsoft Corporation) Winlogon\Notify\cryptnet: C:\Windows\system32\cryptnet.dll (Microsoft Corporation) Winlogon\Notify\cscdll: C:\Windows\system32\cscdll.dll (Microsoft Corporation) Winlogon\Notify\ScCertProp: C:\Windows\system32\wlnotify.dll (Microsoft Corporation) Winlogon\Notify\Schedule: C:\Windows\system32\wlnotify.dll (Microsoft Corporation) Winlogon\Notify\sclgntfy: C:\Windows\system32\sclgntfy.dll (Microsoft Corporation) Winlogon\Notify\SensLogn: C:\Windows\system32\WlNotify.dll (Microsoft Corporation) Winlogon\Notify\termsrv: C:\Windows\system32\wlnotify.dll (Microsoft Corporation) Winlogon\Notify\WgaLogon: C:\Windows\system32\WgaLogon.dll (Microsoft Corporation) Winlogon\Notify\wlballoon: C:\Windows\system32\wlnotify.dll (Microsoft Corporation) HKLM\...\Command Processor: <======= ATTENTION IFEO\Your Image File Name Here without a path: [Debugger] ntsd -d SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) BootExecute: autocheck autochk * oodbs ==================== Services (Whitelisted) ================= S3 Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2007-07-07] (Adobe Systems) S4 Alerter; C:\Windows\system32\alrsvc.dll [17408 2006-06-01] (Microsoft Corporation) S2 AntiVirSchedulerService; C:\Programme\Avira\AntiVir Desktop\sched.exe [135336 2010-12-13] (Avira GmbH) S2 AntiVirService; C:\Programme\Avira\AntiVir Desktop\avguard.exe [267944 2010-12-13] (Avira GmbH) S2 Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [144176 2010-06-10] (Apple Inc.) S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation) S2 ATKKeyboardService; C:\WINDOWS\ATKKBService.exe [241152 2005-10-18] (ASUSTeK COMPUTER INC.) S2 Automatisches LiveUpdate - Scheduler; C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe [198336 2006-09-08] (Symantec Corporation) S2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [345376 2010-05-18] (Apple Inc.) S2 btwdins; C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [135168 2004-01-20] (WIDCOMM, Inc.) S2 ccEvtMgr; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe [105632 2006-09-03] (Symantec Corporation) S3 ccPwdSvc; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe [79208 2008-01-31] (Symantec Corporation) S2 ccSetMgr; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe [105632 2006-09-03] (Symantec Corporation) S4 ClipSrv; C:\Windows\system32\clipsrv.exe [33280 2006-06-01] (Microsoft Corporation) S2 CLTNetCnService; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe [105632 2006-09-03] (Symantec Corporation) S3 dmadmin; C:\Windows\System32\dmadmin.exe [225280 2006-06-01] (Microsoft Corp., Veritas Software) S2 dmserver; C:\Windows\System32\dmserver.dll [24064 2006-06-01] (Microsoft Corp.) S4 ERSvc; C:\Windows\System32\ersvc.dll [23040 2006-06-01] (Microsoft Corporation) S3 FastUserSwitchingCompatibility; C:\Windows\System32\shsvcs.dll [135168 2006-12-19] (Microsoft Corporation) S3 FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [655624 2009-10-07] (Acresso Software Inc.) S3 FontCache3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation) S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [133104 2009-07-12] (Google Inc.) S2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [38912 2006-06-01] (Microsoft Corporation) S3 HTTPFilter; C:\Windows\System32\w3ssl.dll [15872 2006-06-01] (Microsoft Corporation) S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) S3 idsvc; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation) S4 ImapiService; C:\WINDOWS\system32\imapi.exe [150016 2006-06-01] (Microsoft Corporation) S3 iPod Service; C:\Programme\iPod\bin\iPodService.exe [540968 2010-07-16] (Apple Inc.) S3 LiveUpdate; C:\Programme\Symantec\LiveUpdate\LuComServer_3_1.EXE [2528960 2006-09-08] (Symantec Corporation) S2 LiveUpdate Notice Ex; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe [105632 2006-09-03] (Symantec Corporation) S2 LiveUpdate Notice Service; C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation) S4 Messenger; C:\Windows\System32\msgsvc.dll [33792 2006-06-01] (Microsoft Corporation) S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2006-06-01] (Microsoft Corporation) S4 NetDDE; C:\Windows\system32\netdde.exe [114176 2006-06-01] (Microsoft Corporation) S4 NetDDEdsdm; C:\Windows\system32\netdde.exe [114176 2006-06-01] (Microsoft Corporation) S3 Nla; C:\Windows\System32\mswsock.dll [247296 2008-06-20] (Microsoft Corporation) S3 NtLmSsp; C:\Windows\system32\lsass.exe [13312 2006-06-01] (Microsoft Corporation) S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [438272 2006-06-01] (Microsoft Corporation) S2 NVSvc; C:\Windows\system32\nvsvc32.exe [159812 2008-05-16] (NVIDIA Corporation) S2 O&O Defrag; C:\WINDOWS\system32\oodag.exe [225280 2005-05-11] (O&O Software GmbH) S3 OpenVPNService; C:\Programme\OpenVPN\bin\openvpnserv.exe [36352 2010-08-15] () S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2006-06-01] (Microsoft Corporation) S2 PlugPlay; C:\Windows\system32\services.exe [111104 2009-02-09] (Microsoft Corporation) S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [73728 2007-08-09] (HP) S2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [66872 2008-09-21] () S2 PolicyAgent; C:\Windows\system32\lsass.exe [13312 2006-06-01] (Microsoft Corporation) S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [142848 2006-06-01] (Microsoft Corporation) S3 RSVP; C:\Windows\system32\rsvp.exe [132608 2006-06-01] (Microsoft Corporation) S3 SCardSvr; C:\Windows\System32\SCardSvr.exe [99840 2006-06-01] (Microsoft Corporation) S3 ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [353280 2007-12-10] (Nokia.) S2 softOSD; C:\Programme\softOSD\softosd.exe [259832 2007-07-31] (EnTech Taiwan) S2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2006-06-01] (Microsoft Corporation) S2 StarWindService; C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [217600 2005-04-02] (Rocket Division Software) S2 Symantec Core LC; C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe [1251720 2009-09-22] () S3 SysmonLog; C:\Windows\system32\smlogsvc.exe [94208 2006-06-01] (Microsoft Corporation) S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [75264 2006-06-01] (Microsoft Corporation) S2 TomTomHOMEService; C:\Programme\TomTom HOME 2\TomTomHOMEService.exe [92008 2009-08-07] (TomTom) S3 TUWinStylerThemeSvc; C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe [118272 2005-08-24] (TuneUp Software GmbH) S3 UPS; C:\Windows\System32\ups.exe [18432 2006-06-01] (Microsoft Corporation) S3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation) S3 Wmi; C:\Windows\System32\advapi32.dll [677888 2009-02-09] (Microsoft Corporation) S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation) S2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2006-06-01] (Microsoft Corporation) S2 WZCSVC; C:\Windows\System32\wzcsvc.dll [359936 2006-06-01] (Microsoft Corporation) S3 xmlprov; C:\Windows\System32\xmlprov.dll [129536 2006-06-01] (Microsoft Corporation) S2 Eventlog; [x] S2 NProtectService; C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE [x] S2 Speed Disk service; C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE [x] ==================== Drivers (Whitelisted) ==================== S4 Abiosdsk; No ImagePath S4 abp480n5; No ImagePath S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [12160 2006-06-01] (Microsoft Corporation) S4 adpu160m; No ImagePath S3 aec; C:\Windows\System32\drivers\aec.sys [142464 2006-02-15] (Microsoft Corporation) S4 Aha154x; No ImagePath S4 aic78u2; No ImagePath S4 aic78xx; No ImagePath S4 AliIde; No ImagePath S4 amsint; No ImagePath S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [106432 2010-06-09] (SlySoft, Inc.) S3 Arp1394; C:\Windows\System32\DRIVERS\arp1394.sys [60800 2006-06-01] (Microsoft Corporation) S4 asc; No ImagePath S4 asc3350p; No ImagePath S4 asc3550; No ImagePath S1 AsIO; C:\Windows\System32\drivers\AsIO.sys [5685 2005-12-22] () S2 Aspi32; C:\Windows\System32\drivers\aspi32.sys [16512 2009-08-13] (Adaptec) S1 asuskbnt; C:\Windows\System32\drivers\atkkbnt.sys [11008 2005-10-18] (ASUSTeK COMPUTER INC.) S4 Atdisk; No ImagePath S3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [59904 2006-06-01] (Microsoft Corporation) S3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) S1 avgio; C:\Programme\Avira\AntiVir Desktop\avgio.sys [11608 2010-06-17] (Avira GmbH) S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [61960 2010-12-13] (Avira GmbH) S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135096 2010-12-13] (Avira GmbH) S3 btaudio; C:\Windows\System32\drivers\btaudio.sys [16640 2004-01-20] (WIDCOMM, Inc.) S3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [30235 2004-01-20] (WIDCOMM, Inc.) S0 BTKRNL; C:\Windows\System32\drivers\btkrnl.sys [1258154 2003-09-17] (WIDCOMM, Inc.) S2 BTSERIAL; C:\WINDOWS\system32\drivers\btserial.sys [22183 2003-09-15] () S2 BTSLBCSP; C:\WINDOWS\system32\drivers\btslbcsp.sys [222876 2003-09-15] (WIDCOMM, Inc.) S3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [43299 2004-01-20] (WIDCOMM, Inc.) S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [52856 2004-01-20] (WIDCOMM, Inc.) S2 CAPI20; C:\Windows\System32\Drivers\CAPI20.SYS [966352 2004-04-05] (DeTeWe Berlin) S4 cbidf2k; C:\Windows\System32\Drivers\cbidf2k.sys [13952 2006-06-01] (Microsoft Corporation) S4 cd20xrnt; No ImagePath S1 Cdaudio; C:\Windows\System32\Drivers\Cdaudio.sys [18688 2006-06-01] (Microsoft Corporation) S1 Changer; No ImagePath S4 CmdIde; No ImagePath S4 Cpqarray; No ImagePath S4 dac2w2k; No ImagePath S4 dac960nt; No ImagePath S2 DETEWECP; C:\Windows\System32\drivers\detewecp.sys [37696 2003-03-19] (DeTeWe Berlin) S4 dmboot; C:\Windows\System32\drivers\dmboot.sys [800384 2006-06-01] (Microsoft Corp., Veritas Software) S0 dmio; C:\Windows\System32\drivers\dmio.sys [154112 2006-06-01] (Microsoft Corp., Veritas Software) S0 dmload; C:\Windows\System32\drivers\dmload.sys [5888 2006-06-01] (Microsoft Corp., Veritas Software.) S3 DMusic; C:\Windows\System32\drivers\DMusic.sys [52864 2004-08-03] (Microsoft Corporation) S4 dpti2o; No ImagePath S1 eeCtrl; C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys [371248 2010-05-27] (Symantec Corporation) S2 EIO; C:\WINDOWS\system32\drivers\EIO.sys [11264 2006-02-08] (ASUSTeK Computer Inc.) S3 EraserUtilRebootDrv; C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [102448 2010-05-27] (Symantec Corporation) S1 Fips; C:\Windows\System32\Drivers\Fips.sys [35072 2006-06-01] (Microsoft Corporation) S0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [126336 2006-06-01] (Microsoft Corporation) S3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [35072 2006-06-01] (Microsoft Corporation) S3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows (R) Server 2003 DDK provider) S4 hpn; No ImagePath S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51120 2005-03-08] (HP) S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2005-03-08] (HP) S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2005-03-08] (HP) S1 i2omgmt; No ImagePath S4 i2omp; No ImagePath S1 Imapi; C:\Windows\System32\DRIVERS\imapi.sys [41856 2006-06-01] (Microsoft Corporation) S4 ini910u; No ImagePath S3 IntcAzAudAddService; C:\Windows\System32\drivers\RtkHDAud.sys [4262912 2006-04-17] (Realtek Semiconductor Corp.) S4 IntelIde; No ImagePath S3 Ip6Fw; C:\Windows\System32\DRIVERS\Ip6Fw.sys [29056 2006-06-01] (Microsoft Corporation) S3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [20992 2006-06-01] (Microsoft Corporation) S1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [74752 2006-06-01] (Microsoft Corporation) S3 Iviaspi; C:\Windows\System32\drivers\iviaspi.sys [10368 2005-09-20] (InterVideo, Inc.) S3 kmixer; C:\Windows\System32\drivers\kmixer.sys [172416 2006-06-14] (Microsoft Corporation) S1 lbrtfdc; No ImagePath S1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [4224 2006-06-01] (Microsoft Corporation) S4 mraid35x; No ImagePath S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () S3 NIC1394; C:\Windows\System32\DRIVERS\nic1394.sys [61824 2006-06-01] (Microsoft Corporation) S3 nmwcd; C:\Windows\System32\drivers\ccdcmb.sys [17664 2009-02-09] (Nokia) S3 nmwcdc; C:\Windows\System32\drivers\ccdcmbo.sys [22016 2009-02-09] (Nokia) S3 nmwcdnsu; C:\Windows\System32\drivers\nmwcdnsu.sys [136704 2009-03-19] (Nokia) S3 nmwcdnsuc; C:\Windows\System32\drivers\nmwcdnsuc.sys [8320 2009-03-19] (Nokia) S3 NPDriver; C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [81748 2004-08-30] (Symantec Corporation) S3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [6557408 2008-05-16] (NVIDIA Corporation) S3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [12416 2006-06-01] (Microsoft Corporation) S3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [32512 2006-06-01] (Microsoft Corporation) S1 PCIDump; No ImagePath S3 PDCOMP; No ImagePath S3 PDFRAME; No ImagePath S3 PDRELI; No ImagePath S3 PDRFRAME; No ImagePath S4 perc2; No ImagePath S4 perc2hib; No ImagePath S1 PQNTDrv; C:\Windows\System32\Drivers\PQNTDrv.sys [4228 2004-05-05] (PowerQuest Corporation) S3 PSched; C:\Windows\System32\DRIVERS\psched.sys [69120 2006-06-01] (Microsoft Corporation) S3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [17792 2006-06-01] (Parallel Technologies, Inc.) S0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [44944 2009-04-17] (Sonic Solutions) S4 ql1080; No ImagePath S4 Ql10wnt; No ImagePath S4 ql12160; No ImagePath S4 ql1240; No ImagePath S4 ql1280; No ImagePath S3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [16512 2006-06-01] (Microsoft Corporation) S1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [57600 2004-08-04] (Microsoft Corporation) S3 SDdriver; C:\WINDOWS\system32\Drivers\sddriver.sys [90272 2004-08-30] (Symantec Corporation) S1 se32; C:\Windows\System32\Drivers\se32.sys [12112 2007-05-03] (EnTech Taiwan) S3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2006-06-01] () S4 Simbad; No ImagePath S4 Sparrow; No ImagePath S3 splitter; C:\Windows\System32\drivers\splitter.sys [6400 2006-06-14] (Microsoft Corporation) S0 sr; C:\Windows\System32\DRIVERS\sr.sys [73472 2006-06-01] (Microsoft Corporation) S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH) S3 swmidi; C:\Windows\System32\drivers\swmidi.sys [54272 2001-08-17] (Microsoft Corporation) S4 symc810; No ImagePath S4 symc8xx; No ImagePath S3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [124976 2009-09-25] (Symantec Corporation) S0 symlcbrd; C:\Windows\System32\drivers\symlcbrd.sys [10344 2009-09-25] (Symantec Corporation) S4 sym_hi; No ImagePath S4 sym_u3; No ImagePath S3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [60800 2004-08-03] (Microsoft Corporation) S4 TosIde; No ImagePath S1 uigxrdr; C:\Windows\System32\DRIVERS\uigxrdr.sys [149120 2008-07-29] (GMX GmbH) S3 ulisa; C:\Windows\System32\Drivers\ulisa.sys [120732 2003-04-17] (DeTeWe Berlin) S4 ultra; No ImagePath S3 Update; C:\Windows\System32\DRIVERS\update.sys [364160 2007-04-23] (Microsoft Corporation) S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [7808 2009-02-09] (Nokia) S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [7808 2009-02-09] (Nokia) S0 Vax347b; C:\Windows\System32\DRIVERS\Vax347b.sys [159616 2005-04-25] ( ) S0 Vax347s; C:\Windows\System32\Drivers\Vax347s.sys [5248 2004-04-30] ( ) S4 ViaIde; No ImagePath S3 WDICA; No ImagePath S3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [82944 2006-06-14] (Microsoft Corporation) S3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [232064 2005-05-06] (Marvell) S4 BthServ; S1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-07 13:42 - 2014-01-07 13:42 - 00000000 ____D C:\FRST ==================== One Month Modified Files and Folders ======= 2014-01-07 13:42 - 2014-01-07 13:42 - 00000000 ____D C:\FRST ==================== Known DLLs (Whitelisted) ================ C:\Windows\SysWOW64\advapi32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\comdlg32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\gdi32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\imagehlp.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\kernel32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\lz32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\ole32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\oleaut32.dll IS MISSING <==== ATTENTION! [2006-06-01 20:06] - [2006-06-01 20:06] - 0074752 ____A (Microsoft Corporation) C:\Windows\System32\olecli32.dll C:\Windows\SysWOW64\olecli32.dll IS MISSING <==== ATTENTION! [2006-06-01 20:06] - [2006-06-01 20:06] - 0037888 ____A (Microsoft Corporation) C:\Windows\System32\olecnv32.dll C:\Windows\SysWOW64\olecnv32.dll IS MISSING <==== ATTENTION! [2006-06-01 20:06] - [2006-06-01 20:06] - 0022016 ____A (Microsoft Corporation) C:\Windows\System32\olesvr32.dll C:\Windows\SysWOW64\olesvr32.dll IS MISSING <==== ATTENTION! [2006-06-01 20:06] - [2006-06-01 20:06] - 0069120 ____A (Microsoft Corporation) C:\Windows\System32\olethk32.dll C:\Windows\SysWOW64\olethk32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\rpcrt4.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\shell32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\url.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\urlmon.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\user32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\version.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\wininet.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\wldap32.dll IS MISSING <==== ATTENTION! ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!. C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!. C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!. C:\Windows\explorer.exe IS MISSING <==== ATTENTION!. C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!. C:\Windows\System32\svchost.exe [2006-06-01 20:06] - [2006-06-01 20:06] - 0014336 ____A (Microsoft Corporation) 65A819B121EB6FDAB4400EA42BDFFE64 C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!. C:\Windows\System32\services.exe [2006-06-01 20:06] - [2009-02-09 11:04] - 0111104 ____A (Microsoft Corporation) 65F6B774819BD727358157CEDEA67B8E C:\Windows\System32\User32.dll [2006-06-01 20:06] - [2007-03-08 16:36] - 0579072 ____A (Microsoft Corporation) 492E166CFD26A50FB9160DB536FF7D2B C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\userinit.exe [2006-06-01 20:06] - [2006-06-01 20:06] - 0025088 ____A (Microsoft Corporation) D1E53DC57143F2584B1DD53B036C0633 C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!. C:\Windows\System32\rpcss.dll [2006-06-01 20:06] - [2009-02-09 11:18] - 0399360 ____A (Microsoft Corporation) D45BBCDDC74A1B0259A0C4B00C190D20 C:\Windows\System32\Drivers\volsnap.sys [2006-06-01 20:06] - [2006-06-01 20:06] - 0053760 ____A (Microsoft Corporation) D6888520FF56D72A50437E371CA25FC9 C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!. ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 6% Total physical RAM: 16365.23 MB Available physical RAM: 15272.99 MB Total Pagefile: 16363.38 MB Available Pagefile: 15279.02 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (TB 2) (Fixed) (Total:713.6 GB) (Free:47.48 GB) NTFS Drive d: (TB 1) (Fixed) (Total:683.65 GB) (Free:61.11 GB) NTFS Drive f: (320 C) (Fixed) (Total:298.09 GB) (Free:1.14 GB) NTFS Drive g: () (Fixed) (Total:1862.92 GB) (Free:12.55 GB) NTFS Drive h: (GRMCHPXFREO_DE_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF Drive i: (USB_DISK) (Removable) (Total:3.91 GB) (Free:3.89 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: C63AC63A) Partition 1: (Active) - (Size=298 GB) - (Type=42) Partition 2: (Not Active) - (Size=2361 KB) - (Type=42) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: CAB6BD6F) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=-198731366400) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 1397 GB) (Disk ID: FD0BD189) Partition 1: (Not Active) - (Size=-698732183552) - (Type=OF Extended) ======================================================== Disk: 3 (Size: 4 GB) (Disk ID: B3627CBC) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) ==================== End Of Log ============================ VG |
07.01.2014, 14:46 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7 - Firefox - Bundespolizei "ihr browser hat gesperrt" Hallo und
__________________Zitat:
__________________ |
07.01.2014, 14:50 | #3 |
| Win 7 - Firefox - Bundespolizei "ihr browser hat gesperrt" Im Bios eingestellt, dass er von der DVD starten soll.
