| |
| |||||||
Alles rund um Windows: Windows 7 64 mit häufigen BluescreensWindows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 / Windows 11- als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows. |
 |
13.03.2015, 15:03
| #1 |
 |  Problem: Windows 7 64 mit häufigen Bluescreens Hallo Community, Immer wieder passiert es, dass Windows 7 sich mit einem Bluescreen verabschiedet. Dabei gibt es ein unangenehmes Geräusch aus den Lautsprecherboxen. Der Bluescreen ist auch meist nur kurz zu sehen, so schnell wieder weg, als das ich was raus lesen könnte. Die MEMORY.DMP Datei, die angeblich Details zum Absturz bereit hält, ist bereits 227 MB groß.Lesen kann man sie nicht. Ich jedenfalls nicht. Kurz von dem Absturz, hatte ich HOMM IV gespielt. Es ist aber auch schon bei anderen Dingen passiert. Hier gibt es folgende Meldung Code:
ATTFilter Name der fehlerhaften Anwendung: heroes4g.exe, Version: 2.2.0.1, Zeitstempel: 0x3da4bee4
Name des fehlerhaften Moduls: heroes4g.exe, Version: 2.2.0.1, Zeitstempel: 0x3da4bee4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012ee4
ID des fehlerhaften Prozesses: 0xd78
Startzeit der fehlerhaften Anwendung: 0x01d05d8c2f3cdb26
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\3DO\Heroes of Might and Magic IV\heroes4g.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\3DO\Heroes of Might and Magic IV\heroes4g.exe
Berichtskennung: 99fda89b-c980-11e4-9e16-001966aa7536
Code:
ATTFilter Das System wurde zuvor am 13.03.2015 um 14:35:51 unerwartet heruntergefahren.
Code:
ATTFilter Der Computer wurde nach einem schwerwiegenden Fehler neu gestartet. Der Fehlercode war: 0x00000124 (0x0000000000000000, 0xfffffa8002ba9038, 0x00000000b63a2000, 0x0000000000000135). Ein volles Abbild wurde gespeichert in: C:\Windows\MEMORY.DMP. Berichts-ID: 031315-23453-01.
Code:
ATTFilter Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Code:
ATTFilter Fehler beim Laden des Treibers \Driver\WUDFRd für das Gerät USB\VID_22B8&PID_2E82\ZX1D22SPMV.
Code:
ATTFilter Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
|
|
15.03.2015, 00:48
| #2 |
| > MalwareDB   | Windows 7 64 mit häufigen Bluescreens Anleitung / Hilfe Die Treiber, besonders die Grafiktreiber, sind alle aktuell? Hast Du Usb Speicher am Rechner angeschlossen?
__________________Wenn möglich, poste doch mal einen Screenshot.
__________________ |
|
15.03.2015, 14:43
| #3 |
| | Windows 7 64 mit häufigen Bluescreens Details Hallo BetaAlexander,
__________________ich versuche so gut wie möglich zu helfen. Code:
ATTFilter Betriebssystemname Microsoft Windows 7 Professional
Version 6.1.7601 Service Pack 1 Build 7601
Zusätzliche Betriebssystembeschreibung Nicht verfügbar
Betriebssystemhersteller Microsoft Corporation
Systemname DANTE_HASTA_PC
Systemhersteller To Be Filled By O.E.M.
Systemmodell To Be Filled By O.E.M.
