Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Win7 bootet nicht/ driver aswrvrt.sys / driver CLASSPNP.SYS

Win7 bootet nicht/ driver aswrvrt.sys / driver CLASSPNP.SYS


Log-Analyse und Auswertung: Win7 bootet nicht/ driver aswrvrt.sys / driver CLASSPNP.SYS

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 01.01.2015, 19:54   #1
hateinprob
 
Win7 bootet nicht/ driver aswrvrt.sys / driver CLASSPNP.SYS - Standard

Win7 bootet nicht/ driver aswrvrt.sys / driver CLASSPNP.SYS


Erstmal guten Abend und frohes neues Jahr.

Habe meinen PC Anfang Dezember mit Recovery auf Werkseinstellungen zurückgestellt wegen diverser Performance-Probleme.

Angaben zum System: Betriebssystem ist Win7 Home Premium 64 Bit Service Pack 1

Vireprogramm war (dazu später mehr) Avast Free Version (auf aktuell 2015.10.0.2208)

Ansonsten sind nur die von Win/Microsoft standartmäßigen Sicherheitsprogramme drauf.

Habe den PC in der Nacht vom 27ten auf den 28ten ordnungsgemäß und ohne Probleme runtergefahren.

Am 27ten war booten nicht mehr möglich nach dem "Windows starten"-Screen blieb es schwarz (der Anmeldesound kam noch) und nach dem bewegen der Maus hat man noch den Cursor gesehen aber das wars dann auch.

Abgesicherter Modus - > blieb ca 5 Minuten bei driver aswrvrt.sys hängen dann direkter Neustart in den Blackscreen
Alle USB-Geräte ausser Maus/Tastatur abgeschlossen neu gestartet und in den Abgesicherten Modus gekommen

Konsistenzprüfung, dann versucht ne Systemwiederherstellung auf den 26ten zu machen -> Meldung Boot C: enthält Fehler -> Dateisystem auf Boot C: beschädigt -> Datenträger C auf Fehler überprüft, wieder in den abgesicherten Modus und die Systemwiederherstellung angeworfen um nach erfolgreichem zurücksetzen (vielleicht terminlich nicht weit genug?) wieder einen Blackscreen zu bekommen.

Im Avast-Forum zu dem die aswrvrt.sys gehören soll nach Hilfe gefragt dort eine Clean-Deinstall-Exe bekommen und Avast deinstalliert.

Der normale Bootvorgang klappt immer noch nicht und beim abgesicherten Modus geht das ganze jetzt bis CLASSPNP.SYS wo es ein paar Minuten bleibt bis es wieder in den normalen Bootvorgang übergeht der wieder im Blackscreen endet.

Beim nächsten Bootvorgang im abgesicherten Modus komischerweiße wieder zum einloggen gekommen.

Hab dann nachgeprüft und der "Program Files" Eintrag von Avast ist gelöscht und unter "ProgramData" gibt es unter "Persistant Data" noch einen Clear-Log.

Wollte noch mal in die Recovery schauen aber hab beim Versuch anscheinend nicht den genauen Zeitpunkt erwischt und der Com fuhr hoch und siehe da, alles klappte, konnte mich anmelden, alles funktionierte.

Neues Anti-Viren Programm von nem sauberen System runtergeladen (Avira) , geupdatet und kompletten Suchgang durchlaufen lassen (Keine Befunde - finde aber grade den Report nicht).

Beim nächsten Neustart hatte ich allerdings wieder den Blackscreen.

Bin einfach nur noch ratlos, Abgesicherter Modus hängt auch wieder bei CLASSPNP.SYS

In den Abgesicherten Modus mit Netzwerk komme ich übrigens nicht rein falls das relevant ist.

Hier jetzt die logs:

Defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:16 on 01/01/2015 (Matze)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2015
Ran by Matze (administrator) on SUNSTRIKERS-PC on 01-01-2015 19:17:36
Running from C:\Users\Matze\Desktop
Loaded Profile: Matze (Available profiles: Matze & Matze_2)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\Matze\Desktop\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-10] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-245380145-1818160504-329303441-1000\...\MountPoints2: {0fb27d8d-7028-11e4-bdf2-806e6f6e6963} - F:\Setup\rsrc\Autorun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-245380145-1818160504-329303441-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.com
HKU\S-1-5-21-245380145-1818160504-329303441-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
HKU\S-1-5-21-245380145-1818160504-329303441-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com
HKU\S-1-5-21-245380145-1818160504-329303441-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
SearchScopes: HKU\S-1-5-21-245380145-1818160504-329303441-1000 -> DefaultScope {20DBA794-258F-47E5-8F47-6FBC497B7B57} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-245380145-1818160504-329303441-1000 -> {20DBA794-258F-47E5-8F47-6FBC497B7B57} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\3aadn4mx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\3aadn4mx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-19]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [833728 2014-11-18] (Valve Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 19:17 - 2015-01-01 19:18 - 00009068 _____ () C:\Users\Matze\Desktop\FRST.txt
2015-01-01 19:17 - 2015-01-01 19:17 - 00000000 ____D () C:\FRST
2015-01-01 19:16 - 2015-01-01 19:16 - 00000472 _____ () C:\Users\Matze\Desktop\defogger_disable.log
2015-01-01 19:16 - 2015-01-01 19:16 - 00000000 _____ () C:\Users\Matze\defogger_reenable
2015-01-01 19:12 - 2015-01-01 19:12 - 02123264 _____ (Farbar) C:\Users\Matze\Desktop\FRST64.exe
2015-01-01 19:12 - 2015-01-01 19:12 - 00380416 _____ () C:\Users\Matze\Desktop\Gmer-19357.exe
2015-01-01 19:11 - 2015-01-01 19:12 - 00050477 _____ () C:\Users\Matze\Desktop\Defogger.exe
2015-01-01 18:14 - 2015-01-01 18:14 - 00000000 ____D () C:\Users\Matze\Documents\Sports Interactive
2015-01-01 18:14 - 2015-01-01 18:14 - 00000000 ____D () C:\Users\Matze\AppData\Local\Sports Interactive
2015-01-01 16:23 - 2015-01-01 16:23 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-01 16:23 - 2015-01-01 16:22 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-01 16:16 - 2015-01-01 16:16 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\Avira
2015-01-01 16:15 - 2015-01-01 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-01 16:15 - 2015-01-01 16:15 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-01 16:14 - 2015-01-01 16:23 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-01 16:14 - 2015-01-01 16:17 - 00000000 ____D () C:\ProgramData\Avira
2015-01-01 16:14 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-01 16:14 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-01 16:14 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-01 13:54 - 2015-01-01 13:54 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-01 13:47 - 2015-01-01 13:47 - 00000000 __SHD () C:\found.001
2015-01-01 13:36 - 2014-12-30 15:42 - 154051656 _____ () C:\Users\Matze\Desktop\avira_free_antivirus468_de.exe
2015-01-01 13:36 - 2014-12-30 10:37 - 05040384 _____ (AVAST Software) C:\Users\Matze\Desktop\avastclear.exe
2014-12-28 20:57 - 2014-12-28 20:57 - 00000000 __SHD () C:\found.000
2014-12-28 17:30 - 2014-12-28 17:30 - 00020112 ____N () C:\bootsqm.dat
2014-12-26 09:33 - 2014-12-26 09:33 - 00000197 _____ () C:\Windows\system32\2014-12-26-08-33-14.032-AvastVBoxSVC.exe-2704.log
2014-12-26 01:49 - 2014-12-26 02:03 - 174021065 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.02_changes.rar
2014-12-26 01:21 - 2014-12-26 01:31 - 121677162 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.01_changes.rar
2014-12-26 01:00 - 2014-12-26 01:03 - 42330856 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part16.rar
2014-12-26 00:18 - 2014-12-26 00:58 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part15.rar
2014-12-25 23:23 - 2014-12-26 00:03 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part14.rar
2014-12-25 22:31 - 2014-12-25 23:11 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part13.rar
2014-12-25 21:35 - 2014-12-25 22:15 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part12.rar
2014-12-25 20:37 - 2014-12-25 21:18 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part11.rar
2014-12-25 19:46 - 2014-12-25 20:26 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part10.rar
2014-12-25 18:58 - 2014-12-25 19:38 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part09.rar
2014-12-25 17:54 - 2014-12-25 18:35 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part08.rar
2014-12-25 16:59 - 2014-12-25 17:39 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part07.rar
2014-12-25 14:22 - 2014-12-25 15:02 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part06.rar
2014-12-25 14:21 - 2014-12-25 14:22 - 01759473 _____ () C:\Users\Matze_2\Downloads\Bundesliga 2.rar
2014-12-25 13:53 - 2014-12-25 13:54 - 02278406 _____ () C:\Users\Matze_2\Downloads\Premier League Standard14-15.rar
2014-12-25 13:47 - 2014-12-25 13:47 - 03572373 _____ () C:\Users\Matze_2\Downloads\Europe Nations Standard14-15.rar
2014-12-25 13:47 - 2014-12-25 13:47 - 00000000 ____D () C:\Users\Matze_2\Desktop\14-15 Bundesliga
2014-12-25 13:40 - 2014-12-25 14:20 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part05.rar
2014-12-25 12:34 - 2014-12-25 13:14 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part04.rar
2014-12-25 12:31 - 2014-12-25 12:32 - 00000197 _____ () C:\Windows\system32\2014-12-25-11-31-47.079-AvastVBoxSVC.exe-3428.log
2014-12-25 03:32 - 2014-12-25 04:12 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part03.rar
2014-12-25 02:00 - 2014-12-25 02:40 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part02.rar
2014-12-25 00:51 - 2014-12-25 01:31 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part01.rar
2014-12-24 23:15 - 2014-12-25 00:46 - 00000000 ____D () C:\Users\Matze_2\Desktop\PMSC Portrait Facepack 3.00
2014-12-24 22:23 - 2014-12-26 21:23 - 00000000 ____D () C:\Users\Matze_2\Desktop\BU FM15
