![]() |
|
Log-Analyse und Auswertung: Win7 bootet nicht/ driver aswrvrt.sys / driver CLASSPNP.SYSWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() ![]() | ![]() Win7 bootet nicht/ driver aswrvrt.sys / driver CLASSPNP.SYS Erstmal guten Abend und frohes neues Jahr. Habe meinen PC Anfang Dezember mit Recovery auf Werkseinstellungen zurückgestellt wegen diverser Performance-Probleme. Angaben zum System: Betriebssystem ist Win7 Home Premium 64 Bit Service Pack 1 Vireprogramm war (dazu später mehr) Avast Free Version (auf aktuell 2015.10.0.2208) Ansonsten sind nur die von Win/Microsoft standartmäßigen Sicherheitsprogramme drauf. Habe den PC in der Nacht vom 27ten auf den 28ten ordnungsgemäß und ohne Probleme runtergefahren. Am 27ten war booten nicht mehr möglich nach dem "Windows starten"-Screen blieb es schwarz (der Anmeldesound kam noch) und nach dem bewegen der Maus hat man noch den Cursor gesehen aber das wars dann auch. Abgesicherter Modus - > blieb ca 5 Minuten bei driver aswrvrt.sys hängen dann direkter Neustart in den Blackscreen Alle USB-Geräte ausser Maus/Tastatur abgeschlossen neu gestartet und in den Abgesicherten Modus gekommen Konsistenzprüfung, dann versucht ne Systemwiederherstellung auf den 26ten zu machen -> Meldung Boot C: enthält Fehler -> Dateisystem auf Boot C: beschädigt -> Datenträger C auf Fehler überprüft, wieder in den abgesicherten Modus und die Systemwiederherstellung angeworfen um nach erfolgreichem zurücksetzen (vielleicht terminlich nicht weit genug?) wieder einen Blackscreen zu bekommen. Im Avast-Forum zu dem die aswrvrt.sys gehören soll nach Hilfe gefragt dort eine Clean-Deinstall-Exe bekommen und Avast deinstalliert. Der normale Bootvorgang klappt immer noch nicht und beim abgesicherten Modus geht das ganze jetzt bis CLASSPNP.SYS wo es ein paar Minuten bleibt bis es wieder in den normalen Bootvorgang übergeht der wieder im Blackscreen endet. Beim nächsten Bootvorgang im abgesicherten Modus komischerweiße wieder zum einloggen gekommen. Hab dann nachgeprüft und der "Program Files" Eintrag von Avast ist gelöscht und unter "ProgramData" gibt es unter "Persistant Data" noch einen Clear-Log. Wollte noch mal in die Recovery schauen aber hab beim Versuch anscheinend nicht den genauen Zeitpunkt erwischt und der Com fuhr hoch und siehe da, alles klappte, konnte mich anmelden, alles funktionierte. Neues Anti-Viren Programm von nem sauberen System runtergeladen (Avira) , geupdatet und kompletten Suchgang durchlaufen lassen (Keine Befunde - finde aber grade den Report nicht). Beim nächsten Neustart hatte ich allerdings wieder den Blackscreen. Bin einfach nur noch ratlos, Abgesicherter Modus hängt auch wieder bei CLASSPNP.SYS In den Abgesicherten Modus mit Netzwerk komme ich übrigens nicht rein falls das relevant ist. Hier jetzt die logs: Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 19:16 on 01/01/2015 (Matze) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2015 Ran by Matze (administrator) on SUNSTRIKERS-PC on 01-01-2015 19:17:36 Running from C:\Users\Matze\Desktop Loaded Profile: Matze (Available profiles: Matze & Matze_2) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Safe Mode (minimal) Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Users\Matze\Desktop\Defogger.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-07] (Realtek Semiconductor) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-10] (Intel Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-07] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-245380145-1818160504-329303441-1000\...\MountPoints2: {0fb27d8d-7028-11e4-bdf2-806e6f6e6963} - F:\Setup\rsrc\Autorun.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-20] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-245380145-1818160504-329303441-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.com HKU\S-1-5-21-245380145-1818160504-329303441-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com HKU\S-1-5-21-245380145-1818160504-329303441-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com HKU\S-1-5-21-245380145-1818160504-329303441-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com SearchScopes: HKU\S-1-5-21-245380145-1818160504-329303441-1000 -> DefaultScope {20DBA794-258F-47E5-8F47-6FBC497B7B57} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-245380145-1818160504-329303441-1000 -> {20DBA794-258F-47E5-8F47-6FBC497B7B57} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\3aadn4mx.