__________________Zur Zeit zeigt der infizierte Rechner "Wählen Sie ein Wiederherstellungsstool aus" dann "Eingabeaufforderung" ausgewählt, auf Laufwerk I und von dort frst64 gestartet. Ach Mist, jetzt fällt mir der Grund ein. Ein Freund hatte in meinen neuen Rechner (jetzt ca. 18 Monate alt) meine alte Festplatte (Betriebssystem Win XP) als weitere Festplatte eingebaut. Auf Laufwerk G: befindet sich die Win 7 Version, von der der Rechner auch immer startet). Laufwerk C ist die alte Platte mit XP. Geändert von Sandra666 (07.01.2014 um 15:00 Uhr) |
07.01.2014, 15:22 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7 - Firefox - Bundespolizei "ihr browser hat gesperrt"Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
07.01.2014, 15:32 | #5 |
| Win 7 - Firefox - Bundespolizei "ihr browser hat gesperrt" Nachdem ich x-mal lediglich ein Fenster bekam von welchen Datenträger ich starten möchte und nicht die "Windows Bootabfrage" fand ich das einlegen der DVD einfacher Jetzt habe ich den Rechner ohne DVD, im "Computerreparaturmodus" gestartet FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014 Ran by SYSTEM on MININT-TCH06V1 on 07-01-2014 15:27:22 Running from G:\ Windows 7 Home Premium (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11465832 2010-09-07] (Realtek Semiconductor) HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2412616 2010-08-03] (Logitech Inc.) HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.) HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe [415816 2010-08-03] (Logitech Inc.) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN) HKLM-x32\...\Run: [Memeo Instant Backup] - C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-09-16] (Memeo Inc.) HKU\MS\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung) HKU\MS\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844168 2013-05-19] (Samsung) Startup: C:\Users\MS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Users\MS\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe () ==================== Services (Whitelisted) ================= S2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG) S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.) S2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-12-08] () S2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [75048 2011-12-07] (CyberLink) S2 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [292136 2011-12-07] (CyberLink) S3 DATEV Update-Service; C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [155232 2011-02-21] (DATEV eG) S2 DatevPrintService; C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [79872 2010-12-08] (DATEV eG) S2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [189776 2010-10-28] (DATA BECKER GmbH & Co KG) S2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin) S2 lmab_device; C:\Windows\system32\LMabcoms.exe [1044992 2009-09-09] ( ) S2 lmab_device; C:\Windows\SysWow64\LMabcoms.exe [593920 2009-09-09] ( ) S2 MSSQL$DATEV_CL_DE01; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29286760 2010-02-09] (Microsoft Corporation) S2 softOSD; C:\Program Files (x86)\softOSD\softosd.exe [259832 2007-07-31] (EnTech Taiwan) S2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143552 2012-02-09] (TuneUp Software) ==================== Drivers (Whitelisted) ==================== S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) S1 se64a; C:\Windows\System32\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan) S1 se64a; C:\Windows\SysWow64\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-12-30] (Duplex Secure Ltd.) S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-02-09] (TuneUp Software) S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-11-16] (CyberLink Corp.) S1 acedrv08; \??\C:\Windows\system32\drivers\acedrv08.sys [x] S0 dmboot; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-07 15:27 - 2014-01-07 15:27 - 00000000 ____D C:\FRST 2014-01-07 15:01 - 2014-01-07 13:55 - 01064805 _____ (Farbar) C:\frst.exe 2014-01-07 15:00 - 2014-01-07 14:04 - 00024253 _____ C:\FRST.txt 2014-01-07 15:00 - 2014-01-07 13:35 - 01931762 _____ (Farbar) C:\FRST64.exe 2014-01-07 12:16 - 2014-01-07 12:16 - 01272360 _____ (iMesh Inc) C:\Users\MS\Downloads\iMeshSetup-r1487-w-bi (1).exe 2014-01-07 12:12 - 2014-01-07 12:12 - 01272360 _____ (iMesh Inc) C:\Users\MS\Downloads\iMeshSetup-r1487-w-bi.exe 2014-01-05 19:15 - 2014-01-05 21:06 - 00000000 ____D C:\Users\MS\Downloads\ATK Pregnant Amateurs 6 (Year_ 2012) 2014-01-05 18:52 - 2014-01-05 21:08 - 00000000 ____D C:\Users\MS\Downloads\ATK Pregnant Amateurs 4 (Year_ 2011) 2014-01-05 18:40 - 2014-01-05 18:49 - 00000000 ____D C:\Users\MS\Downloads\Pregnant Climax 16 (Yar_ 2008) 2014-01-05 05:30 - 2014-01-05 05:49 - 00000000 ____D C:\Users\MS\Downloads\VIDEOOT-NWCLMX52 2014-01-05 05:19 - 2014-01-05 05:34 - 00000000 ____D C:\Users\MS\Downloads\TChSFit3 2014-01-05 05:07 - 2014-01-05 05:21 - 00000000 ____D C:\Users\MS\Downloads\ILikeBB10 2014-01-05 04:45 - 2014-01-05 05:02 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_HornyAssFuckers1 2014-01-04 01:23 - 2014-01-04 01:49 - 00000000 ____D C:\Users\MS\Downloads\BaSlt5 2014-01-04 00:54 - 2014-01-04 01:26 - 00000000 ____D C:\Users\MS\Downloads\18wait4 2014-01-03 19:20 - 2014-01-03 19:33 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_GayCamping 2014-01-03 18:57 - 2014-01-03 19:21 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_IndecentFantasies 2014-01-03 18:20 - 2014-01-03 18:35 - 00000000 ____D C:\Users\MS\Downloads\relink.us - roh - IDdd74d2ffb468a76d425392f4139ba5 2014-01-03 17:18 - 2014-01-03 17:53 - 00000000 ____D C:\Users\MS\Downloads\BbysASl5 2014-01-03 16:56 - 2014-01-03 17:35 - 00000000 ____D C:\Users\MS\Downloads\18anwa5 2014-01-03 16:49 - 2014-01-03 16:58 - 00000000 ____D C:\Users\MS\Downloads\Look Dad Im In Porn 3 2014-01-03 16:37 - 2014-01-03 16:50 - 00000000 ____D C:\Users\MS\Downloads\717152 2014-01-03 16:36 - 2014-01-03 16:36 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_CumCumCum 2014-01-03 16:28 - 2014-01-03 16:38 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_KleineStrolche 2014-01-03 16:14 - 2014-01-03 16:29 - 00000000 ____D C:\Users\MS\Downloads\B.ise.xCr.ea.mP.ie_L6C6F6.ru_L6C6F6.net_EPIDEMZ.NET 2014-01-03 16:04 - 2014-01-05 18:33 - 00000000 ____D C:\Users\MS\Downloads\Bi-Wir stopfen alle L_cher 2014-01-03 15:54 - 2014-01-04 00:59 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_PlayingTheField 2014-01-03 15:25 - 2014-01-03 15:59 - 00000000 ____D C:\Users\MS\Downloads\RocPrSl2 2014-01-03 14:47 - 2014-01-03 14:47 - 479890516 _____ C:\Windows\MEMORY.DMP 2014-01-03 14:47 - 2014-01-03 14:47 - 00266320 _____ C:\Windows\Minidump\010314-18033-01.dmp 2014-01-01 21:11 - 2014-01-03 16:04 - 00000000 ____D C:\Users\MS\Downloads\pvcastnxtgen2 2014-01-01 20:40 - 2014-01-02 22:47 - 00000000 ____D C:\Users\MS\Downloads\ps61ilodimta 2013-12-31 16:45 - 2014-01-01 20:40 - 00000000 ____D C:\Users\MS\Downloads\JizTee 2013-12-30 23:50 - 2013-12-31 00:04 - 00000000 ____D C:\Users\MS\Downloads\VIDEOOT-SXTNXTRM 2013-12-29 22:57 - 2013-12-29 23:16 - 00000000 ____D C:\Users\MS\Downloads\itjob 2013-12-29 22:42 - 2013-12-29 23:05 - 00000000 ____D C:\Users\MS\Downloads\shadoll004 2013-12-29 22:24 - 2013-12-29 22:50 - 00000000 ____D C:\Users\MS\Downloads\bl140 2013-12-29 06:02 - 2013-12-29 07:40 - 00000000 ____D C:\Users\MS\Downloads\VIDEOOT-1810BRNTSSHVMRFN 2013-12-29 05:53 - 2013-12-29 06:13 - 00000000 ____D C:\Users\MS\Downloads\relink.us - pgdvd037 - ID65adcf9a0c82fcbafecd3009eb8f7b 2013-12-28 23:40 - 2013-12-28 23:45 - 00000000 ____D C:\Users\MS\Downloads\nanc1912_SD_BLOG 2013-12-28 23:25 - 2013-12-28 23:42 - 00000000 ____D C:\Users\MS\Downloads\Girls_And_Their_Boys_8_BLOG 2013-12-28 23:10 - 2013-12-28 23:28 - 00000000 ____D C:\Users\MS\Downloads\htpuat 2013-12-28 22:57 - 2013-12-28 23:12 - 00000000 ____D C:\Users\MS\Downloads\isex2 2013-12-28 21:33 - 2013-12-28 21:33 - 00000000 ____D C:\Users\MS\Downloads\VIDEOOT-SEVSPCL22 2013-12-28 21:30 - 2013-12-29 18:48 - 00000000 ____D C:\Users\MS\Downloads\Czech_Public_Fucksters 2013-12-28 21:30 - 2013-12-28 21:42 - 00000000 ____D C:\Users\MS\Downloads\zi0h2wbn.vz4 2013-12-28 06:51 - 2013-12-28 07:44 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_AnAmericanInPrague-TheRemake1 2013-12-28 06:36 - 2013-12-28 06:55 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_DirtyNLovinIt 2013-12-28 06:33 - 2013-12-28 06:34 - 00000000 ____D C:\Users\MS\Downloads\tatlov-tficken_Epidemz.net.KOMAPz.net 2013-12-28 05:58 - 2013-12-28 05:58 - 00285048 _____ C:\Windows\Minidump\122813-23602-01.dmp 2013-12-27 21:35 - 2013-12-27 21:46 - 00000000 ____D C:\Users\MS\Downloads\BisexualCuckold4 2013-12-27 21:16 - 2013-12-27 22:01 - 00000000 ____D C:\Users\MS\Downloads\B.is.exC.re.amP.ie12_L6C6F6.ru_L6C6F6.net_EPIDEMZ.NET 2013-12-27 21:09 - 2013-12-27 22:01 - 00000000 ____D C:\Users\MS\Downloads\L.ov.er.s9_L6C6F6.ru_L6C6F6.net_EPIDEMZ.NET 2013-12-27 21:00 - 2013-12-27 22:01 - 00000000 ____D C:\Users\MS\Downloads\B.ise.xCr.ea.mP.ie2_L6C6F6.ru_L6C6F6.net_EPIDEMZ.NET 2013-12-27 20:50 - 2013-12-27 21:04 - 00000000 ____D C:\Users\MS\Downloads\B.ise.xCr.ea.mP.ie8_L6C6F6.ru_L6C6F6.net_EPIDEMZ.NET 2013-12-27 20:38 - 2013-12-27 20:53 - 00000000 ____D C:\Users\MS\Downloads\L.ov.er.s10_L6C6F6.ru_L6C6F6.net_EPIDEMZ.NET 2013-12-27 20:09 - 2013-12-27 20:30 - 00000000 ____D C:\Users\MS\Downloads\AnalSweethearts5DVDx264XCiTE 2013-12-27 07:33 - 2013-12-27 08:03 - 00000000 ____D C:\Users\MS\Downloads\Cute Redhead Teen teen Gangbang.flv 2013-12-27 07:29 - 2013-12-27 07:41 - 00000000 ____D C:\Users\MS\Downloads\Z44B 570 Redhead Outdoor Nights.flv 2013-12-27 07:23 - 2013-12-27 07:29 - 00000000 ____D C:\Users\MS\Downloads\Z44B 1480 Redhead Teen in a RV.flv 2013-12-27 07:18 - 2013-12-27 07:23 - 00000000 ____D C:\Users\MS\Downloads\Busty Girl with saggy tits on Roller skates gets fucked.flv 2013-12-27 07:04 - 2013-12-27 07:18 - 00000000 ____D C:\Users\MS\Downloads\Redhead Teen Gets Fucked A Facialed !.flv 2013-12-27 07:00 - 2013-12-27 07:04 - 00000000 ____D C:\Users\MS\Downloads\Z44B 1387 Redhead Nurse In White.flv 2013-12-27 06:51 - 2013-12-27 07:00 - 00000000 ____D C:\Users\MS\Downloads\Z44B 1086 Redhead Teen Fully Facialized.flv 2013-12-27 06:49 - 2013-12-27 07:33 - 00000000 ____D C:\Users\MS\Downloads\Z44B 475 Redhead on Roller Skates.flv 2013-12-27 06:43 - 2013-12-27 07:55 - 00000000 ____D C:\Users\MS\Downloads\bfme008 2013-12-27 06:26 - 2013-12-27 06:49 - 00000000 ____D C:\Users\MS\Downloads\bfme007 2013-12-27 06:23 - 2013-12-27 22:01 - 00000000 ____D C:\Users\MS\Downloads\PregAmas7 2013-12-27 06:21 - 2013-12-27 06:21 - 00000000 ____D C:\Users\MS\Downloads\Ist.Jung.Schwanger.Und.Notgeil.wmv 2013-12-27 06:19 - 2013-12-27 06:27 - 00000000 ____D C:\Users\MS\Downloads\bfme005 2013-12-27 06:09 - 2013-12-27 06:19 - 00000000 ____D C:\Users\MS\Downloads\Pregnant_THE_DROP_ZONE.avi 2013-12-27 06:00 - 2013-12-27 06:17 - 00000000 ____D C:\Users\MS\Downloads\bfme004 2013-12-26 03:17 - 2013-12-26 03:44 - 00000000 ____D C:\Users\MS\Downloads\1512.Sw.P.To.5.salien84.mp4 2013-12-26 02:48 - 2013-12-26 03:27 - 00000000 ____D C:\Users\MS\Downloads\VIDEOOT-FAT10GRS 2013-12-26 02:48 - 2013-12-26 03:12 - 00000000 ____D C:\Users\MS\Downloads\VIDEOOT-SEVTHBOS06HPH 2013-12-25 16:49 - 2013-12-25 17:10 - 00000000 ____D C:\Users\MS\Downloads\Vh6k_h7U 2013-12-25 16:45 - 2013-12-25 16:58 - 00000000 ____D C:\Users\MS\Downloads\VIDEOOT-SNNRSBD10 2013-12-25 16:33 - 2013-12-25 17:04 - 00000000 ____D C:\Users\MS\Downloads\VIDEOOT-SEVTHBSTF1712 2013-12-25 16:24 - 2013-12-25 17:21 - 00000000 ____D C:\Users\MS\Downloads\VIDEOOT-SEVTHBSTF1711 2013-12-25 16:07 - 2013-12-25 16:37 - 00000000 ____D C:\Users\MS\Downloads\01+++jdbbmm 2013-12-25 15:02 - 2013-12-25 15:02 - 00000000 ____H C:\Users\MS\Documents\Default.rdp 2013-12-24 21:34 - 2013-12-24 21:58 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_FreshmanClassBareback 2013-12-24 21:21 - 2013-12-24 21:39 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_TwinkFuckers 2013-12-24 20:57 - 2013-12-24 21:25 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_BiCollegeGuys1 2013-12-24 20:57 - 2013-12-24 21:09 - 00000000 ____D C:\Users\MS\Downloads\Little Lystra bound and teased by her mistress.flv 2013-12-24 20:57 - 2013-12-24 21:09 - 00000000 ____D C:\Users\MS\Downloads\Little Lystra bound and gagged for pleasure and teased by her busty mistress.flv 2013-12-24 20:42 - 2013-12-24 20:58 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_BiCollegeGuys2 2013-12-24 20:19 - 2013-12-24 20:45 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_BiCollegeGuys3 2013-12-24 20:01 - 2013-12-24 20:15 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_Sexy 2013-12-24 19:06 - 2013-12-24 19:25 - 00000000 ____D C:\Users\MS\Downloads\4guoruuz.sn4 2013-12-24 19:06 - 2013-12-24 19:14 - 00000000 ____D C:\Users\MS\Downloads\bfme001 2013-12-24 18:48 - 2013-12-24 19:02 - 00000000 ____D C:\Users\MS\Downloads\mdfyc2.avi 2013-12-24 18:48 - 2013-12-24 18:59 - 00000000 ____D C:\Users\MS\Downloads\bfme002 2013-12-24 00:34 - 2013-12-24 00:52 - 00000000 ____D C:\Users\MS\Downloads\VIDEOOT-SEVTHBSTF1707 2013-12-24 00:21 - 2013-12-24 00:38 - 00000000 ____D C:\Users\MS\Downloads\VIDEOOT-SEVTHBSTF1709 2013-12-24 00:04 - 2013-12-24 00:20 - 00000000 ____D C:\Users\MS\Downloads\atholes004 2013-12-23 20:35 - 2013-12-24 00:05 - 00000000 ____D C:\Users\MS\Downloads\atholes005 2013-12-23 19:23 - 2013-12-23 19:24 - 00293184 _____ C:\Windows\Minidump\122313-51277-01.dmp 2013-12-23 18:21 - 2013-12-24 01:07 - 00000000 ____D C:\Users\MS\Downloads\Kin8tengoku.SiteRip 2013-12-23 00:41 - 2014-01-03 18:00 - 00000462 _____ C:\Windows\Tasks\ParetoLogic Registration3.job 2013-12-23 00:41 - 2013-12-23 00:41 - 00003120 _____ C:\Windows\System32\Tasks\ParetoLogic Registration3 2013-12-23 00:41 - 2013-12-23 00:41 - 00000000 ____D C:\Users\MS\AppData\Roaming\ParetoLogic 2013-12-23 00:41 - 2013-12-23 00:41 - 00000000 ____D C:\Users\MS\AppData\Roaming\DriverCure 2013-12-23 00:40 - 2014-01-07 08:09 - 00000376 _____ C:\Windows\Tasks\PC Health Advisor.job 2013-12-23 00:40 - 2014-01-06 06:02 - 00000436 _____ C:\Windows\Tasks\ParetoLogic Update Version3.job 2013-12-23 00:40 - 2013-12-23 13:08 - 00000394 _____ C:\Windows\Tasks\PC Health Advisor Defrag.job 2013-12-23 00:40 - 2013-12-23 00:40 - 00003290 _____ C:\Windows\System32\Tasks\PC Health Advisor 2013-12-23 00:40 - 2013-12-23 00:40 - 00003262 _____ C:\Windows\System32\Tasks\PC Health Advisor Defrag 2013-12-23 00:40 - 2013-12-23 00:40 - 00003240 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3 2013-12-23 00:40 - 2013-12-23 00:40 - 00001097 _____ C:\Users\MS\Desktop\ParetoLogic PC Health Advisor.lnk 2013-12-23 00:40 - 2013-12-23 00:40 - 00000000 ____D C:\ProgramData\ParetoLogic 2013-12-23 00:40 - 2013-12-23 00:40 - 00000000 ____D C:\Program Files (x86)\ParetoLogic 2013-12-23 00:39 - 2013-12-23 00:39 - 05249448 _____ (ParetoLogic Inc.) C:\Users\MS\Downloads\ParetoLogic PC Health Advisor_de.exe 2013-12-23 00:05 - 2013-12-23 00:05 - 00292672 _____ C:\Windows\Minidump\122313-25802-01.dmp 2013-12-22 19:13 - 2013-12-22 19:39 - 00000000 ____D C:\Users\MS\Downloads\Natural-Wonders-Of-The-World-Bustin-Out 2013-12-22 19:04 - 2013-12-22 19:33 - 00000000 ____D C:\Users\MS\Downloads\relink.us - Natural Wonders Superstars 8 - ID411cc31a52a9c89b161aa1511966c5 2013-12-22 18:21 - 2013-12-22 19:04 - 00000000 ____D C:\Users\MS\Downloads\TeFant2.wmv 2013-12-22 18:00 - 2013-12-22 18:39 - 00000000 ____D C:\Users\MS\Downloads\TeSW 2013-12-22 17:38 - 2013-12-22 18:01 - 00000000 ____D C:\Users\MS\Downloads\relink.us - The Cock Pit 3 - ID5cb16a8757f08d14ebf51435f59e38 2013-12-22 17:01 - 2013-12-24 00:18 - 00000000 ____D C:\Users\MS\Downloads\relink.us - Big Natural Breasts 12 - IDd1a469c70cac028f2845bb52c8436c 2013-12-22 16:57 - 2013-12-22 17:21 - 00000000 ____D C:\Users\MS\Downloads\relink.us - Natural Wonders Superstars 14 - ID6bc1dbe113c8dc60c567b203df0f75 2013-12-22 16:38 - 2013-12-22 17:01 - 00000000 ____D C:\Users\MS\Downloads\relink.us - Natural Wonders Of The World_ All Double Penetration 2 - ID83f9c68d7a95f00d11b982676e5b30 2013-12-22 16:38 - 2013-12-22 16:57 - 00000000 ____D C:\Users\MS\Downloads\All-Sexy_com-NaWOTW6 2013-12-22 15:59 - 2013-12-22 15:59 - 00129112 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-22 15:59 - 2013-12-22 15:59 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Memeo 2013-12-21 19:29 - 2013-12-21 19:42 - 00000000 ____D C:\Users\MS\Downloads\itssobig 2013-12-21 13:40 - 2013-12-22 09:49 - 00000000 ____D C:\Users\MS\Documents\PersBackup 2013-12-21 13:40 - 2013-12-21 19:06 - 00000000 ____D C:\Users\MS\AppData\Roaming\PersBackup5 2013-12-21 13:40 - 2013-12-21 13:40 - 00000000 ____D C:\Program Files\Personal Backup 5 2013-12-21 13:39 - 2013-12-21 13:39 - 17261019 _____ C:\Users\MS\Downloads\Personal_Backup_5.5.2.1.zip 2013-12-21 13:13 - 2013-12-21 13:34 - 00000000 ____D C:\Users\MS\MEDION NAS TOOL 2013-12-21 13:09 - 2013-12-21 13:09 - 00002140 _____ C:\Users\Public\Desktop\MEDION NAS TOOL.lnk 2013-12-21 13:09 - 2013-12-21 13:09 - 00001161 _____ C:\Users\Public\Desktop\Memeo Instant Backup.lnk 2013-12-21 13:09 - 2013-12-21 13:09 - 00000000 ____D C:\Users\MS\AppData\Roaming\Memeo 2013-12-21 13:09 - 2013-12-21 13:09 - 00000000 ____D C:\Program Files (x86)\Memeo 2013-12-21 13:08 - 2013-12-21 13:08 - 00000000 ____D C:\Program Files (x86)\MEDION 2013-12-21 03:14 - 2013-12-21 03:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-21 03:01 - 2013-12-21 03:27 - 00000000 ____D C:\Users\MS\Downloads\Young2 2013-12-21 02:54 - 2013-12-21 03:16 - 00000000 ____D C:\Users\MS\Downloads\MeLU8 2013-12-21 02:33 - 2013-12-21 03:01 - 00000000 ____D C:\Users\MS\Downloads\JeAGS 2013-12-21 02:33 - 2013-12-21 02:54 - 00000000 ____D C:\Users\MS\Downloads\BanTGND3 2013-12-21 02:24 - 2013-12-21 03:16 - 00000000 ____D C:\Users\MS\Downloads\TightSTP6 2013-12-19 20:15 - 2013-12-19 20:29 - 00000000 ____D C:\Users\MS\Downloads\atfromr03 2013-12-19 19:55 - 2013-12-19 20:17 - 00000000 ____D C:\Users\MS\Downloads\CDRe 2013-12-19 19:35 - 2013-12-19 20:01 - 00000000 ____D C:\Users\MS\Downloads\relink.us - pgdvd028 - ID5a8eef35b2d201618f44c580eaa163 2013-12-19 19:35 - 2013-12-19 19:55 - 00000000 ____D C:\Users\MS\Downloads\Debutantes_cul 2013-12-19 18:58 - 2013-12-19 19:27 - 00000000 ____D C:\Users\MS\Downloads\TBCTW2 2013-12-19 18:58 - 2013-12-19 19:21 - 00000000 ____D C:\Users\MS\Downloads\Eege 2013-12-18 19:52 - 2013-12-18 20:01 - 00000000 ____D C:\Users\MS\Downloads\Schau_wie_ich_die_Teenies_ficke_6_BLOG 2013-12-18 19:10 - 2013-12-18 19:35 - 00000000 ____D C:\Users\MS\Downloads\ShSc2 2013-12-18 18:48 - 2013-12-18 19:48 - 00000000 ____D C:\Users\MS\Downloads\MyFT 2013-12-18 18:48 - 2013-12-18 19:18 - 00000000 ____D C:\Users\MS\Downloads\uc-doant 2013-12-18 18:34 - 2013-12-18 18:48 - 00000000 ____D C:\Users\MS\Downloads\Unplanned_Orgies 2013-12-17 21:39 - 2013-12-17 22:02 - 00000000 ____D C:\Users\MS\Downloads\VIDEOOT-SEVSWTHRTSPRNTR05 2013-12-17 21:23 - 2013-12-17 21:44 - 00000000 ____D C:\Users\MS\Downloads\C3-C 2013-12-17 21:09 - 2013-12-17 21:31 - 00000000 ____D C:\Users\MS\Downloads\C2-C 2013-12-17 20:56 - 2013-12-17 21:23 - 00000000 ____D C:\Users\MS\Downloads\C1-C 2013-12-17 20:44 - 2013-12-17 21:09 - 00000000 ____D C:\Users\MS\Downloads\ss27ss 2013-12-17 20:44 - 2013-12-17 21:06 - 00000000 ____D C:\Users\MS\Downloads\op46R 2013-12-17 20:23 - 2013-12-17 20:44 - 00000000 ____D C:\Users\MS\Downloads\MCCL 2013-12-15 20:57 - 2013-12-15 21:11 - 00000000 ____D C:\Users\MS\Downloads\Chick 2013-12-15 19:41 - 2013-12-15 20:00 - 00000000 ____D C:\Users\MS\Downloads\18_Rock 2013-12-15 19:32 - 2013-12-15 19:44 - 00000000 ____D C:\Users\MS\Downloads\AEProgram 2013-12-15 19:19 - 2013-12-15 19:36 - 00000000 ____D C:\Users\MS\Downloads\Look 2013-12-15 19:07 - 2013-12-15 19:23 - 00000000 ____D C:\Users\MS\Downloads\Ma_gic_W_and_V_irg_ins_F_rom_R_uss_ia 2013-12-14 23:34 - 2013-12-14 23:42 - 00000000 ____D C:\Users\MS\Downloads\SC#8 2013-12-14 22:52 - 2013-12-14 23:03 - 00000000 ____D C:\Users\MS\Downloads\Naughty.Sex.Fantasies 2013-12-14 22:40 - 2013-12-14 22:58 - 00000000 ____D C:\Users\MS\Downloads\Shes Only 18 Folge 10 2013-12-14 22:31 - 2013-12-14 22:42 - 00000000 ____D C:\Users\MS\Downloads\YMParlorG 2013-12-14 22:22 - 2013-12-14 22:32 - 00000000 ____D C:\Users\MS\Downloads\Was_mich_anmacht 2013-12-14 04:36 - 2013-12-14 04:36 - 00266320 _____ C:\Windows\Minidump\121413-16629-01.dmp 2013-12-13 15:51 - 2013-12-13 16:09 - 00000000 ____D C:\Users\MS\Downloads\Teeny_Hot_Spots_10_-_Video 2013-12-13 15:38 - 2013-12-13 16:03 - 00000000 ____D C:\Users\MS\Downloads\VIDEOOT-SEV10FRMHLLND19 2013-12-12 18:53 - 2013-12-12 19:05 - 00000000 ____D C:\Users\MS\Downloads\MvTM 2013-12-12 18:38 - 2013-12-12 18:56 - 00000000 ____D C:\Users\MS\Downloads\Teens_With_Tits 2013-12-12 18:23 - 2013-12-12 18:41 - 00000000 ____D C:\Users\MS\Downloads\Russian_Institute_Lesson_19_Holidays_at_my_parents 2013-12-11 20:48 - 2013-12-11 21:06 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_3WayKaos 2013-12-11 20:09 - 2013-12-11 20:26 - 00000000 ____D C:\Users\MS\Downloads\Pretty 2013-12-11 19:35 - 2013-12-11 19:49 - 00000000 ____D C:\Users\MS\Downloads\CmGlzd4 2013-12-11 19:20 - 2013-12-11 19:42 - 00000000 ____D C:\Users\MS\Downloads\148...QQWQ 2013-12-11 19:20 - 2013-12-11 19:21 - 00000000 ____D C:\Users\MS\Downloads\GinaLisa_XXX-bLog.to 2013-12-11 19:15 - 2013-12-11 19:20 - 00000000 ____D C:\Users\MS\Downloads\Deutsche_Schlampe_wird_nach_Oktoberfest_total_besoffen_in_Disco_durchgefickt.flv 2013-12-11 19:15 - 2013-12-11 19:18 - 00000000 ____D C:\Users\MS\Downloads\Deutsche_Fitnesstrainerin_mit_dicken_Titten_wird_von_ihrem_Stiefbruder_in_Bad_gebumst.wmv 2013-12-11 16:42 - 2013-12-11 17:03 - 00000000 ____D C:\Users\MS\Downloads\pvgtef7 2013-12-11 00:55 - 2013-12-11 01:25 - 00000000 ____D C:\Users\MS\Downloads\LtsTrAnl8 2013-12-11 00:41 - 2013-12-11 01:05 - 00000000 ____D C:\Users\MS\Downloads\Lets.Try.An8 2013-12-11 00:28 - 2013-12-11 00:56 - 00000000 ____D C:\Users\MS\Downloads\Beautiful.Couples 2013-12-11 00:28 - 2013-12-11 00:41 - 00000000 ____D C:\Users\MS\Downloads\DLD-JM 2013-12-10 15:51 - 2013-12-10 15:51 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-12-09 22:22 - 2013-12-09 22:36 - 00000000 ____D C:\Users\MS\Downloads\uc-pmatigs11 2013-12-09 21:50 - 2013-12-09 22:18 - 00000000 ____D C:\Users\MS\Downloads\3StuSusUns 2013-12-09 21:49 - 2013-12-09 22:17 - 00000000 ____D C:\Users\MS\Downloads\relink.us - pgdvd014 - IDce3e7d44fc823e00ee6db99e82d71a 2013-12-08 20:55 - 2013-12-08 20:55 - 00266320 _____ C:\Windows\Minidump\120813-19578-01.dmp 2013-12-08 18:48 - 2013-12-09 23:11 - 00000000 ____D C:\Users\MS\Downloads\relink.us - Best Of Amateurclips - 350+ Clips (ul.to) - ID7a35fb2be97792f208d6a732fd1c92 2013-12-08 18:17 - 2013-12-08 18:35 - 00000000 ____D C:\Users\MS\Downloads\RussianInstitute16 2013-12-08 18:00 - 2013-12-08 18:20 - 00000000 ____D C:\Users\MS\Downloads\Film1-B.ul ==================== One Month Modified Files and Folders ======= 2014-01-07 15:27 - 2014-01-07 15:27 - 00000000 ____D C:\FRST 2014-01-07 15:22 - 2011-12-22 16:21 - 00000000 ____D C:\Users\MS\AppData\Roaming\FRITZ! 