| |
| |||||||
Log-Analyse und Auswertung: Windows 8.1: Probleme nach UpdateWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.02.2015, 17:00
| #1 |
 |  Windows 8.1: Probleme nach Update Guten Tag, ich habe gestern mein System auf Windows 8.1 aktualisiert (vorher Windows 8), und seitdem Probleme beim Start. Sobald ich auf dem Desktop bin kriege ich Fehlermeldungen das diverse Prozesse nicht mehr funktionieren. Diese kann man wegklicken, und danach läuft das System ganz normal. Außerdem auffällig ist das eine Datei namens isuyiBzamf.dat, welche im Autostart eingetragen ist. Hier dazu ein Bild: www.directupload.net/file/d/3908/c5jh8bj3_png.htm Diese wurde von virustotal als Trj/Genetic.gen erkannt. Konnte aber von meinem Virenscanner bisher nicht entfernt werden bzw. hatte ich nie Probleme gehabt. Alle Logfiles gibt es nun hier: FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2015
Ran by HPPC (administrator) on HP on 24-02-2015 16:20:25
Running from C:\Users\HPPC\Desktop
Loaded Profiles: HPPC (Available profiles: HPPC)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser path: "C:\Program Files\Cyberfox\Cyberfox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Spotify Ltd) C:\Users\HPPC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(8pecxstudios) C:\Program Files\Cyberfox\Cyberfox.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_1.0.2.8_x86__h6adky7gbf63m\W8.1EntryPoint.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-07-24] (Panda Security, S.L.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\SysWOW64\userinit.exe,
HKU\S-1-5-21-3776727103-4227896957-2343858286-1001\...\Run: [Spotify Web Helper] => C:\Users\HPPC\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-12] (Spotify Ltd)
HKU\S-1-5-21-3776727103-4227896957-2343858286-1001\...\Run: [IsuyiBzamf] => regsvr32.exe "C:\ProgramData\IsuyiBzamf\IsuyiBzamf.dat"
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HPPC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HPPC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HPPC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HPPC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HPPC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HPPC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HPPC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HPPC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3776727103-4227896957-2343858286-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_15_05&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzy0BtB0F0FyEtB0BtA0FtBtN0D0Tzu0StCtCtByEtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0CyE0CyEtCtD0BtGzzyC0CyDtG0CtByDtAtG0A0DtB0DtGtAyE0F0D0DtCyCtC0F0F0E0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyB0EzytDtA0F0EtGzyzytDtAtGyEyByDyDtG0B0D0B0BtGtDzz0CtByE0C0BtAyE0EyB0E2Q&cr=1875176596&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_15_05&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzy0BtB0F0FyEtB0BtA0FtBtN0D0Tzu0StCtCtByEtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0CyE0CyEtCtD0BtGzzyC0CyDtG0CtByDtAtG0A0DtB0DtGtAyE0F0D0DtCyCtC0F0F0E0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyB0EzytDtA0F0EtGzyzytDtAtGyEyByDyDtG0B0D0B0BtGtDzz0CtByE0C0BtAyE0EyB0E2Q&cr=1875176596&ir=
SearchScopes: HKU\S-1-5-21-3776727103-4227896957-2343858286-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_15_05&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzy0BtB0F0FyEtB0BtA0FtBtN0D0Tzu0StCtCtByEtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0CyE0CyEtCtD0BtGzzyC0CyDtG0CtByDtAtG0A0DtB0DtGtAyE0F0D0DtCyCtC0F0F0E0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyB0EzytDtA0F0EtGzyzytDtAtGyEyByDyDtG0B0D0B0BtGtDzz0CtByE0C0BtAyE0EyB0E2Q&cr=1875176596&ir=
SearchScopes: HKU\S-1-5-21-3776727103-4227896957-2343858286-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_15_05&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzy0BtB0F0FyEtB0BtA0FtBtN0D0Tzu0StCtCtByEtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0CyE0CyEtCtD0BtGzzyC0CyDtG0CtByDtAtG0A0DtB0DtGtAyE0F0D0DtCyCtC0F0F0E0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyB0EzytDtA0F0EtGzyzytDtAtGyEyByDyDtG0B0D0B0BtGtDzz0CtByE0C0BtAyE0EyB0E2Q&cr=1875176596&ir=
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-3776727103-4227896957-2343858286-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\HPPC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
S2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [243880 2015-02-13] (Foxit Software Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-02-16] (LogMeIn, Inc.)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [141560 2014-07-24] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [61688 2014-07-23] (Panda Security, S.L.)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-07-24] (Panda Security, S.L.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-02-17] (LogMeIn Inc.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
S1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [47360 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [160800 2014-07-24] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [120352 2014-07-24] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [106016 2014-07-24] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R1 {f2944598-b89f-4e10-b544-5173761572df}Gw64; C:\Windows\System32\drivers\{f2944598-b89f-4e10-b544-5173761572df}Gw64.sys [48784 2015-01-29] (StdLib)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-24 16:20 - 2015-02-24 16:20 - 00015380 _____ () C:\Users\HPPC\Desktop\FRST.txt
2015-02-24 16:20 - 2015-02-24 16:20 - 00000000 ____D () C:\FRST
2015-02-24 16:19 - 2015-02-24 16:19 - 02087424 _____ (Farbar) C:\Users\HPPC\Desktop\FRST64.exe
2015-02-24 12:51 - 2015-02-24 12:52 - 00001354 _____ () C:\Users\HPPC\Desktop\Shutdown.lnk
2015-02-24 12:04 - 2015-02-24 12:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-24 12:04 - 2015-01-29 17:49 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-24 12:01 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-02-24 12:01 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-02-24 11:57 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-02-24 11:57 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-02-24 11:57 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-02-24 11:57 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-02-24 11:57 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-02-24 11:51 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-02-24 11:51 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-02-24 11:51 - 2014-04-30 07:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2015-02-24 11:51 - 2014-04-30 07:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2015-02-24 11:49 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-24 11:48 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-24 11:48 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-24 11:47 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-02-24 11:47 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-02-24 11:47 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-02-24 11:47 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-02-24 11:46 - 2014-07-24 04:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-02-24 11:46 - 2014-07-24 04:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-02-23 23:22 - 2015-02-24 12:15 - 00001903 _____ () C:\WINDOWS\setupact.log
2015-02-23 23:22 - 2015-02-23 23:22 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-22 20:08 - 2015-02-22 20:12 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-02-22 15:37 - 2015-02-24 12:16 - 00000000 ___RD () C:\Users\HPPC\OneDrive
2015-02-22 15:34 - 2015-02-22 15:34 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-02-22 15:29 - 2015-02-22 15:29 - 00000000 ____D () C:\Users\HPPC\AppData\Local\AMD
