TR/Dropper.Gen in C:Windows/Temp/.....

lesina · 28.05.2014, 04:05

Hallo,
antivir hat auch bei mit den TR/Dropper.Gen gefunden.
Könnt ihr mir helfen ihn schnellst möglich los zu werden bitte, bin nämlich eigentlich gerade dabei mein abschluss arbeit zu schreiben....

und sobald ich auf einen weiterführenden link klicke, öffnet sich ein weiters firefox fenster und von avast kommt diese meldung:

infektion blockiert:

URL:
hxxp://canadaalltax.com/z/f=pjsKrTwFvTk4vTw4px1FqdaFrjC7qds9&eid=313&hid=17612962708237281132&pid=1481&rf=http%3A%2F%2Fwww.trojaner-board.de%2F69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html&s=px.pluginh&r=0.9361056213782601

Infektion:
URL:Mal

FRST editor:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Admin L (administrator) on ADMINL-PC on 28-05-2014 03:38:50
Running from C:\Users\Admin L\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-07] (Intel Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-27] (AVAST Software)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-13] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [183376 2014-05-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\RunOnce: [20140526] - C:\Program Files\AVAST Software\Avast\setup\emupdate\52760e9e-1874-4535-bf22-37d959bf5300.exe /check [182720 2014-05-28] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1022563546-1782848626-2376987420-1000\...\MountPoints2: {59ab83c7-b3d7-11e3-b62c-806e6f6e6963} - E:\InstAll.exe
AppInit_DLLs: C:\PROGRA~2\SN_X64~1.BOO => C:\Program Files (x86)\SN_x64.Booster [4210176 2014-05-21] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEEA960F2F548CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Admin L\AppData\Roaming\Mozilla\Firefox\Profiles\8x1rsdc4.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Admin L\AppData\Roaming\Mozilla\Firefox\Profiles\8x1rsdc4.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: SSavee! net - C:\Users\Admin L\AppData\Roaming\Mozilla\Firefox\Profiles\8x1rsdc4.default\Extensions\0spueou@xls.org [2014-05-21]
FF Extension: Avira Browser Safety - C:\Users\Admin L\AppData\Roaming\Mozilla\Firefox\Profiles\8x1rsdc4.default\Extensions\abs@avira.com [2014-05-28]
FF Extension: YoutubeAdblocker - C:\Users\Admin L\AppData\Roaming\Mozilla\Firefox\Profiles\8x1rsdc4.default\Extensions\wf5ecai@raoa-aoy.com [2014-05-21]
FF Extension: Adblock Plus - C:\Users\Admin L\AppData\Roaming\Mozilla\Firefox\Profiles\8x1rsdc4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-26]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-26]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (YoutubeAdblocker) - C:\Users\Admin L\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiodpijiceefjlolkcgadihfikhbpgdj [2014-05-21]
CHR Extension: (Social Face) - C:\Users\Admin L\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoodoglhbmpafkajmlggnjnngdclnie [2014-05-21]
CHR Extension: (SSavee! net) - C:\Users\Admin L\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcnieppaifbappmeimkdkacpdapbpnh [2014-05-21]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-20] (AVAST Software)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [123984 2014-05-14] (Avira Operations GmbH & Co. KG)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-20] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-20] ()
R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [17280 2012-08-05] ( )
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104560 2012-04-25] (Qualcomm Atheros Co., Ltd.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc.)
S3 ASUSProcObsrv; \??\E:\I386\AsPrOb64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-28 03:38 - 2014-05-28 03:39 - 00013384 _____ () C:\Users\Admin L\Downloads\FRST.txt
2014-05-28 03:38 - 2014-05-28 03:38 - 02066944 _____ (Farbar) C:\Users\Admin L\Downloads\FRST64.exe
2014-05-28 03:38 - 2014-05-28 03:38 - 00000000 ____D () C:\FRST
2014-05-28 03:37 - 2014-05-28 03:37 - 01056256 _____ (Farbar) C:\Users\Admin L\Downloads\FRST.exe
2014-05-28 03:21 - 2014-05-28 03:21 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-28 03:21 - 2014-05-28 03:21 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-28 03:21 - 2014-05-28 03:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-28 03:17 - 2014-05-28 03:17 - 00000000 __SHD () C:\Users\Admin L\AppData\Local\EmieUserList
2014-05-28 03:17 - 2014-05-28 03:17 - 00000000 __SHD () C:\Users\Admin L\AppData\Local\EmieSiteList
2014-05-28 03:16 - 2014-05-28 03:16 - 00002161 _____ () C:\Users\Admin L\Desktop\CCleaner - CHIP Downloader.lnk
2014-05-28 02:04 - 2014-05-28 02:04 - 00000000 ____D () C:\Users\Admin L\AppData\Roaming\Avira
2014-05-28 02:01 - 2014-05-09 11:16 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-28 02:01 - 2014-05-09 11:16 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-28 02:01 - 2014-05-09 11:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-05-28 01:58 - 2014-05-28 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-28 01:58 - 2014-05-28 02:01 - 00000000 ____D () C:\ProgramData\Avira
2014-05-28 01:58 - 2014-05-28 02:01 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-28 01:58 - 2014-05-28 01:58 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-05-28 01:58 - 2014-05-28 01:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-28 01:57 - 2014-05-28 01:57 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\Admin L\Downloads\avira_de_av_4001967932__ws.exe
2014-05-28 01:47 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-27 09:57 - 2014-05-27 09:58 - 01121374 _____ () C:\Users\Admin L\Downloads\Derivate-5603.zip
2014-05-21 07:57 - 2014-05-21 07:57 - 04210176 _____ () C:\Program Files (x86)\SN_x64.Booster
2014-05-21 07:56 - 2014-05-27 10:43 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker
2014-05-21 07:56 - 2014-05-27 10:31 - 00000000 ____D () C:\ProgramData\Savei, net
2014-05-21 07:56 - 2014-05-21 07:56 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdblocker
2014-05-21 07:56 - 2014-05-21 07:56 - 00000000 ____D () C:\Program Files (x86)\Savei, net
2014-05-21 07:55 - 2014-05-21 07:57 - 00000000 ____D () C:\ProgramData\24c72037cd6373cb
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Gast
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Administrator
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Admin L\AppData\Local\Torch
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Admin L\AppData\Local\Google
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Admin L\AppData\Local\Comodo
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Admin L\AppData\Local\Chromatic Browser
2014-05-21 07:53 - 2014-05-21 07:53 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-21 05:55 - 2014-05-21 05:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-05-21 05:22 - 2014-05-21 07:03 - 00000000 ____D () C:\Program Files\Recuva
2014-05-21 05:22 - 2014-05-21 05:22 - 00001658 _____ () C:\Users\Public\Desktop\Recuva.lnk
2014-05-21 05:22 - 2014-05-21 05:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2014-05-19 05:50 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-05-19 05:39 - 2014-05-19 05:39 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-19 05:39 - 2014-05-19 05:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-19 05:39 - 2014-05-19 05:39 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-19 05:39 - 2014-05-19 05:39 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-19 05:39 - 2014-05-19 05:39 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-19 05:39 - 2014-05-19 05:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-19 05:39 - 2014-05-19 05:39 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-19 05:39 - 2014-05-19 05:39 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-19 05:39 - 2014-05-19 05:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-19 05:39 - 2014-05-19 05:39 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-19 05:39 - 2014-05-19 05:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-19 05:37 - 2014-05-19 05:50 - 00009928 _____ () C:\Windows\IE11_main.log
2014-05-19 05:26 - 2010-02-23 10:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-05-19 05:20 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-19 05:19 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-19 05:18 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-19 05:18 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-19 05:18 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-19 05:18 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-19 05:18 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-19 05:18 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-19 05:18 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-19 05:18 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-19 05:18 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-19 05:18 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-19 05:18 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-19 05:18 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-19 05:18 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-19 05:18 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-19 05:18 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-19 05:18 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-19 05:18 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-19 05:18 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-19 05:18 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-19 05:18 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-19 05:18 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-19 05:18 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-19 05:18 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-19 05:18 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-19 05:18 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-19 05:18 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-19 05:18 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-19 05:18 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-19 05:18 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-19 05:18 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-19 05:18 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-19 05:18 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-19 05:18 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-19 05:18 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-19 05:18 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-19 05:18 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-19 05:18 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-19 05:18 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-19 05:18 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-19 05:18 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-19 05:18 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-19 05:16 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-05-19 05:16 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-05-19 05:16 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-05-19 05:16 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-05-19 05:13 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-19 05:13 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-05-19 05:13 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-05-19 05:13 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-05-19 05:13 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-05-19 05:13 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-05-19 05:13 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-19 05:13 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-05-19 05:13 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-05-19 05:13 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-05-19 05:13 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-05-17 15:12 - 2014-05-17 15:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