2014-12-24 21:20 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-12-24 21:20 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-12-24 21:20 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-12-24 21:20 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-12-24 21:20 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-12-24 21:20 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-12-24 21:20 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-12-24 21:20 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-12-24 21:20 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-12-24 21:20 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-12-24 21:20 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-12-24 21:20 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-12-24 21:20 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-12-24 21:20 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-12-24 21:20 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-12-24 21:20 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-12-24 21:18 - 2014-12-24 21:32 - 00000000 ____D () C:\Users\Matze_2\Documents\Sports Interactive
2014-12-24 21:18 - 2014-12-24 21:18 - 00000000 ____D () C:\Users\Public\Documents\Sports Interactive
2014-12-24 21:18 - 2014-12-24 21:18 - 00000000 ____D () C:\Users\Matze_2\AppData\Local\Sports Interactive
2014-12-24 21:11 - 2014-12-24 21:11 - 00000202 _____ () C:\Users\Matze_2\Desktop\Football Manager 2015.url
2014-12-24 21:11 - 2014-12-24 21:11 - 00000000 ____D () C:\Users\Matze_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-24 20:48 - 2014-12-24 20:48 - 00000516 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-12-24 20:48 - 2014-12-24 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-24 13:33 - 2014-12-24 14:08 - 422168961 _____ () C:\Users\Matze_2\Downloads\metallic_logos_fm2015_v1.part08.rar
2014-12-24 12:47 - 2014-12-24 13:29 - 510000000 _____ () C:\Users\Matze_2\Downloads\metallic_logos_fm2015_v1.part07.rar
2014-12-24 12:47 - 2014-12-24 12:47 - 01233040 _____ () C:\Users\Matze_2\Downloads\MEGAPACK 71 Updates by claassen.rar
2014-12-24 12:03 - 2014-12-24 12:03 - 06765610 _____ () C:\Users\Matze_2\Downloads\14-15 Bundesliga.rar
2014-12-24 11:58 - 2014-12-24 12:40 - 510000000 _____ () C:\Users\Matze_2\Downloads\metallic_logos_fm2015_v1.part06.rar
2014-12-24 11:52 - 2014-12-24 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-24 09:57 - 2014-12-24 09:58 - 00752435 _____ () C:\Users\Matze_2\Downloads\FM15 Real Names Fix Files from sortitoutsi.net v1.1.rar
2014-12-24 09:54 - 2014-12-24 10:36 - 510000000 _____ () C:\Users\Matze_2\Downloads\metallic_logos_fm2015_v1.part05.rar
2014-12-24 09:53 - 2014-12-24 12:39 - 510000000 _____ () C:\Users\Matze_2\Downloads\metallic_logos_fm2015_v1.part04.rar
2014-12-24 09:47 - 2014-12-24 09:48 - 00000197 _____ () C:\Windows\system32\2014-12-24-08-47-48.016-AvastVBoxSVC.exe-3944.log
2014-12-24 00:10 - 2014-12-24 00:10 - 00388112 _____ () C:\Users\Matze_2\Downloads\fake.lnc-FM15_2.1.zip
2014-12-23 21:57 - 2014-12-23 22:16 - 145300350 _____ () C:\Users\Matze_2\Downloads\PMSC Portrait Update 3.03.rar
2014-12-23 21:57 - 2014-12-23 22:02 - 102081868 _____ () C:\Users\Matze_2\Downloads\PMSC Portrait Update 3.04.rar
2014-12-23 21:45 - 2014-12-23 21:53 - 153943630 _____ () C:\Users\Matze_2\Downloads\PMSC Portrait Update 3.02.rar
2014-12-23 21:34 - 2014-12-24 00:21 - 510000000 _____ () C:\Users\Matze_2\Downloads\metallic_logos_fm2015_v1.part03.rar
2014-12-23 21:27 - 2014-12-23 21:41 - 301033963 _____ () C:\Users\Matze_2\Downloads\PMSC Portrait Update 3.01.rar
2014-12-23 18:29 - 2014-12-23 21:15 - 510000000 _____ () C:\Users\Matze_2\Downloads\metallic_logos_fm2015_v1.part02.rar
2014-12-23 18:28 - 2014-12-23 21:54 - 99816662 _____ () C:\Users\Matze_2\Downloads\PMSC Portrait Facepack 3.00.part2.rar
2014-12-23 15:04 - 2014-12-23 17:29 - 3127771136 _____ () C:\Users\Matze_2\Downloads\PMSC Portrait Facepack 3.00.part1.rar
2014-12-23 15:02 - 2014-12-23 17:49 - 510000000 _____ () C:\Users\Matze_2\Downloads\metallic_logos_fm2015_v1.part01.rar
2014-12-23 14:22 - 2014-12-23 14:23 - 00000197 _____ () C:\Windows\system32\2014-12-23-13-22-55.023-AvastVBoxSVC.exe-3912.log
2014-12-22 09:10 - 2014-12-22 09:10 - 00000197 _____ () C:\Windows\system32\2014-12-22-08-10-27.042-AvastVBoxSVC.exe-2680.log
2014-12-21 14:45 - 2014-12-21 14:46 - 00000197 _____ () C:\Windows\system32\2014-12-21-13-45-47.052-AvastVBoxSVC.exe-3556.log
2014-12-20 23:50 - 2014-12-20 23:51 - 00000197 _____ () C:\Windows\system32\2014-12-20-22-50-43.042-AvastVBoxSVC.exe-3028.log
2014-12-20 13:28 - 2014-12-20 13:29 - 00000197 _____ () C:\Windows\system32\2014-12-20-12-28-42.036-AvastVBoxSVC.exe-2776.log
2014-12-20 02:03 - 2014-12-20 02:03 - 00000197 _____ () C:\Windows\system32\2014-12-20-01-03-07.064-AvastVBoxSVC.exe-2968.log
2014-12-19 11:05 - 2014-12-19 11:06 - 00000197 _____ () C:\Windows\system32\2014-12-19-10-05-22.048-AvastVBoxSVC.exe-2740.log
2014-12-18 10:57 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 10:57 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-18 10:52 - 2014-12-18 10:52 - 00000197 _____ () C:\Windows\system32\2014-12-18-09-52-26.038-AvastVBoxSVC.exe-2308.log
2014-12-17 10:21 - 2014-12-17 10:21 - 00000197 _____ () C:\Windows\system32\2014-12-17-09-21-13.081-AvastVBoxSVC.exe-2284.log
2014-12-17 02:00 - 2014-12-17 02:00 - 00000247 _____ () C:\Windows\system32\2014-12-17-01-00-45.055-aswFe.exe-5568.log
2014-12-17 01:56 - 2014-12-17 02:00 - 00000247 _____ () C:\Windows\system32\2014-12-17-00-56-10.082-aswFe.exe-10076.log
2014-12-17 01:56 - 2014-12-17 01:56 - 00000197 _____ () C:\Windows\system32\2014-12-17-00-56-05.031-AvastVBoxSVC.exe-8260.log
2014-12-16 12:11 - 2014-12-16 12:11 - 00000197 _____ () C:\Windows\system32\2014-12-16-11-11-03.095-AvastVBoxSVC.exe-2932.log
2014-12-15 12:00 - 2014-12-15 12:00 - 00000000 ____D () C:\Users\Matze\Documents\Stalker-SHOC
2014-12-15 11:58 - 2014-12-15 11:58 - 00000994 _____ () C:\Users\Public\Desktop\S.T.A.L.K.E.R. Shadow of Chernobyl.lnk
2014-12-15 11:58 - 2014-12-15 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-12-15 11:22 - 2014-12-15 11:22 - 00000000 ____D () C:\Users\Matze_2\Downloads\stalker_soc_manual
2014-12-15 11:21 - 2014-12-15 11:21 - 01984982 _____ () C:\Users\Matze_2\Downloads\stalker_soc_manual.zip
2014-12-15 11:19 - 2014-12-15 11:48 - 3565193396 _____ () C:\Users\Matze_2\Downloads\setup_stalker_shoc_2.1.0.7.bin
2014-12-15 11:19 - 2014-12-15 11:20 - 30398064 _____ (GOG.com ) C:\Users\Matze_2\Downloads\setup_stalker_shoc_2.1.0.7.exe
2014-12-15 11:03 - 2014-12-15 11:04 - 00000197 _____ () C:\Windows\system32\2014-12-15-10-03-54.081-AvastVBoxSVC.exe-3420.log
2014-12-14 23:58 - 2014-12-14 23:59 - 00000197 _____ () C:\Windows\system32\2014-12-14-22-58-48.094-AvastVBoxSVC.exe-3920.log
2014-12-14 10:02 - 2014-12-14 10:02 - 00000197 _____ () C:\Windows\system32\2014-12-14-09-02-27.071-AvastVBoxSVC.exe-3060.log
2014-12-13 14:25 - 2014-12-13 14:25 - 00000197 _____ () C:\Windows\system32\2014-12-13-13-25-18.061-AvastVBoxSVC.exe-3120.log