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll () FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Adblock Plus - C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\3aadn4mx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-19] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG) S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [833728 2014-11-18] (Valve Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG) S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG) S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-01 19:17 - 2015-01-01 19:18 - 00009068 _____ () C:\Users\Matze\Desktop\FRST.txt 2015-01-01 19:17 - 2015-01-01 19:17 - 00000000 ____D () C:\FRST 2015-01-01 19:16 - 2015-01-01 19:16 - 00000472 _____ () C:\Users\Matze\Desktop\defogger_disable.log 2015-01-01 19:16 - 2015-01-01 19:16 - 00000000 _____ () C:\Users\Matze\defogger_reenable 2015-01-01 19:12 - 2015-01-01 19:12 - 02123264 _____ (Farbar) C:\Users\Matze\Desktop\FRST64.exe 2015-01-01 19:12 - 2015-01-01 19:12 - 00380416 _____ () C:\Users\Matze\Desktop\Gmer-19357.exe 2015-01-01 19:11 - 2015-01-01 19:12 - 00050477 _____ () C:\Users\Matze\Desktop\Defogger.exe 2015-01-01 18:14 - 2015-01-01 18:14 - 00000000 ____D () C:\Users\Matze\Documents\Sports Interactive 2015-01-01 18:14 - 2015-01-01 18:14 - 00000000 ____D () C:\Users\Matze\AppData\Local\Sports Interactive 2015-01-01 16:23 - 2015-01-01 16:23 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-01-01 16:23 - 2015-01-01 16:22 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-01-01 16:16 - 2015-01-01 16:16 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\Avira 2015-01-01 16:15 - 2015-01-01 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-01-01 16:15 - 2015-01-01 16:15 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2015-01-01 16:14 - 2015-01-01 16:23 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-01-01 16:14 - 2015-01-01 16:17 - 00000000 ____D () C:\ProgramData\Avira 2015-01-01 16:14 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-01-01 16:14 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-01-01 16:14 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2015-01-01 13:54 - 2015-01-01 13:54 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-01-01 13:47 - 2015-01-01 13:47 - 00000000 __SHD () C:\found.001 2015-01-01 13:36 - 2014-12-30 15:42 - 154051656 _____ () C:\Users\Matze\Desktop\avira_free_antivirus468_de.exe 2015-01-01 13:36 - 2014-12-30 10:37 - 05040384 _____ (AVAST Software) C:\Users\Matze\Desktop\avastclear.exe 2014-12-28 20:57 - 2014-12-28 20:57 - 00000000 __SHD () C:\found.000 2014-12-28 17:30 - 2014-12-28 17:30 - 00020112 ____N () C:\bootsqm.dat 2014-12-26 09:33 - 2014-12-26 09:33 - 00000197 _____ () C:\Windows\system32\2014-12-26-08-33-14.032-AvastVBoxSVC.exe-2704.log 2014-12-26 01:49 - 2014-12-26 02:03 - 174021065 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.02_changes.rar 2014-12-26 01:21 - 2014-12-26 01:31 - 121677162 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.01_changes.rar 2014-12-26 01:00 - 2014-12-26 01:03 - 42330856 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part16.rar 2014-12-26 00:18 - 2014-12-26 00:58 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part15.rar 2014-12-25 23:23 - 2014-12-26 00:03 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part14.rar 2014-12-25 22:31 - 2014-12-25 23:11 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part13.rar 2014-12-25 21:35 - 2014-12-25 22:15 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part12.rar 2014-12-25 20:37 - 2014-12-25 21:18 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part11.rar 2014-12-25 19:46 - 2014-12-25 20:26 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part10.rar 2014-12-25 18:58 - 2014-12-25 19:38 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part09.rar 2014-12-25 17:54 - 2014-12-25 18:35 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part08.rar 2014-12-25 16:59 - 2014-12-25 17:39 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part07.rar 2014-12-25 14:22 - 2014-12-25 15:02 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part06.rar 2014-12-25 14:21 - 2014-12-25 14:22 - 01759473 _____ () C:\Users\Matze_2\Downloads\Bundesliga 2.rar 2014-12-25 13:53 - 2014-12-25 13:54 - 02278406 _____ () C:\Users\Matze_2\Downloads\Premier League Standard14-15.rar 2014-12-25 13:47 - 2014-12-25 13:47 - 03572373 _____ () C:\Users\Matze_2\Downloads\Europe Nations Standard14-15.rar 2014-12-25 13:47 - 2014-12-25 13:47 - 00000000 ____D () C:\Users\Matze_2\Desktop\14-15 Bundesliga 2014-12-25 13:40 - 2014-12-25 14:20 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part05.rar 2014-12-25 12:34 - 2014-12-25 13:14 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part04.rar 2014-12-25 12:31 - 2014-12-25 12:32 - 00000197 _____ () C:\Windows\system32\2014-12-25-11-31-47.079-AvastVBoxSVC.exe-3428.log 2014-12-25 03:32 - 2014-12-25 04:12 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part03.rar 2014-12-25 02:00 - 2014-12-25 02:40 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part02.rar 2014-12-25 00:51 - 2014-12-25 01:31 - 490000000 _____ () C:\Users\Matze_2\Downloads\sortitoutsi_cutout_megapack_7.00.part01.rar 2014-12-24 23:15 - 2014-12-25 00:46 - 00000000 ____D () C:\Users\Matze_2\Desktop\PMSC Portrait Facepack 3.00 2014-12-24 22:23 - 2014-12-26 21:23 - 00000000 ____D () C:\Users\Matze_2\Desktop\BU FM15 2014-12-24 21:20 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2014-12-24 21:20 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2014-12-24 21:20 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2014-12-24 21:20 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2014-12-24 21:20 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2014-12-24 21:20 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2014-12-24 21:20 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2014-12-24 21:20 