| |
| |||||||
Log-Analyse und Auswertung: Problem Win32:Crypt-RQAWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.01.2015, 20:25
| #1 |
| |  Problem Win32:Crypt-RQA Hallo Forum Habe heute bei Avast einen scan durchgeführt und dabei einen Fund gehabt..Win32:Crypt-RQA..in C:\System Volume Information\EfaData\SYMEFA.DB..... dieser läst sich leider nicht entfernen!!!. Habe dann auch Versucht einen GMER log zu erstellen, bekam dan aber hinweise das der zugriff auf..C:\WINDOWS\system32\config\system...und..C:User\Andy\ntuser.dat:..das der Prozess nicht auf die Datei zugreifen kann,da sie von eienm anderen Prozess verwendet wird. Hab keine ahnug was ich noch machen soll. Zusatz ich hatte vor ein paar Tagen mein Windows auf 8.1 aktualisiert. Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Andy at 2015-01-09 19:56:55
Running from C:\Users\Andy\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Ad-Aware Web Companion (x32 Version: 1.1.844.1586 - Lavasoft) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-2121296057-1747745134-147526060-1002\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version: - )
Battlefield 2: Special Forces (HKLM-x32\...\{50D4CB89-AF34-4978-96DC-C3034062E901}) (Version: - )
Battlefield 2142 (HKLM-x32\...\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Connectify (HKLM\...\Connectify) (Version: 9.3.1.33921 - Connectify)
Creative Live! Central 3 (HKLM-x32\...\Creative Live! Central 2) (Version: 3.01.21 - Creative Technology Ltd)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4427.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
Dropbox (HKU\S-1-5-21-2121296057-1747745134-147526060-1002\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EdenEternal-DE (HKLM-x32\...\EdenEternal-DE) (Version: - )
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.1 - Ellora Assets Corporation)
Glary Utilities 5.9 (HKLM-x32\...\Glary Utilities 5) (Version: 5.9.0.16 - Glarysoft Ltd)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.7.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.7.0 - )
LavasoftTcpService (x32 Version: 2.2.9.5 - Lavasoft) Hidden
Live! Cam Sync HD VF0770 Driver (1.00.02.00) (HKLM\...\Creative VF0770) (Version: - Creative Technology Ltd.)
Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.186 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2121296057-1747745134-147526060-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
NVIDIA 3D Vision Controller-Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
PlanetSide 2 (HKU\S-1-5-21-2121296057-1747745134-147526060-1002\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Version 3.1 (HKLM-x32\...\Star Wars - Empire at War - Forces of Corrution ~10C30A58_is1) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2121296057-1747745134-147526060-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2121296057-1747745134-147526060-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2121296057-1747745134-147526060-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2121296057-1747745134-147526060-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2121296057-1747745134-147526060-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2121296057-1747745134-147526060-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2121296057-1747745134-147526060-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2121296057-1747745134-147526060-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2121296057-1747745134-147526060-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2121296057-1747745134-147526060-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2121296057-1747745134-147526060-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2121296057-1747745134-147526060-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2121296057-1747745134-147526060-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
07-01-2015 18:56:57 LavasoftWeCompanion
09-01-2015 13:09:21 Revo Uninstaller's restore point - ESET Online Scanner v3
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 06:26 - 2015-01-08 07:58 - 00000065 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {01AC6DE9-44FC-4BD5-86F4-E43E02F4F2BB} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {1C17386B-9005-484F-9FA4-08DFF204D100} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {50ECCDF3-DDEA-40DA-BEAF-A6E4FD87EEBE} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2013-08-22] (Microsoft Corporation)
Task: {5C8258D4-DFAA-4E28-A605-2A466F36FEFB} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-09-29] (Glarysoft Ltd)
Task: {5F693CAD-0021-4E4F-8A9E-B81B3DC2CDC6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6F6D08DD-F009-4E54-A7B1-84F861413BB9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-11] (AVAST Software)
Task: {7FA2E677-B0E5-495E-A857-E5BDC2AE8B45} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {8B930182-BF08-419E-9283-94956E5CA9D1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {8C2E3829-8570-4D07-BBD9-3BB96BCD455F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-08] (Adobe Systems Incorporated)
Task: {9FA6CB5C-F2E1-4FF6-9C57-CA9EE08628A4} - System32\Tasks\{098FF461-CE2E-44D3-B6A8-3A777DA1AB01} => pcalua.exe -a "C:\Program Files (x86)\LucasFan Games\MMD\autorun.exe" -d "C:\Program Files (x86)\LucasFan Games\MMD"
Task: {BF84FE7D-471C-4728-826E-825BD5E61087} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {D75B620F-1A47-4BF8-A42F-4BBF8E2A65F6} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-09-29] (Glarysoft Ltd)
Task: {FAACE827-1A1D-4BBD-BFB2-AEA429E517EF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-04] (Microsoft Corporation)
Task: {FB6C6163-15B4-4AFA-975C-90FDE19A1D9A} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
==================== Loaded Modules (whitelisted) =============
2015-01-06 14:59 - 2014-09-13 22:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2014-11-11 09:45 - 2014-11-11 09:45 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-11 09:45 - 2014-11-11 09:45 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-07-02 22:54 - 2014-07-02 22:54 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-07-02 22:59 - 2014-07-02 22:59 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-07-02 22:54 - 2014-07-02 22:54 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-07-02 22:59 - 2014-07-02 22:59 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-10-23 20:19 - 2014-10-23 20:19 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-01-09 11:39 - 2015-01-09 11:39 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010900\algo.dll
2014-11-11 09:45 - 2014-11-11 09:45 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-19 09:47 - 2014-12-26 17:17 - 00378104 _____ () C:\Program Files (x86)\Connectify\NativeLibrary.dll
2014-07-19 09:47 - 2014-12-26 17:17 - 00713976 _____ () C:\Program Files (x86)\Connectify\log4cplus.dll
2014-07-19 09:47 - 2014-12-26 17:17 - 03566328 _____ () C:\Program Files (x86)\Connectify\ConnectifyNAT.dll
2014-07-19 09:47 - 2014-12-26 17:17 - 00354040 _____ () C:\Program Files (x86)\Connectify\LibDispatch.dll
2014-11-11 09:45 - 2014-11-11 09:45 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-09 04:59 - 2015-01-09 04:59 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\2133a50009fa3b357bfbd29a218be0f6\PSIClient.ni.dll
2013-01-07 10:33 - 2012-07-18 11:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "AdAwareTray"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKLM\...\StartupApproved\Run32: => "V0770Mon.exe"
HKLM\...\StartupApproved\Run32: => "Connectify Dispatch"
HKLM\...\StartupApproved\Run32: => "Connectify Hotspot"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-2121296057-1747745134-147526060-1002\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKU\S-1-5-21-2121296057-1747745134-147526060-1002\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2121296057-1747745134-147526060-1002\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-2121296057-1747745134-147526060-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2121296057-1747745134-147526060-1002\...\StartupApproved\Run: => "Remote Mouse"