2014-12-12 09:17 - 2014-12-12 09:17 - 00000197 _____ () C:\Windows\system32\2014-12-12-08-17-34.072-AvastVBoxSVC.exe-2960.log
2014-12-12 08:58 - 2014-12-12 08:58 - 00000197 _____ () C:\Windows\system32\2014-12-12-07-58-47.019-AvastVBoxSVC.exe-2916.log
2014-12-11 09:29 - 2014-12-11 09:29 - 00000197 _____ () C:\Windows\system32\2014-12-11-08-29-03.022-AvastVBoxSVC.exe-2660.log
2014-12-11 00:56 - 2014-12-11 00:56 - 00000197 _____ () C:\Windows\system32\2014-12-10-23-56-09.036-AvastVBoxSVC.exe-2592.log
2014-12-11 00:51 - 2014-12-11 00:51 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 00:41 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 00:41 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 00:41 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-11 00:41 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-11 00:41 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-11 00:41 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 00:41 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-11 00:41 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-11 00:41 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-11 00:41 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-11 00:28 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 00:28 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 00:28 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 00:28 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 00:28 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 00:28 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 00:28 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 00:28 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 00:28 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 00:28 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 00:28 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 00:28 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 00:28 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 00:28 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 00:28 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 00:28 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 00:28 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 00:28 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 00:28 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 00:28 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 00:28 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 00:28 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 00:28 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 00:28 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 00:28 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 00:28 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 00:28 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 00:28 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 00:28 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 00:28 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 00:28 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 00:28 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 00:28 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 00:28 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 00:28 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 00:28 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 00:28 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 00:28 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 00:28 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 00:28 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 00:28 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 00:28 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 00:28 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 00:28 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 00:28 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 00:28 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 00:28 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 00:28 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 00:28 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 00:28 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 00:28 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 00:28 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 00:28 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 00:28 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 00:28 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 00:28 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 00:28 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 00:28 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 00:28 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 00:27 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 00:27 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 00:27 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 00:27 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 00:27 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 00:27 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 00:27 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 00:27 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-11 00:27 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 00:27 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-11 00:27 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 00:27 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 00:27 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 00:27 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 00:27 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 00:27 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 00:27 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 00:27 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 00:27 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 00:27 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-11 00:19 - 2014-12-11 00:19 - 00000197 _____ () C:\Windows\system32\2014-12-10-23-19-10.049-AvastVBoxSVC.exe-2792.log
2014-12-10 09:26 - 2014-12-10 09:27 - 00000197 _____ () C:\Windows\system32\2014-12-10-08-26-57.047-AvastVBoxSVC.exe-3544.log
2014-12-09 12:27 - 2014-12-09 12:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-09 10:58 - 2014-12-09 10:59 - 00000197 _____ () C:\Windows\system32\2014-12-09-09-58-58.091-AvastVBoxSVC.exe-3032.log
2014-12-08 08:52 - 2014-12-08 08:52 - 00000197 _____ () C:\Windows\system32\2014-12-08-07-52-26.007-AvastVBoxSVC.exe-1788.log
2014-12-07 06:55 - 2014-12-07 06:55 - 00000197 _____ () C:\Windows\system32\2014-12-07-05-55-34.010-AvastVBoxSVC.exe-2512.log