2015-02-22 15:28 - 2015-02-22 15:28 - 00001456 _____ () C:\Users\HPPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-22 15:28 - 2015-02-22 15:28 - 00000000 ____D () C:\Users\HPPC\AppData\Roaming\ATI
2015-02-22 15:28 - 2015-02-22 15:28 - 00000000 ____D () C:\Users\HPPC\AppData\Local\ATI
2015-02-22 15:28 - 2015-02-22 15:28 - 00000000 ____D () C:\ProgramData\ATI
2015-02-22 15:27 - 2015-02-22 15:27 - 00000020 ___SH () C:\Users\HPPC\ntuser.ini
2015-02-22 15:25 - 2015-02-22 15:25 - 00022960 _____ () C:\WINDOWS\system32\emptyregdb.dat
2015-02-22 15:25 - 2015-02-22 15:25 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2015-02-22 15:25 - 2015-02-22 15:25 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-02-22 15:25 - 2015-02-22 15:25 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-02-22 15:25 - 2015-02-22 15:25 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2015-02-22 15:25 - 2015-02-22 15:25 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2015-02-22 15:25 - 2015-02-22 15:25 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-02-22 15:25 - 2015-02-22 15:25 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-02-22 15:25 - 2015-02-22 15:25 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-02-22 15:25 - 2015-02-22 15:25 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-02-22 15:25 - 2015-02-22 15:25 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-02-22 15:25 - 2015-02-22 15:25 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2015-02-22 15:25 - 2015-02-22 15:25 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2015-02-22 15:25 - 2015-02-22 15:25 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-02-22 15:25 - 2015-02-22 15:25 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-02-22 15:25 - 2015-02-22 15:25 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-02-22 15:25 - 2015-02-22 15:25 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-02-22 15:25 - 2015-02-22 15:25 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-02-22 15:13 - 2015-02-22 15:13 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-02-22 15:13 - 2015-02-22 15:13 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-02-22 15:13 - 2015-02-22 15:13 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-02-22 15:10 - 2015-02-22 15:10 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2015-02-22 15:09 - 2015-02-22 15:25 - 00022863 _____ () C:\WINDOWS\diagwrn.xml
2015-02-22 15:09 - 2015-02-22 15:25 - 00022863 _____ () C:\WINDOWS\diagerr.xml
2015-02-22 15:08 - 2015-02-22 15:37 - 00000000 ____D () C:\Users\HPPC
2015-02-22 15:08 - 2015-02-22 15:09 - 00000000 ___RD () C:\Users\HPPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-22 15:08 - 2015-02-22 15:08 - 00000000 _SHDL () C:\Users\HPPC\Vorlagen
2015-02-22 15:08 - 2015-02-22 15:08 - 00000000 _SHDL () C:\Users\HPPC\Startmenü
2015-02-22 15:08 - 2015-02-22 15:08 - 00000000 _SHDL () C:\Users\HPPC\Netzwerkumgebung
2015-02-22 15:08 - 2015-02-22 15:08 - 00000000 _SHDL () C:\Users\HPPC\Lokale Einstellungen
2015-02-22 15:08 - 2015-02-22 15:08 - 00000000 _SHDL () C:\Users\HPPC\Eigene Dateien
2015-02-22 15:08 - 2015-02-22 15:08 - 00000000 _SHDL () C:\Users\HPPC\Druckumgebung
2015-02-22 15:08 - 2015-02-22 15:08 - 00000000 _SHDL () C:\Users\HPPC\Documents\Eigene Musik
2015-02-22 15:08 - 2015-02-22 15:08 - 00000000 _SHDL () C:\Users\HPPC\Documents\Eigene Bilder
2015-02-22 15:08 - 2015-02-22 15:08 - 00000000 _SHDL () C:\Users\HPPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-02-22 15:08 - 2015-02-22 15:08 - 00000000 _SHDL () C:\Users\HPPC\AppData\Local\Verlauf
2015-02-22 15:08 - 2015-02-22 15:08 - 00000000 _SHDL () C:\Users\HPPC\AppData\Local\Anwendungsdaten
2015-02-22 15:08 - 2015-02-22 15:08 - 00000000 _SHDL () C:\Users\HPPC\Anwendungsdaten
2015-02-22 15:08 - 2014-11-21 11:52 - 00000000 ___RD () C:\Users\HPPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-22 15:08 - 2014-11-21 11:52 - 00000000 ___RD () C:\Users\HPPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-02-22 15:08 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\HPPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-02-22 15:08 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\HPPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-02-22 15:08 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\HPPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-22 15:02 - 2015-02-22 15:02 - 00060817 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201502221502333668.log
2015-02-22 15:02 - 2015-02-22 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-02-22 15:02 - 2015-02-22 15:02 - 00000000 ____D () C:\ProgramData\AMD
2015-02-22 15:02 - 2015-02-22 15:02 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-02-22 15:01 - 2015-02-24 15:33 - 01120598 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-22 15:01 - 2015-02-22 15:02 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2015-02-22 15:01 - 2015-02-22 15:01 - 00000425 _____ () C:\WINDOWS\BRWMARK.INI
2015-02-22 15:01 - 2015-02-22 15:01 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-02-22 15:00 - 2015-02-22 15:00 - 00000000 ____D () C:\Program Files\AMD
2015-02-22 15:00 - 2015-02-22 15:00 - 00000000 _____ () C:\WINDOWS\ativpsrm.bin
2015-02-22 14:58 - 2015-02-23 10:57 - 00000000 ___DC () C:\WINDOWS\Panther
2015-02-22 14:55 - 2015-02-22 14:55 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-02-22 14:55 - 2015-02-22 14:55 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-02-22 14:55 - 2015-02-22 14:55 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-02-22 14:55 - 2015-02-22 14:55 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-02-22 14:55 - 2015-02-22 14:55 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-02-22 14:55 - 2015-02-22 14:55 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-02-22 14:55 - 2015-02-22 14:55 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-02-22 14:55 - 2015-02-22 14:55 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-02-22 14:55 - 2015-02-22 14:55 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-02-22 14:54 - 2015-02-22 14:54 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-02-22 14:54 - 2015-02-22 14:54 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-02-22 14:54 - 2015-02-22 14:54 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-02-22 14:54 - 2015-02-22 14:54 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-02-22 14:54 - 2015-02-22 14:54 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-02-22 14:54 - 2015-02-22 14:54 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-02-22 14:54 - 2015-02-22 14:54 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-22 14:54 - 2015-02-22 14:54 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-02-22 14:54 - 2015-02-22 14:54 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-22 14:54 - 2015-02-22 14:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-02-22 14:54 - 2015-02-22 14:54 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-02-22 14:54 - 2015-02-22 14:54 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-02-22 14:54 - 2015-02-22 14:54 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-02-22 14:54 - 2015-02-22 14:54 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-02-22 14:53 - 2015-02-22 14:53 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-22 14:53 - 2015-02-22 14:53 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-22 14:53 - 2015-02-22 14:53 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-22 14:53 - 2015-02-22 14:53 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-22 14:53 - 2015-02-22 14:53 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-22 14:53 - 2015-02-22 14:53 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-22 14:53 - 2015-02-22 14:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-22 14:53 - 2015-02-22 14:53 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-22 14:53 - 2015-02-22 14:53 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-22 