Systemtyp x64-basierter PC
Prozessor AMD Athlon(tm) 64 X2 Dual Core Processor 5600+, 2793 MHz, 2 Kern(e), 2 logische(r) Prozessor(en)
BIOS-Version/-Datum American Megatrends Inc. P2.00, 12.10.2009
SMBIOS-Version 2.5
Windows-Verzeichnis C:\Windows
Systemverzeichnis C:\Windows\system32
Startgerät \Device\HarddiskVolume1
Gebietsschema Deutschland
Hardwareabstraktionsebene Version = "6.1.7601.17514"
Benutzername dante_hasta_pc\mathiaswolfgang
Zeitzone Mitteleuropäische Zeit
Installierter physikalischer Speicher (RAM) 2,00 GB
Gesamter realer Speicher 2,00 GB
Verfügbarer realer Speicher 800 MB
Gesamter virtueller Speicher 4,00 GB
Verfügbarer virtueller Speicher 1,94 GB
Größe der Auslagerungsdatei 2,00 GB
Auslagerungsdatei C:\pagefile.sys
Code:
ATTFilter Konflikte/gemeinsame Butzung
E/A-Port 0x00000000-0x00000CF7 PCI-Bus
E/A-Port 0x00000000-0x00000CF7 DMA-Controller
E/A-Port 0x000003C0-0x000003DF NVIDIA GeForce 9500 GT
E/A-Port 0x000003C0-0x000003DF PCI Standard-PCI-zu-PCI-Brücke
IRQ 20 Standard PCI-zu-USB erweiterter Hostcontroller
IRQ 20 Standard-Zweikanal-PCI-IDE-Controller
IRQ 22 Standard PCI-zu-USB erweiterter Hostcontroller
IRQ 22 NVIDIA nForce-Netzwerkcontroller
IRQ 23 Standard OpenHCD USB-Hostcontroller
IRQ 23 High Definition Audio-Controller
Speicheradresse 0xFEC00000-0xFFFFFFFF Systemplatine
Speicheradresse 0xFEC00000-0xFFFFFFFF Hauptplatinenressourcen
Speicheradresse 0xD0000000-0xDFFFFFFF NVIDIA GeForce 9500 GT
Speicheradresse 0xD0000000-0xDFFFFFFF PCI Standard-PCI-zu-PCI-Brücke
Speicheradresse 0xD0000-0xDFFFF PCI-Bus
Speicheradresse 0xD0000-0xDFFFF Hauptplatinenressourcen
Speicheradresse 0xA0000-0xBFFFF PCI-Bus
Speicheradresse 0xA0000-0xBFFFF NVIDIA GeForce 9500 GT
Speicheradresse 0xA0000-0xBFFFF PCI Standard-PCI-zu-PCI-Brücke
E/A-Port 0x000003B0-0x000003BB NVIDIA GeForce 9500 GT
E/A-Port 0x000003B0-0x000003BB PCI Standard-PCI-zu-PCI-Brücke
Speicheradresse 0xFA000000-0xFBFFFFFF NVIDIA GeForce 9500 GT
Speicheradresse 0xFA000000-0xFBFFFFFF PCI Standard-PCI-zu-PCI-Brücke
Code:
ATTFilter 0x00000000-0x00000CF7 PCI-Bus OK
0x00000000-0x00000CF7 DMA-Controller OK
0x00000010-0x0000001F Hauptplatinenressourcen OK
0x00000020-0x00000021 Programmierbarer Interruptcontroller OK
0x00000022-0x0000003F Hauptplatinenressourcen OK
0x00000040-0x00000043 Systemzeitgeber OK
0x00000044-0x0000004D Hauptplatinenressourcen OK
0x00000050-0x0000005F Hauptplatinenressourcen OK
0x00000060-0x00000060 Standardtastatur (PS/2) OK
0x00000061-0x00000061 Systemlautsprecher OK
0x00000062-0x00000063 Hauptplatinenressourcen OK
0x00000064-0x00000064 Standardtastatur (PS/2) OK
0x00000065-0x0000006F Hauptplatinenressourcen OK
0x00000070-0x00000071 System CMOS/Echtzeituhr OK
0x00000072-0x0000007F Hauptplatinenressourcen OK
0x00000080-0x00000080 Hauptplatinenressourcen OK
0x00000081-0x00000083 DMA-Controller OK