==================== One Month Modified Files and Folders =======

2014-05-28 03:39 - 2014-05-28 03:38 - 00013384 _____ () C:\Users\Admin L\Downloads\FRST.txt
2014-05-28 03:38 - 2014-05-28 03:38 - 02066944 _____ (Farbar) C:\Users\Admin L\Downloads\FRST64.exe
2014-05-28 03:38 - 2014-05-28 03:38 - 00000000 ____D () C:\FRST
2014-05-28 03:37 - 2014-05-28 03:37 - 01056256 _____ (Farbar) C:\Users\Admin L\Downloads\FRST.exe
2014-05-28 03:21 - 2014-05-28 03:21 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-28 03:21 - 2014-05-28 03:21 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-28 03:21 - 2014-05-28 03:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-28 03:21 - 2014-03-26 15:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-28 03:17 - 2014-05-28 03:17 - 00000000 __SHD () C:\Users\Admin L\AppData\Local\EmieUserList
2014-05-28 03:17 - 2014-05-28 03:17 - 00000000 __SHD () C:\Users\Admin L\AppData\Local\EmieSiteList
2014-05-28 03:16 - 2014-05-28 03:16 - 00002161 _____ () C:\Users\Admin L\Desktop\CCleaner - CHIP Downloader.lnk
2014-05-28 02:18 - 2011-04-12 09:43 - 00698926 _____ () C:\Windows\system32\perfh007.dat
2014-05-28 02:18 - 2011-04-12 09:43 - 00149034 _____ () C:\Windows\system32\perfc007.dat
2014-05-28 02:18 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-28 02:17 - 2014-03-25 06:43 - 01954794 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 02:17 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-28 02:17 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 02:12 - 2014-03-26 16:34 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-05-28 02:10 - 2014-03-26 17:13 - 00004930 _____ () C:\Windows\setupact.log
2014-05-28 02:10 - 2014-03-26 17:12 - 00104026 _____ () C:\Windows\PFRO.log
2014-05-28 02:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-28 02:04 - 2014-05-28 02:04 - 00000000 ____D () C:\Users\Admin L\AppData\Roaming\Avira
2014-05-28 02:02 - 2014-05-28 01:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-28 02:01 - 2014-05-28 01:58 - 00000000 ____D () C:\ProgramData\Avira
2014-05-28 02:01 - 2014-05-28 01:58 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-28 01:58 - 2014-05-28 01:58 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-05-28 01:58 - 2014-05-28 01:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-28 01:57 - 2014-05-28 01:57 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\Admin L\Downloads\avira_de_av_4001967932__ws.exe
2014-05-28 01:41 - 2014-03-25 23:53 - 00001413 _____ () C:\Users\Admin L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-28 01:41 - 2014-03-25 23:53 - 00000000 ___RD () C:\Users\Admin L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-28 01:41 - 2014-03-25 23:53 - 00000000 ___RD () C:\Users\Admin L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-28 01:40 - 2014-03-25 06:38 - 00000000 ____D () C:\Windows\Panther
2014-05-28 01:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-27 10:43 - 2014-05-21 07:56 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker
2014-05-27 10:31 - 2014-05-21 07:56 - 00000000 ____D () C:\ProgramData\Savei, net
2014-05-27 09:58 - 2014-05-27 09:57 - 01121374 _____ () C:\Users\Admin L\Downloads\Derivate-5603.zip
2014-05-23 08:29 - 2014-03-26 16:57 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-21 07:57 - 2014-05-21 07:57 - 04210176 _____ () C:\Program Files (x86)\SN_x64.Booster
2014-05-21 07:57 - 2014-05-21 07:55 - 00000000 ____D () C:\ProgramData\24c72037cd6373cb