HKU\S-1-5-21-2121296057-1747745134-147526060-1002\...\StartupApproved\Run: => "GUDelayStartup"
========================= Accounts: ==========================
Administrator (S-1-5-21-2121296057-1747745134-147526060-500 - Administrator - Disabled)
Andy (S-1-5-21-2121296057-1747745134-147526060-1002 - Administrator - Enabled) => C:\Users\Andy
Gast (S-1-5-21-2121296057-1747745134-147526060-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/09/2015 05:50:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avscan.exe, Version: 14.0.7.462, Zeitstempel: 0x546f1ab4
Name des fehlerhaften Moduls: avscan.exe, Version: 14.0.7.462, Zeitstempel: 0x546f1ab4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00037e54
ID des fehlerhaften Prozesses: 0x678
Startzeit der fehlerhaften Anwendung: 0xavscan.exe0
Pfad der fehlerhaften Anwendung: avscan.exe1
Pfad des fehlerhaften Moduls: avscan.exe2
Berichtskennung: avscan.exe3
Vollständiger Name des fehlerhaften Pakets: avscan.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avscan.exe5
Error: (01/09/2015 04:42:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17476, Zeitstempel: 0x54516b13
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005925b
ID des fehlerhaften Prozesses: 0x8f0
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Vollständiger Name des fehlerhaften Pakets: vlc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5
Error: (01/09/2015 04:41:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17476, Zeitstempel: 0x54516b13
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005925b
ID des fehlerhaften Prozesses: 0x1aa0
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Vollständiger Name des fehlerhaften Pakets: vlc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5
Error: (01/09/2015 04:41:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17476, Zeitstempel: 0x54516b13
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005925b
ID des fehlerhaften Prozesses: 0x688
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Vollständiger Name des fehlerhaften Pakets: vlc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5
Error: (01/09/2015 01:39:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm mbam.exe, Version 1.0.1.711 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1824
Startzeit: 01d02c091da7c274
Endzeit: 14075
Anwendungspfad: C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
Berichts-ID: 7395090a-97fc-11e4-bf67-84c9b2018322
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (01/09/2015 01:24:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (01/09/2015 01:24:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (01/09/2015 01:23:32 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (01/09/2015 07:50:36 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (01/09/2015 07:31:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avscan.exe, Version: 14.0.7.462, Zeitstempel: 0x546f1ab4
Name des fehlerhaften Moduls: avscan.exe, Version: 14.0.7.462, Zeitstempel: 0x546f1ab4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00037e54
ID des fehlerhaften Prozesses: 0x16fc
Startzeit der fehlerhaften Anwendung: 0xavscan.exe0
Pfad der fehlerhaften Anwendung: avscan.exe1
Pfad des fehlerhaften Moduls: avscan.exe2
Berichtskennung: avscan.exe3
Vollständiger Name des fehlerhaften Pakets: avscan.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avscan.exe5
System errors:
=============
Error: (01/09/2015 07:36:29 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (01/09/2015 05:55:01 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (01/09/2015 04:13:10 PM) (Source: DCOM) (EventID: 10016) (User: Andre)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}AndreAndyS-1-5-21-2121296057-1747745134-147526060-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (01/09/2015 04:13:10 PM) (Source: DCOM) (EventID: 10016) (User: Andre)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}AndreAndyS-1-5-21-2121296057-1747745134-147526060-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (01/09/2015 04:13:09 PM) (Source: DCOM) (EventID: 10016) (User: Andre)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}AndreAndyS-1-5-21-2121296057-1747745134-147526060-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (01/09/2015 04:13:09 PM) (Source: DCOM) (EventID: 10016) (User: Andre)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}AndreAndyS-1-5-21-2121296057-1747745134-147526060-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (01/09/2015 04:13:09 PM) (Source: DCOM) (EventID: 10016) (User: Andre)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}AndreAndyS-1-5-21-2121296057-1747745134-147526060-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (01/09/2015 04:13:08 PM) (Source: DCOM) (EventID: 10016) (User: Andre)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}AndreAndyS-1-5-21-2121296057-1747745134-147526060-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (01/09/2015 04:13:04 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (01/09/2015 04:13:03 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.229.1192.168.173.0255.255.255.0
Microsoft Office Sessions:
=========================
Error: (01/09/2015 05:50:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avscan.exe14.0.7.462546f1ab4avscan.exe14.0.7.462546f1ab4c000000500037e5467801d02c28e16c0e79C:\program files (x86)\avira\antivir desktop\avscan.exeC:\program files (x86)\avira\antivir desktop\avscan.exe992c42e8-981f-11e4-bf69-84c9b2018322
Error: (01/09/2015 04:42:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.1747654516b13c0000005000000000005925b8f001d02c22c638b5c0C:\Program Files\VideoLAN\VLC\vlc.exeC:\WINDOWS\SYSTEM32\ntdll.dll11654ad1-9816-11e4-bf69-84c9b2018322
Error: (01/09/2015 04:41:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.1747654516b13c0000005000000000005925b1aa001d02c22af099dfcC:\Program Files\VideoLAN\VLC\vlc.exeC:\WINDOWS\SYSTEM32\ntdll.dll011f395d-9816-11e4-bf69-84c9b2018322
Error: (01/09/2015 04:41:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.1747654516b13c0000005000000000005925b68801d02c228f430a2cC:\Program Files\VideoLAN\VLC\vlc.exeC:\WINDOWS\SYSTEM32\ntdll.dllea07502a-9815-11e4-bf69-84c9b2018322
Error: (01/09/2015 01:39:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.1.711182401d02c091da7c27414075C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe7395090a-97fc-11e4-bf67-84c9b2018322
Error: (01/09/2015 01:24:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Andy\Downloads\Neuer Ordner\esetsmartinstaller_deu(1).exe
Error: (01/09/2015 01:24:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Andy\Downloads\Neuer Ordner\esetsmartinstaller_deu(1).exe
Error: (01/09/2015 01:23:32 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Andy\Downloads\Neuer Ordner\esetsmartinstaller_deu(1).exe
Error: (01/09/2015 07:50:36 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (01/09/2015 07:31:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: avscan.exe14.0.7.462546f1ab4avscan.exe14.0.7.462546f1ab4c000000500037e5416fc01d02b9316fce657C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe28092528-97c9-11e4-bf66-84c9b2018322
CodeIntegrity Errors:
===================================
Date: 2014-11-01 13:41:25.857
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-04-17 17:44:22.850
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Andy\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-04-17 17:44:22.402
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 23%
Total physical RAM: 8135.73 MB
Available physical RAM: 6200.98 MB
Total Pagefile: 9415.73 MB
Available Pagefile: 7419.08 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:915.91 GB) (Free:761.37 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A29F9793)
Partition: GPT Partition Type.