2014-01-07 15:20 - 2012-03-02 13:26 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-07 15:20 - 2011-12-21 19:42 - 00367381 _____ C:\Users\MS\DesktopStCenter.txt 2014-01-07 15:20 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-07 15:20 - 2009-07-14 05:51 - 00095351 _____ C:\Windows\setupact.log 2014-01-07 15:19 - 2011-12-20 18:59 - 00000000 ____D C:\ProgramData\NVIDIA 2014-01-07 15:07 - 2011-12-20 17:23 - 01250736 _____ C:\Windows\WindowsUpdate.log 2014-01-07 15:07 - 2009-07-14 05:45 - 00015120 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-07 15:07 - 2009-07-14 05:45 - 00015120 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-07 15:05 - 2012-03-02 13:26 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-07 14:04 - 2014-01-07 15:00 - 00024253 _____ C:\FRST.txt 2014-01-07 13:55 - 2014-01-07 15:01 - 01064805 _____ (Farbar) C:\frst.exe 2014-01-07 13:35 - 2014-01-07 15:00 - 01931762 _____ (Farbar) C:\FRST64.exe 2014-01-07 12:18 - 2009-07-14 18:58 - 00714408 _____ C:\Windows\System32\perfh007.dat 2014-01-07 12:18 - 2009-07-14 18:58 - 00154636 _____ C:\Windows\System32\perfc007.dat 2014-01-07 12:18 - 2009-07-14 06:13 - 01655156 _____ C:\Windows\System32\PerfStringBackup.INI 2014-01-07 12:16 - 2014-01-07 12:16 - 01272360 _____ (iMesh Inc) C:\Users\MS\Downloads\iMeshSetup-r1487-w-bi (1).exe 2014-01-07 12:12 - 2014-01-07 12:12 - 01272360 _____ (iMesh Inc) C:\Users\MS\Downloads\iMeshSetup-r1487-w-bi.exe 2014-01-07 08:09 - 2013-12-23 00:40 - 00000376 _____ C:\Windows\Tasks\PC Health Advisor.job 2014-01-06 22:35 - 2011-12-20 19:05 - 00000000 ____D C:\Users\MS\AppData\Roaming\vlc 2014-01-06 17:06 - 2013-01-22 12:44 - 01557504 ___SH C:\Users\MS\Desktop\Thumbs.db 2014-01-06 16:57 - 2013-02-07 14:56 - 00000000 ___RD C:\Users\MS\Documents\Dropbox 2014-01-06 16:57 - 2012-11-02 17:06 - 00000000 ____D C:\Users\MS\AppData\Roaming\Dropbox 2014-01-06 06:02 - 2013-12-23 00:40 - 00000436 _____ C:\Windows\Tasks\ParetoLogic Update Version3.job 2014-01-05 21:08 - 2014-01-05 18:52 - 00000000 ____D C:\Users\MS\Downloads\ATK Pregnant Amateurs 4 (Year_ 2011) 2014-01-05 21:06 - 2014-01-05 19:15 - 00000000 ____D C:\Users\MS\Downloads\ATK Pregnant Amateurs 6 (Year_ 2012) 2014-01-05 18:49 - 2014-01-05 18:40 - 00000000 ____D C:\Users\MS\Downloads\Pregnant Climax 16 (Yar_ 2008) 2014-01-05 18:33 - 2014-01-03 16:04 - 00000000 ____D C:\Users\MS\Downloads\Bi-Wir stopfen alle L_cher 2014-01-05 05:49 - 2014-01-05 05:30 - 00000000 ____D C:\Users\MS\Downloads\VIDEOOT-NWCLMX52 2014-01-05 05:34 - 2014-01-05 05:19 - 00000000 ____D C:\Users\MS\Downloads\TChSFit3 2014-01-05 05:21 - 2014-01-05 05:07 - 00000000 ____D C:\Users\MS\Downloads\ILikeBB10 2014-01-05 05:02 - 2014-01-05 04:45 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_HornyAssFuckers1 2014-01-04 01:49 - 2014-01-04 01:23 - 00000000 ____D C:\Users\MS\Downloads\BaSlt5 2014-01-04 01:26 - 2014-01-04 00:54 - 00000000 ____D C:\Users\MS\Downloads\18wait4 2014-01-04 00:59 - 2014-01-03 15:54 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_PlayingTheField 2014-01-03 19:33 - 2014-01-03 19:20 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_GayCamping 2014-01-03 19:21 - 2014-01-03 18:57 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_IndecentFantasies 2014-01-03 18:35 - 2014-01-03 18:20 - 00000000 ____D C:\Users\MS\Downloads\relink.us - roh - IDdd74d2ffb468a76d425392f4139ba5 2014-01-03 18:00 - 2013-12-23 00:41 - 00000462 _____ C:\Windows\Tasks\ParetoLogic Registration3.job 2014-01-03 17:53 - 2014-01-03 17:18 - 00000000 ____D C:\Users\MS\Downloads\BbysASl5 2014-01-03 17:35 - 2014-01-03 16:56 - 00000000 ____D C:\Users\MS\Downloads\18anwa5 2014-01-03 16:58 - 2014-01-03 16:49 - 00000000 ____D C:\Users\MS\Downloads\Look Dad Im In Porn 3 2014-01-03 16:50 - 2014-01-03 16:37 - 00000000 ____D C:\Users\MS\Downloads\717152 2014-01-03 16:38 - 2014-01-03 16:28 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_KleineStrolche 2014-01-03 16:36 - 2014-01-03 16:36 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_CumCumCum 2014-01-03 16:29 - 2014-01-03 16:14 - 00000000 ____D C:\Users\MS\Downloads\B.ise.xCr.ea.mP.ie_L6C6F6.ru_L6C6F6.net_EPIDEMZ.NET 2014-01-03 16:04 - 2014-01-01 21:11 - 00000000 ____D C:\Users\MS\Downloads\pvcastnxtgen2 2014-01-03 15:59 - 2014-01-03 15:25 - 00000000 ____D C:\Users\MS\Downloads\RocPrSl2 2014-01-03 14:47 - 2014-01-03 14:47 - 479890516 _____ C:\Windows\MEMORY.DMP 2014-01-03 14:47 - 2014-01-03 14:47 - 00266320 _____ C:\Windows\Minidump\010314-18033-01.dmp 2014-01-03 14:47 - 2012-11-19 20:06 - 00000000 ____D C:\Windows\Minidump 2014-01-02 23:37 - 2013-06-30 00:47 - 00000000 ____D C:\Users\MS\Downloads\Pure 2014-01-02 22:47 - 2014-01-01 20:40 - 00000000 ____D C:\Users\MS\Downloads\ps61ilodimta 2014-01-01 20:40 - 2013-12-31 16:45 - 00000000 ____D C:\Users\MS\Downloads\JizTee 2013-12-31 00:04 - 2013-12-30 23:50 - 00000000 ____D C:\Users\MS\Downloads\VIDEOOT-SXTNXTRM 2013-12-29 23:16 - 2013-12-29 22:57 - 00000000 ____D C:\Users\MS\Downloads\itjob 2013-12-29 23:05 - 2013-12-29 22:42 - 00000000 ____D C:\Users\MS\Downloads\shadoll004 2013-12-29 22:50 - 2013-12-29 22:24 - 00000000 ____D C:\Users\MS\Downloads\bl140 2013-12-29 18:48 - 2013-12-28 21:30 - 00000000 ____D C:\Users\MS\Downloads\Czech_Public_Fucksters 2013-12-29 07:40 - 2013-12-29 06:02 - 00000000 ____D C:\Users\MS\Downloads\VIDEOOT-1810BRNTSSHVMRFN 2013-12-29 06:13 - 2013-12-29 05:53 - 00000000 ____D C:\Users\MS\Downloads\relink.us - pgdvd037 - ID65adcf9a0c82fcbafecd3009eb8f7b 2013-12-28 23:45 - 2013-12-28 23:40 - 00000000 ____D C:\Users\MS\Downloads\nanc1912_SD_BLOG 2013-12-28 23:42 - 2013-12-28 23:25 - 00000000 ____D C:\Users\MS\Downloads\Girls_And_Their_Boys_8_BLOG 2013-12-28 23:28 - 2013-12-28 23:10 - 00000000 ____D C:\Users\MS\Downloads\htpuat 2013-12-28 23:12 - 2013-12-28 22:57 - 00000000 ____D C:\Users\MS\Downloads\isex2 2013-12-28 21:42 - 2013-12-28 21:30 - 00000000 ____D C:\Users\MS\Downloads\zi0h2wbn.vz4 2013-12-28 21:33 - 2013-12-28 21:33 - 00000000 ____D C:\Users\MS\Downloads\VIDEOOT-SEVSPCL22 2013-12-28 08:05 - 2013-07-20 15:30 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org 2013-12-28 07:44 - 2013-12-28 06:51 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_AnAmericanInPrague-TheRemake1 2013-12-28 06:55 - 2013-12-28 06:36 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_DirtyNLovinIt 2013-12-28 06:34 - 2013-12-28 06:33 - 00000000 ____D C:\Users\MS\Downloads\tatlov-tficken_Epidemz.net.KOMAPz.net 2013-12-28 05:58 - 2013-12-28 05:58 - 00285048 _____ C:\Windows\Minidump\122813-23602-01.dmp 2013-12-27 22:01 - 2013-12-27 21:16 - 00000000 ____D C:\Users\MS\Downloads\B.is.exC.re.amP.ie12_L6C6F6.ru_L6C6F6.net_EPIDEMZ.NET 2013-12-27 22:01 - 2013-12-27 21:09 - 00000000 ____D C:\Users\MS\Downloads\L.ov.er.s9_L6C6F6.ru_L6C6F6.net_EPIDEMZ.NET 2013-12-27 22:01 - 2013-12-27 21:00 - 00000000 ____D C:\Users\MS\Downloads\B.ise.xCr.ea.mP.ie2_L6C6F6.ru_L6C6F6.net_EPIDEMZ.NET 2013-12-27 22:01 - 2013-12-27 06:23 - 00000000 ____D C:\Users\MS\Downloads\PregAmas7 2013-12-27 21:46 - 2013-12-27 21:35 - 00000000 ____D C:\Users\MS\Downloads\BisexualCuckold4 2013-12-27 21:04 - 2013-12-27 20:50 - 00000000 ____D C:\Users\MS\Downloads\B.ise.xCr.ea.mP.ie8_L6C6F6.ru_L6C6F6.net_EPIDEMZ.NET 2013-12-27 20:53 - 2013-12-27 20:38 - 00000000 ____D C:\Users\MS\Downloads\L.ov.er.s10_L6C6F6.ru_L6C6F6.net_EPIDEMZ.NET 2013-12-27 20:30 - 2013-12-27 20:09 - 00000000 ____D C:\Users\MS\Downloads\AnalSweethearts5DVDx264XCiTE 2013-12-27 08:03 - 2013-12-27 07:33 - 00000000 ____D C:\Users\MS\Downloads\Cute Redhead Teen teen Gangbang.flv 2013-12-27 07:55 - 2013-12-27 06:43 - 00000000 ____D C:\Users\MS\Downloads\bfme008 2013-12-27 07:41 - 2013-12-27 07:29 - 00000000 ____D C:\Users\MS\Downloads\Z44B 570 Redhead Outdoor Nights.flv 2013-12-27 07:33 - 2013-12-27 06:49 - 00000000 ____D C:\Users\MS\Downloads\Z44B 475 Redhead on Roller Skates.flv 2013-12-27 07:29 - 2013-12-27 07:23 - 00000000 ____D C:\Users\MS\Downloads\Z44B 1480 Redhead Teen in a RV.flv 2013-12-27 07:23 - 2013-12-27 07:18 - 00000000 ____D C:\Users\MS\Downloads\Busty Girl with saggy tits on Roller skates gets fucked.flv 2013-12-27 07:18 - 2013-12-27 07:04 - 00000000 ____D C:\Users\MS\Downloads\Redhead Teen Gets Fucked A Facialed !.flv 2013-12-27 07:04 - 2013-12-27 07:00 - 00000000 ____D C:\Users\MS\Downloads\Z44B 1387 Redhead Nurse In White.flv 2013-12-27 07:00 - 2013-12-27 06:51 - 00000000 ____D C:\Users\MS\Downloads\Z44B 1086 Redhead Teen Fully Facialized.flv 2013-12-27 06:49 - 2013-12-27 06:26 - 00000000 ____D C:\Users\MS\Downloads\bfme007 2013-12-27 06:27 - 2013-12-27 06:19 - 00000000 ____D C:\Users\MS\Downloads\bfme005 2013-12-27 06:21 - 2013-12-27 06:21 - 00000000 ____D C:\Users\MS\Downloads\Ist.Jung.Schwanger.Und.Notgeil.wmv 2013-12-27 06:19 - 2013-12-27 06:09 - 00000000 ____D C:\Users\MS\Downloads\Pregnant_THE_DROP_ZONE.avi 2013-12-27 06:17 - 2013-12-27 06:00 - 00000000 ____D C:\Users\MS\Downloads\bfme004 2013-12-26 03:44 - 2013-12-26 03:17 - 00000000 ____D C:\Users\MS\Downloads\1512.Sw.P.To.5.salien84.mp4 2013-12-26 03:27 - 2013-12-26 02:48 - 00000000 ____D C:\Users\MS\Downloads\VIDEOOT-FAT10GRS 2013-12-26 03:12 - 2013-12-26 02:48 - 00000000 ____D C:\Users\MS\Downloads\VIDEOOT-SEVTHBOS06HPH 2013-12-25 17:21 - 2013-12-25 16:24 - 00000000 ____D C:\Users\MS\Downloads\VIDEOOT-SEVTHBSTF1711 2013-12-25 17:10 - 2013-12-25 16:49 - 00000000 ____D C:\Users\MS\Downloads\Vh6k_h7U 2013-12-25 17:04 - 2013-12-25 16:33 - 00000000 ____D C:\Users\MS\Downloads\VIDEOOT-SEVTHBSTF1712 2013-12-25 16:58 - 2013-12-25 16:45 - 00000000 ____D C:\Users\MS\Downloads\VIDEOOT-SNNRSBD10 2013-12-25 16:37 - 2013-12-25 16:07 - 00000000 ____D C:\Users\MS\Downloads\01+++jdbbmm 2013-12-25 16:19 - 2013-11-20 21:56 - 00000000 ____D C:\Users\MS\Downloads\various 2013-12-25 15:02 - 2013-12-25 15:02 - 00000000 ____H C:\Users\MS\Documents\Default.rdp 2013-12-24 21:58 - 2013-12-24 21:34 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_FreshmanClassBareback 2013-12-24 21:39 - 2013-12-24 21:21 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_TwinkFuckers 2013-12-24 21:25 - 2013-12-24 20:57 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_BiCollegeGuys1 2013-12-24 21:09 - 2013-12-24 20:57 - 00000000 ____D C:\Users\MS\Downloads\Little Lystra bound and teased by her mistress.flv 2013-12-24 21:09 - 2013-12-24 20:57 - 00000000 ____D C:\Users\MS\Downloads\Little Lystra bound and gagged for pleasure and teased by her busty mistress.flv 2013-12-24 20:58 - 2013-12-24 20:42 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_BiCollegeGuys2 2013-12-24 20:45 - 2013-12-24 20:19 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_BiCollegeGuys3 2013-12-24 20:15 - 2013-12-24 20:01 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_Sexy 2013-12-24 19:25 - 2013-12-24 19:06 - 00000000 ____D C:\Users\MS\Downloads\4guoruuz.sn4 2013-12-24 19:14 - 2013-12-24 19:06 - 00000000 ____D C:\Users\MS\Downloads\bfme001 2013-12-24 19:02 - 2013-12-24 18:48 - 00000000 ____D C:\Users\MS\Downloads\mdfyc2.avi 2013-12-24 18:59 - 2013-12-24 18:48 - 00000000 ____D C:\Users\MS\Downloads\bfme002 2013-12-24 01:07 - 2013-12-23 18:21 - 00000000 ____D C:\Users\MS\Downloads\Kin8tengoku.SiteRip 2013-12-24 00:52 - 2013-12-24 00:34 - 00000000 ____D C:\Users\MS\Downloads\VIDEOOT-SEVTHBSTF1707 2013-12-24 00:38 - 2013-12-24 00:21 - 00000000 ____D C:\Users\MS\Downloads\VIDEOOT-SEVTHBSTF1709 2013-12-24 00:20 - 2013-12-24 00:04 - 00000000 ____D C:\Users\MS\Downloads\atholes004 2013-12-24 00:18 - 2013-12-22 17:01 - 00000000 ____D C:\Users\MS\Downloads\relink.us - Big Natural Breasts 12 - IDd1a469c70cac028f2845bb52c8436c 2013-12-24 00:05 - 2013-12-23 20:35 - 00000000 ____D C:\Users\MS\Downloads\atholes005 2013-12-23 19:24 - 2013-12-23 19:23 - 00293184 _____ C:\Windows\Minidump\122313-51277-01.dmp 2013-12-23 13:08 - 2013-12-23 00:40 - 00000394 _____ C:\Windows\Tasks\PC Health Advisor Defrag.job 2013-12-23 00:41 - 2013-12-23 00:41 - 00003120 _____ C:\Windows\System32\Tasks\ParetoLogic Registration3 2013-12-23 00:41 - 2013-12-23 00:41 - 00000000 ____D C:\Users\MS\AppData\Roaming\ParetoLogic 2013-12-23 00:41 - 2013-12-23 00:41 - 00000000 ____D C:\Users\MS\AppData\Roaming\DriverCure 2013-12-23 00:40 - 2013-12-23 00:40 - 00003290 _____ C:\Windows\System32\Tasks\PC Health Advisor 2013-12-23 00:40 - 2013-12-23 00:40 - 00003262 _____ C:\Windows\System32\Tasks\PC Health Advisor Defrag 2013-12-23 00:40 - 2013-12-23 00:40 - 00003240 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3 2013-12-23 00:40 - 2013-12-23 00:40 - 00001097 _____ C:\Users\MS\Desktop\ParetoLogic PC Health Advisor.lnk 2013-12-23 00:40 - 2013-12-23 00:40 - 00000000 ____D C:\ProgramData\ParetoLogic 2013-12-23 00:40 - 2013-12-23 00:40 - 00000000 ____D C:\Program Files (x86)\ParetoLogic 2013-12-23 00:39 - 2013-12-23 00:39 - 05249448 _____ (ParetoLogic Inc.) C:\Users\MS\Downloads\ParetoLogic PC Health Advisor_de.exe 2013-12-23 00:05 - 2013-12-23 00:05 - 00292672 _____ C:\Windows\Minidump\122313-25802-01.dmp 2013-12-22 19:39 - 2013-12-22 19:13 - 00000000 ____D C:\Users\MS\Downloads\Natural-Wonders-Of-The-World-Bustin-Out 2013-12-22 19:33 - 2013-12-22 19:04 - 00000000 ____D C:\Users\MS\Downloads\relink.us - Natural Wonders Superstars 8 - ID411cc31a52a9c89b161aa1511966c5 2013-12-22 19:04 - 2013-12-22 18:21 - 00000000 ____D C:\Users\MS\Downloads\TeFant2.wmv 2013-12-22 18:39 - 2013-12-22 18:00 - 00000000 ____D C:\Users\MS\Downloads\TeSW 2013-12-22 18:19 - 2013-06-21 19:43 - 00000000 ____D C:\Users\MS\Downloads\relink.us - Teenage Whores 4 - IDf8c7b5bf67094bf7eed845e254f8c9 2013-12-22 18:01 - 2013-12-22 17:38 - 00000000 ____D C:\Users\MS\Downloads\relink.us - The Cock Pit 3 - ID5cb16a8757f08d14ebf51435f59e38 2013-12-22 17:21 - 2013-12-22 16:57 - 00000000 ____D C:\Users\MS\Downloads\relink.us - Natural Wonders Superstars 14 - ID6bc1dbe113c8dc60c567b203df0f75 2013-12-22 17:01 - 2013-12-22 16:38 - 00000000 ____D C:\Users\MS\Downloads\relink.us - Natural Wonders Of The World_ All Double Penetration 2 - ID83f9c68d7a95f00d11b982676e5b30 2013-12-22 16:57 - 2013-12-22 16:38 - 00000000 ____D C:\Users\MS\Downloads\All-Sexy_com-NaWOTW6 2013-12-22 15:59 - 2013-12-22 15:59 - 00129112 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-22 15:59 - 2013-12-22 15:59 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Memeo 2013-12-22 15:59 - 2013-02-22 20:31 - 00000909 _____ C:\Users\Gast\DesktopStCenter.txt 2013-12-22 15:59 - 2013-02-05 16:31 - 00000000 ____D C:\Users\Gast\AppData\Roaming\FRITZ! 2013-12-22 09:49 - 2013-12-21 13:40 - 00000000 ____D C:\Users\MS\Documents\PersBackup 2013-12-21 19:42 - 2013-12-21 19:29 - 00000000 ____D C:\Users\MS\Downloads\itssobig 2013-12-21 19:08 - 2012-05-07 21:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-21 19:06 - 2013-12-21 13:40 - 00000000 ____D C:\Users\MS\AppData\Roaming\PersBackup5 2013-12-21 13:40 - 2013-12-21 13:40 - 00000000 ____D C:\Program Files\Personal Backup 5 2013-12-21 13:39 - 2013-12-21 13:39 - 17261019 _____ C:\Users\MS\Downloads\Personal_Backup_5.5.2.1.zip 2013-12-21 13:34 - 2013-12-21 13:13 - 00000000 ____D C:\Users\MS\MEDION NAS TOOL 2013-12-21 13:13 - 2011-12-20 17:45 - 00000000 ____D C:\users\MS 2013-12-21 13:09 - 2013-12-21 13:09 - 00002140 _____ C:\Users\Public\Desktop\MEDION NAS TOOL.lnk 2013-12-21 13:09 - 2013-12-21 13:09 - 00001161 _____ C:\Users\Public\Desktop\Memeo Instant Backup.lnk 2013-12-21 13:09 - 2013-12-21 13:09 - 00000000 ____D C:\Users\MS\AppData\Roaming\Memeo 2013-12-21 13:09 - 2013-12-21 13:09 - 00000000 ____D C:\Program Files (x86)\Memeo 2013-12-21 13:08 - 2013-12-21 13:08 - 00000000 ____D C:\Program Files (x86)\MEDION 2013-12-21 03:27 - 2013-12-21 03:01 - 00000000 ____D C:\Users\MS\Downloads\Young2 2013-12-21 03:16 - 2013-12-21 02:54 - 00000000 ____D C:\Users\MS\Downloads\MeLU8 2013-12-21 03:16 - 2013-12-21 02:24 - 00000000 ____D C:\Users\MS\Downloads\TightSTP6 2013-12-21 03:14 - 2013-12-21 03:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-21 03:01 - 2013-12-21 02:33 - 00000000 ____D C:\Users\MS\Downloads\JeAGS 2013-12-21 02:54 - 2013-12-21 02:33 - 00000000 ____D C:\Users\MS\Downloads\BanTGND3 2013-12-19 20:29 - 2013-12-19 20:15 - 00000000 ____D C:\Users\MS\Downloads\atfromr03 2013-12-19 20:17 - 2013-12-19 19:55 - 00000000 ____D C:\Users\MS\Downloads\CDRe 2013-12-19 20:01 - 2013-12-19 19:35 - 00000000 ____D C:\Users\MS\Downloads\relink.us - pgdvd028 - ID5a8eef35b2d201618f44c580eaa163 2013-12-19 19:55 - 2013-12-19 19:35 - 00000000 ____D C:\Users\MS\Downloads\Debutantes_cul 2013-12-19 19:27 - 2013-12-19 18:58 - 00000000 ____D C:\Users\MS\Downloads\TBCTW2 2013-12-19 19:21 - 2013-12-19 18:58 - 00000000 ____D C:\Users\MS\Downloads\Eege 2013-12-18 20:01 - 2013-12-18 19:52 - 00000000 ____D C:\Users\MS\Downloads\Schau_wie_ich_die_Teenies_ficke_6_BLOG 2013-12-18 19:48 - 2013-12-18 18:48 - 00000000 ____D C:\Users\MS\Downloads\MyFT 2013-12-18 19:35 - 2013-12-18 19:10 - 00000000 ____D C:\Users\MS\Downloads\ShSc2 2013-12-18 19:18 - 2013-12-18 18:48 - 00000000 ____D C:\Users\MS\Downloads\uc-doant 2013-12-18 18:48 - 2013-12-18 18:34 - 00000000 ____D C:\Users\MS\Downloads\Unplanned_Orgies 2013-12-18 17:44 - 2013-08-10 23:17 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys 2013-12-18 17:44 - 2013-08-10 23:05 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys 2013-12-18 17:44 - 2013-08-10 23:05 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys 2013-12-17 22:02 - 2013-12-17 21:39 - 00000000 ____D C:\Users\MS\Downloads\VIDEOOT-SEVSWTHRTSPRNTR05 2013-12-17 21:44 - 2013-12-17 21:23 - 00000000 ____D C:\Users\MS\Downloads\C3-C 2013-12-17 21:31 - 2013-12-17 21:09 - 00000000 ____D C:\Users\MS\Downloads\C2-C 2013-12-17 21:23 - 2013-12-17 20:56 - 00000000 ____D C:\Users\MS\Downloads\C1-C 2013-12-17 21:09 - 2013-12-17 20:44 - 00000000 ____D C:\Users\MS\Downloads\ss27ss 2013-12-17 21:06 - 2013-12-17 20:44 - 00000000 ____D C:\Users\MS\Downloads\op46R 2013-12-17 20:44 - 2013-12-17 20:23 - 00000000 ____D C:\Users\MS\Downloads\MCCL 2013-12-16 18:18 - 2012-01-31 15:54 - 00000000 ____D C:\Users\MS\Documents\Eigene Scans 2013-12-15 21:11 - 2013-12-15 20:57 - 00000000 ____D C:\Users\MS\Downloads\Chick 2013-12-15 20:00 - 2013-12-15 19:41 - 00000000 ____D C:\Users\MS\Downloads\18_Rock 2013-12-15 19:44 - 2013-12-15 19:32 - 00000000 ____D C:\Users\MS\Downloads\AEProgram 2013-12-15 19:36 - 2013-12-15 19:19 - 00000000 ____D C:\Users\MS\Downloads\Look 2013-12-15 19:23 - 2013-12-15 19:07 - 00000000 ____D C:\Users\MS\Downloads\Ma_gic_W_and_V_irg_ins_F_rom_R_uss_ia 2013-12-14 23:42 - 2013-12-14 23:34 - 00000000 ____D C:\Users\MS\Downloads\SC#8 2013-12-14 23:03 - 2013-12-14 22:52 - 00000000 ____D C:\Users\MS\Downloads\Naughty.Sex.Fantasies 2013-12-14 22:58 - 2013-12-14 22:40 - 00000000 ____D C:\Users\MS\Downloads\Shes Only 18 Folge 10 2013-12-14 22:42 - 2013-12-14 22:31 - 00000000 ____D C:\Users\MS\Downloads\YMParlorG 2013-12-14 22:32 - 2013-12-14 22:22 - 00000000 ____D C:\Users\MS\Downloads\Was_mich_anmacht 2013-12-14 05:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF 2013-12-14 04:36 - 2013-12-14 04:36 - 00266320 _____ C:\Windows\Minidump\121413-16629-01.dmp 2013-12-14 04:36 - 2011-12-20 18:45 - 00105098 _____ C:\Windows\PFRO.log 2013-12-13 16:09 - 2013-12-13 15:51 - 00000000 ____D C:\Users\MS\Downloads\Teeny_Hot_Spots_10_-_Video 2013-12-13 16:03 - 2013-12-13 15:38 - 00000000 ____D C:\Users\MS\Downloads\VIDEOOT-SEV10FRMHLLND19 2013-12-12 19:05 - 2013-12-12 18:53 - 00000000 ____D C:\Users\MS\Downloads\MvTM 2013-12-12 18:56 - 2013-12-12 18:38 - 00000000 ____D C:\Users\MS\Downloads\Teens_With_Tits 2013-12-12 18:41 - 2013-12-12 18:23 - 00000000 ____D C:\Users\MS\Downloads\Russian_Institute_Lesson_19_Holidays_at_my_parents 2013-12-12 14:25 - 2012-04-04 20:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-12 14:25 - 2011-12-20 18:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-11 21:06 - 2013-12-11 20:48 - 00000000 ____D C:\Users\MS\Downloads\gaypower.org_3WayKaos 2013-12-11 20:26 - 2013-12-11 20:09 - 00000000 ____D C:\Users\MS\Downloads\Pretty 2013-12-11 19:49 - 2013-12-11 19:35 - 00000000 ____D C:\Users\MS\Downloads\CmGlzd4 2013-12-11 19:42 - 2013-12-11 19:20 - 00000000 ____D C:\Users\MS\Downloads\148...QQWQ 2013-12-11 19:21 - 2013-12-11 19:20 - 00000000 ____D C:\Users\MS\Downloads\GinaLisa_XXX-bLog.to 2013-12-11 19:20 - 2013-12-11 19:15 - 00000000 ____D C:\Users\MS\Downloads\Deutsche_Schlampe_wird_nach_Oktoberfest_total_besoffen_in_Disco_durchgefickt.flv 2013-12-11 19:18 - 2013-12-11 19:15 - 00000000 ____D C:\Users\MS\Downloads\Deutsche_Fitnesstrainerin_mit_dicken_Titten_wird_von_ihrem_Stiefbruder_in_Bad_gebumst.wmv 2013-12-11 17:03 - 2013-12-11 16:42 - 00000000 ____D C:\Users\MS\Downloads\pvgtef7 2013-12-11 01:25 - 2013-12-11 00:55 - 00000000 ____D C:\Users\MS\Downloads\LtsTrAnl8 2013-12-11 01:05 - 2013-12-11 00:41 - 00000000 ____D C:\Users\MS\Downloads\Lets.Try.An8 2013-12-11 00:56 - 2013-12-11 00:28 - 00000000 ____D C:\Users\MS\Downloads\Beautiful.Couples 2013-12-11 00:41 - 2013-12-11 00:28 - 00000000 ____D C:\Users\MS\Downloads\DLD-JM 2013-12-10 15:51 - 2013-12-10 15:51 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-12-10 15:51 - 2012-03-02 13:26 - 00000000 ____D C:\Program Files (x86)\Google 2013-12-10 15:50 - 2012-03-02 13:26 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-12-09 23:11 - 2013-12-08 18:48 - 00000000 ____D C:\Users\MS\Downloads\relink.us - Best Of Amateurclips - 350+ Clips (ul.to) - ID7a35fb2be97792f208d6a732fd1c92 2013-12-09 22:36 - 2013-12-09 22:22 - 00000000 ____D C:\Users\MS\Downloads\uc-pmatigs11 2013-12-09 22:18 - 2013-12-09 21:50 - 00000000 ____D C:\Users\MS\Downloads\3StuSusUns 2013-12-09 22:17 - 2013-12-09 21:49 - 00000000 ____D C:\Users\MS\Downloads\relink.us - pgdvd014 - IDce3e7d44fc823e00ee6db99e82d71a 2013-12-08 20:59 - 2012-03-02 13:26 - 00004098 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-12-08 20:59 - 2012-03-02 13:26 - 00003846 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-12-08 20:55 - 2013-12-08 20:55 - 00266320 _____ C:\Windows\Minidump\120813-19578-01.dmp 2013-12-08 19:05 - 2013-12-07 07:24 - 00000000 ____D C:\Users\MS\Downloads\MyPlaything2_GiannaMichaels 2013-12-08 18:35 - 2013-12-08 18:17 - 00000000 ____D C:\Users\MS\Downloads\RussianInstitute16 2013-12-08 18:20 - 2013-12-08 18:00 - 00000000 ____D C:\Users\MS\Downloads\Film1-B.ul Files to move or delete: ==================== C:\Users\MS\MdSched.exe Some content of TEMP: ==================== C:\Users\Gast\AppData\Local\Temp\AskSLib.dll C:\Users\Gast\AppData\Local\Temp\avgnt.exe C:\Users\MS\AppData\Local\Temp\avgnt.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 7% Total physical RAM: 16365.23 MB Available physical RAM: 15170.29 MB Total Pagefile: 16363.38 MB Available Pagefile: 15177.81 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:1862.92 GB) (Free:12.53 GB) NTFS Drive f: (320 C) (Fixed) (Total:298.09 GB) (Free:1.14 GB) NTFS Drive g: (USB_DISK) (Removable) (Total:3.91 GB) (Free:3.89 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: C63AC63A) Partition 1: (Active) - (Size=298 GB) - (Type=42) Partition 2: (Not Active) - (Size=2361 KB) - (Type=42) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: CAB6BD6F) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=-198731366400) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 4 GB) (Disk ID: B3627CBC) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) LastRegBack: 2014-01-03 15:45 ==================== End Of Log ============================ |