2014-05-21 07:56 - 2014-05-21 07:56 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdblocker
2014-05-21 07:56 - 2014-05-21 07:56 - 00000000 ____D () C:\Program Files (x86)\Savei, net
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Gast
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Administrator
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Admin L\AppData\Local\Torch
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Admin L\AppData\Local\Google
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Admin L\AppData\Local\Comodo
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Admin L\AppData\Local\Chromatic Browser
2014-05-21 07:53 - 2014-05-21 07:53 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-21 07:03 - 2014-05-21 05:22 - 00000000 ____D () C:\Program Files\Recuva
2014-05-21 05:55 - 2014-05-21 05:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-05-21 05:22 - 2014-05-21 05:22 - 00001658 _____ () C:\Users\Public\Desktop\Recuva.lnk
2014-05-21 05:22 - 2014-05-21 05:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2014-05-21 00:20 - 2014-03-26 15:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-21 00:20 - 2014-03-26 15:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-21 00:17 - 2014-03-26 15:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-19 05:50 - 2014-05-19 05:37 - 00009928 _____ () C:\Windows\IE11_main.log
2014-05-19 05:39 - 2014-05-19 05:39 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-19 05:39 - 2014-05-19 05:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-19 05:39 - 2014-05-19 05:39 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-19 05:39 - 2014-05-19 05:39 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-19 05:39 - 2014-05-19 05:39 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-19 05:39 - 2014-05-19 05:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-19 05:39 - 2014-05-19 05:39 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-19 05:39 - 2014-05-19 05:39 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-19 05:39 - 2014-05-19 05:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-19 05:39 - 2014-05-19 05:39 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-19 05:39 - 2014-05-19 05:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-19 05:28 - 2014-03-26 02:30 - 01592784 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-19 05:26 - 2014-03-26 02:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-17 15:12 - 2014-05-17 15:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-05-16 03:30 - 2014-03-26 16:56 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-16 03:30 - 2014-03-26 16:56 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-16 03:30 - 2014-03-26 16:56 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-09 16:25 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-09 11:16 - 2014-05-28 02:01 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-09 11:16 - 2014-05-28 02:01 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-09 11:16 - 2014-05-28 02:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-05-06 02:52 - 2014-04-11 03:42 - 00000000 ____D () C:\Users\Admin L\AppData\Local\Microsoft Games
2014-05-04 17:12 - 2014-03-26 02:33 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-28 16:57 - 2011-04-12 09:54 - 00000000 ___RD () C:\Users\Public\Recorded TV

Some content of TEMP:
====================
C:\Users\Admin L\AppData\Local\Temp\avgnt.exe
C:\Users\Admin L\AppData\Local\Temp\TsuC9368B12.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-10 20:30