0x00000084-0x00000086 Hauptplatinenressourcen OK
0x00000087-0x00000087 DMA-Controller OK
0x00000088-0x00000088 Hauptplatinenressourcen OK
0x00000089-0x0000008B DMA-Controller OK
0x0000008C-0x0000008E Hauptplatinenressourcen OK
0x0000008F-0x0000008F DMA-Controller OK
0x00000090-0x0000009F Hauptplatinenressourcen OK
0x000000A0-0x000000A1 Programmierbarer Interruptcontroller OK
0x000000A2-0x000000BF Hauptplatinenressourcen OK
0x000000C0-0x000000DF DMA-Controller OK
0x000000E0-0x000000EF Hauptplatinenressourcen OK
0x000000F0-0x000000FF Numerischer Coprozessor OK
0x00000170-0x00000177 ATA Channel 1 OK
0x000001F0-0x000001F7 ATA Channel 0 OK
0x00000290-0x0000029F Hauptplatinenressourcen OK
0x00000376-0x00000376 ATA Channel 1 OK
0x00000378-0x0000037F ECP-Druckeranschluss (LPT1) OK
0x000003B0-0x000003BB NVIDIA GeForce 9500 GT OK
0x000003B0-0x000003BB PCI Standard-PCI-zu-PCI-Brücke OK
0x000003C0-0x000003DF NVIDIA GeForce 9500 GT OK
0x000003C0-0x000003DF PCI Standard-PCI-zu-PCI-Brücke OK
0x000003F6-0x000003F6 ATA Channel 0 OK
0x000003F8-0x000003FF Kommunikationsanschluss (COM1) OK
0x000004D0-0x000004D1 Hauptplatinenressourcen OK
0x00000778-0x0000077F ECP-Druckeranschluss (LPT1) OK
0x00000800-0x0000080F Hauptplatinenressourcen OK
0x00000D00-0x0000FFFF PCI-Bus OK
0x00000E00-0x00000E03 Standard-Zweikanal-PCI-IDE-Controller OK
0x00000E80-0x00000E87 Standard-Zweikanal-PCI-IDE-Controller OK
0x00000F00-0x00000F03 Standard-Zweikanal-PCI-IDE-Controller OK
0x00000F80-0x00000F87 Standard-Zweikanal-PCI-IDE-Controller OK
0x00001000-0x0000107F Hauptplatinenressourcen OK
0x00001080-0x000010FF Hauptplatinenressourcen OK
0x00001400-0x0000147F Hauptplatinenressourcen OK
0x00001480-0x000014FF Hauptplatinenressourcen OK
0x00001800-0x0000187F Hauptplatinenressourcen OK
0x00001880-0x000018FF Hauptplatinenressourcen OK
0x00001C00-0x00001C7F Hauptplatinenressourcen OK
0x00001C80-0x00001CFF Hauptplatinenressourcen OK
0x00001D00-0x00001D3F NVIDIA nForce PCI-Systemverwaltung OK
0x00001E00-0x00001E3F NVIDIA nForce PCI-Systemverwaltung OK
0x0000CC00-0x0000CC0F Standard-Zweikanal-PCI-IDE-Controller OK
0x0000DC00-0x0000DC3F NVIDIA nForce PCI-Systemverwaltung OK
0x0000E000-0x0000EFFF PCI Standard-PCI-zu-PCI-Brücke OK
0x0000EC00-0x0000EC7F NVIDIA GeForce 9500 GT OK
0x0000FFA0-0x0000FFAF Standard-Zweikanal-PCI-IDE-Controller OK
Code:
ATTFilter IRQ 0 Systemzeitgeber OK
IRQ 1 Standardtastatur (PS/2) OK
IRQ 4 Kommunikationsanschluss (COM1) OK
IRQ 8 System CMOS/Echtzeituhr OK
IRQ 10 NVIDIA GeForce 9500 GT OK
IRQ 11 NVIDIA nForce PCI-Systemverwaltung OK
IRQ 12 Microsoft PS/2-Maus OK
IRQ 13 Numerischer Coprozessor OK
IRQ 14 ATA Channel 0 OK
IRQ 15 ATA Channel 1 OK
IRQ 20 Standard PCI-zu-USB erweiterter Hostcontroller OK
IRQ 20 Standard-Zweikanal-PCI-IDE-Controller OK
IRQ 21 Standard OpenHCD USB-Hostcontroller OK
IRQ 22 Standard PCI-zu-USB erweiterter Hostcontroller OK