2014-12-06 07:36 - 2014-12-06 07:37 - 00000197 _____ () C:\Windows\system32\2014-12-06-06-36-54.020-AvastVBoxSVC.exe-2904.log
2014-12-05 07:00 - 2014-12-05 07:00 - 00000197 _____ () C:\Windows\system32\2014-12-05-06-00-44.092-AvastVBoxSVC.exe-3368.log
2014-12-04 06:41 - 2014-12-04 06:42 - 47382624 _____ () C:\Users\Matze_2\Downloads\DepTCJ_PC_Patch_3.0_to_3.1_Multi_Daedalic_Retail.exe
2014-12-04 06:41 - 2014-12-04 06:42 - 21566237 _____ () C:\Users\Matze_2\Downloads\DepTCJ_PC_Patch_3.1_to_3.2_Multi_Daedalic_Retail.exe
2014-12-04 06:18 - 2014-12-04 06:18 - 00001194 _____ () C:\Users\Matze_2\Desktop\Deponia.lnk
2014-12-04 06:17 - 2014-12-04 06:18 - 00000197 _____ () C:\Windows\system32\2014-12-04-05-17-35.055-AvastVBoxSVC.exe-2632.log
2014-12-03 16:55 - 2014-12-03 16:55 - 00000000 ____D () C:\Users\Matze_2\AppData\Roaming\de.daedalic.puzzledeponia1
2014-12-03 16:17 - 2014-12-03 16:17 - 00000000 ____D () C:\Users\Matze_2\AppData\Local\Daedalic Entertainment GmbH
2014-12-03 14:49 - 2014-12-03 14:49 - 00000738 _____ () C:\Users\Matze\Desktop\Deponia – The Puzzle.lnk
2014-12-03 14:49 - 2014-12-03 14:49 - 00000000 ____D () C:\Users\Matze\AppData\Local\Daedalic Entertainment GmbH
2014-12-03 14:48 - 2014-12-03 14:49 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment
2014-12-03 14:48 - 2014-12-03 14:48 - 00000851 _____ () C:\Users\Matze\Desktop\Deponia - The Complete Journey.lnk
2014-12-03 14:47 - 2015-01-01 16:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-03 07:23 - 2014-12-03 07:23 - 00000247 _____ () C:\Windows\system32\2014-12-03-06-23-18.027-aswFe.exe-328.log
2014-12-03 07:13 - 2014-12-03 07:23 - 00000247 _____ () C:\Windows\system32\2014-12-03-06-13-48.058-aswFe.exe-4520.log
2014-12-03 07:13 - 2014-12-03 07:13 - 00000197 _____ () C:\Windows\system32\2014-12-03-06-13-44.096-AvastVBoxSVC.exe-3204.log
2014-12-03 06:31 - 2014-12-03 06:31 - 00000247 _____ () C:\Windows\system32\2014-12-03-05-31-23.035-aswFe.exe-4904.log
2014-12-03 06:24 - 2014-12-03 06:31 - 00000247 _____ () C:\Windows\system32\2014-12-03-05-24-33.017-aswFe.exe-304.log
2014-12-03 06:24 - 2014-12-03 06:24 - 00000197 _____ () C:\Windows\system32\2014-12-03-05-24-27.083-AvastVBoxSVC.exe-4968.log
2014-12-03 04:55 - 2014-12-03 04:55 - 00000247 _____ () C:\Windows\system32\2014-12-03-03-55-29.004-aswFe.exe-1648.log
2014-12-03 04:50 - 2014-12-03 04:55 - 00000247 _____ () C:\Windows\system32\2014-12-03-03-50-35.014-aswFe.exe-4160.log
2014-12-03 04:50 - 2014-12-03 04:50 - 00000197 _____ () C:\Windows\system32\2014-12-03-03-50-30.043-AvastVBoxSVC.exe-2604.log
2014-12-03 03:49 - 2014-12-03 03:49 - 00000247 _____ () C:\Windows\system32\2014-12-03-02-49-20.023-aswFe.exe-2964.log
2014-12-03 03:44 - 2014-12-03 03:49 - 00000247 _____ () C:\Windows\system32\2014-12-03-02-44-34.078-aswFe.exe-1104.log
2014-12-03 03:44 - 2014-12-03 03:44 - 00000197 _____ () C:\Windows\system32\2014-12-03-02-44-30.082-AvastVBoxSVC.exe-4468.log
2014-12-03 03:23 - 2014-12-03 03:23 - 00000247 _____ () C:\Windows\system32\2014-12-03-02-23-53.079-aswFe.exe-3652.log
2014-12-03 03:18 - 2014-12-03 03:23 - 00000247 _____ () C:\Windows\system32\2014-12-03-02-18-29.069-aswFe.exe-4308.log
2014-12-03 03:18 - 2014-12-03 03:18 - 00000197 _____ () C:\Windows\system32\2014-12-03-02-18-25.093-AvastVBoxSVC.exe-4672.log
2014-12-03 02:29 - 2014-12-03 02:29 - 00000247 _____ () C:\Windows\system32\2014-12-03-01-29-03.090-aswFe.exe-4120.log
2014-12-03 02:24 - 2014-12-03 02:28 - 00000247 _____ () C:\Windows\system32\2014-12-03-01-24-27.090-aswFe.exe-1708.log
2014-12-03 02:24 - 2014-12-03 02:24 - 00000197 _____ () C:\Windows\system32\2014-12-03-01-24-23.037-AvastVBoxSVC.exe-3664.log
2014-12-02 13:15 - 2014-12-02 13:15 - 00000197 _____ () C:\Windows\system32\2014-12-02-12-15-02.022-AvastVBoxSVC.exe-2584.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 19:16 - 2014-11-19 13:18 - 00000000 ____D () C:\Users\Matze
2015-01-01 19:15 - 2010-05-12 09:18 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2015-01-01 19:15 - 2010-05-12 09:18 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2015-01-01 19:15 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-01 19:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-01 19:07 - 2009-07-14 05:51 - 00040092 _____ () C:\Windows\setupact.log
2015-01-01 18:35 - 2010-06-02 17:14 - 01583736 _____ () C:\Windows\PFRO.log
2015-01-01 18:31 - 2014-11-19 15:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-01 18:31 - 2014-11-19 13:11 - 01292372 _____ () C:\Windows\WindowsUpdate.log
2015-01-01 16:18 - 2009-07-14 05:45 - 00018704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-01 16:18 - 2009-07-14 05:45 - 00018704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-01 16:11 - 2014-11-19 13:19 - 00001425 _____ () C:\Users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-01 13:39 - 2014-11-19 16:22 - 00000000 ____D () C:\Users\Matze_2
2014-12-30 10:13 - 2014-11-19 13:20 - 00058016 _____ () C:\Users\Matze\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-29 03:59 - 2014-11-19 16:22 - 00000000 ____D () C:\Users\Matze_2\AppData\Roaming\TP-LINK
2014-12-29 03:58 - 2009-07-14 08:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-29 03:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-12-25 12:31 - 2014-11-19 13:39 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-24 21:20 - 2010-06-01 17:52 - 00114237 _____ () C:\Windows\DirectX.log
2014-12-20 17:40 - 2014-11-20 10:00 - 00000892 _____ () C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk
2014-12-17 22:19 - 2014-11-20 11:59 - 00000000 ____D () C:\Users\Matze_2\AppData\Local\The Witcher
2014-12-15 12:01 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-12 11:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 09:14 - 2014-11-19 13:45 - 00000000 ____D () C:\Users\Matze\AppData\Local\Adobe
2014-12-12 09:13 - 2014-11-19 15:09 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-12 09:13 - 2014-11-19 15:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 09:13 - 2014-11-19 15:09 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-11 00:51 - 2014-11-19 14:43 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 00:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 00:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 00:44 - 2014-11-19 14:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 00:42 - 2010-06-01 16:50 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 09:23 - 2014-11-19 13:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-03 16:55 - 2014-11-21 16:44 - 00000000 ____D () C:\Users\Matze_2\AppData\Local\Adobe
2014-12-03 16:55 - 2014-11-20 08:50 - 00000000 ____D () C:\Users\Matze_2\AppData\Roaming\Adobe
2014-12-03 10:57 - 2014-11-28 04:20 - 00000000 ____D () C:\Users\Matze_2\AppData\Local\Microsoft Games