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2014-12-24 21:20 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2014-12-24 21:20 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2014-12-24 21:20 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2014-12-24 21:20 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2014-12-24 21:20 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2014-12-24 21:20 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2014-12-24 21:20 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2014-12-24 21:20 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2014-12-24 21:18 - 2014-12-24 21:32 - 00000000 ____D () C:\Users\Matze_2\Documents\Sports Interactive 2014-12-24 21:18 - 2014-12-24 21:18 - 00000000 ____D () C:\Users\Public\Documents\Sports Interactive 2014-12-24 21:18 - 2014-12-24 21:18 - 00000000 ____D () C:\Users\Matze_2\AppData\Local\Sports Interactive 2014-12-24 21:11 - 2014-12-24 21:11 - 00000202 _____ () C:\Users\Matze_2\Desktop\Football Manager 2015.url 2014-12-24 21:11 - 2014-12-24 21:11 - 00000000 ____D () C:\Users\Matze_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-12-24 20:48 - 2014-12-24 20:48 - 00000516 _____ () C:\Users\Public\Desktop\Steam.lnk 2014-12-24 20:48 - 2014-12-24 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2014-12-24 13:33 - 2014-12-24 14:08 - 422168961 _____ () C:\Users\Matze_2\Downloads\metallic_logos_fm2015_v1.part08.rar 2014-12-24 12:47 - 2014-12-24 13:29 - 510000000 _____ () C:\Users\Matze_2\Downloads\metallic_logos_fm2015_v1.part07.rar 2014-12-24 12:47 - 2014-12-24 12:47 - 01233040 _____ () C:\Users\Matze_2\Downloads\MEGAPACK 71 Updates by claassen.rar 2014-12-24 12:03 - 2014-12-24 12:03 - 06765610 _____ () C:\Users\Matze_2\Downloads\14-15 Bundesliga.rar 2014-12-24 11:58 - 2014-12-24 12:40 - 510000000 _____ () C:\Users\Matze_2\Downloads\metallic_logos_fm2015_v1.part06.rar 2014-12-24 11:52 - 2014-12-24 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-12-24 09:57 - 2014-12-24 09:58 - 00752435 _____ () C:\Users\Matze_2\Downloads\FM15 Real Names Fix Files from sortitoutsi.net v1.1.rar 2014-12-24 09:54 - 2014-12-24 10:36 - 510000000 _____ () C:\Users\Matze_2\Downloads\metallic_logos_fm2015_v1.part05.rar 2014-12-24 09:53 - 2014-12-24 12:39 - 510000000 _____ () C:\Users\Matze_2\Downloads\metallic_logos_fm2015_v1.part04.rar 2014-12-24 09:47 - 2014-12-24 09:48 - 00000197 _____ () C:\Windows\system32\2014-12-24-08-47-48.016-AvastVBoxSVC.exe-3944.log 2014-12-24 00:10 - 2014-12-24 00:10 - 00388112 _____ () C:\Users\Matze_2\Downloads\fake.lnc-FM15_2.1.zip 2014-12-23 21:57 - 2014-12-23 22:16 - 145300350 _____ () C:\Users\Matze_2\Downloads\PMSC Portrait Update 3.03.rar 2014-12-23 21:57 - 2014-12-23 22:02 - 102081868 _____ () C:\Users\Matze_2\Downloads\PMSC Portrait Update 3.04.rar 2014-12-23 21:45 - 2014-12-23 21:53 - 153943630 _____ () C:\Users\Matze_2\Downloads\PMSC Portrait Update 3.02.rar 2014-12-23 21:34 - 2014-12-24 00:21 - 510000000 _____ () C:\Users\Matze_2\Downloads\metallic_logos_fm2015_v1.part03.rar 2014-12-23 21:27 - 2014-12-23 21:41 - 301033963 _____ () C:\Users\Matze_2\Downloads\PMSC Portrait Update 3.01.rar 2014-12-23 18:29 - 2014-12-23 21:15 - 510000000 _____ () C:\Users\Matze_2\Downloads\metallic_logos_fm2015_v1.part02.rar 2014-12-23 18:28 - 2014-12-23 21:54 - 99816662 _____ () C:\Users\Matze_2\Downloads\PMSC Portrait Facepack 3.00.part2.rar 2014-12-23 15:04 - 2014-12-23 17:29 - 3127771136 _____ () C:\Users\Matze_2\Downloads\PMSC Portrait Facepack 3.00.part1.rar 2014-12-23 15:02 - 2014-12-23 17:49 - 510000000 _____ () C:\Users\Matze_2\Downloads\metallic_logos_fm2015_v1.part01.rar 2014-12-23 14:22 - 2014-12-23 14:23 - 00000197 _____ () C:\Windows\system32\2014-12-23-13-22-55.023-AvastVBoxSVC.exe-3912.log 2014-12-22 09:10 - 2014-12-22 09:10 - 00000197 _____ () C:\Windows\system32\2014-12-22-08-10-27.042-AvastVBoxSVC.exe-2680.log 2014-12-21 14:45 - 2014-12-21 14:46 - 00000197 _____ () C:\Windows\system32\2014-12-21-13-45-47.052-AvastVBoxSVC.exe-3556.log 2014-12-20 23:50 - 2014-12-20 23:51 - 00000197 _____ () C:\Windows\system32\2014-12-20-22-50-43.042-AvastVBoxSVC.exe-3028.log 2014-12-20 13:28 - 2014-12-20 13:29 - 00000197 _____ () C:\Windows\system32\2014-12-20-12-28-42.036-AvastVBoxSVC.exe-2776.log 2014-12-20 02:03 - 2014-12-20 02:03 - 00000197 _____ () C:\Windows\system32\2014-12-20-01-03-07.064-AvastVBoxSVC.exe-2968.log 2014-12-19 11:05 - 2014-12-19 11:06 - 00000197 _____ () C:\Windows\system32\2014-12-19-10-05-22.048-AvastVBoxSVC.exe-2740.log 2014-12-18 10:57 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-18 10:57 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-18 10:52 - 2014-12-18 10:52 - 00000197 _____ () C:\Windows\system32\2014-12-18-09-52-26.038-AvastVBoxSVC.exe-2308.log 2014-12-17 10:21 - 2014-12-17 10:21 - 00000197 _____ () C:\Windows\system32\2014-12-17-09-21-13.081-AvastVBoxSVC.exe-2284.log 2014-12-17 02:00 - 2014-12-17 02:00 - 00000247 _____ () C:\Windows\system32\2014-12-17-01-00-45.055-aswFe.exe-5568.log 2014-12-17 01:56 - 2014-12-17 02:00 - 00000247 _____ () C:\Windows\system32\2014-12-17-00-56-10.082-aswFe.exe-10076.log 2014-12-17 01:56 - 2014-12-17 01:56 - 00000197 _____ () C:\Windows\system32\2014-12-17-00-56-05.031-AvastVBoxSVC.exe-8260.log 2014-12-16 12:11 - 2014-12-16 12:11 - 00000197 _____ () C:\Windows\system32\2014-12-16-11-11-03.095-AvastVBoxSVC.exe-2932.log 2014-12-15 12:00 - 2014-12-15 12:00 - 00000000 ____D () C:\Users\Matze\Documents\Stalker-SHOC 2014-12-15 11:58 - 2014-12-15 11:58 - 00000994 _____ () C:\Users\Public\Desktop\S.T.A.L.K.E.R. Shadow of Chernobyl.lnk 2014-12-15 11:58 - 2014-12-15 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2014-12-15 11:22 - 2014-12-15 11:22 - 00000000 ____D () C:\Users\Matze_2\Downloads\stalker_soc_manual 2014-12-15 11:21 - 2014-12-15 11:21 - 01984982 _____ () C:\Users\Matze_2\Downloads\stalker_soc_manual.zip 2014-12-15 11:19 - 2014-12-15 11:48 - 3565193396 _____ () C:\Users\Matze_2\Downloads\setup_stalker_shoc_2.1.0.7.bin 2014-12-15 11:19 - 2014-12-15 11:20 - 30398064 _____ (GOG.com ) C:\Users\Matze_2\Downloads\setup_stalker_shoc_2.1.0.7.exe 2014-12-15 11:03 - 2014-12-15 11:04 - 00000197 _____ () C:\Windows\system32\2014-12-15-10-03-54.081-AvastVBoxSVC.exe-3420.log 2014-12-14 23:58 - 2014-12-14 23:59 - 00000197 _____ () C:\Windows\system32\2014-12-14-22-58-48.094-AvastVBoxSVC.exe-3920.log 2014-12-14 10:02 - 2014-12-14 10:02 - 00000197 _____ () C:\Windows\system32\2014-12-14-09-02-27.071-AvastVBoxSVC.exe-3060.log 2014-12-13 14:25 - 2014-12-13 14:25 - 00000197 _____ () C:\Windows\system32\2014-12-13-13-25-18.061-AvastVBoxSVC.exe-3120.log 2014-12-12 09:17 - 2014-12-12 09:17 - 00000197 _____ () C:\Windows\system32\2014-12-12-08-17-34.072-AvastVBoxSVC.exe-2960.log 2014-12-12 08:58 - 2014-12-12 08:58 - 00000197 _____ () C:\Windows\system32\2014-12-12-07-58-47.019-AvastVBoxSVC.exe-2916.log 2014-12-11 09:29 - 2014-12-11 09:29 - 00000197 _____ () C:\Windows\system32\2014-12-11-08-29-03.022-AvastVBoxSVC.exe-2660.log 2014-12-11 00:56 - 2014-12-11 00:56 - 00000197 _____ () C:\Windows\system32\2014-12-10-23-56-09.036-AvastVBoxSVC.exe-2592.log 2014-12-11 00:51 - 2014-12-11 00:51 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-11 00:41 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-11 00:41 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-11 00:41 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-12-11 00:41 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-12-11 00:41 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-12-11 00:41 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-12-11 00:41 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-12-11 00:41 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-12-11 00:41 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-12-11 00:41 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-12-11 00:28 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-11 00:28 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-11 00:28 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-11 00:28 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-11 00:28 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-11 00:28 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-11 00:28 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-11 00:28 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2014-12-11 00:28 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-11 00:28 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-11 00:28 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-11 00:28 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-11 00:28 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-11 00:28 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-11 00:28 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-11 00:28 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-11 00:28 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-11 00:28 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-11 00:28 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-11 00:28 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-11 00:28 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-11 00:28 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-11 00:28 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-11 00:28 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-11 00:28 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-11 00:28 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-11 00:28 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-11 00:28 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-11 00:28 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-11 00:28 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-11 00:28 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-11 00:28 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-11 00:28 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-11 00:28 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-11 00:28 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-11 00:28 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-11 00:28 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-11 00:28 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-11 00:28 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-11 00:28 