07.01.2014, 15:37 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7 - Firefox - Bundespolizei "ihr browser hat gesperrt" Du hast immer noch nicht erklärt was der Reparaturmodus soll. Ich kann ja verstehen, dass du in so einem Notfallmodus gehst wenn GARNIX mehr im normalen Windows geht. Dann versteh ich aber diese Aussage einfach nicht Zitat:
Kannst du nun das betroffene Win7 nun nromal starten oder nicht?
__________________ --> Win 7 - Firefox - Bundespolizei "ihr browser hat gesperrt" |
07.01.2014, 15:44 | #7 |
| Win 7 - Firefox - Bundespolizei "ihr browser hat gesperrt" Entschuldige! Nachdem ich mehrere Beiträge zu diesem Problem laß, nahm ich an, dass der Systemscan nur so Sinn macht. Mein Rechner läuft, wenn man von dem Firefox Problem abgesieht. Win 7 kann ich problemlos starten. Hier nun hoffentlich der richtige Scan!? FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014 Ran by MS (administrator) on MS-PC on 07-01-2014 15:39:32 Running from I:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe () C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe (DATEV eG) C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe (DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE ( ) C:\Windows\System32\lmabcoms.exe (Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe (EnTech Taiwan) C:\Program Files (x86)\softOSD\softOSD.exe (EnTech Taiwan) C:\Windows\SysWOW64\softLCP.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11465832 2010-09-07] (Realtek Semiconductor) HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2412616 2010-08-03] (Logitech Inc.) HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.) HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe [415816 2010-08-03] (Logitech Inc.) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN) HKLM-x32\...\Run: [Memeo Instant Backup] - C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-09-16] (Memeo Inc.) HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung) HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844168 2013-05-19] (Samsung) HKCU\...\Policies\Explorer: [DisallowRun] 1 MountPoints2: {fd0ae780-3306-11e1-aa1e-14dae9f723b8} - E:\Autoplay.exe -auto Startup: C:\Users\MS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Users\MS\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x24A275533CBFCC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) BHO: SplitButtonBHO Class - {C0C86BBE-9509-4296-8459-FDBFDAF4B673} - C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab Winsock: Catalog5 07 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin) Winsock: Catalog5-x64 07 %ProgramFiles%\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\MS\AppData\Roaming\Mozilla\Firefox\Profiles\hq0l27rj.default FF user.js: detected! => C:\Users\MS\AppData\Roaming\Mozilla\Firefox\Profiles\hq0l27rj.default\user.js FF Homepage: hxxp://de.ask.com/?l=dis&o=APN10023&gct=hp|hxxp://www.giga.de/my_homepage/0022/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @protectdisc.com/NPPDLicenseHelper - C:\Users\MS\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF SearchPlugin: C:\Users\MS\AppData\Roaming\Mozilla\Firefox\Profiles\hq0l27rj.default\searchplugins\gutscheinsuche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Amazon-Icon - C:\Users\MS\AppData\Roaming\Mozilla\Firefox\Profiles\hq0l27rj.default\Extensions\amazon-icon@winload.de FF Extension: FRITZ!Box AddOn - C:\Users\MS\AppData\Roaming\Mozilla\Firefox\Profiles\hq0l27rj.default\Extensions\fb_add_on@avm.de FF Extension: Spartipps von SparPilot.com - C:\Users\MS\AppData\Roaming\Mozilla\Firefox\Profiles\hq0l27rj.default\Extensions\sparpilot@sparpilot.com FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\MS\AppData\Roaming\Mozilla\Firefox\Profiles\hq0l27rj.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi FF Extension: Adblock Plus - C:\Users\MS\AppData\Roaming\Mozilla\Firefox\Profiles\hq0l27rj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR HomePage: chrome://newtab CHR RestoreOnStartup: "hxxp://www.google.com/", "hxxp://www.giga.de/my_homepage/0022/" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) CHR Plugin: (Default Plug-in) - default_plugin No File CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\MS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\30.2_0 CHR Extension: (YouTube) - C:\Users\MS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\MS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Amazon-Icon) - C:\Users\MS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_0 CHR Extension: (Google Wallet) - C:\Users\MS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 CHR Extension: (Gmail) - C:\Users\MS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\MS\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx ==================== Services (Whitelisted) ================= S2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.) R2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-12-08] () R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [75048 2011-12-07] (CyberLink) R2 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [292136 2011-12-07] (CyberLink) S3 DATEV Update-Service; C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [155232 2011-02-21] (DATEV eG) R2 DatevPrintService; C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [79872 2010-12-08] (DATEV eG) R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [189776 2010-10-28] (DATA BECKER GmbH & Co KG) R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin) R2 lmab_device; C:\Windows\system32\LMabcoms.exe [1044992 2009-09-09] ( ) R2 lmab_device; C:\Windows\SysWow64\LMabcoms.exe [593920 2009-09-09] ( ) R2 MSSQL$DATEV_CL_DE01; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29286760 2010-02-09] (Microsoft Corporation) R2 softOSD; C:\Program Files (x86)\softOSD\softosd.exe [259832 2007-07-31] (EnTech Taiwan) R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143552 2012-02-09] (TuneUp Software) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) R1 se64a; C:\Windows\System32\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan) R1 se64a; C:\Windows\SysWow64\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-12-30] () R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-02-09] (TuneUp Software) R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-11-16] (CyberLink Corp.) U3 auwpuage; C:\Windows\System32\Drivers\auwpuage.sys [0 ] (Microsoft Corporation) S1 acedrv08; \??\C:\Windows\system32\drivers\acedrv08.sys [x] U0 dmboot; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-07 15:27 - 2014-01-07 15:27 - 00000000 ____D C:\FRST 2014-01-07 15:01 - 2014-01-07 13:55 - 01064805 _____ (Farbar) C:\frst.exe 2014-01-07 15:00 - 2014-01-07 14:04 - 00024253 _____ C:\FRST.txt 2014-01-07 15:00 - 2014-01-07 13:35 - 01931762 _____ (Farbar) C:\FRST64.exe 2014-01-07 12:16 - 2014-01-07 12:16 - 01272360 _____ (iMesh Inc) C:\Users\MS\Downloads\iMeshSetup-r1487-w-bi (1).exe 2014-01-07 12:12 - 2014-01-07 12:12 - 01272360 _____ (iMesh Inc) C:\Users\MS\Downloads\iMeshSetup-r1487-w-bi.exe 2013-12-25 15:02 - 2013-12-25 15:02 - 00000000 ____H C:\Users\MS\Documents\Default.rdp 2013-12-23 19:23 - 2013-12-23 19:24 - 00293184 _____ C:\Windows\Minidump\122313-51277-01.dmp 2013-12-23 18:21 - 2013-12-24 01:07 - 00000000 ____D C:\Users\MS\Downloads\Kin8tengoku.SiteRip 2013-12-23 00:41 - 2014-01-03 18:00 - 00000462 _____ C:\Windows\Tasks\ParetoLogic Registration3.job 2013-12-23 00:41 - 2013-12-23 00:41 - 00003120 _____ C:\Windows\System32\Tasks\ParetoLogic Registration3 2013-12-23 00:41 - 2013-12-23 00:41 - 00000000 ____D C:\Users\MS\AppData\Roaming\ParetoLogic 2013-12-23 00:41 - 2013-12-23 00:41 - 00000000 ____D C:\Users\MS\AppData\Roaming\DriverCure 2013-12-23 00:40 - 2014-01-07 08:09 - 00000376 _____ C:\Windows\Tasks\PC Health Advisor.job 2013-12-23 00:40 - 2014-01-06 06:02 - 00000436 _____ C:\Windows\Tasks\ParetoLogic Update Version3.job 2013-12-23 00:40 - 2013-12-23 13:08 - 00000394 _____ C:\Windows\Tasks\PC Health Advisor Defrag.job 2013-12-23 00:40 - 2013-12-23 00:40 - 00003290 _____ C:\Windows\System32\Tasks\PC Health Advisor 2013-12-23 00:40 - 2013-12-23 00:40 - 00003262 _____ C:\Windows\System32\Tasks\PC Health Advisor Defrag 2013-12-23 00:40 - 2013-12-23 00:40 - 00003240 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3 2013-12-23 00:40 - 2013-12-23 00:40 - 00001097 _____ C:\Users\MS\Desktop\ParetoLogic PC Health Advisor.lnk 2013-12-23 00:40 - 2013-12-23 00:40 - 00000000 ____D C:\Users\MS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic 2013-12-23 00:40 - 2013-12-23 00:40 - 00000000 ____D C:\ProgramData\ParetoLogic 2013-12-23 00:40 - 2013-12-23 00:40 - 00000000 ____D C:\Program Files (x86)\ParetoLogic 2013-12-23 00:39 - 2013-12-23 00:39 - 05249448 _____ (ParetoLogic Inc.) C:\Users\MS\Downloads\ParetoLogic PC Health Advisor_de.exe 2013-12-23 00:05 - 2013-12-23 00:05 - 00292672 _____ C:\Windows\Minidump\122313-25802-01.dmp 2013-12-22 15:59 - 2013-12-22 15:59 - 00129112 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-22 15:59 - 2013-12-22 15:59 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Memeo 2013-12-21 19:29 - 2013-12-21 19:42 - 00000000 ____D C:\Users\MS\Downloads\itssobig 2013-12-21 19:06 - 2013-12-21 19:06 - 00002004 _____ C:\Users\MS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Persbackup.lnk 2013-12-21 13:40 - 2013-12-22 09:49 - 00000000 ____D C:\Users\MS\Documents\PersBackup 2013-12-21 13:40 - 2013-12-21 19:06 - 00000000 ____D C:\Users\MS\AppData\Roaming\PersBackup5 2013-12-21 13:40 - 2013-12-21 13:40 - 00000000 ____D C:\Program Files\Personal Backup 5 2013-12-21 13:39 - 2013-12-21 13:39 - 17261019 _____ C:\Users\MS\Downloads\Personal_Backup_5.5.2.1.zip 2013-12-21 13:13 - 2013-12-21 13:34 - 00000000 ____D C:\Users\MS\MEDION NAS TOOL 2013-12-21 13:09 - 2013-12-21 13:09 - 00002140 _____ C:\Users\Public\Desktop\MEDION NAS TOOL.lnk 2013-12-21 13:09 - 2013-12-21 13:09 - 00001161 _____ C:\Users\Public\Desktop\Memeo Instant Backup.lnk 2013-12-21 13:09 - 2013-12-21 13:09 - 00000000 ____D C:\Users\MS\AppData\Roaming\Memeo 2013-12-21 13:09 - 2013-12-21 13:09 - 00000000 ____D C:\Program Files (x86)\Memeo 2013-12-21 13:08 - 2013-12-21 13:08 - 00000000 ____D C:\Program Files (x86)\MEDION 2013-12-21 03:14 - 2013-12-21 03:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-17 20:23 - 2013-12-17 20:44 - 00000000 ____D C:\Users\MS\Downloads\MCCL 2013-12-15 20:57 - 2013-12-15 21:11 - 00000000 ____D C:\Users\MS\Downloads\Chick 2013-12-14 04:36 - 2013-12-14 04:36 - 00266320 _____ C:\Windows\Minidump\121413-16629-01.dmp 2013-12-10 15:51 - 2013-12-10 15:51 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-12-09 21:49 - 2013-12-09 22:17 - 00000000 ____D C:\Users\MS\Downloads\relink.us - pgdvd014 - IDce3e7d44fc823e00ee6db99e82d71a 2013-12-08 20:55 - 2013-12-08 20:55 - 00266320 _____ C:\Windows\Minidump\120813-19578-01.dmp ==================== One Month Modified Files and Folders ======= 2014-01-07 15:37 - 2012-03-02 13:26 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-07 15:37 - 2011-12-21 19:42 - 00367770 _____ C:\Users\MS\DesktopStCenter.txt 2014-01-07 15:37 - 2011-12-20 18:59 - 00000000 ____D C:\ProgramData\NVIDIA 2014-01-07 15:37 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-07 15:37 - 2009-07-14 05:51 - 00095407 _____ C:\Windows\setupact.log 2014-01-07 15:27 - 2014-01-07 15:27 - 00000000 ____D C:\FRST 2014-01-07 15:22 - 2011-12-22 16:21 - 00000000 ____D C:\Users\MS\AppData\Roaming\FRITZ! 2014-01-07 15:07 - 2011-12-20 17:23 - 01250736 _____ C:\Windows\WindowsUpdate.log 2014-01-07 15:07 - 2009-07-14 05:45 - 00015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-07 15:07 - 2009-07-14 05:45 - 00015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-07 15:05 - 2012-03-02 13:26 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-07 14:04 - 2014-01-07 15:00 - 00024253 _____ C:\FRST.txt 2014-01-07 13:55 - 2014-01-07 15:01 - 01064805 _____ (Farbar) C:\frst.exe 2014-01-07 13:35 - 2014-01-07 15:00 - 01931762 _____ (Farbar) C:\FRST64.exe 2014-01-07 12:18 - 2009-07-14 18:58 - 00714408 _____ C:\Windows\system32\perfh007.dat 2014-01-07 12:18 - 2009-07-14 18:58 - 00154636 _____ C:\Windows\system32\perfc007.dat 2014-01-07 12:18 - 2009-07-14 06:13 - 01655156 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-07 12:16 - 2014-01-07 12:16 - 01272360 _____ (iMesh Inc) C:\Users\MS\Downloads\iMeshSetup-r1487-w-bi (1).exe 2014-01-07 12:12 - 2014-01-07 12:12 - 01272360 _____ (iMesh Inc) C:\Users\MS\Downloads\iMeshSetup-r1487-w-bi.exe 2014-01-07 08:09 - 2013-12-23 00:40 - 00000376 _____ C:\Windows\Tasks\PC Health Advisor.job 2014-01-06 22:35 - 2011-12-20 19:05 - 00000000 ____D C:\Users\MS\AppData\Roaming\vlc 2014-01-06 17:15 - 2011-12-20 17:45 - 00000000 ___RD C:\Users\MS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-06 17:06 - 2013-01-22 12:44 - 01557504 ___SH C:\Users\MS\Desktop\Thumbs.db 2014-01-06 16:57 - 2013-02-07 14:56 - 00000000 ___RD C:\Users\MS\Documents\Dropbox 2014-01-06 16:57 - 2012-11-02 17:06 - 00000000 ____D C:\Users\MS\AppData\Roaming\Dropbox 2014-01-06 06:02 - 2013-12-23 00:40 - 00000436 _____ C:\Windows\Tasks\ParetoLogic Update Version3.job 2014-01-03 18:35 - 2014-01-03 18:20 - 00000000 ____D C:\Users\MS\Downloads\relink.us - roh - IDdd74d2ffb468a76d425392f4139ba5 2014-01-03 18:00 - 2013-12-23 00:41 - 00000462 _____ C:\Windows\Tasks\ParetoLogic Registration3.job 2014-01-03 14:47 - 2014-01-03 14:47 - 479890516 _____ C:\Windows\MEMORY.DMP 2014-01-03 14:47 - 2014-01-03 14:47 - 00266320 _____ C:\Windows\Minidump\010314-18033-01.dmp 2014-01-03 14:47 - 2012-11-19 20:06 - 00000000 ____D C:\Windows\Minidump 2013-12-28 05:58 - 2013-12-28 05:58 - 00285048 _____ C:\Windows\Minidump\122813-23602-01.dmp 2013-12-23 19:24 - 2013-12-23 19:23 - 00293184 _____ C:\Windows\Minidump\122313-51277-01.dmp 2013-12-23 13:08 - 2013-12-23 00:40 - 00000394 _____ C:\Windows\Tasks\PC Health Advisor Defrag.job 2013-12-23 00:41 - 2013-12-23 00:41 - 00003120 _____ C:\Windows\System32\Tasks\ParetoLogic Registration3 2013-12-23 00:41 - 2013-12-23 00:41 - 00000000 ____D C:\Users\MS\AppData\Roaming\ParetoLogic 2013-12-23 00:41 - 2013-12-23 00:41 - 00000000 ____D C:\Users\MS\AppData\Roaming\DriverCure 2013-12-23 00:40 - 2013-12-23 00:40 - 00003290 _____ C:\Windows\System32\Tasks\PC Health Advisor 2013-12-23 00:40 - 2013-12-23 00:40 - 00003262 _____ C:\Windows\System32\Tasks\PC Health Advisor Defrag 2013-12-23 00:40 - 2013-12-23 00:40 - 00003240 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3 2013-12-23 00:40 - 2013-12-23 00:40 - 00001097 _____ C:\Users\MS\Desktop\ParetoLogic PC Health Advisor.lnk 2013-12-23 00:40 - 2013-12-23 00:40 - 00000000 ____D C:\Users\MS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic 2013-12-23 00:40 - 2013-12-23 00:40 - 00000000 ____D C:\ProgramData\ParetoLogic 2013-12-23 00:40 - 2013-12-23 00:40 - 00000000 ____D C:\Program Files (x86)\ParetoLogic 2013-12-23 00:39 - 2013-12-23 00:39 - 05249448 _____ (ParetoLogic Inc.) C:\Users\MS\Downloads\ParetoLogic PC Health Advisor_de.exe 2013-12-23 00:05 - 2013-12-23 00:05 - 00292672 _____ C:\Windows\Minidump\122313-25802-01.dmp 2013-12-22 18:39 - 2013-12-22 18:00 - 00000000 ____D C:\Users\MS\Downloads\TeSW 2013-12-22 15:59 - 2013-12-22 15:59 - 00129112 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-22 15:59 - 2013-12-22 15:59 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Memeo 2013-12-22 15:59 - 2013-02-22 20:31 - 00000909 _____ C:\Users\Gast\DesktopStCenter.txt 2013-12-22 15:59 - 2013-02-05 16:31 - 00001421 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-22 15:59 - 2013-02-05 16:31 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-12-22 15:59 - 2013-02-05 16:31 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-12-22 15:59 - 2013-02-05 16:31 - 00000000 ____D C:\Users\Gast\AppData\Roaming\FRITZ! 2013-12-22 09:49 - 2013-12-21 13:40 - 00000000 ____D C:\Users\MS\Documents\PersBackup 2013-12-21 19:42 - 2013-12-21 19:29 - 00000000 ____D C:\Users\MS\Downloads\itssobig 2013-12-21 19:08 - 2012-05-07 21:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-21 19:06 - 2013-12-21 19:06 - 00002004 _____ C:\Users\MS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Persbackup.lnk 2013-12-21 19:06 - 2013-12-21 13:40 - 00000000 ____D C:\Users\MS\AppData\Roaming\PersBackup5 2013-12-21 13:40 - 2013-12-21 13:40 - 00000000 ____D C:\Program Files\Personal Backup 5 2013-12-21 13:39 - 2013-12-21 13:39 - 17261019 _____ C:\Users\MS\Downloads\Personal_Backup_5.5.2.1.zip 2013-12-21 13:34 - 2013-12-21 13:13 - 00000000 ____D C:\Users\MS\MEDION NAS TOOL 2013-12-21 13:13 - 2011-12-20 17:45 - 00000000 ____D C:\Users\MS 2013-12-21 13:09 - 2013-12-21 13:09 - 00002140 _____ C:\Users\Public\Desktop\MEDION NAS TOOL.lnk 2013-12-21 13:09 - 2013-12-21 13:09 - 00001161 _____ C:\Users\Public\Desktop\Memeo Instant Backup.lnk 2013-12-21 13:09 - 2013-12-21 13:09 - 00000000 ____D C:\Users\MS\AppData\Roaming\Memeo 2013-12-21 13:09 - 2013-12-21 13:09 - 00000000 ____D C:\Program Files (x86)\Memeo 2013-12-21 13:08 - 2013-12-21 13:08 - 00000000 ____D C:\Program Files (x86)\MEDION 2013-12-21 03:14 - 2013-12-21 03:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-18 17:44 - 2013-08-10 23:17 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-12-18 17:44 - 2013-08-10 23:05 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-12-18 17:44 - 2013-08-10 23:05 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-12-17 21:44 - 2013-12-17 21:23 - 00000000 ____D C:\Users\MS\Downloads\C3-C 2013-12-17 21:31 - 2013-12-17 21:09 - 00000000 ____D C:\Users\MS\Downloads\C2-C 2013-12-17 21:23 - 2013-12-17 20:56 - 00000000 ____D C:\Users\MS\Downloads\C1-C 2013-12-17 21:09 - 2013-12-17 20:44 - 00000000 ____D C:\Users\MS\Downloads\ss27ss 2013-12-17 21:06 - 2013-12-17 20:44 - 00000000 ____D C:\Users\MS\Downloads\op46R 2013-12-17 20:44 - 2013-12-17 20:23 - 00000000 ____D C:\Users\MS\Downloads\MCCL 2013-12-16 18:18 - 2012-01-31 15:54 - 00000000 ____D C:\Users\MS\Documents\Eigene Scans 2013-12-11 00:41 - 2013-12-11 00:28 - 00000000 ____D C:\Users\MS\Downloads\DLD-JM 2013-12-10 15:51 - 2013-12-10 15:51 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-12-10 15:51 - 2012-03-02 13:26 - 00000000 ____D C:\Program Files (x86)\Google 2013-12-10 15:50 - 2012-03-02 13:26 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk Files to move or delete: ==================== C:\Users\MS\MdSched.exe Some content of TEMP: ==================== C:\Users\Gast\AppData\Local\Temp\AskSLib.dll C:\Users\Gast\AppData\Local\Temp\avgnt.exe C:\Users\MS\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-03 15:45 ==================== End Of Log ============================ Geändert von Sandra666 (07.01.2014 um 16:01 Uhr) |
07.01.2014, 15:47 | #8 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7 - Firefox - Bundespolizei "ihr browser hat gesperrt"Zitat:
Wo ist das andere FRST-Log?
__________________ Logfiles bitte immer in CODE-Tags posten |
07.01.2014, 16:14 | #9 |
| Win 7 - Firefox - Bundespolizei "ihr browser hat gesperrt" Ich benutze den Computer auch schon mal für die Arbeit. Unter dem Punkt "One Month Created Files and Folders" und unter "One Month Modified Files and Folders" befanden sich u.a. Firmennamen und Personendaten die nicht öffentlich sein sollten. Ich kann gerne Frst64.exe erneut herunterladen, auf den Desktop abspeichern und den dann ganz neuen Log veröffentlichen. |
07.01.2014, 16:16 | #10 | |||
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7 - Firefox - Bundespolizei "ihr browser hat gesperrt"Zitat:
Zitat:
Siehe => http://www.trojaner-board.de/108422-...-anfragen.html Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
07.01.2014, 17:18 | #11 |
| Win 7 - Firefox - Bundespolizei "ihr browser hat gesperrt" Der infizierte Rechner wird von mir zu 99% privat genutzt. Der private Rechner ist deutlich schneller und bietet mir auch mehr Möglichkeiten, als ein komplett gesperrtes System eines Behördenlaptops! Wenn mir diese Problematik bewusst gewesen wäre, hätte ich auch direkt im ersten Beitrag darauf hingewiesen, dass es sich um einen privat angeschafften und genutzten PC, mit einem winzigen dienstlichen Anteil, handelt. Besteht ausnahmsweise die Möglichkeit trotz bereinigtem Logfile, für eine Spende, Hilfe zu erhalten? Ich wäre Ihnen sehr dankbar! |
08.01.2014, 02:27 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7 - Firefox - Bundespolizei "ihr browser hat gesperrt" Ok dein Rechner ist privat dann ist das alles ok. Hab nur kein Bock hinterher irgendwelche Meldungen zu bekommen. Deswegen weise ich explizit nochmal drauf hin. Und bitte nur Realnamen editieren sonst nix!