14:53 - 2015-02-22 14:53 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-22 14:53 - 2015-02-22 14:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-22 14:53 - 2015-02-22 14:53 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-02-22 14:53 - 2015-02-22 14:53 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-22 14:53 - 2015-02-22 14:53 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-02-22 14:53 - 2015-02-22 14:53 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-02-22 14:53 - 2015-02-22 14:53 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-02-22 14:53 - 2015-02-22 14:53 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-22 14:52 - 2015-02-22 14:52 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-22 14:52 - 2015-02-22 14:52 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-22 14:52 - 2015-02-22 14:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-02-22 14:52 - 2015-02-22 14:52 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-02-22 14:52 - 2015-02-22 14:52 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-02-22 14:52 - 2015-02-22 14:52 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-02-22 14:52 - 2015-02-22 14:52 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-02-22 14:52 - 2015-02-22 14:52 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-02-22 14:52 - 2015-02-22 14:52 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-22 14:51 - 2015-02-22 14:51 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-22 14:51 - 2015-02-22 14:51 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-22 14:51 - 2015-02-22 14:51 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-22 14:51 - 2015-02-22 14:51 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-22 14:51 - 2015-02-22 14:51 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2015-02-22 14:51 - 2015-02-22 14:51 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-22 14:51 - 2015-02-22 14:51 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-22 14:51 - 2015-02-22 14:51 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-22 14:51 - 2015-02-22 14:51 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-22 14:51 - 2015-02-22 14:51 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-22 14:51 - 2015-02-22 14:51 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-22 14:51 - 2015-02-22 14:51 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-22 14:49 - 2015-02-22 14:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer
2015-02-22 14:49 - 2015-02-22 14:49 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-02-22 14:49 - 2015-02-22 14:49 - 00000000 ____D () C:\Program Files\MSBuild
2015-02-22 14:49 - 2015-02-22 14:49 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-02-22 14:49 - 2015-02-22 14:49 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-02-22 14:49 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-02-22 14:49 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-02-22 14:49 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-02-22 14:49 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-02-22 13:35 - 2015-02-22 13:35 - 00000136 _____ () C:\WINDOWS\system32\netcfg-135814.txt
2015-02-22 13:35 - 2015-02-22 13:35 - 00000134 _____ () C:\WINDOWS\system32\netcfg-130604.txt
2015-02-22 13:35 - 2015-02-22 13:35 - 00000134 _____ () C:\WINDOWS\system32\netcfg-123786.txt
2015-02-22 13:34 - 2014-03-25 14:15 - 00060400 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2015-02-22 12:12 - 2015-02-22 12:12 - 00000131 _____ () C:\WINDOWS\system32\netcfg-1992846830.txt
2015-02-22 09:18 - 2015-02-22 09:18 - 00000132 _____ () C:\WINDOWS\system32\netcfg-1982392611.txt
2015-02-22 09:17 - 2015-02-22 09:17 - 00000139 _____ () C:\WINDOWS\system32\netcfg-1982334360.txt
2015-02-22 09:17 - 2015-02-22 09:17 - 00000139 _____ () C:\WINDOWS\system32\netcfg-1982324017.txt
2015-02-22 09:16 - 2015-02-22 09:16 - 00001078 _____ () C:\WINDOWS\system32\netcfg-1982279260.txt
2015-02-22 09:16 - 2015-02-22 09:16 - 00000139 _____ () C:\WINDOWS\system32\netcfg-1982318947.txt
2015-02-22 09:16 - 2015-02-22 09:16 - 00000139 _____ () C:\WINDOWS\system32\netcfg-1982268309.txt
2015-02-22 09:15 - 2015-02-22 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-02-22 09:15 - 2015-02-22 09:15 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-02-18 10:05 - 2015-02-18 10:05 - 00010878 _____ () C:\Users\HPPC\Documents\ftp_log_2015-02-17.gz
2015-02-17 22:58 - 2015-02-17 22:58 - 00014336 ___SH () C:\Users\HPPC\Thumbs.db
2015-02-17 18:21 - 2015-02-17 18:21 - 00044296 ____H (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys
2015-02-16 17:09 - 2015-02-22 15:14 - 00000000 ____D () C:\Users\HPPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Project My Screen App
2015-02-16 17:09 - 2015-02-16 17:09 - 00000000 ____D () C:\Program Files (x86)\ProjectMyScreenApp
2015-02-15 22:20 - 2015-02-23 23:12 - 00000000 ____D () C:\Users\HPPC\Desktop\Yuri
2015-02-15 13:13 - 2015-02-18 17:16 - 00000000 ____D () C:\Users\HPPC\Desktop\FinVal
2015-01-30 12:33 - 2015-02-02 00:56 - 00000000 ___HD () C:\Users\HPPC\Downloads\AshSerena
2015-01-30 10:23 - 2015-01-30 10:37 - 00000000 ____D () C:\ProgramData\IsuyiBzamf
2015-01-30 10:22 - 2015-01-30 10:22 - 00000117 _____ () C:\WINDOWS\system32\netcfg-82259.txt
2015-01-30 10:22 - 2015-01-30 10:22 - 00000117 _____ () C:\WINDOWS\system32\netcfg-79123.txt
2015-01-30 10:22 - 2015-01-30 10:22 - 00000117 _____ () C:\WINDOWS\system32\netcfg-76112.txt
2015-01-30 10:13 - 2015-01-30 10:13 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1463102021.txt
2015-01-30 10:13 - 2015-01-30 10:13 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1463101740.txt
2015-01-30 10:13 - 2015-01-30 10:13 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1463101537.txt
2015-01-30 10:13 - 2015-01-30 10:13 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1463096670.txt
2015-01-30 10:13 - 2015-01-30 10:13 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1463081350.txt
2015-01-30 10:13 - 2015-01-30 10:13 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1463079993.txt
2015-01-30 00:29 - 2015-01-30 00:29 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1428060265.txt
2015-01-30 00:29 - 2015-01-30 00:29 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1428060202.txt
2015-01-29 23:07 - 2015-01-29 10:34 - 00048784 _____ (StdLib) C:\WINDOWS\system32\Drivers\{f2944598-b89f-4e10-b544-5173761572df}Gw64.sys
2015-01-29 22:59 - 2015-01-29 23:00 - 00000000 ____D () C:\Users\HPPC\AppData\Local\Vosteran
2015-01-29 21:59 - 2015-01-29 21:59 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1419069007.txt
2015-01-29 21:59 - 2015-01-29 21:59 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1419056386.txt
2015-01-29 21:58 - 2015-01-29 21:58 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1419041270.txt
2015-01-29 21:58 - 2015-01-29 21:58 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1419039788.txt
2015-01-29 17:49 - 2015-01-29 17:49 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1404108012.txt
2015-01-29 17:49 - 2015-01-29 17:49 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1404107949.txt
2015-01-29 10:59 - 2015-01-29 10:59 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1379488839.txt
2015-01-29 10:59 - 2015-01-29 10:59 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1379488605.txt
2015-01-29 10:59 - 2015-01-29 10:59 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1379485001.txt
2015-01-29 10:59 - 2015-01-29 10:59 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1379483394.txt
2015-01-29 10:59 - 2015-01-29 10:59 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1379468278.txt
2015-01-29 10:59 - 2015-01-29 10:59 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1379467061.txt
2015-01-29 09:25 - 2015-01-29 09:25 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1373824333.txt