IRQ 22 NVIDIA nForce-Netzwerkcontroller OK
IRQ 23 Standard OpenHCD USB-Hostcontroller OK
IRQ 23 High Definition Audio-Controller OK
IRQ 81 Microsoft ACPI-konformes System OK
IRQ 82 Microsoft ACPI-konformes System OK
IRQ 83 Microsoft ACPI-konformes System OK
IRQ 84 Microsoft ACPI-konformes System OK
IRQ 85 Microsoft ACPI-konformes System OK
IRQ 86 Microsoft ACPI-konformes System OK
IRQ 87 Microsoft ACPI-konformes System OK
IRQ 88 Microsoft ACPI-konformes System OK
IRQ 89 Microsoft ACPI-konformes System OK
IRQ 90 Microsoft ACPI-konformes System OK
IRQ 91 Microsoft ACPI-konformes System OK
IRQ 92 Microsoft ACPI-konformes System OK
IRQ 93 Microsoft ACPI-konformes System OK
IRQ 94 Microsoft ACPI-konformes System OK
IRQ 95 Microsoft ACPI-konformes System OK
IRQ 96 Microsoft ACPI-konformes System OK
IRQ 97 Microsoft ACPI-konformes System OK
IRQ 98 Microsoft ACPI-konformes System OK
IRQ 99 Microsoft ACPI-konformes System OK
IRQ 100 Microsoft ACPI-konformes System OK
IRQ 101 Microsoft ACPI-konformes System OK
IRQ 102 Microsoft ACPI-konformes System OK
IRQ 103 Microsoft ACPI-konformes System OK
IRQ 104 Microsoft ACPI-konformes System OK
IRQ 105 Microsoft ACPI-konformes System OK
IRQ 106 Microsoft ACPI-konformes System OK
IRQ 107 Microsoft ACPI-konformes System OK
IRQ 108 Microsoft ACPI-konformes System OK
IRQ 109 Microsoft ACPI-konformes System OK
IRQ 110 Microsoft ACPI-konformes System OK
IRQ 111 Microsoft ACPI-konformes System OK
IRQ 112 Microsoft ACPI-konformes System OK
IRQ 113 Microsoft ACPI-konformes System OK
IRQ 114 Microsoft ACPI-konformes System OK
IRQ 115 Microsoft ACPI-konformes System OK
IRQ 116 Microsoft ACPI-konformes System OK
IRQ 117 Microsoft ACPI-konformes System OK
IRQ 118 Microsoft ACPI-konformes System OK
IRQ 119 Microsoft ACPI-konformes System OK
IRQ 120 Microsoft ACPI-konformes System OK
IRQ 121 Microsoft ACPI-konformes System OK
IRQ 122 Microsoft ACPI-konformes System OK
IRQ 123 Microsoft ACPI-konformes System OK
IRQ 124 Microsoft ACPI-konformes System OK
IRQ 125 Microsoft ACPI-konformes System OK
IRQ 126 Microsoft ACPI-konformes System OK
IRQ 127 Microsoft ACPI-konformes System OK
IRQ 128 Microsoft ACPI-konformes System OK
IRQ 129 Microsoft ACPI-konformes System OK
IRQ 130 Microsoft ACPI-konformes System OK
IRQ 131 Microsoft ACPI-konformes System OK
IRQ 132 Microsoft ACPI-konformes System OK
IRQ 133 Microsoft ACPI-konformes System OK
IRQ 134 Microsoft ACPI-konformes System OK
IRQ 135 Microsoft ACPI-konformes System OK
IRQ 136 Microsoft ACPI-konformes System OK
IRQ 137 Microsoft ACPI-konformes System OK
IRQ 138 Microsoft ACPI-konformes System OK
IRQ 139 Microsoft ACPI-konformes System OK
IRQ 140 Microsoft ACPI-konformes System OK
IRQ 141 Microsoft ACPI-konformes System OK
IRQ 142 Microsoft ACPI-konformes System OK
IRQ 143 Microsoft ACPI-konformes System OK