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-11 00:28 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-11 00:28 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-11 00:28 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-11 00:28 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-11 00:28 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-11 00:28 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-11 00:28 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-11 00:28 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-11 00:28 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-11 00:28 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-11 00:28 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-11 00:28 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-11 00:28 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-11 00:28 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-11 00:28 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-11 00:28 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-11 00:28 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-11 00:28 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-11 00:28 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-11 00:27 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-11 00:27 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-11 00:27 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-11 00:27 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-11 00:27 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-11 00:27 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-11 00:27 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-11 00:27 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-11 00:27 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-11 00:27 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-11 00:27 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-11 00:27 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-11 00:27 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-11 00:27 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-11 00:27 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-11 00:27 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-11 00:27 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-11 00:27 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-11 00:27 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-11 00:27 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-11 00:19 - 2014-12-11 00:19 - 00000197 _____ () C:\Windows\system32\2014-12-10-23-19-10.049-AvastVBoxSVC.exe-2792.log 2014-12-10 09:26 - 2014-12-10 09:27 - 00000197 _____ () C:\Windows\system32\2014-12-10-08-26-57.047-AvastVBoxSVC.exe-3544.log 2014-12-09 12:27 - 2014-12-09 12:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-09 10:58 - 2014-12-09 10:59 - 00000197 _____ () C:\Windows\system32\2014-12-09-09-58-58.091-AvastVBoxSVC.exe-3032.log 2014-12-08 08:52 - 2014-12-08 08:52 - 00000197 _____ () C:\Windows\system32\2014-12-08-07-52-26.007-AvastVBoxSVC.exe-1788.log 2014-12-07 06:55 - 2014-12-07 06:55 - 00000197 _____ () C:\Windows\system32\2014-12-07-05-55-34.010-AvastVBoxSVC.exe-2512.log 2014-12-06 07:36 - 2014-12-06 07:37 - 00000197 _____ () C:\Windows\system32\2014-12-06-06-36-54.020-AvastVBoxSVC.exe-2904.log 2014-12-05 07:00 - 2014-12-05 07:00 - 00000197 _____ () C:\Windows\system32\2014-12-05-06-00-44.092-AvastVBoxSVC.exe-3368.log 2014-12-04 06:41 - 2014-12-04 06:42 - 47382624 _____ () C:\Users\Matze_2\Downloads\DepTCJ_PC_Patch_3.0_to_3.1_Multi_Daedalic_Retail.exe 2014-12-04 06:41 - 2014-12-04 06:42 - 21566237 _____ () C:\Users\Matze_2\Downloads\DepTCJ_PC_Patch_3.1_to_3.2_Multi_Daedalic_Retail.exe 2014-12-04 06:18 - 2014-12-04 06:18 - 00001194 _____ () C:\Users\Matze_2\Desktop\Deponia.lnk 2014-12-04 06:17 - 2014-12-04 06:18 - 00000197 _____ () C:\Windows\system32\2014-12-04-05-17-35.055-AvastVBoxSVC.exe-2632.log 2014-12-03 16:55 - 2014-12-03 16:55 - 00000000 ____D () C:\Users\Matze_2\AppData\Roaming\de.daedalic.puzzledeponia1 2014-12-03 16:17 - 2014-12-03 16:17 - 00000000 ____D () C:\Users\Matze_2\AppData\Local\Daedalic Entertainment GmbH 2014-12-03 14:49 - 2014-12-03 14:49 - 00000738 _____ () C:\Users\Matze\Desktop\Deponia – The Puzzle.lnk 2014-12-03 14:49 - 2014-12-03 14:49 - 00000000 ____D () C:\Users\Matze\AppData\Local\Daedalic Entertainment GmbH 2014-12-03 14:48 - 2014-12-03 14:49 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment 2014-12-03 14:48 - 2014-12-03 14:48 - 00000851 _____ () C:\Users\Matze\Desktop\Deponia - The Complete Journey.lnk 2014-12-03 14:47 - 2015-01-01 16:23 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-03 07:23 - 2014-12-03 07:23 - 00000247 _____ () C:\Windows\system32\2014-12-03-06-23-18.027-aswFe.exe-328.log 2014-12-03 07:13 - 2014-12-03 07:23 - 00000247 _____ () C:\Windows\system32\2014-12-03-06-13-48.058-aswFe.exe-4520.log 2014-12-03 07:13 - 2014-12-03 07:13 - 00000197 _____ () C:\Windows\system32\2014-12-03-06-13-44.096-AvastVBoxSVC.exe-3204.log 2014-12-03 06:31 - 2014-12-03 06:31 - 00000247 _____ () C:\Windows\system32\2014-12-03-05-31-23.035-aswFe.exe-4904.log 2014-12-03 06:24 - 2014-12-03 06:31 - 00000247 _____ () C:\Windows\system32\2014-12-03-05-24-33.017-aswFe.exe-304.log 2014-12-03 06:24 - 2014-12-03 06:24 - 00000197 _____ () C:\Windows\system32\2014-12-03-05-24-27.083-AvastVBoxSVC.exe-4968.log 2014-12-03 04:55 - 2014-12-03 04:55 - 00000247 _____ () C:\Windows\system32\2014-12-03-03-55-29.004-aswFe.exe-1648.log 2014-12-03 04:50 - 2014-12-03 04:55 - 00000247 _____ () C:\Windows\system32\2014-12-03-03-50-35.014-aswFe.exe-4160.log 2014-12-03 04:50 - 2014-12-03 04:50 - 00000197 _____ () C:\Windows\system32\2014-12-03-03-50-30.043-AvastVBoxSVC.exe-2604.log 2014-12-03 03:49 - 2014-12-03 03:49 - 00000247 _____ () C:\Windows\system32\2014-12-03-02-49-20.023-aswFe.exe-2964.log 2014-12-03 03:44 - 2014-12-03 03:49 - 00000247 _____ () C:\Windows\system32\2014-12-03-02-44-34.078-aswFe.exe-1104.log 2014-12-03 03:44 - 2014-12-03 03:44 - 00000197 _____ () C:\Windows\system32\2014-12-03-02-44-30.082-AvastVBoxSVC.exe-4468.log 2014-12-03 03:23 - 2014-12-03 03:23 - 00000247 _____ () C:\Windows\system32\2014-12-03-02-23-53.079-aswFe.exe-3652.log 2014-12-03 03:18 - 2014-12-03 03:23 - 00000247 _____ () C:\Windows\system32\2014-12-03-02-18-29.069-aswFe.exe-4308.log 2014-12-03 03:18 - 2014-12-03 03:18 - 00000197 _____ () C:\Windows\system32\2014-12-03-02-18-25.093-AvastVBoxSVC.exe-4672.log 2014-12-03 02:29 - 2014-12-03 02:29 - 00000247 _____ () C:\Windows\system32\2014-12-03-01-29-03.090-aswFe.exe-4120.log 2014-12-03 02:24 - 2014-12-03 02:28 - 00000247 _____ () C:\Windows\system32\2014-12-03-01-24-27.090-aswFe.exe-1708.log 2014-12-03 02:24 - 2014-12-03 02:24 - 00000197 _____ () C:\Windows\system32\2014-12-03-01-24-23.037-AvastVBoxSVC.exe-3664.log 2014-12-02 13:15 - 2014-12-02 13:15 - 00000197 _____ () C:\Windows\system32\2014-12-02-12-15-02.022-AvastVBoxSVC.exe-2584.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-01 19:16 - 2014-11-19 13:18 - 00000000 ____D () C:\Users\Matze 2015-01-01 19:15 - 2010-05-12 09:18 - 00699092 _____ () C:\Windows\system32\perfh007.dat 2015-01-01 19:15 - 2010-05-12 09:18 - 00149232 _____ () C:\Windows\system32\perfc007.dat 2015-01-01 19:15 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-01 19:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-01 19:07 - 2009-07-14 05:51 - 00040092 _____ () C:\Windows\setupact.log 2015-01-01 18:35 - 2010-06-02 17:14 - 01583736 _____ () C:\Windows\PFRO.log 2015-01-01 18:31 - 2014-11-19 15:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-01 18:31 - 2014-11-19 13:11 - 01292372 _____ () C:\Windows\WindowsUpdate.log 2015-01-01 16:18 - 2009-07-14 05:45 - 00018704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-01 16:18 - 2009-07-14 05:45 - 00018704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-01 16:11 - 2014-11-19 13:19 - 00001425 _____ () C:\Users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-01 13:39 - 2014-11-19 16:22 - 00000000 ____D () C:\Users\Matze_2 2014-12-30 10:13 - 2014-11-19 13:20 - 00058016 _____ () C:\Users\Matze\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-29 03:59 - 2014-11-19 16:22 - 00000000 ____D () C:\Users\Matze_2\AppData\Roaming\TP-LINK 2014-12-29 03:58 - 2009-07-14 08:44 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-12-29 03:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-12-25 12:31 - 2014-11-19 13:39 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-12-24 21:20 - 2010-06-01 17:52 - 00114237 _____ () C:\Windows\DirectX.log 2014-12-20 17:40 - 2014-11-20 10:00 - 00000892 _____ () C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk 2014-12-17 22:19 - 2014-11-20 11:59 - 00000000 ____D () C:\Users\Matze_2\AppData\Local\The Witcher 2014-12-15 12:01 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-12-12 11:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-12-12 09:14 - 2014-11-19 13:45 - 00000000 ____D () C:\Users\Matze\AppData\Local\Adobe 2014-12-12 09:13 - 2014-11-19 15:09 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-12 09:13 - 2014-11-19 15:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-12 09:13 - 2014-11-19 15:09 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-11 00:51 - 2014-11-19 14:43 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-11 00:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-11 00:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat 2014-12-11 00:44 - 2014-11-19 14:32 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-11 00:42 - 2010-06-01 16:50 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-10 09:23 - 2014-11-19 13:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-03 16:55 - 2014-11-21 16:44 - 00000000 ____D () C:\Users\Matze_2\AppData\Local\Adobe 2014-12-03 16:55 - 2014-11-20 08:50 - 00000000 ____D () C:\Users\Matze_2\AppData\Roaming\Adobe 2014-12-03 10:57 - 2014-11-28 04:20 - 00000000 ____D () C:\Users\Matze_2\AppData\Local\Microsoft Games Some content of TEMP: ==================== C:\Users\Matze\AppData\Local\Temp\avgnt.exe C:\Users\Matze\AppData\Local\Temp\vcredist_x86.exe C:\Users\Matze_2\AppData\Local\Temp\war3_Install.