==================== End Of Log ============================

frst addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Admin L at 2014-05-28 03:39:43
Running from C:\Users\Admin L\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.1.3 - ASUS)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.15.16 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0020 - ASUS)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Avira (HKLM-x32\...\{68e29fba-92b1-4f6f-a604-1d8679da3a9f}) (Version: 1.1.13.24161 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.13.24161 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05152 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05152 - Cisco Systems, Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero Burning Core (x32 Version: 15.0.19000 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 15.0.19000 - Nero AG) Hidden
Nero Burning ROM 2014 (HKLM-x32\...\{326AD556-E540-4C3F-B197-4A9456DABCF3}) (Version: 15.0.01300 - Nero AG)
Nero Burning ROM Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.16700 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.22500 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.15003 - Nero AG) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Savei, net (HKLM-x32\...\{7DD5E91C-3864-77EC-7635-D14910C2A03E}) (Version: 4.3.0.1718 - save Net) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SN.Sustainer 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{1a34a8e0}) (Version:  - Certified Publisher) <==== ATTENTION
Windows-Treiberpaket - ASUS (ATP) Mouse  (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.38 - ASUS)
YoutubeAdblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: 3.2.0.1472 - YoutubeAdblocker) <==== ATTENTION

==================== Restore Points  =========================

27-05-2014 23:48:28 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0AB609F3-66E2-49E1-926F-94B95522191F} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-03-26] ()
Task: {22B769A1-65FB-4779-8EDF-8B98E13D7E63} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-15] (ASUS)
Task: {7921F42C-CAD0-459E-B8D2-FB3B23816EDF} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-01-16] (AsusTek)
Task: {CE369B90-EFB2-4794-B6BE-D6244150C92A} - System32\Tasks\ASUS Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2012-11-28] (ASUSTeK Computer Inc.)
Task: {E4CCC46F-8352-46C1-820C-513C70ED2E41} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-06-25] (ASUSTek Computer Inc.)
Task: {E912B2B4-3819-464D-B37B-E15279DB2BBE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {EFAF8DEC-1AE3-432A-B00D-B6944BD91A4E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-20] (AVAST Software)

==================== Loaded Modules (whitelisted) =============

2009-09-01 06:31 - 2009-09-01 06:31 - 00022016 _____ () C:\Windows\System32\ssp2ml6.dll
2010-07-14 17:11 - 2010-07-14 17:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-03-26 00:16 - 2012-02-22 09:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-12-13 00:36 - 2013-12-13 00:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-05-28 01:40 - 2014-05-28 01:40 - 02256384 _____ () C:\Program Files\AVAST Software\Avast\defs\14052701\algo.dll
2012-01-31 10:25 - 2012-01-31 10:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2014-05-14 14:27 - 2014-05-14 14:27 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-05-14 14:27 - 2014-05-14 14:27 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-03-26 16:56 - 2014-03-26 16:56 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-28 02:03 - 2014-05-14 14:27 - 00049744 _____ () C:\Users\Admin L\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-03-26 00:23 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-05-28 03:21 - 2014-05-07 04:27 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-21 00:19 - 2014-05-21 00:20 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2014 02:12:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2014 01:41:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/23/2014 09:16:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 29.0.1.5239, Zeitstempel: 0x536995c2
Name des fehlerhaften Moduls: mozalloc.dll, Version: 29.0.1.5239, Zeitstempel: 0x536968fa
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000119c
ID des fehlerhaften Prozesses: 0x1414
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (05/23/2014 09:16:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 29.0.1.5239 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 17f4

Startzeit: 01cf76b99b64c26e

Endzeit: 30

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: ac760f1b-e2ae-11e3-b069-e03f49cf4586

Error: (05/21/2014 07:58:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Kontrolle öffentlicher Räume pdf.exe, Version 2014.5.18.1727 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: f10

Startzeit: 01cf74b90cf37541

Endzeit: 0

Anwendungspfad: C:\Users\Admin L\Downloads\Kontrolle öffentlicher Räume pdf.exe

Berichts-ID:

Error: (05/14/2014 07:28:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 29.0.1.5239 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: a8c

Startzeit: 01cf6f3325b55a42

Endzeit: 30

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 16b17c3d-db8d-11e3-b069-e03f49cf4586