Some content of TEMP:
====================
C:\Users\Matze\AppData\Local\Temp\avgnt.exe
C:\Users\Matze\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Matze_2\AppData\Local\Temp\war3_Install.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 18:38

==================== End Of Log ============================
--- --- ---


Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2015
Ran by Matze at 2015-01-01 19:18:22
Running from C:\Users\Matze\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.35 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0935-000001000000}) (Version: 9.35.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{4C5C7B62-C959-5FEB-FAD6-B7A0BE68B868}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
ccc-core-static (x32 Version: 2010.0406.2133.36843 - ATI) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2515 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
Deponia - The Complete Journey (HKLM-x32\...\Deponia The Complete Journey) (Version: 3.2 - Daedalic Entertainment)
Deponia – The Puzzle (HKLM-x32\...\Deponia – The Puzzle_is1) (Version: 1.0 - Daedalic Entertainment)
Football Manager 2015 (HKLM-x32\...\Steam App 295270) (Version:  - Sports Interactive)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.5.1003 - Intel Corporation)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Medion Home Cinema (HKLM-x32\...\InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}) (Version: 6.0.0000 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 6.0.0000 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM-x32\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6083 - Realtek Semiconductor Corp.)
S.T.A.L.K.E.R. Shadow of Chernobyl (HKLM-x32\...\1207660573_is1) (Version: 2.1.0.7 - GOG.com)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
The Witcher Enhanced Edition (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.4.5.1280 - CD Projekt Red)
TL-WN822N/TL-WN821N Driver (HKLM-x32\...\{62FE0726-9652-4CD2-9F09-C769D8699C21}) (Version: 1.0.0 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK)
Vampire - The Masquerade Bloodlines (HKLM-x32\...\InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}) (Version: 1.00.0000 - Activision)
Vampire - The Masquerade Bloodlines (x32 Version: 1.00.0000 - Activision) Hidden
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