==================== End Of Log ============================
Geändert von Orpheuso (09.01.2015 um 20:32 Uhr) Grund: aktualisierung von Windows |
|
09.01.2015, 20:27
| #2 |
| | Problem Win32:Crypt-RQA FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015 Ran by Andy (administrator) on ANDRE on 09-01-2015 19:56:09 Running from C:\Users\Andy\Desktop Loaded Profile: Andy (Available profiles: Andy) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Connectify) C:\Program Files (x86)\Connectify\ConnectifyService.exe (Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Connectify) C:\Program Files (x86)\Connectify\Connectify.exe (Connectify) C:\Program Files (x86)\Connectify\DispatchUI.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10464536 2014-07-02] (Logitech Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2461504 2014-09-17] (NVIDIA Corporation) HKLM\...\Run: [Connectify Hotspot] => C:\Program Files (x86)\Connectify\Connectify.exe [4330232 2014-12-26] (Connectify) HKLM\...\Run: [Connectify Dispatch] => C:\Program Files (x86)\Connectify\DispatchUI.exe [2381560 2014-12-26] (Connectify) HKLM-x32\...\Run: [V0770Mon.exe] => C:\WINDOWS\V0770Mon.exe [32884 2012-06-01] (Creative Technology Ltd.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [Live! Central 3] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe [461312 2012-07-24] (Creative Technology Ltd) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software) HKU\S-1-5-21-2121296057-1747745134-147526060-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Andy\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-2121296057-1747745134-147526060-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd) HKU\S-1-5-21-2121296057-1747745134-147526060-1002\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-09-29] (Glarysoft Ltd) HKU\S-1-5-21-2121296057-1747745134-147526060-1002\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC) HKU\S-1-5-21-2121296057-1747745134-147526060-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.) Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2121296057-1747745134-147526060-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://localoem.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2121296057-1747745134-147526060-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2121296057-1747745134-147526060-1002 -> {B5250840-80FC-42E6-AB27-C60C3B3B2380} URL = BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) FireFox: ======== FF ProfilePath: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\yak6rvk8.default-1420806131989 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll () FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Ghostery - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\yak6rvk8.default-1420806131989\Extensions\firefox@ghostery.com.xpi [2015-01-09] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-01-09] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-21] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-11] Chrome: ======= CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-25] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-11] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-11] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-11] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-11] (Avast Software) R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [487936 2014-12-26] (Connectify) [File not signed] R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-10-09] (Ellora Assets Corp.) [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-05] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-17] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-17] (NVIDIA Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2015-01-06] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-01-06] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S1 anodlwf; C:\Windows\system32\DRIVERS\anodlwfx.sys [15872 2009-03-06] () R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-11] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-11] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-11] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-11] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-23] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-11] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-11] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-11] () R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 cnnctfy3; C:\Windows\system32\DRIVERS\cnnctfy3.sys [42152 2015-01-08] (Connectify) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation) R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-10-04] (Glarysoft Ltd) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140616.001\IDSvia64.sys [525016 2014-05-09] (Symantec Corporation) S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [93400 2015-01-09] (Malwarebytes Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140616.024\ENG64.SYS [126040 2014-05-10] (Symantec Corporation) S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140616.024\EX64.SYS [2099288 2014-05-10] (Symantec Corporation) R3 netr28ux; C:\Windows\system32\DRIVERS\netr28ux.sys [2217616 2014-10-18] (MediaTek Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) S4 SymELAM; C:\Windows\system32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2013-09-10] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-21] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) R3 V0770Vid; C:\Windows\system32\DRIVERS\V0770Vid.sys [379776 2012-06-01] (Creative Technology Ltd.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-01-06] (Microsoft Corporation) S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X] U3 ugldrpob; \??\C:\Users\Andy\AppData\Local\Temp\ugldrpob.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-09 19:56 - 2015-01-09 19:56 - 00019881 _____ () C:\Users\Andy\Desktop\FRST.txt 2015-01-09 19:56 - 2015-01-09 19:56 - 00000000 ____D () C:\FRST 2015-01-09 19:55 - 2015-01-09 19:55 - 00007981 _____ () C:\Users\Andy\Desktop\gg.log 2015-01-09 19:48 - 2015-01-09 19:48 - 00000470 _____ () C:\Users\Andy\Desktop\defogger_disable.log 2015-01-09 19:48 - 2015-01-09 19:48 - 00000000 _____ () C:\Users\Andy\defogger_reenable 2015-01-09 19:44 - 2015-01-09 19:44 - 00380416 _____ () C:\Users\Andy\Desktop\Gmer-19357.exe 2015-01-09 19:44 - 2015-01-09 19:44 - 00050477 _____ () C:\Users\Andy\Desktop\Defogger.exe 2015-01-09 19:44 - 2015-01-09 19:44 - 00000000 ____D () C:\Users\Andy\Downloads\Neuer Ordner (2) 2015-01-09 19:41 - 2015-01-09 19:42 - 02124288 _____ (Farbar) C:\Users\Andy\Desktop\FRST64.exe 2015-01-09 18:09 - 2015-01-09 18:09 - 00000000 ____D () C:\WINDOWS\Panther 2015-01-09 17:53 - 2015-01-09 17:53 - 00002482 _____ () C:\WINDOWS\PFRO.log 2015-01-09 17:26 - 2015-01-09 19:37 - 00085651 _____ () C:\WINDOWS\WindowsUpdate.log 2015-01-09 14:50 - 2015-01-09 14:50 - 00000000 ____D () C:\ProgramData\F-Secure 2015-01-09 14:34 - 2015-01-09 14:34 - 01174352 _____ () C:\Users\Andy\Downloads\F Secure Online Scanner - CHIP-Installer.exe 2015-01-09 14:14 - 2014-11-15 20:05 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2015-01-09 14:14 - 2014-11-15 07:29 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2015-01-09 14:14 - 2014-11-14 15:36 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-01-09 14:14 - 2014-11-14 08:10 - 03558400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-01-09 14:14 - 2014-11-14 07:58 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2015-01-09 14:14 - 2014-11-14 07:57 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-01-09 14:14 - 2014-11-14 07:57 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2015-01-09 14:14 - 2014-11-14 07:54 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2015-01-09 14:14 - 2014-11-14 07:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2015-01-09 14:14 - 2014-11-14 07:53 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2015-01-09 14:14 - 2014-11-14 07:52 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2015-01-09 14:14 - 2014-11-14 06:04 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2015-01-09 14:14 - 2014-11-14 06:03 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-01-09 14:14 - 2014-11-14 06:03 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2015-01-09 14:14 - 2014-11-14 06:01 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2015-01-09 14:14 - 2014-11-14 06:01 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2015-01-09 14:14 - 2014-11-11 01:39 - 22290560 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2015-01-09 14:14 - 2014-11-11 01:17 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2015-01-09 14:14 - 2014-11-10 19:06 - 02485056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2015-01-09 14:14 - 2014-11-10 19:06 - 00473408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2015-01-09 14:14 - 2014-11-10 19:06 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2015-01-09 14:14 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys 2015-01-09 14:14 - 2014-11-10 03:57 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys 2015-01-09 14:14 - 2014-11-10 02:37 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2015-01-09 14:14 - 2014-11-10 02:34 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2015-01-09 14:14 - 2014-11-10 02:26 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL 2015-01-09 14:14 - 2014-11-10 02:20 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll 2015-01-09 14:14 - 2014-11-10 02:09 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL 2015-01-09 14:14 - 2014-11-10 02:08 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2015-01-09 14:14 - 2014-11-10 02:06 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2015-01-09 