2015-01-29 09:25 - 2015-01-29 09:25 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1373824271.txt
2015-01-29 07:40 - 2015-01-29 07:40 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1367524342.txt
2015-01-29 07:40 - 2015-01-29 07:40 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1367524061.txt
2015-01-29 07:40 - 2015-01-29 07:40 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1367520052.txt
2015-01-29 07:40 - 2015-01-29 07:40 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1367518991.txt
2015-01-29 07:39 - 2015-01-29 07:39 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1367503937.txt
2015-01-29 07:39 - 2015-01-29 07:39 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1367502720.txt
2015-01-29 01:52 - 2015-01-29 01:52 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1346678771.txt
2015-01-29 01:52 - 2015-01-29 01:52 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1346678708.txt
2015-01-28 22:15 - 2015-01-28 22:15 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1333622985.txt
2015-01-28 22:15 - 2015-01-28 22:15 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1333622751.txt
2015-01-28 22:15 - 2015-01-28 22:15 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1333619506.txt
2015-01-28 22:14 - 2015-01-28 22:14 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1333617696.txt
2015-01-28 22:14 - 2015-01-28 22:14 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1333602455.txt
2015-01-28 22:14 - 2015-01-28 22:14 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1333600599.txt
2015-01-28 15:37 - 2015-01-28 15:37 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1309795127.txt
2015-01-28 15:37 - 2015-01-28 15:37 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1309795064.txt
2015-01-28 12:55 - 2015-01-28 12:56 - 00000000 ____D () C:\Users\HPPC\AppData\Roaming\redsn0w
2015-01-28 10:42 - 2015-01-28 10:44 - 00000000 ____D () C:\Users\HPPC\AppData\Roaming\Apple Computer
2015-01-28 10:42 - 2015-01-28 10:42 - 00000000 ____D () C:\Users\HPPC\AppData\Local\Apple Computer
2015-01-28 10:41 - 2015-02-22 19:12 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-28 10:41 - 2015-02-22 19:11 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-28 10:41 - 2015-01-28 10:41 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-01-28 10:41 - 2015-01-28 10:41 - 00000000 ____D () C:\Users\HPPC\AppData\Local\Apple
2015-01-28 10:41 - 2015-01-28 10:41 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-28 10:41 - 2015-01-28 10:41 - 00000000 ____D () C:\Program Files\Bonjour
2015-01-28 10:41 - 2015-01-28 10:41 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-01-28 10:41 - 2015-01-28 10:41 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-01-28 10:40 - 2015-01-28 10:41 - 00000000 ____D () C:\ProgramData\Apple
2015-01-28 09:10 - 2015-01-28 09:10 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1286525409.txt
2015-01-28 09:10 - 2015-01-28 09:10 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1286525160.txt
2015-01-28 09:10 - 2015-01-28 09:10 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1286522008.txt
2015-01-28 09:09 - 2015-01-28 09:09 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1286520090.txt
2015-01-28 09:09 - 2015-01-28 09:09 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1286504583.txt
2015-01-28 09:09 - 2015-01-28 09:09 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1286503413.txt
2015-01-28 01:27 - 2015-01-28 01:27 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1258746186.txt
2015-01-28 01:27 - 2015-01-28 01:27 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1258746140.txt
2015-01-28 00:46 - 2015-01-28 00:46 - 00000132 _____ () C:\WINDOWS\system32\netcfg-1256320059.txt
2015-01-28 00:46 - 2015-01-28 00:46 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1256323553.txt
2015-01-28 00:46 - 2015-01-28 00:46 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1256304677.txt
2015-01-28 00:45 - 2015-01-28 00:45 - 00000139 _____ () C:\WINDOWS\system32\netcfg-1256262058.txt
2015-01-28 00:45 - 2015-01-28 00:45 - 00000139 _____ () C:\WINDOWS\system32\netcfg-1256251824.txt
2015-01-28 00:45 - 2015-01-28 00:45 - 00000139 _____ () C:\WINDOWS\system32\netcfg-1256246754.txt
2015-01-28 00:45 - 2015-01-28 00:45 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1256235709.txt
2015-01-28 00:44 - 2015-01-28 00:44 - 00001078 _____ () C:\WINDOWS\system32\netcfg-1256207863.txt
2015-01-28 00:44 - 2015-01-28 00:44 - 00000139 _____ () C:\WINDOWS\system32\netcfg-1256196865.txt
2015-01-28 00:44 - 2015-01-28 00:44 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1256208097.txt
2015-01-28 00:44 - 2015-01-28 00:44 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1256200484.txt
2015-01-28 00:44 - 2015-01-28 00:44 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1256200437.txt
2015-01-27 21:57 - 2015-01-27 21:57 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1246173083.txt
2015-01-27 21:57 - 2015-01-27 21:57 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1246172865.txt
2015-01-27 21:57 - 2015-01-27 21:57 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1246169526.txt
2015-01-27 21:57 - 2015-01-27 21:57 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1246167763.txt
2015-01-27 21:57 - 2015-01-27 21:57 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1246152553.txt
2015-01-27 21:57 - 2015-01-27 21:57 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1246151180.txt
2015-01-27 17:50 - 2015-01-27 17:50 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1231372613.txt
2015-01-27 17:50 - 2015-01-27 17:50 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1231372566.txt
2015-01-27 09:55 - 2015-01-27 09:55 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1202881511.txt
2015-01-27 09:55 - 2015-01-27 09:55 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1202880481.txt
2015-01-27 09:55 - 2015-01-27 09:55 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1202879015.txt
2015-01-27 09:55 - 2015-01-27 09:55 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1202875396.txt
2015-01-27 09:55 - 2015-01-27 09:55 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1202860201.txt
2015-01-27 09:55 - 2015-01-27 09:55 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1202858984.txt
2015-01-27 02:39 - 2015-01-27 02:39 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1176709847.txt
2015-01-27 02:39 - 2015-01-27 02:39 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1176709800.txt
2015-01-26 15:38 - 2015-01-26 15:38 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1137059510.txt
2015-01-26 15:38 - 2015-01-26 15:38 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1137048075.txt
2015-01-26 15:38 - 2015-01-26 15:38 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1137032787.txt
2015-01-26 15:38 - 2015-01-26 15:38 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1137031601.txt
2015-01-26 09:51 - 2015-01-26 09:51 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1116221551.txt
2015-01-26 09:51 - 2015-01-26 09:51 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1116221505.txt
2015-01-26 08:37 - 2015-01-26 08:37 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1111752341.txt
2015-01-26 08:36 - 2015-01-26 08:36 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1111752123.txt
2015-01-26 08:36 - 2015-01-26 08:36 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1111748519.txt
2015-01-26 08:36 - 2015-01-26 08:36 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1111747037.txt
2015-01-26 08:36 - 2015-01-26 08:36 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1111731515.txt
2015-01-26 08:36 - 2015-01-26 08:36 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1111730407.txt
2015-01-26 01:55 - 2015-01-26 01:55 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1087688594.txt
2015-01-26 01:55 - 2015-01-26 01:55 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1087688547.txt