17-12-2014 15:08:33 Geplanter Prüfpunkt
18-12-2014 12:56:18 Windows Update
23-12-2014 16:51:29 Windows Update
24-12-2014 11:51:44 Installed 7-Zip 9.35 (x64 edition)
24-12-2014 21:15:41 DirectX wurde installiert
24-12-2014 21:18:58 DirectX wurde installiert
26-12-2014 22:10:17 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4C44D172-ED67-4ADA-853C-DD054ABDDD02} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {BA07F79F-C878-4002-AAFB-2C3D03CD1B9A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2015-01-01 19:11 - 2015-01-01 19:12 - 00050477 _____ () C:\Users\Matze\Desktop\Defogger.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-245380145-1818160504-329303441-500 - Administrator - Disabled)
Gast (S-1-5-21-245380145-1818160504-329303441-501 - Limited - Disabled)
Matze (S-1-5-21-245380145-1818160504-329303441-1000 - Administrator - Enabled) => C:\Users\Matze
Matze_2 (S-1-5-21-245380145-1818160504-329303441-1001 - Limited - Enabled) => C:\Users\Matze_2

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/01/2015 04:11:30 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (1840) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.

Error: (01/01/2015 04:11:16 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (2860) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.

Error: (12/30/2014 10:11:29 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -550.

Error: (12/29/2014 03:45:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -1216.

Error: (12/29/2014 03:45:55 AM) (Source: ESENT) (EventID: 454) (User: )
Description: Catalog Database (916) Catalog Database: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1216 auf.

Error: (12/29/2014 03:45:55 AM) (Source: ESENT) (EventID: 494) (User: )
Description: Catalog Database (916) Catalog Database: Bei der Datenbankwiederherstellung ist ein Fehler aufgetreten (Fehler -1216), da Verweise auf Datenbank "C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" festgestellt wurden, die nicht mehr vorhanden ist. Die Datenbank wurde nicht sauber heruntergefahren, bevor sie entfernt (oder möglicherweise verschoben oder umbenannt) wurde. Das Datenbankmodul lässt den Abschluss der Wiederherstellung für diese Instanz erst dann zu, wenn die fehlende Datenbank wieder verfügbar gemacht wird. Wenn die Datenbank tatsächlich nicht mehr verfügbar oder nicht mehr erforderlich ist, finden Sie Informationen zum Beheben dieses Fehlers in der Microsoft Knowledge Base oder unter dem Link "Weitere Informationen" am Ende dieser Meldung.

Error: (12/28/2014 11:17:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fm.exe, Version: 15.2.1.0, Zeitstempel: 0x548f21aa
Name des fehlerhaften Moduls: fm.exe, Version: 15.2.1.0, Zeitstempel: 0x548f21aa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00e43f06
ID des fehlerhaften Prozesses: 0x20d0
Startzeit der fehlerhaften Anwendung: 0xfm.exe0
Pfad der fehlerhaften Anwendung: fm.exe1
Pfad des fehlerhaften Moduls: fm.exe2
Berichtskennung: fm.exe3

Error: (12/28/2014 03:52:50 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (12/28/2014 02:56:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: fm.exe, Version: 15.2.1.0, Zeitstempel: 0x548f21aa
Name des fehlerhaften Moduls: fm.exe, Version: 15.2.1.0, Zeitstempel: 0x548f21aa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00e43f06
ID des fehlerhaften Prozesses: 0x148c
Startzeit der fehlerhaften Anwendung: 0xfm.exe0
Pfad der fehlerhaften Anwendung: fm.exe1
Pfad des fehlerhaften Moduls: fm.exe2
Berichtskennung: fm.exe3

Error: (12/28/2014 01:30:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm fm.exe, Version 15.2.1.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c5c

Startzeit: 01d021d83055d3f6

Endzeit: 16

Anwendungspfad: D:\Steam\steamapps\common\Football Manager 2015\fm.exe

Berichts-ID: ac536517-8e28-11e4-bc3b-6c626d0fc752


System errors:
=============
Error: (01/01/2015 07:11:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/01/2015 07:11:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/01/2015 07:11:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/01/2015 07:11:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/01/2015 07:11:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/01/2015 07:11:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/01/2015 07:11:01 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/01/2015 07:11:01 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/01/2015 07:10:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (01/01/2015 07:10:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (01/01/2015 04:11:30 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail1840WindowsMail0:

Error: (01/01/2015 04:11:16 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail2860WindowsMail0:

Error: (12/30/2014 10:11:29 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -550

Error: (12/29/2014 03:45:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -1216

Error: (12/29/2014 03:45:55 AM) (Source: ESENT) (EventID: 454) (User: )
Description: Catalog Database916Catalog Database: -1216