__________________ Logfiles bitte immer in CODE-Tags posten Geändert von cosinus (08.01.2014 um 13:02 Uhr) Grund: typo |
08.01.2014, 11:48 | #13 |
| Win 7 - Firefox - Bundespolizei "ihr browser hat gesperrt" Okay. Danke! Falls es vll. weiterhilft. Hinweis von Avira Free Antivirus --> \\?\C:\Program Files (x86)\Red Sky\DownTango\DownTangoSetupFiles-TlbrFree.7z [WARNUNG] Die Datei konnte nicht gelesen werden! C:\Program Files (x86)\Red Sky\DownTango\DownTangoSetupFiles-TlbrFree.7z [WARNUNG] Die Datei konnte nicht gelesen werden! aktuelles Log File FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014 Ran by MS (administrator) on MS-PC on 08-01-2014 11:27:43 Running from C:\Users\MS\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe () C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe (DATEV eG) C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe (DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE ( ) C:\Windows\System32\lmabcoms.exe (Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (EnTech Taiwan) C:\Program Files (x86)\softOSD\softOSD.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (EnTech Taiwan) C:\Windows\SysWOW64\softLCP.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11465832 2010-09-07] (Realtek Semiconductor) HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2412616 2010-08-03] (Logitech Inc.) HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.) HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe [415816 2010-08-03] (Logitech Inc.) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN) HKLM-x32\...\Run: [Memeo Instant Backup] - C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-09-16] (Memeo Inc.) HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung) HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844168 2013-05-19] (Samsung) HKCU\...\Policies\system: [LogonHoursAction] 2 HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKCU\...\Policies\Explorer: [DisallowRun] 1 MountPoints2: {fd0ae780-3306-11e1-aa1e-14dae9f723b8} - E:\Autoplay.exe -auto Startup: C:\Users\MS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Users\MS\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x24A275533CBFCC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) BHO: SplitButtonBHO Class - {C0C86BBE-9509-4296-8459-FDBFDAF4B673} - C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.) Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab Winsock: Catalog5 07 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin) Winsock: Catalog5-x64 07 %ProgramFiles%\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\MS\AppData\Roaming\Mozilla\Firefox\Profiles\hq0l27rj.default FF user.js: detected! => C:\Users\MS\AppData\Roaming\Mozilla\Firefox\Profiles\hq0l27rj.default\user.js FF Homepage: hxxp://de.ask.com/?l=dis&o=APN10023&gct=hp|hxxp://www.giga.de/my_homepage/0022/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @protectdisc.com/NPPDLicenseHelper - C:\Users\MS\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF SearchPlugin: C:\Users\MS\AppData\Roaming\Mozilla\Firefox\Profiles\hq0l27rj.default\searchplugins\gutscheinsuche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Amazon-Icon - C:\Users\MS\AppData\Roaming\Mozilla\Firefox\Profiles\hq0l27rj.default\Extensions\amazon-icon@winload.de FF Extension: FRITZ!Box AddOn - C:\Users\MS\AppData\Roaming\Mozilla\Firefox\Profiles\hq0l27rj.default\Extensions\fb_add_on@avm.de FF Extension: Spartipps von SparPilot.com - C:\Users\MS\AppData\Roaming\Mozilla\Firefox\Profiles\hq0l27rj.default\Extensions\sparpilot@sparpilot.com FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\MS\AppData\Roaming\Mozilla\Firefox\Profiles\hq0l27rj.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi FF Extension: Adblock Plus - C:\Users\MS\AppData\Roaming\Mozilla\Firefox\Profiles\hq0l27rj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR HomePage: chrome://newtab CHR RestoreOnStartup: "hxxp://www.google.com/", "hxxp://www.giga.de/my_homepage/0022/" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) CHR Plugin: (Default Plug-in) - default_plugin No File CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\MS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\30.2_0 CHR Extension: (YouTube) - C:\Users\MS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\MS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Amazon-Icon) - C:\Users\MS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_0 CHR Extension: (Google Wallet) - C:\Users\MS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 CHR Extension: (Gmail) - C:\Users\MS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\MS\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx ==================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-18] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.) R2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-12-08] () R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [75048 2011-12-07] (CyberLink) R2 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [292136 2011-12-07] (CyberLink) S3 DATEV Update-Service; C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [155232 2011-02-21] (DATEV eG) R2 DatevPrintService; C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [79872 2010-12-08] (DATEV eG) R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [189776 2010-10-28] (DATA BECKER GmbH & Co KG) R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin) R2 lmab_device; C:\Windows\system32\LMabcoms.exe [1044992 2009-09-09] ( ) R2 lmab_device; C:\Windows\SysWow64\LMabcoms.exe [593920 2009-09-09] ( ) R2 MSSQL$DATEV_CL_DE01; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29286760 2010-02-09] (Microsoft Corporation) R2 softOSD; C:\Program Files (x86)\softOSD\softosd.exe [259832 2007-07-31] (EnTech Taiwan) R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143552 2012-02-09] (TuneUp Software) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) R1 se64a; C:\Windows\System32\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan) R1 se64a; C:\Windows\SysWow64\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-12-30] () R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-02-09] (TuneUp Software) R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-11-16] (CyberLink Corp.) U3 auuuucsj; C:\Windows\System32\Drivers\auuuucsj.sys [0 ] (Microsoft Corporation) S1 acedrv08; \??\C:\Windows\system32\drivers\acedrv08.sys [x] U0 dmboot; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-08 10:55 - 2014-01-08 10:56 - 01931762 _____ (Farbar) C:\Users\MS\Desktop\FRST64.exe 2014-01-08 10:01 - 2014-01-08 10:01 - 00031286 _____ C:\Users\MS\Desktop\AVSCAN-20140107-201500-0F9A37B1.LOG 2014-01-08 09:28 - 2014-01-08 09:28 - 00031286 _____ C:\Users\MS\Desktop\report AVSCAN-20140107-201500-0F9A37B1.LOG 2014-01-07 19:10 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-01-07 19:10 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-01-07 19:10 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-01-07 19:10 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-01-07 19:04 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE 2014-01-07 19:02 - 2014-01-07 19:02 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-01-07 19:02 - 2014-01-07 19:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-01-07 19:02 - 2014-01-07 19:02 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-01-07 19:02 - 2014-01-07 19:02 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-01-07 19:02 - 2014-01-07 19:02 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2014-01-07 19:02 - 2014-01-07 19:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-01-07 19:02 - 2014-01-07 19:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-01-07 19:02 - 2014-01-07 19:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-01-07 19:02 - 2014-01-07 19:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-01-07 19:02 - 2014-01-07 19:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-01-07 19:02 - 2014-01-07 19:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-01-07 19:01 - 2014-01-07 19:04 - 00012170 _____ C:\Windows\IE11_main.log 2014-01-07 18:59 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2014-01-07 18:59 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2014-01-07 18:59 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-01-07 18:59 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-01-07 18:59 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2014-01-07 18:59 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-01-07 18:59 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2014-01-07 18:59 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-01-07 18:59 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-01-07 18:59 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2014-01-07 18:59 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2014-01-07 18:59 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-01-07 18:59 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2014-01-07 18:59 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-01-07 18:59 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-01-07 18:59 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-01-07 18:59 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-01-07 18:59 - 2013-05-10 06:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2014-01-07 18:59 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2014-01-07 18:59 - 2013-04-26 00:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2014-01-07 18:59 - 2013-04-17 08:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-01-07 18:59 - 2013-04-17 07:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-01-07 18:59 - 2013-03-31 23:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2014-01-07 18:58 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2014-01-07 18:58 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-01-07 18:58 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2014-01-07 18:58 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2014-01-07 18:58 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-01-07 18:58 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2014-01-07 18:58 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-01-07 18:58 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2014-01-07 18:58 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-01-07 18:58 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2014-01-07 18:58 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2014-01-07 18:58 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-07 18:58 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-07 18:58 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-07 18:58 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-07 18:58 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-07 18:58 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-07 18:58 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-07 18:58 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2014-01-07 18:58 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2014-01-07 18:58 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2014-01-07 18:58 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2014-01-07 18:58 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2014-01-07 18:58 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2014-01-07 18:58 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2014-01-07 18:43 - 2014-01-07 18:45 - 00000680 __RSH C:\Users\MS\ntuser.pol 2014-01-07 18:12 - 2014-01-07 18:15 - 00000000 ____D C:\Windows\system32\MRT 2014-01-07 18:07 - 2013-08-02 03:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2014-01-07 18:07 - 2013-08-02 03:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-01-07 18:07 - 2013-08-02 03:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-01-07 18:07 - 2013-08-02 02:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2014-01-07 18:07 - 2013-08-02 01:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2014-01-07 18:07 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2014-01-07 18:07 - 2013-07-09 06:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-01-07 18:07 - 2013-07-09 05:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2014-01-07 18:07 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2014-01-07 18:07 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2014-01-07 18:07 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2014-01-07 18:06 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-01-07 18:06 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-01-07 18:06 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2014-01-07 18:06 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2014-01-07 18:06 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-01-07 18:06 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-01-07 18:06 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-01-07 18:06 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-01-07 18:06 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-01-07 18:06 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-01-07 18:06 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-01-07 18:06 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-01-07 18:06 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-01-07 18:06 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-01-07 18:06 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-01-07 18:06 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-01-07 18:06 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-01-07 18:06 - 2013-07-26 03:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-01-07 18:06 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2014-01-07 18:06 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-01-07 18:06 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2014-01-07 18:06 - 2013-07-25 10:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2014-01-07 18:06 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2014-01-07 18:06 - 2013-07-09 06:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-01-07 18:06 - 2013-07-09 06:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2014-01-07 18:06 - 2013-07-09 05:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2014-01-07 18:06 - 2013-07-09 05:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2014-01-07 18:06 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-01-07 18:06 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys 2014-01-07 18:06 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2014-01-07 18:06 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2014-01-07 18:06 - 2013-06-04 07:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-01-07 18:06 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-01-07 18:05 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-01-07 18:05 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-01-07 18:05 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-07 18:05 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-01-07 18:05 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2014-01-07 18:05 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2014-01-07 18:05 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-01-07 18:05 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2014-01-07 18:05 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2014-01-07 18:05 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2014-01-07 18:05 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2014-01-07 18:05 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2014-01-07 18:05 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2014-01-07 18:05 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-01-07 18:05 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-01-07 18:05 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-01-07 18:05 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-01-07 18:05 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2014-01-07 18:05 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2014-01-07 18:05 - 2013-07-09 06:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-01-07 18:05 - 2013-07-09 05:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-01-07 18:05 - 2013-06-15 05:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-01-07 18:05 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2014-01-07 18:05 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2014-01-07 18:05 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2014-01-07 18:05 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2014-01-07 18:05 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2014-01-07 18:05 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2014-01-07 18:05 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2014-01-07 18:05 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2014-01-07 18:05 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2014-01-07 18:05 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2014-01-07 18:05 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2014-01-07 18:05 - 2013-04-02 23:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2014-01-07 17:56 - 2014-01-07 21:36 - 00000000 ____D C:\downlaods 2014-01-07 17:56 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-01-07 17:55 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2014-01-07 17:55 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2014-01-07 17:55 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2014-01-07 17:55 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2014-01-07 17:55 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2014-01-07 16:05 - 2014-01-08 11:27 - 00018773 _____ C:\Users\MS\Desktop\FRST.txt 2014-01-07 15:27 - 2014-01-07 15:27 - 00000000 ____D C:\FRST 2014-01-07 15:01 - 2014-01-07 13:55 - 01064805 _____ (Farbar) C:\frst.exe 2014-01-07 15:00 - 2014-01-07 14:04 - 00024253 _____ C:\FRST.txt 2014-01-07 15:00 - 2014-01-07 13:35 - 01931762 _____ (Farbar) C:\FRST64.exe 2014-01-03 14:47 - 2014-01-03 14:47 - 479890516 _____ C:\Windows\MEMORY.DMP 2014-01-03 14:47 - 2014-01-03 14:47 - 00266320 _____ C:\Windows\Minidump\010314-18033-01.dmp 2013-12-28 05:58 - 2013-12-28 05:58 - 00285048 _____ C:\Windows\Minidump\122813-23602-01.dmp 2013-12-25 15:02 - 2013-12-25 15:02 - 00000000 ____H C:\Users\MS\Documents\Default.rdp 2013-12-23 19:23 - 2013-12-23 19:24 - 00293184 _____ C:\Windows\Minidump\122313-51277-01.dmp 2013-12-23 00:41 - 2014-01-07 18:01 - 00000462 _____ C:\Windows\Tasks\ParetoLogic Registration3.job 2013-12-23 00:41 - 2013-12-23 00:41 - 00003120 _____ C:\Windows\System32\Tasks\ParetoLogic Registration3 2013-12-23 00:41 - 2013-12-23 00:41 - 00000000 ____D C:\Users\MS\AppData\Roaming\ParetoLogic 2013-12-23 00:41 - 2013-12-23 00:41 - 00000000 ____D C:\Users\MS\AppData\Roaming\DriverCure 2013-12-23 00:40 - 2014-01-07 08:09 - 00000376 _____ C:\Windows\Tasks\PC Health Advisor.job 2013-12-23 00:40 - 2014-01-06 06:02 - 00000436 _____ C:\Windows\Tasks\ParetoLogic Update Version3.job 2013-12-23 00:40 - 2013-12-23 13:08 - 00000394 _____ C:\Windows\Tasks\PC Health Advisor Defrag.job 2013-12-23 00:40 - 2013-12-23 00:40 - 00003290 _____ C:\Windows\System32\Tasks\PC Health Advisor 2013-12-23 00:40 - 2013-12-23 00:40 - 00003262 _____ C:\Windows\System32\Tasks\PC Health Advisor Defrag 2013-12-23 00:40 - 2013-12-23 00:40 - 00003240 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3 2013-12-23 00:40 - 2013-12-23 00:40 - 00001097 _____ C:\Users\MS\Desktop\ParetoLogic PC Health Advisor.lnk 2013-12-23 00:40 - 2013-12-23 00:40 - 00000000 ____D C:\Users\MS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic 2013-12-23 00:40 - 2013-12-23 00:40 - 00000000 ____D C:\ProgramData\ParetoLogic 2013-12-23 00:40 - 2013-12-23 00:40 - 00000000 ____D C:\Program Files (x86)\ParetoLogic 2013-12-23 00:05 - 2013-12-23 00:05 - 00292672 _____ C:\Windows\Minidump\122313-25802-01.dmp 2013-12-22 15:59 - 2013-12-22 15:59 - 00129112 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-22 15:59 - 2013-12-22 15:59 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Memeo 2013-12-21 19:06 - 2013-12-21 19:06 - 00002004 _____ C:\Users\MS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Persbackup.lnk 2013-12-21 13:40 - 2013-12-22 09:49 - 00000000 ____D C:\Users\MS\Documents\PersBackup 2013-12-21 13:40 - 2013-12-21 19:06 - 00000000 ____D C:\Users\MS\AppData\Roaming\PersBackup5 2013-12-21 13:40 - 2013-12-21 13:40 - 00000000 ____D C:\Program Files\Personal Backup 5 2013-12-21 13:13 - 2013-12-21 13:34 - 00000000 ____D C:\Users\MS\MEDION NAS TOOL 2013-12-21 13:09 - 2013-12-21 13:09 - 00002140 _____ C:\Users\Public\Desktop\MEDION NAS TOOL.lnk 2013-12-21 13:09 - 2013-12-21 13:09 - 00001161 _____ C:\Users\Public\Desktop\Memeo Instant Backup.lnk 2013-12-21 13:09 - 2013-12-21 13:09 - 00000000 ____D C:\Users\MS\AppData\Roaming\Memeo 2013-12-21 13:09 - 2013-12-21 13:09 - 00000000 ____D C:\Program Files (x86)\Memeo 2013-12-21 13:08 - 2013-12-21 13:08 - 00000000 ____D C:\Program Files (x86)\MEDION 2013-12-21 03:14 - 2013-12-21 03:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-14 04:36 - 2013-12-14 04:36 - 00266320 _____ C:\Windows\Minidump\121413-16629-01.dmp 2013-12-10 15:51 - 2013-12-10 15:51 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk ==================== One Month Modified Files and Folders ======= 2014-01-08 11:27 - 2014-01-07 16:05 - 00018773 _____ C:\Users\MS\Desktop\FRST.txt 2014-01-08 11:04 - 2012-03-02 13:26 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-08 10:56 - 2014-01-08 10:55 - 01931762 _____ (Farbar) C:\Users\MS\Desktop\FRST64.exe 2014-01-08 10:01 - 2014-01-08 10:01 - 00031286 _____ C:\Users\MS\Desktop\AVSCAN-20140107-201500-0F9A37B1.LOG 2014-01-08 09:28 - 2014-01-08 09:28 - 00031286 _____ C:\Users\MS\Desktop\report AVSCAN-20140107-201500-0F9A37B1.LOG 2014-01-07 21:50 - 2011-12-20 19:05 - 00000000 ____D C:\Users\MS\AppData\Roaming\vlc 2014-01-07 21:36 - 2014-01-07 17:56 - 00000000 ____D C:\downlaods 2014-01-07 21:04 - 2012-03-02 13:26 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-07 20:00 - 2009-07-14 18:58 - 00759912 _____ C:\Windows\system32\perfh007.dat 2014-01-07 20:00 - 2009-07-14 18:58 - 00174408 _____ C:\Windows\system32\perfc007.dat 2014-01-07 20:00 - 2009-07-14 06:13 - 01777334 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-07 19:55 - 2011-12-21 19:42 - 00368548 _____ C:\Users\MS\DesktopStCenter.txt 2014-01-07 19:54 - 2011-12-20 17:45 - 00001421 _____ C:\Users\MS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-07 19:36 - 2009-07-14 05:45 - 00015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-07 19:36 - 2009-07-14 05:45 - 00015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-07 19:32 - 2011-12-20 18:59 - 00000000 ____D C:\ProgramData\NVIDIA 2014-01-07 19:31 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-07 19:31 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-07 19:30 - 2009-07-14 05:51 - 00096099 _____ C:\Windows\setupact.log 2014-01-07 19:12 - 2011-12-20 18:45 - 00170888 _____ C:\Windows\PFRO.log 2014-01-07 19:10 - 2011-12-22 16:21 - 00000000 ____D C:\Users\MS\AppData\Roaming\FRITZ! 