IRQ 144 Microsoft ACPI-konformes System OK
IRQ 145 Microsoft ACPI-konformes System OK
IRQ 146 Microsoft ACPI-konformes System OK
IRQ 147 Microsoft ACPI-konformes System OK
IRQ 148 Microsoft ACPI-konformes System OK
IRQ 149 Microsoft ACPI-konformes System OK
IRQ 150 Microsoft ACPI-konformes System OK
IRQ 151 Microsoft ACPI-konformes System OK
IRQ 152 Microsoft ACPI-konformes System OK
IRQ 153 Microsoft ACPI-konformes System OK
IRQ 154 Microsoft ACPI-konformes System OK
IRQ 155 Microsoft ACPI-konformes System OK
IRQ 156 Microsoft ACPI-konformes System OK
IRQ 157 Microsoft ACPI-konformes System OK
IRQ 158 Microsoft ACPI-konformes System OK
IRQ 159 Microsoft ACPI-konformes System OK
IRQ 160 Microsoft ACPI-konformes System OK
IRQ 161 Microsoft ACPI-konformes System OK
IRQ 162 Microsoft ACPI-konformes System OK
IRQ 163 Microsoft ACPI-konformes System OK
IRQ 164 Microsoft ACPI-konformes System OK
IRQ 165 Microsoft ACPI-konformes System OK
IRQ 166 Microsoft ACPI-konformes System OK
IRQ 167 Microsoft ACPI-konformes System OK
IRQ 168 Microsoft ACPI-konformes System OK
IRQ 169 Microsoft ACPI-konformes System OK
IRQ 170 Microsoft ACPI-konformes System OK
IRQ 171 Microsoft ACPI-konformes System OK
IRQ 172 Microsoft ACPI-konformes System OK
IRQ 173 Microsoft ACPI-konformes System OK
IRQ 174 Microsoft ACPI-konformes System OK
IRQ 175 Microsoft ACPI-konformes System OK
IRQ 176 Microsoft ACPI-konformes System OK
IRQ 177 Microsoft ACPI-konformes System OK
IRQ 178 Microsoft ACPI-konformes System OK
IRQ 179 Microsoft ACPI-konformes System OK
IRQ 180 Microsoft ACPI-konformes System OK
IRQ 181 Microsoft ACPI-konformes System OK
IRQ 182 Microsoft ACPI-konformes System OK
IRQ 183 Microsoft ACPI-konformes System OK
IRQ 184 Microsoft ACPI-konformes System OK
IRQ 185 Microsoft ACPI-konformes System OK
IRQ 186 Microsoft ACPI-konformes System OK
IRQ 187 Microsoft ACPI-konformes System OK
IRQ 188 Microsoft ACPI-konformes System OK
IRQ 189 Microsoft ACPI-konformes System OK
IRQ 190 Microsoft ACPI-konformes System OK
IRQ 4294967288 PCI Standard-PCI-zu-PCI-Brücke OK
IRQ 4294967289 PCI Standard-PCI-zu-PCI-Brücke OK
IRQ 4294967290 PCI Standard-PCI-zu-PCI-Brücke OK
IRQ 4294967291 PCI Standard-PCI-zu-PCI-Brücke OK
IRQ 4294967292 PCI Standard-PCI-zu-PCI-Brücke OK
IRQ 4294967293 PCI Standard-PCI-zu-PCI-Brücke OK
IRQ 4294967294 PCI Standard-PCI-zu-PCI-Brücke OK
Code:
ATTFilter Arbeitsspeicher
0xF9FFF000-0xF9FFFFFF Standard OpenHCD USB-Hostcontroller OK
0x80000000-0xDFFFFFFF PCI-Bus OK
0xF0000000-0xFEBFFFFF PCI-Bus OK
0xF9FFD000-0xF9FFDFFF Standard OpenHCD USB-Hostcontroller OK
0x0000-0x9FFFF Systemplatine OK
0xFEC00000-0xFFFFFFFF Systemplatine OK
0xFEC00000-0xFFFFFFFF Hauptplatinenressourcen OK
0xFEE00000-0xFEE00FFF Hauptplatinenressourcen OK
0xFEFE0000-0xFEFE01FF Hauptplatinenressourcen OK
0xFEFE1000-0xFEFE1FFF Hauptplatinenressourcen OK