Error: (12/29/2014 03:45:55 AM) (Source: ESENT) (EventID: 494) (User: )
Description: Catalog Database916Catalog Database: -1216C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb

Error: (12/28/2014 11:17:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: fm.exe15.2.1.0548f21aafm.exe15.2.1.0548f21aac000000500e43f0620d001d0225c905693ccD:\Steam\steamapps\common\Football Manager 2015\fm.exeD:\Steam\steamapps\common\Football Manager 2015\fm.exec11e5b61-8e7a-11e4-bc3b-6c626d0fc752

Error: (12/28/2014 03:52:50 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (12/28/2014 02:56:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: fm.exe15.2.1.0548f21aafm.exe15.2.1.0548f21aac000000500e43f06148c01d022357cfa4c61D:\Steam\steamapps\common\Football Manager 2015\fm.exeD:\Steam\steamapps\common\Football Manager 2015\fm.exec8c0948d-8e34-11e4-bc3b-6c626d0fc752

Error: (12/28/2014 01:30:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: fm.exe15.2.1.0c5c01d021d83055d3f616D:\Steam\steamapps\common\Football Manager 2015\fm.exeac536517-8e28-11e4-bc3b-6c626d0fc752


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 9%
Total physical RAM: 8183.11 MB
Available physical RAM: 7399.36 MB
Total Pagefile: 16364.41 MB
Available Pagefile: 15605.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:1366.16 GB) (Free:1253.84 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:437.62 GB) NTFS
Drive e: (Recover) (Fixed) (Total:30 GB) (Free:13.89 GB) NTFS
Drive i: (INTENSO USB) (Removable) (Total:3.73 GB) (Free:3.36 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397.3 GB) (Disk ID: ACBFBE42)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1366.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 207E8B9E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0C)

==================== End Of Log ============================
Gmer:

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-01 19:33:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD15 rev.80.0 1397,27GB
Running: Gmer-19357.exe; Driver: C:\Users\Matze\AppData\Local\Temp\fxldruoc.sys


---- Disk sectors - GMER 2.1 ----

Disk  \Device\Harddisk0\DR0  unknown MBR code

---- EOF - GMER 2.1 ----
Danke schon mal für die Mühe.
Geändert von hateinprob (01.01.2015 um 20:16 Uhr)

 

Themen zu Win7 bootet nicht/ driver aswrvrt.sys / driver CLASSPNP.SYS
antivir, antivirus, avira, bingbar, booten, browser, cursor, fehler, flash player, helper, home, hängen, hängt, maus, mozilla, netzwerk, realtek, registry, scan, security, software, starten, svchost.exe, system, vcredist, werkseinstellungen, windows, windows xp


« Programme minimieren sich automatisch | GVU Trojaner mit Win 8 »


Ähnliche Themen: Win7 bootet nicht/ driver aswrvrt.sys / driver CLASSPNP.SYS


  1. PC bootet wegen aswrvrt sys nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 31.03.2015 (5)
  2. Win7 bootet nicht/ schwarzer Bildschirm / Abgesicherter Modus funktioniert nicht /driver aswrvrt.sys
    Alles rund um Windows - 28.12.2014 (5)
  3. W7 bootet in Endlosschleife, Classpnp.sys, c000021a BlueScreen
    Log-Analyse und Auswertung - 10.12.2014 (13)
  4. Driver verifier detected violation, Deinstallation nicht möglich
    Alles rund um Windows - 03.08.2014 (3)
  5. Auf einmal ging mein driver Genius nicht mehr und nach neuinstalation steht (Online Downloader funktioniert nicht mehr
    Alles rund um Windows - 13.05.2014 (2)
  6. Graphics Driver
    Log-Analyse und Auswertung - 22.09.2013 (19)
  7. Driver Turbo
    Alles rund um Windows - 17.01.2013 (1)
  8. Driver Turbo #2
    Mülltonne - 17.01.2013 (0)
  9. Bugcode Usb Driver Win XP Sp 3
    Netzwerk und Hardware - 05.08.2009 (1)
  10. Wo finde ich SM-Bus Controller driver?
    Netzwerk und Hardware - 27.07.2009 (2)
  11. Driver Device
    Plagegeister aller Art und deren Bekämpfung - 30.11.2008 (4)
  12. X icon auf C driver
    Mülltonne - 03.02.2008 (1)
  13. System32/Driver/Ntfs.sys
    Alles rund um Windows - 04.01.2007 (1)
  14. windows driver package msn ????
    Alles rund um Windows - 04.12.2006 (8)
  15. windows driver package msn
    Mülltonne - 29.11.2006 (1)
  16. Bad DirectSound Driver...
    Alles rund um Windows - 30.04.2006 (2)
  17. Getarnt als HP driver???
    Plagegeister aller Art und deren Bekämpfung - 02.06.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win7 bootet nicht/ driver aswrvrt.sys / driver CLASSPNP.SYS - Erstmal guten Abend und frohes neues Jahr. Habe meinen PC Anfang Dezember mit Recovery auf Werkseinstellungen zurückgestellt wegen diverser Performance-Probleme. Angaben zum System: Betriebssystem ist Win7 Home Premium 64 Bit - Win7 bootet nicht/ driver aswrvrt.sys / driver CLASSPNP.SYS...
Archiv
Du betrachtest: Win7 bootet nicht/ driver aswrvrt.sys / driver CLASSPNP.SYS auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19