2015-01-25 10:39 - 2015-01-25 10:39 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1032700020.txt
2015-01-25 10:39 - 2015-01-25 10:39 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1032694544.txt
2015-01-25 10:39 - 2015-01-25 10:39 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1032679334.txt
2015-01-25 10:39 - 2015-01-25 10:39 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1032678071.txt
2015-01-25 02:31 - 2015-01-25 02:31 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1003451829.txt
2015-01-25 02:31 - 2015-01-25 02:31 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1003451783.txt
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-24 16:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-24 15:55 - 2014-08-25 20:37 - 00000000 ____D () C:\Users\HPPC\AppData\Local\LogMeIn Hamachi
2015-02-24 12:19 - 2014-11-21 04:35 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-24 12:19 - 2014-11-21 03:45 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-24 12:19 - 2014-11-21 03:45 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-24 12:15 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-24 12:14 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-24 12:13 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-24 12:13 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-24 12:13 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2015-02-24 12:13 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2015-02-24 12:13 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-24 12:13 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-02-24 12:12 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-24 12:04 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-24 01:57 - 2014-08-14 19:40 - 00000000 ____D () C:\Users\HPPC\AppData\Roaming\Skype
2015-02-24 00:07 - 2014-08-26 13:14 - 32202240 ___SH () C:\Users\HPPC\Desktop\Thumbs.db
2015-02-23 23:30 - 2014-08-17 14:42 - 00000000 ____D () C:\Users\HPPC\AppData\Roaming\vlc
2015-02-23 11:09 - 2014-08-09 14:11 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3776727103-4227896957-2343858286-1001
2015-02-23 10:57 - 2014-08-16 21:15 - 00000000 ____D () C:\Users\HPPC\AppData\Local\CrashDumps
2015-02-22 23:11 - 2014-08-14 20:21 - 00000000 ___RD () C:\Users\HPPC\Desktop\Programme
2015-02-22 20:59 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-22 20:54 - 2014-08-07 21:58 - 00000000 ____D () C:\Users\HPPC\AppData\Local\Packages
2015-02-22 20:08 - 2014-08-13 19:07 - 00000045 _____ () C:\WINDOWS\SysWOW64\initdebug.nfo
2015-02-22 19:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2015-02-22 15:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration
2015-02-22 15:28 - 2014-08-07 21:58 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2015-02-22 15:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-22 15:25 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT
2015-02-22 15:25 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default
2015-02-22 15:23 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-02-22 15:23 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-02-22 15:22 - 2014-08-09 14:17 - 00000000 ____D () C:\ProgramData\SoundResearch
2015-02-22 15:16 - 2013-08-22 15:44 - 04940552 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-22 15:14 - 2015-01-05 23:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gg Ragnarok Online
2015-02-22 15:14 - 2014-12-06 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-02-22 15:14 - 2014-12-03 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4
2015-02-22 15:14 - 2014-11-27 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent
2015-02-22 15:14 - 2014-11-14 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2015-02-22 15:14 - 2014-10-06 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote
2015-02-22 15:14 - 2014-09-16 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-02-22 15:14 - 2014-09-03 10:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2015-02-22 15:14 - 2014-09-03 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-02-22 15:14 - 2014-09-02 10:05 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-02-22 15:14 - 2014-08-27 08:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dear Esther
2015-02-22 15:14 - 2014-08-27 08:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-02-22 15:14 - 2014-08-27 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2015-02-22 15:14 - 2014-08-19 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
2015-02-22 15:14 - 2014-08-17 13:17 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-02-22 15:14 - 2014-08-17 08:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG Maker XP
2015-02-22 15:14 - 2014-08-17 08:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG Maker 2003
2015-02-22 15:14 - 2014-08-16 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-22 15:14 - 2014-08-16 21:05 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2015-02-22 15:14 - 2014-08-16 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2015-02-22 15:14 - 2014-08-16 11:51 - 00000000 ____D () C:\Users\HPPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-22 15:14 - 2014-08-15 17:21 - 00000000 ____D () C:\Users\HPPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2015-02-22 15:14 - 2014-08-15 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-02-22 15:14 - 2014-08-15 15:25 - 00000000 ____D () C:\Users\HPPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-22 15:14 - 2014-08-15 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-02-22 15:14 - 2014-08-14 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-22 15:14 - 2014-08-14 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-02-22 15:14 - 2014-08-14 19:33 - 00000000 ____D () C:\Users\HPPC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cyberfox
2015-02-22 15:14 - 2014-08-13 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-02-22 15:13 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2015-02-22 15:13 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2015-02-22 15:13 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\system32\WCN
2015-02-22 15:13 - 2014-08-25 00:18 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin
2015-02-22 15:13 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2015-02-22 15:13 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-02-22 15:13 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME
2015-02-22 15:13 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-02-22 15:13 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\spool
2015-02-22 15:13 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI
2015-02-22 15:13 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated
2015-02-22 15:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-22 15:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2015-02-22 15:12 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\IME
2015-02-22 15:11 - 2014-11-26 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gravity
2015-02-22 15:11 - 2014-10-06 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
2015-02-22 15:11 - 2014-08-17 01:38 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2015-02-22 15:11 - 2014-08-15 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KONAMI
2015-02-22 15:11 - 2014-08-15 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2015-02-22 15:11 - 2014-08-07 21:58 - 00000000 ____D () C:\ProgramData\PRICache
2015-02-22 15:11 - 2013-08-22 16:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2015-02-22 15:11 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2015-02-22 15:11 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2015-02-22 15:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME
2015-02-22 15:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help