14:14 - 2014-11-10 01:57 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2015-01-09 14:14 - 2014-11-10 01:57 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2015-01-09 14:14 - 2014-11-08 11:42 - 01390928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2015-01-09 14:14 - 2014-11-08 11:23 - 01127976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2015-01-09 14:14 - 2014-11-08 05:00 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys 2015-01-09 14:14 - 2014-11-08 05:00 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys 2015-01-09 14:14 - 2014-11-08 04:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys 2015-01-09 14:14 - 2014-11-08 04:58 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys 2015-01-09 14:14 - 2014-11-08 04:56 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp 2015-01-09 14:14 - 2014-11-08 04:56 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll 2015-01-09 14:14 - 2014-11-08 04:56 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll 2015-01-09 14:14 - 2014-11-08 04:24 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll 2015-01-09 14:14 - 2014-11-08 04:13 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp 2015-01-09 14:14 - 2014-11-08 04:13 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll 2015-01-09 14:14 - 2014-11-08 04:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll 2015-01-09 14:14 - 2014-11-08 03:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll 2015-01-09 14:14 - 2014-11-08 03:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2015-01-09 14:14 - 2014-11-08 03:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2015-01-09 14:14 - 2014-11-08 03:09 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll 2015-01-09 14:14 - 2014-11-08 03:03 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll 2015-01-09 14:14 - 2014-11-08 02:59 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll 2015-01-09 14:14 - 2014-11-08 02:58 - 04837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2015-01-09 14:14 - 2014-11-08 02:49 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2015-01-09 14:14 - 2014-11-07 04:58 - 00952896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2015-01-09 14:14 - 2014-11-07 04:20 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2015-01-09 14:14 - 2014-11-05 03:12 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL 2015-01-09 14:14 - 2014-11-05 03:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL 2015-01-09 14:14 - 2014-11-05 03:06 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll 2015-01-09 14:14 - 2014-11-05 02:44 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2015-01-09 14:14 - 2014-11-05 02:43 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2015-01-09 14:14 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll 2015-01-09 14:14 - 2014-11-05 02:39 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL 2015-01-09 14:14 - 2014-11-05 02:39 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL 2015-01-09 14:14 - 2014-11-05 02:33 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll 2015-01-09 14:14 - 2014-11-05 02:21 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll 2015-01-09 14:14 - 2014-11-05 02:20 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2015-01-09 14:14 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll 2015-01-09 14:14 - 2014-11-05 02:14 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll 2015-01-09 14:14 - 2014-11-05 02:06 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll 2015-01-09 14:14 - 2014-11-04 20:33 - 00058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys 2015-01-09 14:14 - 2014-11-04 20:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys 2015-01-09 14:14 - 2014-11-04 20:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys 2015-01-09 14:14 - 2014-11-04 07:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys 2015-01-09 14:14 - 2014-11-04 07:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys 2015-01-09 14:14 - 2014-11-04 07:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys 2015-01-09 14:14 - 2014-11-04 07:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys 2015-01-09 14:14 - 2014-11-04 07:27 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe 2015-01-09 14:14 - 2014-11-04 06:01 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe 2015-01-09 14:14 - 2014-10-31 01:51 - 18823168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2015-01-09 14:14 - 2014-10-31 01:10 - 15158784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2015-01-09 14:14 - 2014-10-30 06:55 - 07473472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-01-09 14:14 - 2014-10-30 06:47 - 01499384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-01-09 14:14 - 2014-10-30 06:41 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-01-09 14:14 - 2014-10-29 04:05 - 00551232 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2015-01-09 14:14 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2015-01-09 14:14 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll 2015-01-09 14:14 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll 2015-01-09 14:14 - 2014-10-29 02:55 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll 2015-01-09 14:14 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll 2015-01-09 14:14 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll 2015-01-09 14:14 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe 2015-01-09 14:14 - 2014-10-29 02:13 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll 2015-01-09 14:14 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe 2015-01-09 14:14 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe 2015-01-09 14:14 - 2014-10-26 23:10 - 00390841 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-01-09 14:14 - 2014-10-21 02:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll 2015-01-09 14:14 - 2014-10-21 02:19 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll 2015-01-09 14:14 - 2014-10-21 01:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll 2015-01-09 14:14 - 2014-10-21 01:31 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll 2015-01-09 14:14 - 2014-10-21 01:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll 2015-01-09 14:14 - 2014-10-21 01:30 - 01454080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe 2015-01-09 14:14 - 2014-10-21 01:20 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll 2015-01-09 14:14 - 2014-10-17 05:56 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2015-01-09 14:14 - 2014-10-17 05:56 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2015-01-09 14:14 - 2014-10-17 05:56 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2015-01-09 14:14 - 2014-10-17 04:35 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2015-01-09 13:12 - 2015-01-09 14:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-09 13:12 - 2015-01-09 13:21 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-09 13:12 - 2015-01-09 13:21 - 00001166 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-01-09 13:12 - 2015-01-09 13:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-09 13:03 - 2015-01-09 13:04 - 00000000 ____D () C:\Users\Andy\AppData\Local\Mozilla 2015-01-09 13:02 - 2015-01-09 13:02 - 39441776 _____ () C:\Users\Andy\Downloads\Firefox_Setup_de34.0.5.exe 2015-01-08 21:00 - 2015-01-08 21:01 - 00000000 ____D () C:\AdwCleaner 2015-01-08 20:34 - 2015-01-08 20:43 - 00000000 ____D () C:\Users\Andy\Downloads\Neuer Ordner 2015-01-08 19:19 - 2015-01-09 13:24 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-08 18:15 - 2015-01-08 18:15 - 00332610 _____ () C:\Users\Andy\Desktop\bookmarks.html 2015-01-08 18:15 - 2015-01-08 18:15 - 00246614 _____ () C:\Users\Andy\Desktop\bookmarks-2015-01-08.json 2015-01-08 17:56 - 2015-01-09 15:31 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C78015BD-B7C4-42BC-92B5-51A5C5F490E6} 2015-01-08 17:56 - 2015-01-08 17:56 - 00000000 __SHD () C:\Users\Andy\AppData\Local\EmieUserList 2015-01-08 17:56 - 2015-01-08 17:56 - 00000000 __SHD () C:\Users\Andy\AppData\Local\EmieSiteList 2015-01-08 17:56 - 2015-01-08 17:56 - 00000000 __SHD () C:\Users\Andy\AppData\Local\EmieBrowserModeList 2015-01-08 15:36 - 2015-01-09 19:08 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-01-08 15:36 - 2015-01-08 15:36 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-01-08 07:56 - 2015-01-08 07:56 - 00042152 _____ (Connectify) C:\WINDOWS\system32\Drivers\cnnctfy3.sys 2015-01-08 07:56 - 2015-01-08 07:56 - 00000394 _____ () C:\Users\Public\Desktop\Connectify Hotspot.lnk 2015-01-08 07:56 - 2015-01-08 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connectify 2015-01-08 07:48 - 2015-01-08 07:49 - 09064712 _____ (Connectify) C:\Users\Andy\Downloads\ConnectifyInstaller.exe 2015-01-08 07:47 - 2015-01-08 07:47 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files 2015-01-08 07:43 - 2015-01-08 07:46 - 202853696 _____ () C:\Users\Andy\Downloads\kav15.0.1.415de_6845.exe 2015-01-08 06:01 - 2014-08-15 01:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys 2015-01-08 05:46 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2015-01-08 05:46 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2015-01-08 05:44 - 2014-04-14 10:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll 2015-01-08 05:44 - 2014-04-14 09:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll 2015-01-08 05:43 - 2014-05-03 06:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2015-01-08 05:43 - 2014-05-03 06:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll 2015-01-08 05:43 - 2014-05-03 06:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll 2015-01-08 05:43 - 2014-05-03 06:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll 2015-01-08 05:43 - 2014-05-03 05:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll 2015-01-08 05:43 - 2014-05-03 05:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll 2015-01-08 05:43 - 2014-05-03 05:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll 2015-01-08 05:43 - 2014-05-03 00:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat 2015-01-08 05:43 - 2014-04-30 07:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys 2015-01-08 05:43 - 2014-04-30 07:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2015-01-08 05:43 - 2014-04-30 07:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys 2015-01-08 05:43 - 2014-04-30 06:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe 2015-01-08 05:43 - 2014-04-30 05:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe 2015-01-08 05:43 - 2014-04-30 05:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll 2015-01-08 05:43 - 2014-04-30 05:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll 2015-01-08 05:43 - 2014-04-30 05:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll 2015-01-08 05:43 - 2014-04-30 05:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll 2015-01-08 05:43 - 2014-04-30 04:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll 2015-01-08 05:43 - 2014-04-30 04:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll 2015-01-08 05:43 - 2014-04-30 04:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll 2015-01-08 05:43 - 2014-04-30 04:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll 2015-01-08 05:43 - 2014-04-28 23:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2015-01-08 05:43 - 2014-04-26 17:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll 2015-01-08 05:43 - 2014-04-14 06:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll 2015-01-08 05:42 - 2014-08-23 08:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2015-01-08 05:42 - 2014-08-23 08:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2015-01-08 05:42 - 2014-08-23 07:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2015-01-08 05:42 - 2014-08-23 06:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2015-01-08 05:42 - 2014-08-23 05:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll 2015-01-08 05:39 - 2014-08-16 05:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll 2015-01-08 05:39 - 2014-08-16 04:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2015-01-08 05:39 - 2014-08-16 04:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll 2015-01-08 05:39 - 2014-08-16 02:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2015-01-08 05:39 - 2014-08-16 02:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll 2015-01-08 05:39 - 2014-08-16 01:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll 2015-01-08 05:39 - 2014-08-16 01:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll 2015-01-08 05:39 - 2014-08-16 01:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll 2015-01-08 05:39 - 2014-08-16 01:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2015-01-08 05:39 - 2014-08-16 01:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll 2015-01-08 05:39 - 2014-08-16 01:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll 2015-01-08 05:39 - 2014-08-16 01:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2015-01-08 05:39 - 2014-08-16 01:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll 2015-01-08 05:39 - 2014-08-16 01:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-01-08 05:39 - 2014-08-16 01:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll 2015-01-08 05:39 - 2014-08-16 01:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll 2015-01-08 05:39 - 2014-08-16 01:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2015-01-08 05:39 - 2014-08-16 01:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2015-01-08 05:39 - 2014-08-16 01:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll 2015-01-08 05:39 - 2014-08-16 01:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2015-01-08 05:39 - 2014-08-16 01:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2015-01-08 05:39 - 2014-08-16 01:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll 2015-01-08 05:39 - 2014-08-16 01:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2015-01-08 05:39 - 2014-08-16 01:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2015-01-08 05:39 - 2014-08-16 01:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2015-01-08 05:31 - 2014-07-24 04:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll 2015-01-08 05:31 - 2014-07-24 04:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll 2015-01-08 05:28 - 2014-06-02 03:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2015-01-08 05:28 - 2014-05-31 07:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys 2015-01-08 05:28 - 2014-05-31 07:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys 2015-01-08 05:28 - 2014-05-31 05:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe 2015-01-08 05:28 - 2014-05-31 05:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll 2015-01-08 05:28 - 2014-05-31 05:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll 2015-01-08 05:28 - 2014-05-27 10:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll 2015-01-08 05:28 - 2014-05-27 10:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll 2015-01-08 05:24 - 2014-08-02 01:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2015-01-08 05:23 - 2014-07-10 05:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\lockscreencn.dll 2015-01-08 05:22 - 2014-07-15 19:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe 2015-01-08 05:22 - 2014-07-15 09:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll 2015-01-08 05:22 - 2014-07-15 09:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll 2015-01-08 05:22 - 2014-07-15 09:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll 2015-01-08 03:26 - 2015-01-08 03:26 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf 2015-01-07 18:58 - 2015-01-07 18:58 - 00004688 _____ () C:\WINDOWS\SysWOW64\LavasoftTcpService.ini 2015-01-07 18:58 - 2015-01-07 18:58 - 00002520 _____ () C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini 2015-01-07 18:58 - 2015-01-07 18:58 - 00002520 _____ () C:\WINDOWS\system32\LavasoftTcpServiceOff.ini 2015-01-07 18:58 - 2015-01-07 18:58 - 00000295 _____ () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk 2015-01-07 18:58 - 2015-01-07 18:58 - 00000000 ____D () C:\Users\Andy\AppData\Local\Lavasoft 2015-01-07 18:58 - 2015-01-07 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2015-01-07 18:58 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll 2015-01-07 18:58 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll 2015-01-07 18:56 - 2015-01-08 17:03 - 00000000 ____D () C:\ProgramData\Lavasoft 2015-01-07 18:56 - 2015-01-07 18:56 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Lavasoft 2015-01-06 18:48 - 2015-01-06 18:48 - 00010123 _____ () C:\Users\Andy\Documents\Unbenannt jh.odt 2015-01-06 15:39 - 2015-01-06 15:39 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security 2015-01-06 15:35 - 2015-01-06 15:35 - 00001457 _____ () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-06 15:34 - 2015-01-06 15:34 - 00000020 ___SH () C:\Users\Andy\ntuser.ini 2015-01-06 15:26 - 2015-01-06 15:26 - 00000000 _SHDL () C:\Users\Default\Vorlagen 2015-01-06 15:26 - 2015-01-06 15:26 - 00000000 _SHDL () C:\Users\Default\Startmenü 2015-01-06 15:26 - 2015-01-06 15:26 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2015-01-06 15:26 - 2015-01-06 15:26 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen 2015-01-06 15:26 - 2015-01-06 15:26 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien 2015-01-06 15:26 - 2015-01-06 15:26 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2015-01-06 15:26 - 2015-01-06 15:26 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2015-01-06 15:26 - 2015-01-06 15:26 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2015-01-06 15:26 - 2015-01-06 15:26 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-01-06 15:26 - 2015-01-06 15:26 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2015-01-06 15:26 - 2015-01-06 15:26 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten 2015-01-06 15:26 - 2015-01-06 15:26 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten 2015-01-06 15:26 - 2015-01-06 15:26 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2015-01-06 15:26 - 2015-01-06 15:26 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2015-01-06 15:26 - 2015-01-06 15:26 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-01-06 15:26 - 2015-01-06 15:26 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2015-01-06 15:26 - 2015-01-06 15:26 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten 2015-01-06 15:25 - 2015-01-06 15:25 - 00022960 _____ () C:\WINDOWS\system32\emptyregdb.dat 2015-01-06 15:12 - 2015-01-06 15:12 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-01-06 15:08 - 2015-01-06 15:08 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate 2015-01-06 15:07 - 2015-01-09 19:48 - 00000000 ____D () C:\Users\Andy 2015-01-06 15:07 - 2015-01-06 15:08 - 00000000 ___RD () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-01-06 15:07 - 2015-01-06 15:08 - 00000000 ___RD () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-01-06 15:07 - 2015-01-06 15:07 - 00000000 _SHDL () C:\Users\Andy\Vorlagen 2015-01-06 15:07 - 2015-01-06 15:07 - 00000000 _SHDL () C:\Users\Andy\Startmenü 2015-01-06 15:07 - 2015-01-06 15:07 - 00000000 _SHDL () C:\Users\Andy\Netzwerkumgebung 2015-01-06 15:07 - 2015-01-06 15:07 - 00000000 _SHDL () C:\Users\Andy\Lokale Einstellungen 2015-01-06 15:07 - 2015-01-06 15:07 - 00000000 _SHDL () C:\Users\Andy\Eigene Dateien 2015-01-06 15:07 - 2015-01-06 15:07 - 00000000 _SHDL () C:\Users\Andy\Druckumgebung 2015-01-06 15:07 - 2015-01-06 15:07 - 00000000 _SHDL () C:\Users\Andy\Documents\Eigene Musik 2015-01-06 15:07 - 2015-01-06 15:07 - 00000000 _SHDL () C:\Users\Andy\Documents\Eigene Bilder 2015-01-06 15:07 - 2015-01-06 15:07 - 00000000 _SHDL () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-01-06 15:07 - 2015-01-06 15:07 - 00000000 _SHDL () C:\Users\Andy\AppData\Local\Verlauf 2015-01-06 15:07 - 2015-01-06 15:07 - 00000000 _SHDL () C:\Users\Andy\AppData\Local\Anwendungsdaten 2015-01-06 15:07 - 2015-01-06 15:07 - 00000000 _SHDL () C:\Users\Andy\Anwendungsdaten 2015-01-06 15:07 - 2014-09-24 07:18 - 00000369 _____ () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-01-06 15:07 - 2014-09-24 07:18 - 00000369 _____ () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-01-06 15:07 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-06 15:07 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-06 15:05 - 2015-01-06 15:25 - 00022863 _____ () C:\WINDOWS\diagwrn.xml 2015-01-06 15:05 - 2015-01-06 15:25 - 00022863 _____ () C:\WINDOWS\diagerr.xml 2015-01-06 15:00 - 2015-01-06 15:00 - 00001513 _____ () C:\WINDOWS\system32\RaCoInst.log 2015-01-06 15:00 - 2015-01-06 15:00 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2015-01-06 15:00 - 2015-01-06 15:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM 2015-01-06 15:00 - 2015-01-06 15:00 - 00000000 ____D () C:\Program Files\Realtek 2015-01-06 14:59 - 2015-01-09 19:35 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-06 14:59 - 2015-01-06 15:10 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2015-01-06 14:59 - 2015-01-06 15:10 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2015-01-06 14:59 - 2015-01-06 15:10 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2015-01-06 14:59 - 2014-09-13 22:53 - 06890696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2015-01-06 14:59 - 2014-09-13 22:53 - 03529872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2015-01-06 14:59 - 2014-09-13 22:53 - 02557640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2015-01-06 14:59 - 2014-09-13 22:53 - 00934216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe 2015-01-06 14:59 - 2014-09-13 22:53 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2015-01-06 14:59 - 2014-09-13 22:53 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2015-01-06 14:59 - 2014-09-11 16:37 - 03961833 _____ () C:\WINDOWS\system32\nvcoproc.bin 2015-01-06 14:57 - 2015-01-06 14:57 - 00000000 __SHD () C:\Recovery 2015-01-06 14:55 - 2015-01-06 14:55 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-01-06 14:55 - 2015-01-06 14:55 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-01-06 14:55 - 2015-01-06 14:55 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-01-06 14:55 - 2015-01-06 14:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2015-01-06 14:55 - 2015-01-06 14:55 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2015-01-06 14:55 - 2015-01-06 14:55 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-01-06 14:55 - 2015-01-06 14:55 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-01-06 14:54 - 2015-01-09 18:00 - 00498064 _____ () C:\WINDOWS\system32\perfh011.dat 2015-01-06 14:54 - 2015-01-09 18:00 - 00135868 _____ () C:\WINDOWS\system32\perfc011.dat 2015-01-06 14:54 - 2015-01-06 14:54 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2015-01-06 14:54 - 2015-01-06 14:54 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll 2015-01-06 14:54 - 2015-01-06 14:54 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2015-01-06 14:54 - 2015-01-06 14:54 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-01-06 14:54 - 2015-01-06 14:54 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2015-01-06 14:54 - 2015-01-06 14:54 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2015-01-06 14:54 - 2015-01-06 14:54 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-01-06 14:54 - 2015-01-06 14:54 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-01-06 14:54 - 2015-01-06 14:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll 2015-01-06 14:54 - 2015-01-06 14:54 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-01-06 14:54 - 2015-01-06 14:54 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2015-01-06 14:54 - 2015-01-06 14:54 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-01-06 14:54 - 2015-01-06 14:54 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-01-06 14:54 - 2015-01-06 14:54 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2015-01-06 14:54 - 2015-01-06 14:54 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-01-06 14:54 - 2015-01-06 14:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-06 14:54 - 2015-01-06 14:54 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll 2015-01-06 14:54 - 2015-01-06 14:54 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-06 14:54 - 2015-01-06 14:54 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll 2015-01-06 14:54 - 2015-01-06 14:54 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll 2015-01-06 14:54 - 2015-01-06 14:53 - 00144476 _____ () C:\WINDOWS\system32\perfi011.dat 2015-01-06 14:54 - 2015-01-06 14:53 - 00033362 _____ () C:\WINDOWS\system32\perfd011.dat 2015-01-06 14:53 - 2015-01-06 14:53 - 00000000 ____D () C:\WINDOWS\SysWOW64\ja 2015-01-06 14:53 - 2015-01-06 14:53 - 00000000 ____D () C:\WINDOWS\system32\ja 2015-01-06 14:52 - 2015-01-06 14:52 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lzhfldr2.dll 2015-01-06 14:52 - 2015-01-06 14:52 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lzhfldr2.dll 2015-01-06 14:47 - 2015-01-06 14:47 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2015-01-06 14:47 - 2015-01-06 14:47 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2015-01-06 14:46 - 2015-01-06 14:46 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2015-01-06 14:46 - 2015-01-06 14:46 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2015-01-06 14:46 - 2015-01-06 14:46 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe 2015-01-06 14:46 - 2015-01-06 14:46 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2015-01-06 14:46 - 2015-01-06 14:46 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 00054592 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdusb.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2015-01-06 14:46 - 2015-01-06 14:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys 2015-01-06 14:46 - 2015-01-06 14:46 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll 2015-01-06 14:46 - 2015-01-06 14:46 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe 2015-01-06 14:45 - 2015-01-06 14:45 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe 2015-01-06 14:45 - 2015-01-06 14:45 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe 2015-01-06 14:45 - 2015-01-06 14:45 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe 2015-01-06 14:45 - 2015-01-06 14:45 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe 2015-01-06 14:45 - 2015-01-06 14:45 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe 2015-01-06 14:45 - 2015-01-06 14:45 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe 2015-01-06 14:45 - 2015-01-06 14:45 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx 2015-01-06 14:45 - 2015-01-06 14:45 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx 2015-01-06 14:45 - 2015-01-06 14:45 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll 2015-01-06 14:45 - 2015-01-06 14:45 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe 2015-01-06 14:45 - 2015-01-06 14:45 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe 2015-01-06 14:45 - 2015-01-06 14:45 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe 2015-01-06 14:45 - 2015-01-06 14:45 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe 2015-01-06 14:44 - 2015-01-06 14:44 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2015-01-06 14:44 - 2015-01-06 14:44 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2015-01-06 14:44 - 2015-01-06 14:44 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll 2015-01-06 14:44 - 2015-01-06 14:44 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll 2015-01-06 14:44 - 2015-01-06 14:44 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2015-01-06 14:44 - 2015-01-06 14:44 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2015-01-06 14:44 - 2015-01-06 14:44 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll 2015-01-06 14:44 - 2015-01-06 14:44 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll 2015-01-06 14:44 - 2015-01-06 14:44 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll 2015-01-06 14:44 - 2015-01-06 14:44 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll 2015-01-06 14:44 - 2015-01-06 14:44 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll 2015-01-06 14:44 - 2015-01-06 14:44 - 00148800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS 2015-01-06 14:44 - 2015-01-06 14:44 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll 2015-01-06 14:44 - 2015-01-06 14:44 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe 2015-01-06 14:43 - 2015-01-06 14:43 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-01-06 14:43 - 2015-01-06 14:43 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2015-01-06 14:43 - 2015-01-06 14:43 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2015-01-06 14:43 - 2015-01-06 14:43 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2015-01-06 14:43 - 2015-01-06 14:43 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2015-01-06 14:43 - 2015-01-06 14:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2015-01-06 14:43 - 2015-01-06 14:43 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2015-01-06 14:43 - 2015-01-06 