2014-01-07 19:10 - 2011-12-20 17:23 - 02062707 _____ C:\Windows\WindowsUpdate.log 2014-01-07 19:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2014-01-07 19:09 - 2011-12-20 18:59 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2014-01-07 19:09 - 2011-12-20 18:58 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2014-01-07 19:06 - 2012-07-20 09:11 - 01742802 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2014-01-07 19:04 - 2014-01-07 19:01 - 00012170 _____ C:\Windows\IE11_main.log 2014-01-07 19:02 - 2014-01-07 19:02 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-01-07 19:02 - 2014-01-07 19:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-01-07 19:02 - 2014-01-07 19:02 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-01-07 19:02 - 2014-01-07 19:02 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-01-07 19:02 - 2014-01-07 19:02 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2014-01-07 19:02 - 2014-01-07 19:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-01-07 19:02 - 2014-01-07 19:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-01-07 19:02 - 2014-01-07 19:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-01-07 19:02 - 2014-01-07 19:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-01-07 19:02 - 2014-01-07 19:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-01-07 19:02 - 2014-01-07 19:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-01-07 18:45 - 2014-01-07 18:43 - 00000680 __RSH C:\Users\MS\ntuser.pol 2014-01-07 18:45 - 2011-12-20 17:45 - 00000000 ____D C:\Users\MS 2014-01-07 18:43 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2014-01-07 18:39 - 2011-12-20 17:45 - 00000000 ___RD C:\Users\MS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-07 18:39 - 2011-12-20 17:45 - 00000000 ___RD C:\Users\MS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-01-07 18:36 - 2009-07-14 05:45 - 00490808 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-07 18:33 - 2009-07-14 19:18 - 00000000 ____D C:\Program Files\Windows Journal 2014-01-07 18:33 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender 2014-01-07 18:33 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2014-01-07 18:15 - 2014-01-07 18:12 - 00000000 ____D C:\Windows\system32\MRT 2014-01-07 18:01 - 2013-12-23 00:41 - 00000462 _____ C:\Windows\Tasks\ParetoLogic Registration3.job 2014-01-07 15:27 - 2014-01-07 15:27 - 00000000 ____D C:\FRST 2014-01-07 14:04 - 2014-01-07 15:00 - 00024253 _____ C:\FRST.txt 2014-01-07 13:55 - 2014-01-07 15:01 - 01064805 _____ (Farbar) C:\frst.exe 2014-01-07 13:35 - 2014-01-07 15:00 - 01931762 _____ (Farbar) C:\FRST64.exe 2014-01-07 08:09 - 2013-12-23 00:40 - 00000376 _____ C:\Windows\Tasks\PC Health Advisor.job 2014-01-06 17:06 - 2013-01-22 12:44 - 01557504 ___SH C:\Users\MS\Desktop\Thumbs.db 2014-01-06 16:57 - 2013-02-07 14:56 - 00000000 ___RD C:\Users\MS\Documents\Dropbox 2014-01-06 16:57 - 2012-11-02 17:06 - 00000000 ____D C:\Users\MS\AppData\Roaming\Dropbox 2014-01-06 06:02 - 2013-12-23 00:40 - 00000436 _____ C:\Windows\Tasks\ParetoLogic Update Version3.job 2014-01-03 14:47 - 2014-01-03 14:47 - 479890516 _____ C:\Windows\MEMORY.DMP 2014-01-03 14:47 - 2014-01-03 14:47 - 00266320 _____ C:\Windows\Minidump\010314-18033-01.dmp 2014-01-03 14:47 - 2012-11-19 20:06 - 00000000 ____D C:\Windows\Minidump 2013-12-28 05:58 - 2013-12-28 05:58 - 00285048 _____ C:\Windows\Minidump\122813-23602-01.dmp 2013-12-25 15:02 - 2013-12-25 15:02 - 00000000 ____H C:\Users\MS\Documents\Default.rdp 2013-12-23 19:24 - 2013-12-23 19:23 - 00293184 _____ C:\Windows\Minidump\122313-51277-01.dmp 2013-12-23 13:08 - 2013-12-23 00:40 - 00000394 _____ C:\Windows\Tasks\PC Health Advisor Defrag.job 2013-12-23 00:41 - 2013-12-23 00:41 - 00003120 _____ C:\Windows\System32\Tasks\ParetoLogic Registration3 2013-12-23 00:41 - 2013-12-23 00:41 - 00000000 ____D C:\Users\MS\AppData\Roaming\ParetoLogic 2013-12-23 00:41 - 2013-12-23 00:41 - 00000000 ____D C:\Users\MS\AppData\Roaming\DriverCure 2013-12-23 00:40 - 2013-12-23 00:40 - 00003290 _____ C:\Windows\System32\Tasks\PC Health Advisor 2013-12-23 00:40 - 2013-12-23 00:40 - 00003262 _____ C:\Windows\System32\Tasks\PC Health Advisor Defrag 2013-12-23 00:40 - 2013-12-23 00:40 - 00003240 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3 2013-12-23 00:40 - 2013-12-23 00:40 - 00001097 _____ C:\Users\MS\Desktop\ParetoLogic PC Health Advisor.lnk 2013-12-23 00:40 - 2013-12-23 00:40 - 00000000 ____D C:\Users\MS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic 2013-12-23 00:40 - 2013-12-23 00:40 - 00000000 ____D C:\ProgramData\ParetoLogic 2013-12-23 00:40 - 2013-12-23 00:40 - 00000000 ____D C:\Program Files (x86)\ParetoLogic 2013-12-23 00:05 - 2013-12-23 00:05 - 00292672 _____ C:\Windows\Minidump\122313-25802-01.dmp 2013-12-22 15:59 - 2013-12-22 15:59 - 00129112 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-22 15:59 - 2013-12-22 15:59 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Memeo 2013-12-22 15:59 - 2013-02-22 20:31 - 00000909 _____ C:\Users\Gast\DesktopStCenter.txt 2013-12-22 15:59 - 2013-02-05 16:31 - 00001421 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-22 15:59 - 2013-02-05 16:31 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-12-22 15:59 - 2013-02-05 16:31 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-12-22 15:59 - 2013-02-05 16:31 - 00000000 ____D C:\Users\Gast\AppData\Roaming\FRITZ! 2013-12-22 09:49 - 2013-12-21 13:40 - 00000000 ____D C:\Users\MS\Documents\PersBackup 2013-12-21 19:08 - 2012-05-07 21:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-21 19:06 - 2013-12-21 19:06 - 00002004 _____ C:\Users\MS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Persbackup.lnk 2013-12-21 19:06 - 2013-12-21 13:40 - 00000000 ____D C:\Users\MS\AppData\Roaming\PersBackup5 2013-12-21 13:40 - 2013-12-21 13:40 - 00000000 ____D C:\Program Files\Personal Backup 5 2013-12-21 13:34 - 2013-12-21 13:13 - 00000000 ____D C:\Users\MS\MEDION NAS TOOL 2013-12-21 13:09 - 2013-12-21 13:09 - 00002140 _____ C:\Users\Public\Desktop\MEDION NAS TOOL.lnk 2013-12-21 13:09 - 2013-12-21 13:09 - 00001161 _____ C:\Users\Public\Desktop\Memeo Instant Backup.lnk 2013-12-21 13:09 - 2013-12-21 13:09 - 00000000 ____D C:\Users\MS\AppData\Roaming\Memeo 2013-12-21 13:09 - 2013-12-21 13:09 - 00000000 ____D C:\Program Files (x86)\Memeo 2013-12-21 13:08 - 2013-12-21 13:08 - 00000000 ____D C:\Program Files (x86)\MEDION 2013-12-21 03:14 - 2013-12-21 03:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-18 17:44 - 2013-08-10 23:17 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-12-18 17:44 - 2013-08-10 23:05 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-12-18 17:44 - 2013-08-10 23:05 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-12-16 18:18 - 2012-01-31 15:54 - 00000000 ____D C:\Users\MS\Documents\Eigene Scans 2013-12-14 05:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2013-12-14 04:36 - 2013-12-14 04:36 - 00266320 _____ C:\Windows\Minidump\121413-16629-01.dmp 2013-12-12 14:25 - 2012-04-04 20:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-12 14:25 - 2011-12-20 18:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-10 15:51 - 2013-12-10 15:51 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-12-10 15:51 - 2012-03-02 13:26 - 00000000 ____D C:\Program Files (x86)\Google 2013-12-10 15:50 - 2012-03-02 13:26 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk Files to move or delete: ==================== C:\Users\MS\MdSched.exe Some content of TEMP: ==================== C:\Users\Gast\AppData\Local\Temp\AskSLib.dll C:\Users\Gast\AppData\Local\Temp\avgnt.exe C:\Users\MS\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-03 15:45 ==================== End Of Log ============================ Falls auch schon benötigt Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2014 Ran by MS at 2014-01-08 11:27:54 Running from C:\Users\MS\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden 5600 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden 5600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden 5600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden ACDSee Pro 5 (x32 Version: 5.1.137 - ACD Systems International Inc.) Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Photoshop Elements 10 (x32 Version: 10.0 - Adobe Systems Incorporated) Adobe Photoshop Elements 10 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop Lightroom 3.6 64-bit (Version: 3.6.1 - Adobe) AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.2.9.0 - Asmedia Technology) Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira) Avira SearchFree Toolbar (x32 Version: 12.10.0.2948 - APN, LLC) AVM FRITZ!Box AddOn (IE) (x64) (Version: 1.5.7 - AVM Berlin) AVM FRITZ!fax für FRITZ!Box (x32 Version: - AVM Berlin) B1315AppGuid (x32 Version: 1.0.0 - DATEV eG) Hidden BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden calibre (x32 Version: 0.9.31 - Kovid Goyal) Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden CyberLink PowerDVD 11 (x32 Version: 11.0.2408.53 - CyberLink Corp.) CyberLink PowerDVD 11 (x32 Version: 11.0.2408.53 - CyberLink Corp.) Hidden DATEV Installation V.2.8 (x32 Version: - ) Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Dropbox (HKCU Version: 2.0.22 - Dropbox, Inc.) DVDFab 9.0.5.5 (26/07/2013) (x32 Version: - Fengtao Software Inc.) Elements 10 Organizer (x32 Version: 10.0 - Ihr Firmenname) Hidden Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden FRITZ!DSL64 (Version: 2.04.03 - AVM Berlin) Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.) Google Earth (x32 Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Hotfix 4285 for SQL Server Database Services 2005 ENU (KB978915) (x32 Version: 9.3.4285 - Microsoft Corporation) HP Customer Participation Program 13.0 (Version: 13.0 - HP) HP Imaging Device Functions 13.0 (Version: 13.0 - HP) HP Photosmart Essential 3.5 (Version: 3.5 - HP) HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0 - HP) HP Smart Web Printing 4.51 (Version: 4.51 - HP) HP Solution Center 13.0 (Version: 13.0 - HP) HP Update (x32 Version: 5.005.000.001 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HyperCam 3 (x32 Version: 3.3.1109.19 - Solveig Multimedia) Intel(R) Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation) Intel(R) Rapid Storage Technology (x32 Version: 10.1.0.1008 - Intel Corporation) Java 7 Update 21 (x32 Version: 7.0.210 - Oracle) Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 30 (x32 Version: 6.0.300 - Oracle) JDownloader 0.9 (x32 Version: 0.9 - AppWork GmbH) K-Lite Codec Pack 9.6.0 (Standard) (x32 Version: 9.6.0 - ) Lexmark Software deinstallieren (Version: - Lexmark International, Inc.) Logitech GamePanel Software 3.06.109 (Version: 3.06.109 - Logitech Inc.) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden MEDION NAS TOOL (x32 Version: - MEDION) Memeo Instant Backup (x32 Version: 4.60.0.7939 - Memeo Inc.) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Outlook-Sicherung für Persönliche Ordner (x32 Version: 1.10.0.0 - Microsoft Corporation) Microsoft SQL Server 2005 (x32 Version: - Microsoft Corporation) Microsoft SQL Server 2005 Express Edition (DATEV_CL_DE01) (x32 Version: 9.3.4035.00 - Microsoft Corporation) Hidden Microsoft SQL Server 2005-Abwärtskompatibilität (Version: 8.05.2004 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 x64 DEU (Version: 4.0.8482.1 - Microsoft Corporation) Microsoft SQL Server Native Client (Version: 9.00.4285.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (Version: 9.00.4285.00 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) Microsoft XML Parser (x32 Version: 8.70.1104.04 - Microsoft Corporation) Hidden Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla) Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation) MyFreeCodec (HKCU Version: - ) Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden NVIDIA 3D Vision Controller-Treiber 285.62 (Version: 285.62 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 331.65 (Version: 331.65 - NVIDIA Corporation) NVIDIA Grafiktreiber 331.65 (Version: 331.65 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.11.0621 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.11.0621 (Version: 9.11.0621 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden NVIDIA Update 1.15.2 (Version: 1.15.2 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden OCR Software by I.R.I.S. 13.0 (Version: 13.0 - HP) ParetoLogic PC Health Advisor (x32 Version: 3.1.0.0 - ParetoLogic, Inc.) PDFCreator (x32 Version: 1.5.1 - Frank Heindörfer, Philip Chinery) PDF-XChange Viewer (Version: 2.5.201.0 - Tracker Software Products Ltd.) Personal Backup 5.5 (Version: 5.3 - J. Rathlev) Protect Disc License Helper 1.0.125 (IE) (HKCU Version: 1.0.125 - Protect Disc) PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden Realtek Ethernet Controller Driver (x32 Version: 7.41.216.2011 - Realtek) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6196 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden Samsung Kies (x32 Version: 2.5.3.13034_9 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.3.13034_9 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.) Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Shop for HP Supplies (Version: 13.0 - HP) SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden softOSM (x32 Version: - ) SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden SpeedCommander 14 (x64) (Version: 14.10.6700 - SWE Sven Ritter) SQLXML4 (Version: 9.00.4035.00 - Microsoft Corporation) Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden System Requirements Lab (x32 Version: - ) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden TuneUp Utilities 2012 (x32 Version: 12.0.3010.1 - TuneUp Software) TuneUp Utilities 2012 (x32 Version: 12.0.3010.1 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3010.1 - TuneUp Software) Hidden UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (x32 Version: 9.00.4035.00 - Microsoft Corporation) VLC media player 2.1.0 (Version: 2.1.0 - VideoLAN) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden WinRAR 4.01 (64-Bit) (Version: 4.01.0 - win.rar GmbH) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2012-02-13 19:21 - 2012-02-13 19:21 - 00001018 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 TuneUp Utilities 127.0.0.1 www.registertuneup.com 127.0.0.1 secure.tune-up.com ==================== Scheduled Tasks (whitelisted) ============= Task: {0DCE0A44-EFAB-4F1D-AC38-439868F10B17} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns Task: {4676494F-8AD6-429C-8E9E-7CB19DD22129} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation) Task: {48F21BC2-95E7-4579-A39D-F98D5690F314} - System32\Tasks\PC Health Advisor Defrag => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe [2011-03-30] (ParetoLogic, Inc.) Task: {5839C838-4CC4-47FB-A70B-FD073A17FE00} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02] (Google Inc.) Task: {9EA69ADB-91F5-4710-9150-6644E0E0EC2B} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2012-02-09] (TuneUp Software) Task: {CE71D032-D34E-478D-8514-FD9188C3DC10} - System32\Tasks\AdobeAAMUpdater-1.0-MS-PC-MS => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-06-16] (Adobe Systems Incorporated) Task: {DDB5F993-F990-426A-8675-CCE5CF343726} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [2011-05-10] (Hewlett-Packard) Task: {E078C90A-D654-4AA1-BBA0-DE5C4E51F445} - System32\Tasks\PC Health Advisor => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe [2011-03-30] (ParetoLogic, Inc.) Task: {EB61124F-DC35-4AA7-82A3-63906A8DFDC3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02] (Google Inc.) Task: {F24F4FE5-785E-4A4A-8F2A-14CE9B3D97A9} - System32\Tasks\{1488C8D7-FBF9-4C0E-B155-F4FA3FCBE917} => C:\Program Files (x86)\DATA BECKER\Hobby Constructor Plus\updchecker.exe Task: {F81784E9-56B3-4D6B-AE26-568C29BA03BD} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-30] (ParetoLogic Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\ParetoLogic Registration3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe Task: C:\Windows\Tasks\PC Health Advisor Defrag.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe Task: C:\Windows\Tasks\PC Health Advisor.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe ==================== Loaded Modules (whitelisted) ============= 2011-12-21 18:51 - 2006-02-23 11:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll 2011-12-21 18:51 - 2006-02-22 10:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll 2012-07-20 09:14 - 2008-08-22 13:05 - 00022296 _____ () C:\Windows\System32\skypdfmonpro.dll 2011-12-20 18:58 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2011-12-22 21:16 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll 2013-08-10 23:05 - 2013-08-10 22:53 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2011-12-23 19:18 - 2011-11-04 08:28 - 00260096 _____ () C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\sqlite3.dll 2014-01-07 19:22 - 2014-01-07 19:22 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\eb4812681f6ab4406053f3a1803e6da0\IsdiInterop.ni.dll 2011-12-20 18:47 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2011-09-16 00:17 - 2011-09-16 00:17 - 02888416 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll 2011-09-16 00:17 - 2011-09-16 00:17 - 00025824 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll 2011-09-16 00:18 - 2011-09-16 00:18 - 00028672 _____ () C:\Program Files (x86)\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll 2010-04-05 19:52 - 2010-04-05 19:52 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL 2010-04-05 19:52 - 2010-04-05 19:52 - 00053248 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Mono.Nat.dll 2010-04-05 19:49 - 2010-04-05 19:49 - 00178176 _____ () C:\Program Files (x86)\Common Files\Memeo\ProfMan.dll 2011-09-16 00:18 - 2011-09-16 00:18 - 00114688 _____ () C:\Program Files (x86)\Memeo\AutoBackup\de-DE\Memeo.Client.UI.resources.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\se64a.sys => ""="Driver" ==================== Faulty Device Manager Devices ============= Name: acedrv08 Description: acedrv08 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: acedrv08 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (01/07/2014 07:31:20 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/07/2014 07:13:13 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/07/2014 06:54:26 PM) (Source: Windows Search Service) (User: ) Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet. Details: Der Inhaltsindexkatalog ist fehlerhaft. 0xc0041801 (0xc0041801) Error: (01/07/2014 06:54:26 PM) (Source: Windows Search Service) (User: ) Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=2350} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben. Details: Der Inhaltsindexkatalog ist fehlerhaft. 0xc0041801 (0xc0041801) Error: (01/07/2014 06:36:32 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/07/2014 03:38:01 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/07/2014 03:20:22 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/07/2014 03:14:20 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/07/2014 03:10:02 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/07/2014 03:03:19 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) System errors: ============= Error: (01/07/2014 08:54:38 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT) Description: Fehler beim Lesen der Datei für lokale Hosts. Error: (01/07/2014 08:54:36 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT) Description: Fehler beim Lesen der Datei für lokale Hosts. Error: (01/07/2014 07:38:19 PM) (Source: volsnap) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (01/07/2014 07:31:41 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT) Description: Fehler beim Lesen der Datei für lokale Hosts. Error: (01/07/2014 07:31:41 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT) Description: Fehler beim Lesen der Datei für lokale Hosts. Error: (01/07/2014 07:31:35 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: acedrv08 Error: (01/07/2014 07:31:11 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT) Description: Fehler beim Lesen der Datei für lokale Hosts. Error: (01/07/2014 07:29:52 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst Windows Modules Installer konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error: (01/07/2014 07:29:19 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error: (01/07/2014 07:18:33 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde nicht richtig gestartet. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 23% Total physical RAM: 16365.23 MB Available physical RAM: 12546.38 MB Total Pagefile: 32728.64 MB Available Pagefile: 28781.93 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:1862.92 GB) (Free:33.45 GB) NTFS Drive f: (320 C) (Fixed) (Total:298.09 GB) (Free:1.14 GB) NTFS Drive i: (USB_DISK) (Removable) (Total:3.91 GB) (Free:3.9 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: CAB6BD6F) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=-198731366400) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 298 GB) (Disk ID: C63AC63A) Partition 1: (Active) - (Size=298 GB) - (Type=42) Partition 2: (Not Active) - (Size=2361 KB) - (Type=42) ======================================================== Disk: 2 (Size: 4 GB) (Disk ID: B3627CBC) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) ==================== End Of Log ============================ |
08.01.2014, 13:11 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win 7 - Firefox - Bundespolizei "ihr browser hat gesperrt"Code:
ATTFilter 127.0.0.1 TuneUp Utilities 127.0.0.1 ***.registertuneup.com 127.0.0.1 secure.tune-up.com Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ Logfiles bitte immer in CODE-Tags posten |
08.01.2014, 15:15 | #15 |
| Win 7 - Firefox - Bundespolizei "ihr browser hat gesperrt" na super. Ein Bekannter hatte mir an dem Rechner mal ein Problem behoben und in dem Zuge wohl dieses Prog. installiert. Es ist deinstalliert. Frst.Txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014 Ran by MS (administrator) on MS-PC on 08-01-2014 15:06:57 Running from C:\Users\MS\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe () C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (DATEV eG) C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe (DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE ( ) C:\Windows\System32\lmabcoms.exe (Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (EnTech Taiwan) C:\Program Files (x86)\softOSD\softOSD.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (EnTech Taiwan) C:\Windows\SysWOW64\softLCP.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe (Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11465832 2010-09-07] (Realtek Semiconductor) HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2412616 2010-08-03] (Logitech Inc.) HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.) HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe [415816 2010-08-03] (Logitech Inc.) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Memeo Instant Backup] - C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-09-16] (Memeo Inc.) HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung) HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844168 2013-05-19] (Samsung) HKCU\...\Policies\system: [LogonHoursAction] 2 HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKCU\...\Policies\Explorer: [DisallowRun] 1 MountPoints2: {fd0ae780-3306-11e1-aa1e-14dae9f723b8} - E:\Autoplay.exe -auto Startup: C:\Users\MS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Users\MS\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x24A275533CBFCC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: SplitButtonBHO Class - {C0C86BBE-9509-4296-8459-FDBFDAF4B673} - C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab Winsock: Catalog5 07 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin) Winsock: Catalog5-x64 07 %ProgramFiles%\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\MS\AppData\Roaming\Mozilla\Firefox\Profiles\hq0l27rj.default FF user.js: detected! => C:\Users\MS\AppData\Roaming\Mozilla\Firefox\Profiles\hq0l27rj.default\user.js FF Homepage: hxxp://de.ask.com/?l=dis&o=APN10023&gct=hp|hxxp://www.giga.de/my_homepage/0022/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @protectdisc.com/NPPDLicenseHelper - C:\Users\MS\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF SearchPlugin: C:\Users\MS\AppData\Roaming\Mozilla\Firefox\Profiles\hq0l27rj.default\searchplugins\gutscheinsuche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Amazon-Icon - C:\Users\MS\AppData\Roaming\Mozilla\Firefox\Profiles\hq0l27rj.default\Extensions\amazon-icon@winload.de FF Extension: FRITZ!Box AddOn - C:\Users\MS\AppData\Roaming\Mozilla\Firefox\Profiles\hq0l27rj.default\Extensions\fb_add_on@avm.de FF Extension: Spartipps von SparPilot.com - C:\Users\MS\AppData\Roaming\Mozilla\Firefox\Profiles\hq0l27rj.default\Extensions\sparpilot@sparpilot.com FF Extension: Adblock Plus - C:\Users\MS\AppData\Roaming\Mozilla\Firefox\Profiles\hq0l27rj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR HomePage: chrome://newtab CHR RestoreOnStartup: "hxxp://www.google.com/", "hxxp://www.giga.de/my_homepage/0022/" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) CHR Plugin: (Default Plug-in) - default_plugin No File CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\MS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\30.2_0 CHR Extension: (YouTube) - C:\Users\MS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\MS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Amazon-Icon) - C:\Users\MS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_0 CHR Extension: (Google Wallet) - C:\Users\MS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 CHR Extension: (Gmail) - C:\Users\MS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\MS\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG) R2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-12-08] () R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [75048 2011-12-07] (CyberLink) R2 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [292136 2011-12-07] (CyberLink) S3 DATEV Update-Service; C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [155232 2011-02-21] (DATEV eG) R2 DatevPrintService; C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [79872 2010-12-08] (DATEV eG) R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [189776 2010-10-28] (DATA BECKER GmbH & Co KG) R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin) R2 lmab_device; C:\Windows\system32\LMabcoms.exe [1044992 2009-09-09] ( ) R2 lmab_device; C:\Windows\SysWow64\LMabcoms.exe [593920 2009-09-09] ( ) R2 MSSQL$DATEV_CL_DE01; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29286760 2010-02-09] (Microsoft Corporation) R2 softOSD; C:\Program Files (x86)\softOSD\softosd.exe [259832 2007-07-31] (EnTech Taiwan) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) R1 se64a; C:\Windows\System32\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan) R1 se64a; C:\Windows\SysWow64\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-12-30] () R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-11-16] (CyberLink Corp.) S1 acedrv08; \??\C:\Windows\system32\drivers\acedrv08.sys [x] U0 dmboot; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-08 13:28 - 2014-01-08 15:07 - 00015975 _____ C:\Users\MS\Desktop\FRST.txt 2014-01-08 13:28 - 2014-01-08 13:48 - 00035562 _____ C:\Users\MS\Desktop\Addition.txt 2014-01-08 13:25 - 2014-01-08 13:25 - 00000000 ____D C:\Users\MS\AppData\Roaming\No Company Name 2014-01-08 10:55 - 2014-01-08 10:56 - 01931762 _____ (Farbar) C:\Users\MS\Desktop\FRST64.exe 2014-01-08 10:01 - 2014-01-08 10:01 - 00031286 _____ C:\Users\MS\Desktop\AVSCAN-20140107-201500-0F9A37B1.LOG 2014-01-08 09:28 - 2014-01-08 09:28 - 00031286 _____ C:\Users\MS\Desktop\report AVSCAN-20140107-201500-0F9A37B1.LOG 2014-01-07 19:10 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-01-07 19:10 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-01-07 19:10 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-01-07 19:10 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-01-07 19:04 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE 2014-01-07 19:02 - 2014-01-07 19:02 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-01-07 19:02 - 2014-01-07 19:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-01-07 19:02 - 2014-01-07 19:02 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-01-07 19:02 - 2014-01-07 19:02 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-01-07 19:02 - 2014-01-07 19:02 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2014-01-07 19:02 - 2014-01-07 19:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-01-07 19:02 - 2014-01-07 19:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-01-07 19:02 - 2014-01-07 19:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-01-07 19:02 - 2014-01-07 19:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-01-07 19:02 - 2014-01-07 19:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-01-07 19:02 - 2014-01-07 19:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-01-07 19:01 - 2014-01-07 19:04 - 00012170 _____ C:\Windows\IE11_main.log 2014-01-07 18:59 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2014-01-07 18:59 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2014-01-07 18:59 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-01-07 18:59 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-01-07 18:59 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2014-01-07 18:59 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-01-07 18:59 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2014-01-07 18:59 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-01-07 18:59 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-01-07 18:59 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2014-01-07 18:59 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2014-01-07 18:59 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-01-07 18:59 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2014-01-07 18:59 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-01-07 18:59 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-01-07 18:59 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-01-07 18:59 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-01-07 18:59 - 2013-05-10 06:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2014-01-07 18:59 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2014-01-07 18:59 - 2013-04-26 00:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2014-01-07 18:59 - 2013-04-17 08:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-01-07 18:59 - 2013-04-17 07:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-01-07 18:59 - 2013-03-31 23:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2014-01-07 18:58 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2014-01-07 18:58 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-01-07 18:58 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2014-01-07 18:58 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2014-01-07 18:58 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-01-07 18:58 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2014-01-07 18:58 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-01-07 18:58 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2014-01-07 18:58 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-01-07 18:58 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2014-01-07 18:58 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2014-01-07 18:58 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-07 18:58 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-07 18:58 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-07 18:58 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-07 18:58 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-07 18:58 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-07 18:58 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-07 18:58 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2014-01-07 18:58 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2014-01-07 18:58 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2014-01-07 18:58 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2014-01-07 18:58 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2014-01-07 18:58 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2014-01-07 18:58 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2014-01-07 18:43 - 2014-01-07 18:45 - 00000680 __RSH C:\Users\MS\ntuser.pol 2014-01-07 18:12 - 2014-01-07 18:15 - 00000000 ____D C:\Windows\system32\MRT 2014-01-07 18:07 - 2013-08-02 03:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2014-01-07 18:07 - 2013-08-02 03:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-01-07 18:07 - 2013-08-02 03:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-01-07 18:07 - 2013-08-02 02:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 02:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2014-01-07 18:07 - 2013-08-02 01:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2014-01-07 18:07 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2014-01-07 18:07 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2014-01-07 18:07 - 2013-07-09 06:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-01-07 18:07 - 2013-07-09 05:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2014-01-07 18:07 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2014-01-07 18:07 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2014-01-07 18:07 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2014-01-07 18:06 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-01-07 18:06 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-01-07 18:06 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2014-01-07 18:06 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2014-01-07 18:06 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-01-07 18:06 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-01-07 18:06 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-01-07 18:06 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-01-07 18:06 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-01-07 18:06 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-01-07 18:06 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-01-07 18:06 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-01-07 18:06 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-01-07 18:06 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-01-07 18:06 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-01-07 18:06 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-01-07 18:06 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-01-07 18:06 - 2013-07-26 03:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-01-07 18:06 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2014-01-07 18:06 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-01-07 18:06 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2014-01-07 18:06 - 2013-07-25 10:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2014-01-07 18:06 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2014-01-07 18:06 - 2013-07-09 06:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-01-07 18:06 - 2013-07-09 06:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2014-01-07 18:06 - 2013-07-09 05:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2014-01-07 18:06 - 2013-07-09 05:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2014-01-07 18:06 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-01-07 18:06 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys 2014-01-07 18:06 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2014-01-07 18:06 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2014-01-07 18:06 - 2013-06-04 07:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-01-07 18:06 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-01-07 18:05 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-01-07 18:05 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-01-07 18:05 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-07 18:05 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-01-07 18:05 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2014-01-07 18:05 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2014-01-07 18:05 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-01-07 18:05 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2014-01-07 18:05 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2014-01-07 18:05 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2014-01-07 18:05 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2014-01-07 18:05 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2014-01-07 18:05 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2014-01-07 18:05 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-01-07 18:05 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-01-07 18:05 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-01-07 18:05 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-01-07 18:05 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2014-01-07 18:05 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2014-01-07 18:05 - 2013-07-09 06:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-01-07 18:05 - 2013-07-09 05:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-01-07 18:05 - 2013-06-15 05:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-01-07 18:05 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2014-01-07 18:05 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2014-01-07 18:05 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2014-01-07 18:05 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2014-01-07 18:05 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2014-01-07 18:05 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2014-01-07 18:05 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2014-01-07 18:05 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2014-01-07 18:05 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2014-01-07 18:05 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2014-01-07 18:05 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2014-01-07 18:05 - 2013-04-02 23:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2014-01-07 17:56 - 2014-01-07 21:36 - 00000000 ____D C:\downlaods 2014-01-07 17:56 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-01-07 17:55 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2014-01-07 17:55 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2014-01-07 17:55 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2014-01-07 17:55 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2014-01-07 17:55 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2014-01-07 15:27 - 2014-01-07 15:27 - 00000000 ____D C:\FRST 2014-01-07 15:01 - 2014-01-07 13:55 - 01064805 _____ (Farbar) C:\frst.exe 2014-01-07 15:00 - 2014-01-07 14:04 - 00024253 _____ C:\FRST.txt 2014-01-07 15:00 - 2014-01-07 13:35 - 01931762 _____ (Farbar) C:\FRST64.exe 2014-01-03 14:47 - 2014-01-03 14:47 - 479890516 _____ C:\Windows\MEMORY.DMP 2014-01-03 14:47 - 2014-01-03 14:47 - 00266320 _____ C:\Windows\Minidump\010314-18033-01.dmp 2013-12-28 05:58 - 2013-12-28 05:58 - 00285048 _____ C:\Windows\Minidump\122813-23602-01.dmp 2013-12-25 15:02 - 2013-12-25 15:02 - 00000000 ____H C:\Users\MS\Documents\Default.rdp 2013-12-23 19:23 - 2013-12-23 19:24 - 00293184 _____ C:\Windows\Minidump\122313-51277-01.dmp 2013-12-23 00:41 - 2014-01-07 18:01 - 00000462 _____ C:\Windows\Tasks\ParetoLogic Registration3.job 2013-12-23 00:41 - 2013-12-23 00:41 - 00003120 _____ C:\Windows\System32\Tasks\ParetoLogic Registration3 2013-12-23 00:41 - 2013-12-23 00:41 - 00000000 ____D C:\Users\MS\AppData\Roaming\ParetoLogic 2013-12-23 00:41 - 2013-12-23 00:41 - 00000000 ____D C:\Users\MS\AppData\Roaming\DriverCure 2013-12-23 00:40 - 2014-01-07 08:09 - 00000376 _____ C:\Windows\Tasks\PC Health Advisor.job 2013-12-23 00:40 - 2014-01-06 06:02 - 00000436 _____ C:\Windows\Tasks\ParetoLogic Update Version3.job 2013-12-23 00:40 - 2013-12-23 13:08 - 00000394 _____ C:\Windows\Tasks\PC Health Advisor Defrag.job 2013-12-23 00:40 - 2013-12-23 00:40 - 00003290 _____ C:\Windows\System32\Tasks\PC Health Advisor 2013-12-23 00:40 - 2013-12-23 00:40 - 00003262 _____ C:\Windows\System32\Tasks\PC Health Advisor Defrag 2013-12-23 00:40 - 2013-12-23 00:40 - 00003240 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3 2013-12-23 00:40 - 2013-12-23 00:40 - 00001097 _____ C:\Users\MS\Desktop\ParetoLogic PC Health Advisor.lnk 2013-12-23 00:40 - 2013-12-23 00:40 - 00000000 ____D C:\Users\MS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic 2013-12-23 00:40 - 2013-12-23 00:40 - 00000000 ____D C:\ProgramData\ParetoLogic 2013-12-23 00:40 - 2013-12-23 00:40 - 00000000 ____D C:\Program Files (x86)\ParetoLogic 2013-12-23 00:05 - 2013-12-23 00:05 - 00292672 _____ C:\Windows\Minidump\122313-25802-01.dmp 2013-12-22 15:59 - 2013-12-22 15:59 - 00129112 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-22 15:59 - 2013-12-22 15:59 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Memeo 2013-12-21 19:06 - 2013-12-21 19:06 - 00002004 _____ C:\Users\MS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Persbackup.lnk 2013-12-21 13:40 - 2013-12-22 09:49 - 00000000 ____D C:\Users\MS\Documents\PersBackup 2013-12-21 13:40 - 2013-12-21 19:06 - 00000000 ____D C:\Users\MS\AppData\Roaming\PersBackup5 2013-12-21 13:13 - 2013-12-21 13:34 - 00000000 ____D C:\Users\MS\MEDION NAS TOOL 2013-12-21 13:09 - 2013-12-21 13:09 - 00002140 _____ C:\Users\Public\Desktop\MEDION NAS TOOL.lnk 2013-12-21 13:09 - 2013-12-21 13:09 - 00001161 _____ C:\Users\Public\Desktop\Memeo Instant Backup.lnk 2013-12-21 13:09 - 2013-12-21 13:09 - 00000000 ____D C:\Users\MS\AppData\Roaming\Memeo 2013-12-21 13:09 - 2013-12-21 13:09 - 00000000 ____D C:\Program Files (x86)\Memeo 2013-12-21 13:08 - 2013-12-21 13:08 - 00000000 ____D C:\Program Files (x86)\MEDION 2013-12-21 03:14 - 2013-12-21 03:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-14 04:36 - 2013-12-14 04:36 - 00266320 _____ C:\Windows\Minidump\121413-16629-01.dmp 2013-12-10 15:51 - 2013-12-10 15:51 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk ==================== One Month Modified Files and Folders ======= 2014-01-08 15:07 - 2014-01-08 13:28 - 00015975 _____ C:\Users\MS\Desktop\FRST.txt 2014-01-08 15:04 - 2012-03-02 13:26 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-08 14:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2014-01-08 13:49 - 2009-07-14 05:45 - 00015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-08 13:49 - 2009-07-14 05:45 - 00015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-08 13:48 - 2014-01-08 13:28 - 00035562 _____ C:\Users\MS\Desktop\Addition.txt 2014-01-08 13:43 - 2011-12-20 18:51 - 00129112 _____ C:\Users\MS\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-08 13:42 - 2012-03-02 13:26 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-08 13:42 - 2011-12-21 19:42 - 00368838 _____ C:\Users\MS\DesktopStCenter.txt 2014-01-08 13:41 - 2011-12-20 18:59 - 00000000 ____D C:\ProgramData\NVIDIA 2014-01-08 13:41 - 2011-12-20 18:45 - 00171994 _____ C:\Windows\PFRO.log 2014-01-08 13:41 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-08 13:41 - 2009-07-14 05:51 - 00096211 _____ C:\Windows\setupact.log 2014-01-08 13:41 - 2009-07-14 05:45 - 00490048 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-08 13:40 - 2011-12-22 16:21 - 00000000 ____D C:\Users\MS\AppData\Roaming\FRITZ! 