2015-02-22 15:11 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-22 15:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-02-22 15:09 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2015-02-22 15:04 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-02-22 14:57 - 2013-08-22 16:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-02-22 14:57 - 2012-08-01 18:05 - 00000000 __SHD () C:\Recovery
2015-02-22 14:54 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-02-22 14:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-02-21 14:17 - 2014-08-20 11:40 - 00000000 ____D () C:\Users\HPPC\AppData\Roaming\FileZilla
2015-02-19 15:25 - 2014-09-26 14:44 - 00001456 _____ () C:\Users\HPPC\AppData\Local\Adobe Für Web speichern 11.0 Prefs
2015-02-18 17:13 - 2014-08-16 11:52 - 00000000 ___RD () C:\Users\HPPC\Dropbox
2015-02-18 17:13 - 2014-08-16 11:49 - 00000000 ____D () C:\Users\HPPC\AppData\Roaming\Dropbox
2015-02-17 15:36 - 2014-08-16 11:25 - 00000000 ___RD () C:\Users\HPPC\Desktop\Sonstiges
2015-02-15 00:31 - 2014-08-14 19:33 - 00000977 _____ () C:\Users\Public\Desktop\Cyberfox.lnk
2015-02-14 10:14 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2015-02-12 00:17 - 2014-08-15 15:23 - 00000000 ___RD () C:\Users\HPPC\Desktop\Emulation
2015-02-11 15:54 - 2014-11-26 11:01 - 00000000 ___RD () C:\Users\HPPC\Desktop\Bilder
2015-02-08 13:04 - 2014-08-15 17:19 - 00000000 ____D () C:\Users\HPPC\AppData\Local\JDownloader v2.0
2015-02-08 13:03 - 2015-01-12 11:43 - 00000000 ____D () C:\Users\HPPC\Downloads\3DS
2015-02-05 12:32 - 2014-12-03 13:32 - 00000000 ___HD () C:\Users\HPPC\Downloads\NaruHina
2015-02-03 20:31 - 2014-11-21 12:01 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-11-21 12:01 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 10:22 - 2012-07-26 06:26 - 00000194 _____ () C:\WINDOWS\win.ini
==================== Files in the root of some directories =======
2014-08-18 01:24 - 2014-08-19 11:20 - 0000132 _____ () C:\Users\HPPC\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-09-26 14:44 - 2015-02-19 15:25 - 0001456 _____ () C:\Users\HPPC\AppData\Local\Adobe Für Web speichern 11.0 Prefs
2014-08-27 14:56 - 2014-09-11 13:07 - 0005120 _____ () C:\Users\HPPC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some content of TEMP:
====================
C:\Users\HPPC\AppData\Local\Temp\sfamcc00001.dll
C:\Users\HPPC\AppData\Local\Temp\sfareca00001.dll
C:\Users\HPPC\AppData\Local\Temp\sfextra.dll
C:\Users\HPPC\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-22 14:59
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2015
Ran by HPPC at 2015-02-24 16:21:35
Running from C:\Users\HPPC\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Panda Free Antivirus (Disabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Disabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Amnesia - The Dark Descent (HKLM-x32\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.0.0 - Frictional Games)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 8 (HKLM-x32\...\{3F3A5785-81E3-4065-B643-B4933790AE1E}) (Version: 8.1.1.1313 - TechSmith Corporation)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP)
Crazy Taxi (HKLM-x32\...\Steam App 71230) (Version: - SEGA)
Cyberfox Web Browser (HKLM\...\{5EFB52C0-4EC9-46B4-80EB-8432C6599641}_is1) (Version: 31.0.1.0 - 8pecxstudios)
Dear Esther Version 1.0 (HKLM-x32\...\Dear Esther_is1) (Version: 1.0 - TheChineseRoom)
Dropbox (HKU\S-1-5-21-3776727103-4227896957-2343858286-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
FINAL FANTASY XIII-2 (HKLM-x32\...\Steam App 292140) (Version: - SQUARE ENIX)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.8.49.213 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Ragnarok Online Version 1.0.1 (HKLM-x32\...\{0E66E992-D520-4053-8AB0-D0FE32CBCDFD}_is1) (Version: 1.0.1 - Ragnarok Online)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.319 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.319 - LogMeIn, Inc.) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
NiGHTS into Dreams... (HKLM-x32\...\Steam App 219950) (Version: - SEGA)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.03 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.01.0000 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
PHANTASY STAR UNIVERSE (HKLM-x32\...\PHANTASY STAR UNIVERSE_is1) (Version: - SEGA SONIC TEAM)
PhotoFiltre 7 (HKU\S-1-5-21-3776727103-4227896957-2343858286-1001\...\PhotoFiltre 7) (Version: - )
Project My Screen App (HKLM-x32\...\{DF901456-7160-49DB-977B-0E91858CA2CB}) (Version: 8.0.12349 - Microsoft Corporation)
Ragnarök Online (HKLM-x32\...\{55725CAB-ED4D-4169-A22E-20249EFCF2B5}) (Version: 14.1 - Gravity)
Resident Evil 6 / Biohazard 6 (HKLM-x32\...\Steam App 221040) (Version: - Capcom)
RGSS-RTP Standard (HKLM-x32\...\{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}) (Version: 1.0.0 - Enterbrain)
RPG Maker 2003 v1.08 (HKLM-x32\...\RPG Maker 2003_is1) (Version: - Enterbrain, Inc.)
RPG Maker XP (HKLM-x32\...\RPGXP_E_is1) (Version: 1.05 - Enterbrain)
SILENT HILL 3 (HKLM-x32\...\InstallShield_{14D10AAC-9737-454E-A247-8075C26C30E1}) (Version: 1.00.0000 - Konami Computer Entertainment Tokyo, Inc.)
SILENT HILL 3 (x32 Version: 1.00.0000 - Konami Computer Entertainment Tokyo, Inc.) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version: - Sumo Digital)
Sonic Adventure DX (HKLM-x32\...\Steam App 71250) (Version: - SEGA)
Sonic Generations (HKLM-x32\...\Steam App 71340) (Version: - Devil's Details)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.0.4 - Splashtop Inc.)
Spotify (HKU\S-1-5-21-3776727103-4227896957-2343858286-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Last Remnant (HKLM-x32\...\Steam App 23310) (Version: - SQUARE ENIX)
The Sims 4 Version 1.0 u1 (HKLM-x32\...\{27B947C0-320C-4997-9681-1E7010A15896}_is1) (Version: 1.0 u1 - EA Games)
Thief (HKLM-x32\...\Steam App 239160) (Version: - Eidos-Montréal)
Unity Web Player (HKU\S-1-5-21-3776727103-4227896957-2343858286-1001\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3776727103-4227896957-2343858286-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\HPPC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3776727103-4227896957-2343858286-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\HPPC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3776727103-4227896957-2343858286-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HPPC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3776727103-4227896957-2343858286-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HPPC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3776727103-4227896957-2343858286-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HPPC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3776727103-4227896957-2343858286-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HPPC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3776727103-4227896957-2343858286-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HPPC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3776727103-4227896957-2343858286-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HPPC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3776727103-4227896957-2343858286-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HPPC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3776727103-4227896957-2343858286-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HPPC\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
22-02-2015 19:10:23 Removed iTunes
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {242456D4-526B-4A93-8BC6-589121653F72} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2014-11-21] (Microsoft Corporation)
Task: {26307C61-2BD7-45FB-9910-F4A494F26755} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {CC1EEC99-9267-4177-A0A7-948D20C0F1DD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-29] (Microsoft Corporation)
==================== Loaded Modules (whitelisted) ==============
2014-07-04 21:33 - 2014-07-04 21:33 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-08-14 19:33 - 2014-07-29 12:35 - 04652712 _____ () C:\Program Files\Cyberfox\mozjs.dll