14:43 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2015-01-06 14:43 - 2015-01-06 14:43 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll 2015-01-06 14:42 - 2015-01-06 14:42 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff 2015-01-06 14:37 - 2015-01-06 14:53 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer 2015-01-06 14:37 - 2015-01-06 14:37 - 00000000 ____D () C:\Program Files\Reference Assemblies 2015-01-06 14:37 - 2015-01-06 14:37 - 00000000 ____D () C:\Program Files\MSBuild 2015-01-06 14:37 - 2015-01-06 14:37 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies 2015-01-06 14:37 - 2015-01-06 14:37 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2015-01-06 14:37 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2015-01-06 14:37 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-01-06 14:37 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2015-01-06 14:37 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-01-06 12:01 - 2015-01-06 12:01 - 00000000 ____D () C:\Users\Andy\AppData\Local\PDF24 2015-01-04 13:02 - 2015-01-04 15:42 - 2641977375 _____ () C:\Users\Andy\Desktop\Gaki_150103_No-Laughing Prison Extra Footage SP.mp4 2015-01-04 10:01 - 2015-01-04 10:25 - 336605659 _____ () C:\Users\Andy\Downloads\Gaki no Tsukai #1235.mp4 2015-01-04 10:00 - 2015-01-04 10:24 - 344354880 _____ () C:\Users\Andy\Downloads\Gaki no Tsukai #1234.mp4 2015-01-04 09:59 - 2015-01-04 10:25 - 347553457 _____ () C:\Users\Andy\Downloads\Gaki no Tsukai #1233.mp4 2015-01-04 09:56 - 2015-01-06 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-09 19:40 - 2013-04-17 16:24 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2121296057-1747745134-147526060-1002 2015-01-09 19:37 - 2014-10-04 08:50 - 00000344 _____ () C:\WINDOWS\Tasks\GlaryInitialize 5.job 2015-01-09 19:36 - 2014-08-16 08:35 - 00000000 ____D () C:\Users\Andy\Desktop\bewerb 2015-01-09 19:35 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-09 19:12 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-01-09 19:12 - 2013-08-07 13:32 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Skype 2015-01-09 19:05 - 2014-07-09 18:53 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-01-09 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-01-09 18:00 - 2014-09-24 07:17 - 02414878 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-01-09 18:00 - 2014-09-24 06:43 - 00765378 _____ () C:\WINDOWS\system32\perfh007.dat 2015-01-09 18:00 - 2014-09-24 06:43 - 00159696 _____ () C:\WINDOWS\system32\perfc007.dat 2015-01-09 17:51 - 2013-05-19 22:33 - 00000000 ____D () C:\Users\Andy\AppData\Local\CrashDumps 2015-01-09 17:51 - 2013-04-17 16:50 - 00000000 ____D () C:\ProgramData\Avira 2015-01-09 17:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-01-09 17:22 - 2014-10-04 08:50 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5 2015-01-09 16:59 - 2014-06-29 08:24 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\vlc 2015-01-09 14:42 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-01-09 14:40 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2015-01-09 14:40 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup 2015-01-09 14:40 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\setup 2015-01-09 14:34 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-01-09 13:20 - 2014-07-09 18:53 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-01-09 05:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-01-08 20:38 - 2013-05-02 09:41 - 00000000 ____D () C:\Users\Andy\Desktop\Programme 2015-01-08 20:37 - 2013-05-08 19:40 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\DVDVideoSoft 2015-01-08 18:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore 2015-01-08 18:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2015-01-08 18:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2015-01-08 18:01 - 2013-08-09 19:04 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2015-01-08 18:01 - 2013-07-27 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-01-08 18:00 - 2014-07-26 11:33 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-08 15:38 - 2014-06-21 17:10 - 00000000 ____D () C:\Users\Andy\AppData\Local\Adobe 2015-01-08 10:22 - 2014-07-19 09:47 - 00000000 ____D () C:\Program Files (x86)\Connectify 2015-01-08 07:56 - 2014-07-19 09:52 - 00000410 _____ () C:\Users\Public\Desktop\Connectify Dispatch.lnk 2015-01-07 19:33 - 2014-07-09 18:53 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-07 19:10 - 2014-07-09 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-07 19:10 - 2013-05-02 09:40 - 00001121 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-07 19:05 - 2014-11-11 09:45 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update 2015-01-07 19:02 - 2014-11-02 07:04 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense 2015-01-07 19:02 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP 2015-01-07 19:00 - 2014-11-06 10:17 - 00000000 ____D () C:\Program Files\Unlocker 2015-01-07 18:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\restore 2015-01-07 16:33 - 2013-06-04 17:03 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Media Player Classic 2015-01-06 15:37 - 2013-04-17 16:01 - 00000000 ____D () C:\Users\Andy\AppData\Local\Packages 2015-01-06 15:34 - 2013-01-07 09:14 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration 2015-01-06 15:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration 2015-01-06 15:26 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT 2015-01-06 15:26 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default 2015-01-06 15:23 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media 2015-01-06 15:23 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries 2015-01-06 15:20 - 2013-01-07 10:36 - 02445716 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2015-01-06 15:16 - 2013-08-22 15:44 - 00377320 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-01-06 15:14 - 2014-11-21 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-01-06 15:14 - 2014-11-11 09:46 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox 2015-01-06 15:14 - 2014-11-11 09:46 - 00000000 ____D () C:\WINDOWS\system32\vbox 2015-01-06 15:14 - 2014-11-11 09:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-01-06 15:14 - 2014-11-06 10:17 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker 2015-01-06 15:14 - 2014-10-26 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-01-06 15:14 - 2014-10-25 11:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake 2015-01-06 15:14 - 2014-10-04 08:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5 2015-01-06 15:14 - 2014-10-03 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-01-06 15:14 - 2014-09-20 10:45 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-06 15:14 - 2014-09-20 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-06 15:14 - 2014-07-26 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2015-01-06 15:14 - 2014-06-29 08:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-01-06 15:14 - 2014-05-11 16:23 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-01-06 15:14 - 2014-03-15 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-01-06 15:14 - 2014-03-08 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2015-01-06 15:14 - 2013-11-21 18:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2015-01-06 15:14 - 2013-10-10 21:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2015-01-06 15:14 - 2013-10-10 21:09 - 00000000 ____D () C:\WINDOWS\de 2015-01-06 15:14 - 2013-10-10 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter 2015-01-06 15:14 - 2013-09-19 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu! 2015-01-06 15:14 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep 2015-01-06 15:14 - 2013-08-16 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative 2015-01-06 15:14 - 2013-06-29 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra 2015-01-06 15:14 - 2013-06-13 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Wars - Empire at War - Forces of Corrution - Space AddOn 2015-01-06 15:14 - 2013-06-04 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74 2015-01-06 15:14 - 2013-05-24 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2015-01-06 15:14 - 2013-05-12 11:25 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 2015-01-06 15:14 - 2013-05-02 09:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol 2015-01-06 15:14 - 2013-01-07 10:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2015-01-06 15:14 - 2013-01-07 09:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 10 2015-01-06 15:12 - 2014-09-24 06:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN 2015-01-06 15:12 - 2014-09-24 06:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep 2015-01-06 15:12 - 2014-09-24 06:43 - 00000000 ____D () C:\WINDOWS\system32\WCN 2015-01-06 15:12 - 2013-11-09 20:30 - 00000000 ____D () C:\WINDOWS\SysWOW64\new_gamedata 2015-01-06 15:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI 2015-01-06 15:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz 2015-01-06 15:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME 2015-01-06 15:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy 2015-01-06 15:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns 2015-01-06 15:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\spool 2015-01-06 15:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-01-06 15:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\MUI 2015-01-06 15:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\IME 2015-01-06 15:12 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI 2015-01-06 15:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Resources 2015-01-06 15:10 - 