2014-01-08 13:40 - 2011-12-20 17:23 - 02088185 _____ C:\Windows\WindowsUpdate.log 2014-01-08 13:26 - 2011-12-30 18:57 - 00000000 ____D C:\Program Files (x86)\Adobe 2014-01-08 13:26 - 2011-12-30 16:29 - 00000000 ____D C:\Program Files\Common Files\Adobe 2014-01-08 13:25 - 2014-01-08 13:25 - 00000000 ____D C:\Users\MS\AppData\Roaming\No Company Name 2014-01-08 13:18 - 2012-02-18 21:38 - 00000000 ____D C:\ProgramData\TuneUp Software 2014-01-08 13:18 - 2009-07-14 18:58 - 00759912 _____ C:\Windows\system32\perfh007.dat 2014-01-08 13:18 - 2009-07-14 18:58 - 00174408 _____ C:\Windows\system32\perfc007.dat 2014-01-08 13:18 - 2009-07-14 06:13 - 01777334 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-08 13:09 - 2012-01-08 13:34 - 00000000 ____D C:\01 eigenes 2014-01-08 10:56 - 2014-01-08 10:55 - 01931762 _____ (Farbar) C:\Users\MS\Desktop\FRST64.exe 2014-01-08 10:01 - 2014-01-08 10:01 - 00031286 _____ C:\Users\MS\Desktop\AVSCAN-20140107-201500-0F9A37B1.LOG 2014-01-08 09:28 - 2014-01-08 09:28 - 00031286 _____ C:\Users\MS\Desktop\report AVSCAN-20140107-201500-0F9A37B1.LOG 2014-01-07 21:50 - 2011-12-20 19:05 - 00000000 ____D C:\Users\MS\AppData\Roaming\vlc 2014-01-07 21:36 - 2014-01-07 17:56 - 00000000 ____D C:\downlaods 2014-01-07 19:54 - 2011-12-20 17:45 - 00001421 _____ C:\Users\MS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-07 19:31 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-07 19:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2014-01-07 19:09 - 2011-12-20 18:59 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2014-01-07 19:09 - 2011-12-20 18:58 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2014-01-07 19:06 - 2012-07-20 09:11 - 01742802 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2014-01-07 19:04 - 2014-01-07 19:01 - 00012170 _____ C:\Windows\IE11_main.log 2014-01-07 19:02 - 2014-01-07 19:02 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-01-07 19:02 - 2014-01-07 19:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-01-07 19:02 - 2014-01-07 19:02 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-01-07 19:02 - 2014-01-07 19:02 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-01-07 19:02 - 2014-01-07 19:02 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2014-01-07 19:02 - 2014-01-07 19:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-01-07 19:02 - 2014-01-07 19:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-01-07 19:02 - 2014-01-07 19:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-01-07 19:02 - 2014-01-07 19:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-01-07 19:02 - 2014-01-07 19:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-01-07 19:02 - 2014-01-07 19:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-01-07 19:02 - 2014-01-07 19:02 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-01-07 19:02 - 2014-01-07 19:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-01-07 18:45 - 2014-01-07 18:43 - 00000680 __RSH C:\Users\MS\ntuser.pol 2014-01-07 18:45 - 2011-12-20 17:45 - 00000000 ____D C:\Users\MS 2014-01-07 18:43 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2014-01-07 18:39 - 2011-12-20 17:45 - 00000000 ___RD C:\Users\MS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-07 18:39 - 2011-12-20 17:45 - 00000000 ___RD C:\Users\MS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-01-07 18:33 - 2009-07-14 19:18 - 00000000 ____D C:\Program Files\Windows Journal 2014-01-07 18:33 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender 2014-01-07 18:33 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2014-01-07 18:15 - 2014-01-07 18:12 - 00000000 ____D C:\Windows\system32\MRT 2014-01-07 18:01 - 2013-12-23 00:41 - 00000462 _____ C:\Windows\Tasks\ParetoLogic Registration3.job 2014-01-07 15:27 - 2014-01-07 15:27 - 00000000 ____D C:\FRST 2014-01-07 14:04 - 2014-01-07 15:00 - 00024253 _____ C:\FRST.txt 2014-01-07 13:55 - 2014-01-07 15:01 - 01064805 _____ (Farbar) C:\frst.exe 2014-01-07 13:35 - 2014-01-07 15:00 - 01931762 _____ (Farbar) C:\FRST64.exe 2014-01-07 08:09 - 2013-12-23 00:40 - 00000376 _____ C:\Windows\Tasks\PC Health Advisor.job 2014-01-06 17:06 - 2013-01-22 12:44 - 01557504 ___SH C:\Users\MS\Desktop\Thumbs.db 2014-01-06 16:57 - 2013-02-07 14:56 - 00000000 ___RD C:\Users\MS\Documents\Dropbox 2014-01-06 16:57 - 2012-11-02 17:06 - 00000000 ____D C:\Users\MS\AppData\Roaming\Dropbox 2014-01-06 06:02 - 2013-12-23 00:40 - 00000436 _____ C:\Windows\Tasks\ParetoLogic Update Version3.job 2014-01-03 14:47 - 2014-01-03 14:47 - 479890516 _____ C:\Windows\MEMORY.DMP 2014-01-03 14:47 - 2014-01-03 14:47 - 00266320 _____ C:\Windows\Minidump\010314-18033-01.dmp 2014-01-03 14:47 - 2012-11-19 20:06 - 00000000 ____D C:\Windows\Minidump 2013-12-28 05:58 - 2013-12-28 05:58 - 00285048 _____ C:\Windows\Minidump\122813-23602-01.dmp 2013-12-25 15:02 - 2013-12-25 15:02 - 00000000 ____H C:\Users\MS\Documents\Default.rdp 2013-12-23 19:24 - 2013-12-23 19:23 - 00293184 _____ C:\Windows\Minidump\122313-51277-01.dmp 2013-12-23 13:08 - 2013-12-23 00:40 - 00000394 _____ C:\Windows\Tasks\PC Health Advisor Defrag.job 2013-12-23 00:41 - 2013-12-23 00:41 - 00003120 _____ C:\Windows\System32\Tasks\ParetoLogic Registration3 2013-12-23 00:41 - 2013-12-23 00:41 - 00000000 ____D C:\Users\MS\AppData\Roaming\ParetoLogic 2013-12-23 00:41 - 2013-12-23 00:41 - 00000000 ____D C:\Users\MS\AppData\Roaming\DriverCure 2013-12-23 00:40 - 2013-12-23 00:40 - 00003290 _____ C:\Windows\System32\Tasks\PC Health Advisor 2013-12-23 00:40 - 2013-12-23 00:40 - 00003262 _____ C:\Windows\System32\Tasks\PC Health Advisor Defrag 2013-12-23 00:40 - 2013-12-23 00:40 - 00003240 _____ C:\Windows\System32\Tasks\ParetoLogic Update Version3 2013-12-23 00:40 - 2013-12-23 00:40 - 00001097 _____ C:\Users\MS\Desktop\ParetoLogic PC Health Advisor.lnk 2013-12-23 00:40 - 2013-12-23 00:40 - 00000000 ____D C:\Users\MS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic 2013-12-23 00:40 - 2013-12-23 00:40 - 00000000 ____D C:\ProgramData\ParetoLogic 2013-12-23 00:40 - 2013-12-23 00:40 - 00000000 ____D C:\Program Files (x86)\ParetoLogic 2013-12-23 00:05 - 2013-12-23 00:05 - 00292672 _____ C:\Windows\Minidump\122313-25802-01.dmp 2013-12-22 15:59 - 2013-12-22 15:59 - 00129112 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT 2013-12-22 15:59 - 2013-12-22 15:59 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Memeo 2013-12-22 15:59 - 2013-02-22 20:31 - 00000909 _____ C:\Users\Gast\DesktopStCenter.txt 2013-12-22 15:59 - 2013-02-05 16:31 - 00001421 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-22 15:59 - 2013-02-05 16:31 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-12-22 15:59 - 2013-02-05 16:31 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-12-22 15:59 - 2013-02-05 16:31 - 00000000 ____D C:\Users\Gast\AppData\Roaming\FRITZ! 2013-12-22 09:49 - 2013-12-21 13:40 - 00000000 ____D C:\Users\MS\Documents\PersBackup 2013-12-21 19:08 - 2012-05-07 21:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-12-21 19:06 - 2013-12-21 19:06 - 00002004 _____ C:\Users\MS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Persbackup.lnk 2013-12-21 19:06 - 2013-12-21 13:40 - 00000000 ____D C:\Users\MS\AppData\Roaming\PersBackup5 2013-12-21 13:34 - 2013-12-21 13:13 - 00000000 ____D C:\Users\MS\MEDION NAS TOOL 2013-12-21 13:09 - 2013-12-21 13:09 - 00002140 _____ C:\Users\Public\Desktop\MEDION NAS TOOL.lnk 2013-12-21 13:09 - 2013-12-21 13:09 - 00001161 _____ C:\Users\Public\Desktop\Memeo Instant Backup.lnk 2013-12-21 13:09 - 2013-12-21 13:09 - 00000000 ____D C:\Users\MS\AppData\Roaming\Memeo 2013-12-21 13:09 - 2013-12-21 13:09 - 00000000 ____D C:\Program Files (x86)\Memeo 2013-12-21 13:08 - 2013-12-21 13:08 - 00000000 ____D C:\Program Files (x86)\MEDION 2013-12-21 03:14 - 2013-12-21 03:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-12-18 17:44 - 2013-08-10 23:17 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-12-18 17:44 - 2013-08-10 23:05 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-12-18 17:44 - 2013-08-10 23:05 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-12-16 18:18 - 2012-01-31 15:54 - 00000000 ____D C:\Users\MS\Documents\Eigene Scans 2013-12-14 05:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2013-12-14 04:36 - 2013-12-14 04:36 - 00266320 _____ C:\Windows\Minidump\121413-16629-01.dmp 2013-12-12 14:25 - 2012-04-04 20:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-12 14:25 - 2011-12-20 18:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-10 15:51 - 2013-12-10 15:51 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-12-10 15:51 - 2012-03-02 13:26 - 00000000 ____D C:\Program Files (x86)\Google 2013-12-10 15:50 - 2012-03-02 13:26 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk Files to move or delete: ==================== C:\Users\MS\MdSched.exe Some content of TEMP: ==================== C:\Users\Gast\AppData\Local\Temp\AskSLib.dll C:\Users\Gast\AppData\Local\Temp\avgnt.exe C:\Users\MS\AppData\Local\Temp\avgnt.exe C:\Users\MS\AppData\Local\Temp\readSTILog.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-03 15:45 ==================== End Of Log ============================ Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2014 Ran by MS at 2014-01-08 15:07:10 Running from C:\Users\MS\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden 5600 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden 5600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden 5600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden ACDSee Pro 5 (x32 Version: 5.1.137 - ACD Systems International Inc.) Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Photoshop Lightroom 3.6 64-bit (Version: 3.6.1 - Adobe) AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.2.9.0 - Asmedia Technology) Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira) AVM FRITZ!Box AddOn (IE) (x64) (Version: 1.5.7 - AVM Berlin) AVM FRITZ!fax für FRITZ!Box (x32 Version: - AVM Berlin) B1315AppGuid (x32 Version: 1.0.0 - DATEV eG) Hidden BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden calibre (x32 Version: 0.9.31 - Kovid Goyal) Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden CyberLink PowerDVD 11 (x32 Version: 11.0.2408.53 - CyberLink Corp.) CyberLink PowerDVD 11 (x32 Version: 11.0.2408.53 - CyberLink Corp.) Hidden DATEV Installation V.2.8 (x32 Version: - ) Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Dropbox (HKCU Version: 2.0.22 - Dropbox, Inc.) DVDFab 9.0.5.5 (26/07/2013) (x32 Version: - Fengtao Software Inc.) Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden FRITZ!DSL64 (Version: 2.04.03 - AVM Berlin) Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.) Google Earth (x32 Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Hotfix 4285 for SQL Server Database Services 2005 ENU (KB978915) (x32 Version: 9.3.4285 - Microsoft Corporation) HP Customer Participation Program 13.0 (Version: 13.0 - HP) HP Imaging Device Functions 13.0 (Version: 13.0 - HP) HP Photosmart Essential 3.5 (Version: 3.5 - HP) HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0 - HP) HP Smart Web Printing 4.51 (Version: 4.51 - HP) HP Solution Center 13.0 (Version: 13.0 - HP) HP Update (x32 Version: 5.005.000.001 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HyperCam 3 (x32 Version: 3.3.1109.19 - Solveig Multimedia) Intel(R) Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation) Intel(R) Rapid Storage Technology (x32 Version: 10.1.0.1008 - Intel Corporation) Java 7 Update 21 (x32 Version: 7.0.210 - Oracle) Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 30 (x32 Version: 6.0.300 - Oracle) JDownloader 0.9 (x32 Version: 0.9 - AppWork GmbH) K-Lite Codec Pack 9.6.0 (Standard) (x32 Version: 9.6.0 - ) Lexmark Software deinstallieren (Version: - Lexmark International, Inc.) Logitech GamePanel Software 3.06.109 (Version: 3.06.109 - Logitech Inc.) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden MEDION NAS TOOL (x32 Version: - MEDION) Memeo Instant Backup (x32 Version: 4.60.0.7939 - Memeo Inc.) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Outlook-Sicherung für Persönliche Ordner (x32 Version: 1.10.0.0 - Microsoft Corporation) Microsoft SQL Server 2005 (x32 Version: - Microsoft Corporation) Microsoft SQL Server 2005 Express Edition (DATEV_CL_DE01) (x32 Version: 9.3.4035.00 - Microsoft Corporation) Hidden Microsoft SQL Server 2005-Abwärtskompatibilität (Version: 8.05.2004 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 x64 DEU (Version: 4.0.8482.1 - Microsoft Corporation) Microsoft SQL Server Native Client (Version: 9.00.4285.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (Version: 9.00.4285.00 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) Microsoft XML Parser (x32 Version: 8.70.1104.04 - Microsoft Corporation) Hidden Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla) Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation) MyFreeCodec (HKCU Version: - ) Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden NVIDIA 3D Vision Controller-Treiber 285.62 (Version: 285.62 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 331.65 (Version: 331.65 - NVIDIA Corporation) NVIDIA Grafiktreiber 331.65 (Version: 331.65 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.11.0621 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.11.0621 (Version: 9.11.0621 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden NVIDIA Update 1.15.2 (Version: 1.15.2 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden OCR Software by I.R.I.S. 13.0 (Version: 13.0 - HP) ParetoLogic PC Health Advisor (x32 Version: 3.1.0.0 - ParetoLogic, Inc.) PDFCreator (x32 Version: 1.5.1 - Frank Heindörfer, Philip Chinery) PDF-XChange Viewer (Version: 2.5.201.0 - Tracker Software Products Ltd.) Protect Disc License Helper 1.0.125 (IE) (HKCU Version: 1.0.125 - Protect Disc) Realtek Ethernet Controller Driver (x32 Version: 7.41.216.2011 - Realtek) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6196 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden Samsung Kies (x32 Version: 2.5.3.13034_9 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.3.13034_9 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.) Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Shop for HP Supplies (Version: 13.0 - HP) SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden softOSM (x32 Version: - ) SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden SpeedCommander 14 (x64) (Version: 14.10.6700 - SWE Sven Ritter) SQLXML4 (Version: 9.00.4035.00 - Microsoft Corporation) Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden System Requirements Lab (x32 Version: - ) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (x32 Version: 9.00.4035.00 - Microsoft Corporation) VLC media player 2.1.0 (Version: 2.1.0 - VideoLAN) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden WinRAR 4.01 (64-Bit) (Version: 4.01.0 - win.rar GmbH) ==================== Restore Points ========================= 08-01-2014 12:16:56 TuneUp Utilities 2012 wird entfernt 08-01-2014 12:18:37 TuneUp Utilities Language Pack (de-DE) wird entfernt 08-01-2014 12:19:51 Removed Adobe Photoshop Elements 10. ==================== Hosts content: ========================== 2012-02-13 19:21 - 2012-02-13 19:21 - 00001018 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 TuneUp Utilities 127.0.0.1 www.registertuneup.com 127.0.0.1 secure.tune-up.com ==================== Scheduled Tasks (whitelisted) ============= Task: {0DCE0A44-EFAB-4F1D-AC38-439868F10B17} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns Task: {4676494F-8AD6-429C-8E9E-7CB19DD22129} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation) Task: {48F21BC2-95E7-4579-A39D-F98D5690F314} - System32\Tasks\PC Health Advisor Defrag => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe [2011-03-30] (ParetoLogic, Inc.) Task: {5839C838-4CC4-47FB-A70B-FD073A17FE00} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02] (Google Inc.) Task: {DDB5F993-F990-426A-8675-CCE5CF343726} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [2011-05-10] (Hewlett-Packard) Task: {E078C90A-D654-4AA1-BBA0-DE5C4E51F445} - System32\Tasks\PC Health Advisor => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe [2011-03-30] (ParetoLogic, Inc.) Task: {EB61124F-DC35-4AA7-82A3-63906A8DFDC3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02] (Google Inc.) Task: {F24F4FE5-785E-4A4A-8F2A-14CE9B3D97A9} - System32\Tasks\{1488C8D7-FBF9-4C0E-B155-F4FA3FCBE917} => C:\Program Files (x86)\DATA BECKER\Hobby Constructor Plus\updchecker.exe Task: {F81784E9-56B3-4D6B-AE26-568C29BA03BD} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-30] (ParetoLogic Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\ParetoLogic Registration3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe Task: C:\Windows\Tasks\PC Health Advisor Defrag.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe Task: C:\Windows\Tasks\PC Health Advisor.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe ==================== Loaded Modules (whitelisted) ============= 2011-12-21 18:51 - 2006-02-23 11:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll 2011-12-21 18:51 - 2006-02-22 10:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll 2012-07-20 09:14 - 2008-08-22 13:05 - 00022296 _____ () C:\Windows\System32\skypdfmonpro.dll 2011-12-20 18:58 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2011-12-22 21:16 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll 2013-08-10 23:05 - 2013-08-10 22:53 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2011-12-23 19:18 - 2011-11-04 08:28 - 00260096 _____ () C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\sqlite3.dll 2011-09-16 00:17 - 2011-09-16 00:17 - 02888416 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll 2011-09-16 00:17 - 2011-09-16 00:17 - 00025824 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll 2011-09-16 00:18 - 2011-09-16 00:18 - 00028672 _____ () C:\Program Files (x86)\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll 2010-04-05 19:52 - 2010-04-05 19:52 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL 2010-04-05 19:52 - 2010-04-05 19:52 - 00053248 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Mono.Nat.dll 2010-04-05 19:49 - 2010-04-05 19:49 - 00178176 _____ () C:\Program Files (x86)\Common Files\Memeo\ProfMan.dll 2011-09-16 00:18 - 2011-09-16 00:18 - 00114688 _____ () C:\Program Files (x86)\Memeo\AutoBackup\de-DE\Memeo.Client.UI.resources.dll 2014-01-07 19:22 - 2014-01-07 19:22 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\eb4812681f6ab4406053f3a1803e6da0\IsdiInterop.ni.dll 2011-12-20 18:47 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\se64a.sys => ""="Driver" ==================== Faulty Device Manager Devices ============= Name: acedrv08 Description: acedrv08 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: acedrv08 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (01/08/2014 01:42:16 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/08/2014 01:16:52 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: TuneUpUtilitiesService64.exe, Version: 12.0.3010.1, Zeitstempel: 0x4f33a6e0 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000004e4e4 ID des fehlerhaften Prozesses: 0xef4 Startzeit der fehlerhaften Anwendung: 0xTuneUpUtilitiesService64.exe0 Pfad der fehlerhaften Anwendung: TuneUpUtilitiesService64.exe1 Pfad des fehlerhaften Moduls: TuneUpUtilitiesService64.exe2 Berichtskennung: TuneUpUtilitiesService64.exe3 Error: (01/07/2014 07:31:20 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/07/2014 07:13:13 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/07/2014 06:54:26 PM) (Source: Windows Search Service) (User: ) Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet. Details: Der Inhaltsindexkatalog ist fehlerhaft. 0xc0041801 (0xc0041801) Error: (01/07/2014 06:54:26 PM) (Source: Windows Search Service) (User: ) Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=2350} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben. Details: Der Inhaltsindexkatalog ist fehlerhaft. 0xc0041801 (0xc0041801) Error: (01/07/2014 06:36:32 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/07/2014 03:38:01 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/07/2014 03:20:22 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/07/2014 03:14:20 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) System errors: ============= Error: (01/08/2014 01:42:41 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: acedrv08 Error: (01/08/2014 01:42:06 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT) Description: Fehler beim Lesen der Datei für lokale Hosts. Error: (01/08/2014 01:23:21 PM) (Source: VDS Basic Provider) (User: ) Description: Unerwarteter Fehler. Fehlercode: 490@01010004 Error: (01/08/2014 01:16:57 PM) (Source: WMPNetworkSvc) (User: ) Description: 0x80004004-1 Error: (01/08/2014 01:05:36 PM) (Source: VDS Basic Provider) (User: ) Description: Unerwarteter Fehler. Fehlercode: 490@01010004 Error: (01/08/2014 01:01:57 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: acedrv08 Error: (01/08/2014 01:01:34 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "MemeoBackgroundService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/08/2014 01:01:34 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MemeoBackgroundService erreicht. Error: (01/08/2014 01:00:56 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT) Description: Fehler beim Lesen der Datei für lokale Hosts. Error: (01/07/2014 08:54:38 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT) Description: Fehler beim Lesen der Datei für lokale Hosts. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 16% Total physical RAM: 16365.23 MB Available physical RAM: 13595.96 MB Total Pagefile: 32728.64 MB Available Pagefile: 29806.56 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:1862.92 GB) (Free:58.63 GB) NTFS Drive f: (320 C) (Fixed) (Total:298.09 GB) (Free:1.14 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: CAB6BD6F) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=-198731366400) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 298 GB) (Disk ID: C63AC63A) Partition 1: (Active) - (Size=298 GB) - (Type=42) Partition 2: (Not Active) - (Size=2361 KB) - (Type=42) ==================== End Of Log ============================ |
Themen zu Win 7 - Firefox - Bundespolizei "ihr browser hat gesperrt" |
association, bonjour, browser, bundespolizei, desktop, explorer, firefox, firefox gesperrt, fontcache, geliefert, gesperrt, home, ihr browser hat gesperrt, nvidia, policyagent, realtek, registry, rundll, services.exe, software, symantec, taskmanager, windows, windows xp, winlogon.exe |