2015-02-22 20:53 - 2015-02-22 20:54 - 13208576 _____ () C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_1.0.2.8_x86__h6adky7gbf63m\W8.1EntryPoint.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2015-02-22 20:53 - 2015-02-22 20:54 - 00041472 _____ () C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_1.0.2.8_x86__h6adky7gbf63m\IGPLib_Windows_8.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\HPPC\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3776727103-4227896957-2343858286-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\HPPC\AppData\Roaming\8pecxstudios\Cyberfox\Desktop Background.bmp
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
==================== Accounts: =============================
Administrator (S-1-5-21-3776727103-4227896957-2343858286-500 - Administrator - Disabled)
Gast (S-1-5-21-3776727103-4227896957-2343858286-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3776727103-4227896957-2343858286-1006 - Limited - Enabled)
HPPC (S-1-5-21-3776727103-4227896957-2343858286-1001 - Administrator - Enabled) => C:\Users\HPPC
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/24/2015 00:43:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSUAMain.exe, Version: 4.0.0.644, Zeitstempel: 0x53d152c9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x02a04b26
ID des fehlerhaften Prozesses: 0x34c
Startzeit der fehlerhaften Anwendung: 0xPSUAMain.exe0
Pfad der fehlerhaften Anwendung: PSUAMain.exe1
Pfad des fehlerhaften Moduls: PSUAMain.exe2
Berichtskennung: PSUAMain.exe3
Vollständiger Name des fehlerhaften Pakets: PSUAMain.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PSUAMain.exe5
Error: (02/24/2015 00:16:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: regsvr32.exe, Version: 6.3.9600.17415, Zeitstempel: 0x54505249
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0e17a
Ausnahmecode: 0xc0000409
Fehleroffset: 0x0000000000081d68
ID des fehlerhaften Prozesses: 0x10fc
Startzeit der fehlerhaften Anwendung: 0xregsvr32.exe0
Pfad der fehlerhaften Anwendung: regsvr32.exe1
Pfad des fehlerhaften Moduls: regsvr32.exe2
Berichtskennung: regsvr32.exe3
Vollständiger Name des fehlerhaften Pakets: regsvr32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: regsvr32.exe5
Error: (02/24/2015 00:16:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RuntimeBroker.exe, Version: 6.3.9600.17415, Zeitstempel: 0x54504125
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0e17a
Ausnahmecode: 0xc0000409
Fehleroffset: 0x0000000000081d68
ID des fehlerhaften Prozesses: 0x13a8
Startzeit der fehlerhaften Anwendung: 0xRuntimeBroker.exe0
Pfad der fehlerhaften Anwendung: RuntimeBroker.exe1
Pfad des fehlerhaften Moduls: RuntimeBroker.exe2
Berichtskennung: RuntimeBroker.exe3
Vollständiger Name des fehlerhaften Pakets: RuntimeBroker.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RuntimeBroker.exe5
Error: (02/24/2015 00:16:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: skydrive.exe, Version: 6.3.9600.17416, Zeitstempel: 0x5452fd72
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0e17a
Ausnahmecode: 0xc0000409
Fehleroffset: 0x0000000000081d68
ID des fehlerhaften Prozesses: 0x10cc
Startzeit der fehlerhaften Anwendung: 0xskydrive.exe0
Pfad der fehlerhaften Anwendung: skydrive.exe1
Pfad des fehlerhaften Moduls: skydrive.exe2
Berichtskennung: skydrive.exe3
Vollständiger Name des fehlerhaften Pakets: skydrive.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: skydrive.exe5
Error: (02/24/2015 00:16:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.3.9600.17415, Zeitstempel: 0x54503a3a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0e17a
Ausnahmecode: 0xc0000409
Fehleroffset: 0x0000000000081d68
ID des fehlerhaften Prozesses: 0x580
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5
Error: (02/24/2015 00:16:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: taskhostex.exe, Version: 6.3.9600.17415, Zeitstempel: 0x545040e8
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0e17a
Ausnahmecode: 0xc0000409
Fehleroffset: 0x0000000000081d68
ID des fehlerhaften Prozesses: 0xec8
Startzeit der fehlerhaften Anwendung: 0xtaskhostex.exe0
Pfad der fehlerhaften Anwendung: taskhostex.exe1
Pfad des fehlerhaften Moduls: taskhostex.exe2
Berichtskennung: taskhostex.exe3
Vollständiger Name des fehlerhaften Pakets: taskhostex.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: taskhostex.exe5
Error: (02/24/2015 11:45:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SystemSettings.exe, Version: 6.3.9600.17489, Zeitstempel: 0x5465bbd5
Name des fehlerhaften Moduls: Windows.UI.Xaml.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54504b1a
Ausnahmecode: 0xc000027b
Fehleroffset: 0x00000000006d663b
ID des fehlerhaften Prozesses: 0x1060
Startzeit der fehlerhaften Anwendung: 0xSystemSettings.exe0
Pfad der fehlerhaften Anwendung: SystemSettings.exe1
Pfad des fehlerhaften Moduls: SystemSettings.exe2
Berichtskennung: SystemSettings.exe3
Vollständiger Name des fehlerhaften Pakets: SystemSettings.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SystemSettings.exe5
Error: (02/24/2015 11:19:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: regsvr32.exe, Version: 6.3.9600.17415, Zeitstempel: 0x54505249
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0e17a
Ausnahmecode: 0xc0000409
Fehleroffset: 0x0000000000081d68
ID des fehlerhaften Prozesses: 0x7d4
Startzeit der fehlerhaften Anwendung: 0xregsvr32.exe0
Pfad der fehlerhaften Anwendung: regsvr32.exe1
Pfad des fehlerhaften Moduls: regsvr32.exe2
Berichtskennung: regsvr32.exe3
Vollständiger Name des fehlerhaften Pakets: regsvr32.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: regsvr32.exe5
Error: (02/24/2015 11:19:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RuntimeBroker.exe, Version: 6.3.9600.17415, Zeitstempel: 0x54504125
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0e17a
Ausnahmecode: 0xc0000409
Fehleroffset: 0x0000000000081d68
ID des fehlerhaften Prozesses: 0x1024
Startzeit der fehlerhaften Anwendung: 0xRuntimeBroker.exe0
Pfad der fehlerhaften Anwendung: RuntimeBroker.exe1
Pfad des fehlerhaften Moduls: RuntimeBroker.exe2
Berichtskennung: RuntimeBroker.exe3
Vollständiger Name des fehlerhaften Pakets: RuntimeBroker.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: RuntimeBroker.exe5
Error: (02/24/2015 11:19:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SettingSyncHost.exe, Version: 6.3.9600.17415, Zeitstempel: 0x54503b4a
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0e17a
Ausnahmecode: 0xc0000409
Fehleroffset: 0x0000000000081d68
ID des fehlerhaften Prozesses: 0xde4
Startzeit der fehlerhaften Anwendung: 0xSettingSyncHost.exe0
Pfad der fehlerhaften Anwendung: SettingSyncHost.exe1
Pfad des fehlerhaften Moduls: SettingSyncHost.exe2
Berichtskennung: SettingSyncHost.exe3
Vollständiger Name des fehlerhaften Pakets: SettingSyncHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SettingSyncHost.exe5
System errors:
=============
Error: (02/24/2015 00:58:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Splashtop Software Updater Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/24/2015 00:17:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/24/2015 00:15:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Network Activity Hook Server LightWeight Filter Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error: (02/24/2015 00:15:46 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (02/24/2015 00:12:43 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (02/24/2015 00:02:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Foxit Cloud Safe Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/24/2015 00:02:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/23/2015 11:29:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/23/2015 11:29:04 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit dem folgenden dienstspezifischen Fehler beendet:
%%2147749126
Error: (02/23/2015 11:28:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Network Activity Hook Server LightWeight Filter Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Microsoft Office Sessions:
=========================
Error: (02/24/2015 00:43:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSUAMain.exe4.0.0.64453d152c9unknown0.0.0.000000000c000000502a04b2634c01d05027021b075cC:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exeunknown58fdc26a-bc1a-11e4-be92-78e3b5b56ba1
Error: (02/24/2015 00:16:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: regsvr32.exe6.3.9600.1741554505249ntdll.dll6.3.9600.1763054b0e17ac00004090000000000081d6810fc01d0502357eee0d5C:\Windows\System32\regsvr32.exeC:\WINDOWS\SYSTEM32\ntdll.dlla0ba9d43-bc16-11e4-be92-78e3b5b56ba1
Error: (02/24/2015 00:16:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RuntimeBroker.exe6.3.9600.1741554504125ntdll.dll6.3.9600.1763054b0e17ac00004090000000000081d6813a801d0502355a6b4bdC:\Windows\System32\RuntimeBroker.exeC:\WINDOWS\SYSTEM32\ntdll.dlla04367a1-bc16-11e4-be92-78e3b5b56ba1
Error: (02/24/2015 00:16:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: skydrive.exe6.3.9600.174165452fd72ntdll.dll6.3.9600.1763054b0e17ac00004090000000000081d6810cc01d0502353bde283C:\Windows\System32\skydrive.exeC:\WINDOWS\SYSTEM32\ntdll.dll9ec10f57-bc16-11e4-be92-78e3b5b56ba1
Error: (02/24/2015 00:16:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1741554503a3antdll.dll6.3.9600.1763054b0e17ac00004090000000000081d6858001d050234d919685C:\WINDOWS\Explorer.EXEC:\WINDOWS\SYSTEM32\ntdll.dll99f9bdfd-bc16-11e4-be92-78e3b5b56ba1
Error: (02/24/2015 00:16:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: taskhostex.exe6.3.9600.17415545040e8ntdll.dll6.3.9600.1763054b0e17ac00004090000000000081d68ec801d050234d2d739aC:\WINDOWS\system32\taskhostex.exeC:\WINDOWS\SYSTEM32\ntdll.dll99743299-bc16-11e4-be92-78e3b5b56ba1
Error: (02/24/2015 11:45:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SystemSettings.exe6.3.9600.174895465bbd5Windows.UI.Xaml.dll6.3.9600.1741554504b1ac000027b00000000006d663b106001d0501f01a6ad45C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exeC:\Windows\System32\Windows.UI.Xaml.dll4d8f947e-bc12-11e4-be91-78e3b5b56ba1windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel
Error: (02/24/2015 11:19:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: regsvr32.exe6.3.9600.1741554505249ntdll.dll6.3.9600.1763054b0e17ac00004090000000000081d687d401d0501b5336ccdeC:\Windows\System32\regsvr32.exeC:\WINDOWS\SYSTEM32\ntdll.dll9d80845d-bc0e-11e4-be91-78e3b5b56ba1
Error: (02/24/2015 11:19:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: RuntimeBroker.exe6.3.9600.1741554504125ntdll.dll6.3.9600.1763054b0e17ac00004090000000000081d68102401d0501b4dac1d53C:\Windows\System32\RuntimeBroker.exeC:\WINDOWS\SYSTEM32\ntdll.dll9d54e1c5-bc0e-11e4-be91-78e3b5b56ba1
Error: (02/24/2015 11:19:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SettingSyncHost.exe6.3.9600.1741554503b4antdll.dll6.3.9600.1763054b0e17ac00004090000000000081d68de401d0501b4c7eea75C:\Windows\System32\SettingSyncHost.exeC:\WINDOWS\SYSTEM32\ntdll.dll9bfd89b7-bc0e-11e4-be91-78e3b5b56ba1
==================== Memory info ===========================
Processor: AMD A10-5700 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 34%
Total physical RAM: 6039.32 MB
Available physical RAM: 3958.75 MB
Total Pagefile: 6999.32 MB
Available Pagefile: 4576.21 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:452.14 GB) (Free:333.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:10.92 GB) (Free:0.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Spiele+Programme) (Fixed) (Total:454.22 GB) (Free:43.8 GB) NTFS
Drive j: (Sonstiges) (Fixed) (Total:244.41 GB) (Free:235.56 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 52E55227)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 00000001)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=454.2 GB) - (Type=42)
Partition 3: (Not Active) - (Size=244.4 GB) - (Type=42)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-24 16:31:15
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000026 ST500DM002-1BD142 rev.HP73 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\HPPC\AppData\Local\Temp\fxldipow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\IDT\WDM\Beats64.exe[5108] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ff9e4d74ab0 12 bytes {JMP QWORD [RIP+0x0]}
.text C:\Program Files\IDT\WDM\Beats64.exe[5108] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ff9e4d77b30 12 bytes {JMP QWORD [RIP+0x0]}
.text C:\Program Files\IDT\WDM\Beats64.exe[5108] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessAsUserW 00007ff9e2832eb0 12 bytes {JMP QWORD [RIP+0x0]}
.text C:\Program Files\IDT\WDM\Beats64.exe[5108] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessAsUserA 00007ff9e283a210 11 bytes {JMP QWORD [RIP+0x0]}
.text C:\Program Files\IDT\WDM\Beats64.exe[5108] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessAsUserA + 12 00007ff9e283a21c 2 bytes [00, 00]
.text C:\Program Files\IDT\WDM\Beats64.exe[5108] C:\WINDOWS\system32\CRYPT32.dll!PFXImportCertStore 00007ff9e21c2e40 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Program Files\IDT\WDM\sttray64.exe[4180] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ff9e4d74ab0 8 bytes {JMP QWORD [RIP+0x0]}
.text C:\Program Files\IDT\WDM\sttray64.exe[4180] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA + 9 00007ff9e4d74ab9 3 bytes [02, 00, 00]
.text C:\Program Files\IDT\WDM\sttray64.exe[4180] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ff9e4d77b30 8 bytes {JMP QWORD [RIP+0x0]}
.text C:\Program Files\IDT\WDM\sttray64.exe[4180] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW + 9 00007ff9e4d77b39 3 bytes [02, 00, 00]
.text C:\Program Files\IDT\WDM\sttray64.exe[4180] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessAsUserW 00007ff9e2832eb0 8 bytes {JMP QWORD [RIP+0x0]}
.text C:\Program Files\IDT\WDM\sttray64.exe[4180] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessAsUserW + 9 00007ff9e2832eb9 3 bytes [02, 00, 00]
.text C:\Program Files\IDT\WDM\sttray64.exe[4180] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessAsUserA 00007ff9e283a210 11 bytes {JMP QWORD [RIP+0x0]}
.text C:\Program Files\IDT\WDM\sttray64.exe[4180] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessAsUserA + 12 00007ff9e283a21c 2 bytes [00, 00]
.text C:\Program Files\IDT\WDM\sttray64.exe[4180] C:\WINDOWS\system32\CRYPT32.dll!PFXImportCertStore 00007ff9e21c2e40 14 bytes {JMP QWORD [RIP+0x0]}
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [560:584] fffff9600097b2d0
Thread C:\Windows\System32\SettingSyncHost.exe [4384:3984] 00007ff9db86c3f0
---- Processes - GMER 2.1 ----
Process C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_1.0.2.8_x86__h6adky7gbf63m\W8.1EntryPoint.exe (*** suspicious ***) @ C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_1.0.2.8_x86__h6adky7gbf63m\W8.1EntryPoint.exe [9460](2015-02-22 19:53:29) 0000000000060000
Library C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_1.0.2.8_x86__h6adky7gbf63m\IGPLib_Windows_8.dll (*** suspicious ***) @ C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_1.0.2.8_x86__h6adky7gbf63m\W8.1EntryPoint.exe [9460](2015-02-22 19:53:28) 00000000747f0000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Panda Antivirus und HijackThis logs habe ich auch noch, und kann diese bei bedarf gerne posten. |
| Themen zu Windows 8.1: Probleme nach Update |
| defender, explorer, fehlercode 0xc0000005, fehlercode 0xc000027b, fehlercode 0xc0000409, fehlercode windows, flash player, hijackthis, iph.trojan.vawtrak, lightning, neustart, prozesse, pup.optional.sanbreel.a, registry, security, services.exe, software, svchost.exe, trj/genetic.gen, windowsapps |
Baum-Darstellung