2014-08-03 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts 2015-01-06 15:10 - 2014-07-31 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES 2015-01-06 15:10 - 2013-08-22 16:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker 2015-01-06 15:10 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar 2015-01-06 15:10 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar 2015-01-06 15:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME 2015-01-06 15:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help 2015-01-06 15:10 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-01-06 15:10 - 2013-08-07 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames 2015-01-06 15:10 - 2013-06-13 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts 2015-01-06 15:10 - 2013-04-17 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys 2015-01-06 15:10 - 2013-01-07 09:58 - 00000000 ____D () C:\ProgramData\PRICache 2015-01-06 15:08 - 2014-10-25 11:03 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake 2015-01-06 15:08 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery 2015-01-06 15:08 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy 2015-01-06 14:56 - 2013-08-22 16:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template 2015-01-06 14:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2015-01-06 14:54 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2015-01-06 14:53 - 2014-09-24 07:00 - 00000000 ____D () C:\Program Files\Windows Journal 2015-01-06 14:53 - 2014-09-24 06:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\winrm 2015-01-06 14:53 - 2014-09-24 06:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\slmgr 2015-01-06 14:53 - 2014-09-24 06:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2015-01-06 14:53 - 2014-09-24 06:43 - 00000000 ____D () C:\WINDOWS\system32\winrm 2015-01-06 14:53 - 2014-09-24 06:43 - 00000000 ____D () C:\WINDOWS\system32\slmgr 2015-01-06 14:53 - 2014-09-24 06:43 - 00000000 ____D () C:\WINDOWS\system32\Printing_Admin_Scripts 2015-01-06 14:53 - 2013-08-22 16:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc 2015-01-06 14:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com 2015-01-06 14:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform 2015-01-06 14:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz 2015-01-06 14:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Com 2015-01-06 14:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager 2015-01-06 14:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer 2015-01-06 14:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-01-06 14:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System 2015-01-06 14:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer 2015-01-06 14:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-01-06 14:53 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe 2015-01-06 14:53 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism 2015-01-06 14:53 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\oobe 2015-01-06 14:53 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Dism 2015-01-06 14:53 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\servicing 2015-01-06 14:46 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-01-06 14:46 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-01-06 14:44 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer 2015-01-06 14:44 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera 2015-01-06 10:54 - 2014-07-12 17:31 - 00015279 _____ () C:\Users\Andy\Desktop\Unbenannt 1.odt 2015-01-04 09:56 - 2014-07-31 18:54 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-01-04 09:56 - 2013-08-07 13:32 - 00000000 ____D () C:\ProgramData\Skype 2015-01-04 09:56 - 2013-07-27 13:52 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-04 09:54 - 2014-08-30 15:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-01-04 09:53 - 2013-01-07 10:43 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-04 09:29 - 2013-04-20 22:51 - 00000000 ____D () C:\WINDOWS\System32\Tasks\NCH Software Some content of TEMP: ==================== C:\Users\Andy\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-06 14:58 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-09 19:55:41
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002d ST1000DM003-1CH162 rev.CC44 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Andy\AppData\Local\Temp\ugldrpob.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff96000093200 15 bytes [00, 28, F6, 01, 80, 1C, 6C, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff96000093210 11 bytes [00, 0E, FC, FF, 00, 05, C4, ...]
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\dwm.exe[304] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffecf54169a 4 bytes [54, CF, FE, 7F]
.text C:\WINDOWS\system32\dwm.exe[304] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffecf5416a2 4 bytes [54, CF, FE, 7F]
.text C:\WINDOWS\system32\dwm.exe[304] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffecf54181a 4 bytes [54, CF, FE, 7F]
.text C:\WINDOWS\system32\dwm.exe[304] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffecf541832 4 bytes [54, CF, FE, 7F]
.text C:\WINDOWS\system32\nvvsvc.exe[468] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffecf54169a 4 bytes [54, CF, FE, 7F]
.text C:\WINDOWS\system32\nvvsvc.exe[468] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffecf5416a2 4 bytes [54, CF, FE, 7F]
.text C:\WINDOWS\system32\nvvsvc.exe[468] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffecf54181a 4 bytes [54, CF, FE, 7F]
.text C:\WINDOWS\system32\nvvsvc.exe[468] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffecf541832 4 bytes [54, CF, FE, 7F]
.text C:\WINDOWS\Explorer.EXE[1632] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffecf54169a 4 bytes [54, CF, FE, 7F]
.text C:\WINDOWS\Explorer.EXE[1632] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffecf5416a2 4 bytes [54, CF, FE, 7F]
.text C:\WINDOWS\Explorer.EXE[1632] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffecf54181a 4 bytes [54, CF, FE, 7F]
.text C:\WINDOWS\Explorer.EXE[1632] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffecf541832 4 bytes [54, CF, FE, 7F]
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[4144] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffecf54169a 4 bytes [54, CF, FE, 7F]
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[4144] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffecf5416a2 4 bytes [54, CF, FE, 7F]
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[4144] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffecf54181a 4 bytes [54, CF, FE, 7F]
.text C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe[4144] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffecf541832 4 bytes [54, CF, FE, 7F]
.text C:\Program Files\Logitech Gaming Software\LCore.exe[1280] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffecf54169a 4 bytes [54, CF, FE, 7F]
.text C:\Program Files\Logitech Gaming Software\LCore.exe[1280] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffecf5416a2 4 bytes [54, CF, FE, 7F]
.text C:\Program Files\Logitech Gaming Software\LCore.exe[1280] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffecf54181a 4 bytes [54, CF, FE, 7F]
.text C:\Program Files\Logitech Gaming Software\LCore.exe[1280] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffecf541832 4 bytes [54, CF, FE, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [740:756] fffff960008ddb90
Thread C:\WINDOWS\system32\svchost.exe [984:6728] 00007ffec59738e0
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3212:3216] 00000000003c1c94
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3212:3928] 0000000004ed2535
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3212:3948] 0000000004ed2535
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [3212:3952] 0000000004ed2535
Thread C:\Windows\System32\WWAHost.exe [5344:6272] 00007ffecd360310
Thread C:\Windows\System32\WWAHost.exe [5344:5756] 00007ffecb2ba1f0
Thread C:\Windows\System32\WWAHost.exe [5344:6200] 00007ffec33b7d70
Thread C:\Windows\System32\WWAHost.exe [5344:5916] 00007ffecb9acb88
Thread C:\Windows\System32\WWAHost.exe [5344:6232] 00007ffeb5233010
Thread C:\Windows\System32\WWAHost.exe [5344:6244] 00007ffeb5236230
Thread C:\Windows\System32\WWAHost.exe [5344:5592] 00007ffeb53884e0
Thread C:\Windows\System32\WWAHost.exe [5344:6568] 00007ffeb5236230
Thread C:\Windows\System32\WWAHost.exe [5344:7136] 00007ffecd7e99b0
Thread C:\Windows\System32\WWAHost.exe [5344:5256] 00007ffecd7e99b0
Thread C:\Windows\System32\WWAHost.exe [5344:6964] 00007ffeb5236230
Thread C:\Windows\System32\WWAHost.exe [5344:7076] 00007ffeb5236230
Thread C:\Windows\System32\WWAHost.exe [5344:6524] 00007ffeb7498b48
Thread C:\Windows\System32\WWAHost.exe [5344:6556] 00007ffecd360310
Thread C:\Windows\System32\WWAHost.exe [5344:1992] 00007ffeb748d2b0
Thread C:\Windows\System32\WWAHost.exe [5344:3828] 00007ffeccecad30
Thread C:\Windows\System32\WWAHost.exe [5344:3488] 00007ffecd360310
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
09.01.2015, 20:40
| #3 |
| /// the machine /// TB-Ausbilder    | Problem Win32:Crypt-RQA Hi,
__________________erstmal alles an Security Software runter und 1 AV behalten. Ein Wunder das die Kiste noch läuft. Systemwiederherstellung einmal deaktivieren und wieder aktivieren, dann ist der Fund weg.
__________________ |
|
| Themen zu Problem Win32:Crypt-RQA |
| .dll, adware, antivirus, avast, avira, bluestacks, combofix, cpu, defender, downloader, entfernen, error, firefox, flash player, home, hotspot, internet, problem, prozess, scan, security, server, software, symantec, system, temp, web companion, windows |
Linear-Darstellung