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-25 18:38 ==================== End Of Log ============================ Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2015 Ran by Matze at 2015-01-01 19:18:22 Running from C:\Users\Matze\Desktop Boot Mode: Safe Mode (minimal) ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.35 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0935-000001000000}) (Version: 9.35.00.0 - Igor Pavlov) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated) Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) ATI Catalyst Install Manager (HKLM\...\{4C5C7B62-C959-5FEB-FAD6-B7A0BE68B868}) (Version: 3.0.769.0 - ATI Technologies, Inc.) Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG) Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira) Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation) ccc-core-static (x32 Version: 2010.0406.2133.36843 - ATI) Hidden CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2515 - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.) CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.) Deponia - The Complete Journey (HKLM-x32\...\Deponia The Complete Journey) (Version: 3.2 - Daedalic Entertainment) Deponia – The Puzzle (HKLM-x32\...\Deponia – The Puzzle_is1) (Version: 1.0 - Daedalic Entertainment) Football Manager 2015 (HKLM-x32\...\Steam App 295270) (Version: - Sports Interactive) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.5.1003 - Intel Corporation) Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Medion Home Cinema (HKLM-x32\...\InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}) (Version: 6.0.0000 - CyberLink Corp.) Medion Home Cinema (x32 Version: 6.0.0000 - CyberLink Corp.) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM-x32\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation) Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6083 - Realtek Semiconductor Corp.) S.T.A.L.K.E.R. Shadow of Chernobyl (HKLM-x32\...\1207660573_is1) (Version: 2.1.0.7 - GOG.com) Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) The Witcher Enhanced Edition (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.4.5.1280 - CD Projekt Red) TL-WN822N/TL-WN821N Driver (HKLM-x32\...\{62FE0726-9652-4CD2-9F09-C769D8699C21}) (Version: 1.0.0 - TP-LINK) TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK) Vampire - The Masquerade Bloodlines (HKLM-x32\...\InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}) (Version: 1.00.0000 - Activision) Vampire - The Masquerade Bloodlines (x32 Version: 1.00.0000 - Activision) Hidden Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment) Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 17-12-2014 15:08:33 Geplanter Prüfpunkt 18-12-2014 12:56:18 Windows Update 23-12-2014 16:51:29 Windows Update 24-12-2014 11:51:44 Installed 7-Zip 9.35 (x64 edition) 24-12-2014 21:15:41 DirectX wurde installiert 24-12-2014 21:18:58 DirectX wurde installiert 26-12-2014 22:10:17 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {4C44D172-ED67-4ADA-853C-DD054ABDDD02} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: {BA07F79F-C878-4002-AAFB-2C3D03CD1B9A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2015-01-01 19:11 - 2015-01-01 19:12 - 00050477 _____ () C:\Users\Matze\Desktop\Defogger.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-245380145-1818160504-329303441-500 - Administrator - Disabled) Gast (S-1-5-21-245380145-1818160504-329303441-501 - Limited - Disabled) Matze (S-1-5-21-245380145-1818160504-329303441-1000 - Administrator - Enabled) => C:\Users\Matze Matze_2 (S-1-5-21-245380145-1818160504-329303441-1001 - Limited - Enabled) => C:\Users\Matze_2 ==================== Faulty Device Manager Devices ============= Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (01/01/2015 04:11:30 PM) (Source: ESENT) (EventID: 215) (User: ) Description: WinMail (1840) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. Error: (01/01/2015 04:11:16 PM) (Source: ESENT) (EventID: 215) (User: ) Description: WinMail (2860) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. Error: (12/30/2014 10:11:29 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -550. Error: (12/29/2014 03:45:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -1216. Error: (12/29/2014 03:45:55 AM) (Source: ESENT) (EventID: 454) (User: ) Description: Catalog Database (916) Catalog Database: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1216 auf. Error: (12/29/2014 03:45:55 AM) (Source: ESENT) (EventID: 494) (User: ) Description: Catalog Database (916) Catalog Database: Bei der Datenbankwiederherstellung ist ein Fehler aufgetreten (Fehler -1216), da Verweise auf Datenbank "C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" festgestellt wurden, die nicht mehr vorhanden ist. Die Datenbank wurde nicht sauber heruntergefahren, bevor sie entfernt (oder möglicherweise verschoben oder umbenannt) wurde. Das Datenbankmodul lässt den Abschluss der Wiederherstellung für diese Instanz erst dann zu, wenn die fehlende Datenbank wieder verfügbar gemacht wird. Wenn die Datenbank tatsächlich nicht mehr verfügbar oder nicht mehr erforderlich ist, finden Sie Informationen zum Beheben dieses Fehlers in der Microsoft Knowledge Base oder unter dem Link "Weitere Informationen" am Ende dieser Meldung. Error: (12/28/2014 11:17:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: fm.exe, Version: 15.2.1.0, Zeitstempel: 0x548f21aa Name des fehlerhaften Moduls: fm.exe, Version: 15.2.1.0, Zeitstempel: 0x548f21aa Ausnahmecode: 0xc0000005 Fehleroffset: 0x00e43f06 ID des fehlerhaften Prozesses: 0x20d0 Startzeit der fehlerhaften Anwendung: 0xfm.exe0 Pfad der fehlerhaften Anwendung: fm.exe1 Pfad des fehlerhaften Moduls: fm.exe2 Berichtskennung: fm.exe3 Error: (12/28/2014 03:52:50 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (12/28/2014 02:56:49 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: fm.exe, Version: 15.2.1.0, Zeitstempel: 0x548f21aa Name des fehlerhaften Moduls: fm.exe, Version: 15.2.1.0, Zeitstempel: 0x548f21aa Ausnahmecode: 0xc0000005 Fehleroffset: 0x00e43f06 ID des fehlerhaften Prozesses: 0x148c Startzeit der fehlerhaften Anwendung: 0xfm.exe0 Pfad der fehlerhaften Anwendung: fm.exe1 Pfad des fehlerhaften Moduls: fm.exe2 Berichtskennung: fm.exe3 Error: (12/28/2014 01:30:11 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm fm.exe, Version 15.2.1.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c5c Startzeit: 01d021d83055d3f6 Endzeit: 16 Anwendungspfad: D:\Steam\steamapps\common\Football Manager 2015\fm.exe Berichts-ID: ac536517-8e28-11e4-bc3b-6c626d0fc752 System errors: ============= Error: (01/01/2015 07:11:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (01/01/2015 07:11:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (01/01/2015 07:11:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (01/01/2015 07:11:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (01/01/2015 07:11:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (01/01/2015 07:11:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (01/01/2015 07:11:01 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (01/01/2015 07:11:01 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (01/01/2015 07:10:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (01/01/2015 07:10:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Microsoft Office Sessions: ========================= Error: (01/01/2015 04:11:30 PM) (Source: ESENT) (EventID: 215) (User: ) Description: WinMail1840WindowsMail0: Error: (01/01/2015 04:11:16 PM) (Source: ESENT) (EventID: 215) (User: ) Description: WinMail2860WindowsMail0: Error: (12/30/2014 10:11:29 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: -550 Error: (12/29/2014 03:45:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: -1216 Error: (12/29/2014 03:45:55 AM) (Source: ESENT) (EventID: 454) (User: ) Description: Catalog Database916Catalog Database: -1216 Error: (12/29/2014 03:45:55 AM) (Source: ESENT) (EventID: 494) (User: ) Description: Catalog Database916Catalog Database: -1216C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Error: (12/28/2014 11:17:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: fm.exe15.2.1.0548f21aafm.exe15.2.1.0548f21aac000000500e43f0620d001d0225c905693ccD:\Steam\steamapps\common\Football Manager 2015\fm.exeD:\Steam\steamapps\common\Football Manager 2015\fm.exec11e5b61-8e7a-11e4-bc3b-6c626d0fc752 Error: (12/28/2014 03:52:50 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8 Error: (12/28/2014 02:56:49 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: fm.exe15.2.1.0548f21aafm.exe15.2.1.0548f21aac000000500e43f06148c01d022357cfa4c61D:\Steam\steamapps\common\Football Manager 2015\fm.exeD:\Steam\steamapps\common\Football Manager 2015\fm.exec8c0948d-8e34-11e4-bc3b-6c626d0fc752 Error: (12/28/2014 01:30:11 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: fm.exe15.2.1.0c5c01d021d83055d3f616D:\Steam\steamapps\common\Football Manager 2015\fm.exeac536517-8e28-11e4-bc3b-6c626d0fc752 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz Percentage of memory in use: 9% Total physical RAM: 8183.11 MB Available physical RAM: 7399.36 MB Total Pagefile: 16364.41 MB Available Pagefile: 15605.87 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:1366.16 GB) (Free:1253.84 GB) NTFS Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:437.62 GB) NTFS Drive e: (Recover) (Fixed) (Total:30 GB) (Free:13.89 GB) NTFS Drive i: (INTENSO USB) (Removable) (Total:3.73 GB) (Free:3.36 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1397.3 GB) (Disk ID: ACBFBE42) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1366.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1 GB) - (Type=12) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 207E8B9E) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 4 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=3.7 GB) - (Type=0C) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-01-01 19:33:14 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD15 rev.80.0 1397,27GB Running: Gmer-19357.exe; Driver: C:\Users\Matze\AppData\Local\Temp\fxldruoc.sys ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- Geändert von hateinprob (01.01.2015 um 20:16 Uhr) |
Themen zu Win7 bootet nicht/ driver aswrvrt.sys / driver CLASSPNP.SYS |
antivir, antivirus, avira, bingbar, booten, browser, cursor, fehler, flash player, helper, home, hängen, hängt, maus, mozilla, netzwerk, realtek, registry, scan, security, software, starten, svchost.exe, system, vcredist, werkseinstellungen, windows, windows xp |