Error: (05/13/2014 04:51:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a144
Name des fehlerhaften Moduls: UIAnimation.dll, Version: 6.2.9200.16492, Zeitstempel: 0x50f309ee
Ausnahmecode: 0xc000041d
Fehleroffset: 0x00000000000068cc
ID des fehlerhaften Prozesses: 0x55c
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (05/13/2014 10:11:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a144
Name des fehlerhaften Moduls: UIAnimation.dll, Version: 6.2.9200.16492, Zeitstempel: 0x50f309ee
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000068cc
ID des fehlerhaften Prozesses: 0x55c
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (05/09/2014 04:26:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/06/2014 09:26:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bca54
Name des fehlerhaften Moduls: igdumd64.dll, Version: 8.15.10.2653, Zeitstempel: 0x4f3aac44
Ausnahmecode: 0xc000041d
Fehleroffset: 0x000000000030eb06
ID des fehlerhaften Prozesses: 0x1250
Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0
Pfad der fehlerhaften Anwendung: DllHost.exe1
Pfad des fehlerhaften Moduls: DllHost.exe2
Berichtskennung: DllHost.exe3


System errors:
=============
Error: (05/28/2014 01:43:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Sicherheitsupdate für Internet Explorer 8 für Windows 7 für x64-Systeme (KB2953522)

Error: (05/28/2014 01:34:18 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}

Error: (05/13/2014 06:28:35 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/08/2014 06:56:00 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (05/08/2014 06:55:53 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (05/08/2014 06:55:45 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (05/08/2014 06:55:37 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (05/08/2014 06:55:29 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (05/08/2014 06:55:21 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (05/08/2014 06:55:13 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.


Microsoft Office Sessions:
=========================
Error: (05/28/2014 02:12:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2014 01:41:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/23/2014 09:16:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe29.0.1.5239536995c2mozalloc.dll29.0.1.5239536968fa800000030000119c141401cf76b99c424978C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllaf9159e7-e2ae-11e3-b069-e03f49cf4586

Error: (05/23/2014 09:16:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe29.0.1.523917f401cf76b99b64c26e30C:\Program Files (x86)\Mozilla Firefox\firefox.exeac760f1b-e2ae-11e3-b069-e03f49cf4586

Error: (05/21/2014 07:58:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Kontrolle öffentlicher Räume pdf.exe2014.5.18.1727f1001cf74b90cf375410C:\Users\Admin L\Downloads\Kontrolle öffentlicher Räume pdf.exe

Error: (05/14/2014 07:28:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe29.0.1.5239a8c01cf6f3325b55a4230C:\Program Files (x86)\Mozilla Firefox\firefox.exe16b17c3d-db8d-11e3-b069-e03f49cf4586

Error: (05/13/2014 04:51:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175144ce7a144UIAnimation.dll6.2.9200.1649250f309eec000041d00000000000068cc55c01cf6b9276aca306C:\Windows\Explorer.EXEC:\Windows\System32\UIAnimation.dll1e9170e8-daae-11e3-b069-e03f49cf4586

Error: (05/13/2014 10:11:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175144ce7a144UIAnimation.dll6.2.9200.1649250f309eec000000500000000000068cc55c01cf6b9276aca306C:\Windows\Explorer.EXEC:\Windows\System32\UIAnimation.dll34105749-da76-11e3-b069-e03f49cf4586

Error: (05/09/2014 04:26:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/06/2014 09:26:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.1.7600.163854a5bca54igdumd64.dll8.15.10.26534f3aac44c000041d000000000030eb06125001cf68fc5cfedf91C:\Windows\system32\DllHost.exeC:\Windows\system32\igdumd64.dllaca97123-d4ef-11e3-920a-e03f49cf4586


==================== Memory info =========================== 

Percentage of memory in use: 53%
Total physical RAM: 3981.67 MB
Available physical RAM: 1867.6 MB
Total Pagefile: 7961.52 MB
Available Pagefile: 5639.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:64.27 GB) (Free:36.5 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:401.49 GB) (Free:400.7 GB) NTFS
Drive e: (PRIDE_AND_PREJUDICE) (CDROM) (Total:7.53 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 0007E1F7)
Partition 1: (Active) - (Size=64 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=401 GB) - (Type=07 NTFS)

==================== End Of Log ============================

gmer:

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-28 04:40:15
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.AX00 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\ADMINL~1\AppData\Local\Temp\awdiqpod.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\wininit.exe[628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                            0000000077a0ef8d 1 byte [62]
.text  C:\Windows\system32\services.exe[684] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           0000000077a0ef8d 1 byte [62]
.text  C:\Windows\system32\winlogon.exe[740] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           0000000077a0ef8d 1 byte [62]
.text  C:\Windows\System32\svchost.exe[588] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                            0000000077a0ef8d 1 byte [62]
.text  C:\Windows\system32\svchost.exe[820] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                            0000000077a0ef8d 1 byte [62]
.text  C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1252] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                         0000000075d4a2fd 1 byte [62]
.text  C:\Windows\Explorer.EXE[1476] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                   0000000077a0ef8d 1 byte [62]
.text  C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1496] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                           0000000075d4a2fd 1 byte [62]
.text  C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1532] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                             0000000075d4a2fd 1 byte [62]
.text  C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1540] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                           0000000075d4a2fd 1 byte [62]
.text  C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1856] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                             0000000075d4a2fd 1 byte [62]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1148] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                              0000000075d4a2fd 1 byte [62]
.text  C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1828] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                               0000000075d4a2fd 1 byte [62]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2024] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                  0000000075d4a2fd 1 byte [62]
.text  C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[2092] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                            0000000077a0ef8d 1 byte [62]
.text  C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2456] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                            0000000075d4a2fd 1 byte [62]
.text  C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2476] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                0000000075d4a2fd 1 byte [62]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2632] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                    0000000075d4a2fd 1 byte [62]
.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2808] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                            0000000075d4a2fd 1 byte [62]
.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          0000000075741465 2 bytes [74, 75]
.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                         00000000757414bb 2 bytes [74, 75]
.text  ...                                                                                                                                                                   * 2
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe[3016] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                 0000000077a0ef8d 1 byte [62]
.text  C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3944] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                               0000000075d4a2fd 1 byte [62]
.text  C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                    0000000077a0ef8d 1 byte [62]
.text  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3252] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                           0000000077a0ef8d 1 byte [62]
.text  C:\Program Files\Windows Sidebar\sidebar.exe[3716] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                              0000000077a0ef8d 1 byte [62]
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3104] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112  0000000075d4a2fd 1 byte [62]
.text  C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4076] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                              0000000075d4a2fd 1 byte [62]
.text  C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3496] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                       0000000075d4a2fd 1 byte [62]
.text  C:\Program Files\AVAST Software\Avast\avastui.exe[3144] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                                  0000000075d28791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text  C:\Program Files\AVAST Software\Avast\avastui.exe[3144] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                         0000000075d4a2fd 1 byte [62]
.text  C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3136] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                            0000000075d4a2fd 1 byte [62]
.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4044] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                                                0000000075d4a2fd 1 byte [62]
.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4044] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                              0000000075741465 2 bytes [74, 75]
.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4044] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                             00000000757414bb 2 bytes [74, 75]
.text  ...                                                                                                                                                                   * 2
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2528] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                    0000000075d4a2fd 1 byte [62]
.text  C:\Users\Admin L\Downloads\Gmer-19357.exe[4588] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                 0000000075d4a2fd 1 byte [62]

---- EOF - GMER 2.1 ----

schrauber · 28.05.2014, 06:01

hi,

Adware & Co. deinstallieren

Lade Dir bitte von hier Revo Uninstaller herunter.
Installiere und starte das Programm.
Suche im Uninstallerfeld nach den Programmen, die unter:

diesen Zusatz haben:
Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

TR/Dropper.Gen in C:Windows/Temp/.....

Log-Analyse und Auswertung: TR/Dropper.Gen in C:Windows/Temp/.....

TR/Dropper.Gen in C:Windows/Temp/.....

TR/Dropper.Gen in C:Windows/Temp/.....

Ähnliche Themen: TR/Dropper.Gen in C:Windows/Temp/.....