0xFEE01000-0xFEEFFFFF Hauptplatinenressourcen OK
0xF9FFEC00-0xF9FFECFF Standard PCI-zu-USB erweiterter Hostcontroller OK
0xE0000000-0xEFFFFFFF Hauptplatinenressourcen OK
0xF9FFE800-0xF9FFE8FF Standard PCI-zu-USB erweiterter Hostcontroller OK
0xF9FFC000-0xF9FFCFFF NVIDIA nForce-Netzwerkcontroller OK
0xF9FFE400-0xF9FFE4FF NVIDIA nForce-Netzwerkcontroller OK
0xF9FFE000-0xF9FFE00F NVIDIA nForce-Netzwerkcontroller OK
0xFD000000-0xFDFFFFFF NVIDIA GeForce 9500 GT OK
0xD0000000-0xDFFFFFFF NVIDIA GeForce 9500 GT OK
0xD0000000-0xDFFFFFFF PCI Standard-PCI-zu-PCI-Brücke OK
0xFA000000-0xFBFFFFFF NVIDIA GeForce 9500 GT OK
0xFA000000-0xFBFFFFFF PCI Standard-PCI-zu-PCI-Brücke OK
0xF9FF6000-0xF9FF7FFF Standard-Zweikanal-PCI-IDE-Controller OK
0xF9FF8000-0xF9FFBFFF High Definition Audio-Controller OK
0xA0000-0xBFFFF PCI-Bus OK
0xA0000-0xBFFFF NVIDIA GeForce 9500 GT OK
0xA0000-0xBFFFF PCI Standard-PCI-zu-PCI-Brücke OK
0xC0000-0xCFFFF Systemplatine OK
0xD0000-0xDFFFF PCI-Bus OK
0xD0000-0xDFFFF Hauptplatinenressourcen OK
0xD4000-0xD7FFF Hauptplatinenressourcen OK
0xDE000-0xDFFFF Hauptplatinenressourcen OK
0xE0000-0xFFFFF Systemplatine OK
0x100000-0x7FFFFFFF Systemplatine OK
Die meisten anderen Treiber sind von 2006. haben also schon Museumswert Unter Geräte Manager werden keine Konflikte angezeigt. Bekannte Defekte: HD Controller 2 & vermutlich 4 defekt DVD Laufwerk es werden diverse Fehler angezeigt. Probleme scheint es teilweise beim Lesen zu geben. Beschreiben geht gar nicht mehr. Angeschlossen am PC sind momentan: USB Huawei Stick und Motorola G2  |
|
17.03.2015, 09:38
| #4 |
| | Lösung: Windows 7 64 mit häufigen Bluescreens Folgende Probleme traten heute auf: Der PC ließ sich starten, alles schien normal. War schon im Internet angemeldet und Opera war gestartet, als der PC Monitor nur noch ein weißes Bild zeigte. Ein Neustart brachte mir dann nur noch ein schwarzes Bild. Wobei die Monitor LED gelb anzeigte, also Verbindung ja, Signal nein. Nach mehreren Neustarts funktioniert der PC wieder. Das DVD Laufwerk hatte ich auch probeweise entfernt, dass brachte aber nichts. Im Verdacht steht jetzt leider meine Grafikkarte. Könnte die einen Weg haben? Frische Fehlermeldungen gibt es auch: Code:
ATTFilter Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.
Dazu 2 Warnungen: Es wurde festgestellt, dass Ihre Registrierungsdatei noch von anderen Anwendungen oder Diensten verwendet wird. Die Datei wird nun entladen. Die Anwendungen oder Dienste, die Ihre Registrierungsdatei anhalten, funktionieren anschließend u. U. nicht mehr ordnungsgemäß. Code:
ATTFilter Es wurde festgestellt, dass Ihre Registrierungsdatei noch von anderen Anwendungen oder Diensten verwendet wird. Die Datei wird nun entladen. Die Anwendungen oder Dienste, die Ihre Registrierungsdatei anhalten, funktionieren anschließend u. U. nicht mehr ordnungsgemäß.
DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-3460778114-2026053698-264934852-1000_Classes:
Process 2352 (\Device\HarddiskVolume1\Program Files\360\360 Internet Security\safemon\360Tray.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000_CLASSES
Process 2352 (\Device\HarddiskVolume1\Program Files\360\360 Internet Security\safemon\360Tray.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000_CLASSES\WOW6432NODE\CLSID
Code:
ATTFilter Es wurde festgestellt, dass Ihre Registrierungsdatei noch von anderen Anwendungen oder Diensten verwendet wird. Die Datei wird nun entladen. Die Anwendungen oder Dienste, die Ihre Registrierungsdatei anhalten, funktionieren anschließend u. U. nicht mehr ordnungsgemäß.
DETAIL -
33 user registry handles leaked from \Registry\User\S-1-5-21-3460778114-2026053698-264934852-1000:
Process 2896 (\Device\HarddiskVolume1\Program Files\360\360 Internet Security\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000
Process 2352 (\Device\HarddiskVolume1\Program Files\360\360 Internet Security\safemon\360Tray.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000
Process 2352 (\Device\HarddiskVolume1\Program Files\360\360 Internet Security\safemon\360Tray.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000
Process 2352 (\Device\HarddiskVolume1\Program Files\360\360 Internet Security\safemon\360Tray.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000
Process 2352 (\Device\HarddiskVolume1\Program Files\360\360 Internet Security\safemon\360Tray.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000
Process 2352 (\Device\HarddiskVolume1\Program Files\360\360 Internet Security\safemon\360Tray.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000
Process 2352 (\Device\HarddiskVolume1\Program Files\360\360 Internet Security\safemon\360Tray.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000
Process 516 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000
Process 516 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000
Process 516 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000
Process 2896 (\Device\HarddiskVolume1\Program Files\360\360 Internet Security\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000
Process 2896 (\Device\HarddiskVolume1\Program Files\360\360 Internet Security\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 2352 (\Device\HarddiskVolume1\Program Files\360\360 Internet Security\safemon\360Tray.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 2352 (\Device\HarddiskVolume1\Program Files\360\360 Internet Security\safemon\360Tray.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Policies\Microsoft\SystemCertificates
Process 516 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Policies\Microsoft\SystemCertificates
Process 516 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Policies\Microsoft\SystemCertificates
Process 2352 (\Device\HarddiskVolume1\Program Files\360\360 Internet Security\safemon\360Tray.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2352 (\Device\HarddiskVolume1\Program Files\360\360 Internet Security\safemon\360Tray.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Microsoft\Windows NT\CurrentVersion
Process 2896 (\Device\HarddiskVolume1\Program Files\360\360 Internet Security\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Microsoft\Windows NT\CurrentVersion
Process 2896 (\Device\HarddiskVolume1\Program Files\360\360 Internet Security\360rp.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 2352 (\Device\HarddiskVolume1\Program Files\360\360 Internet Security\safemon\360Tray.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 2352 (\Device\HarddiskVolume1\Program Files\360\360 Internet Security\safemon\360Tray.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Microsoft\SystemCertificates\My
Process 516 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Microsoft\SystemCertificates\My
Process 2352 (\Device\HarddiskVolume1\Program Files\360\360 Internet Security\safemon\360Tray.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Microsoft\SystemCertificates\CA
Process 516 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Microsoft\SystemCertificates\CA
Process 2352 (\Device\HarddiskVolume1\Program Files\360\360 Internet Security\safemon\360Tray.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Microsoft\SystemCertificates\Root
Process 516 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Microsoft\SystemCertificates\Root
Process 2352 (\Device\HarddiskVolume1\Program Files\360\360 Internet Security\safemon\360Tray.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 516 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 2352 (\Device\HarddiskVolume1\Program Files\360\360 Internet Security\safemon\360Tray.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 516 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2352 (\Device\HarddiskVolume1\Program Files\360\360 Internet Security\safemon\360Tray.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Microsoft\SystemCertificates\trust
Process 516 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Microsoft\SystemCertificates\trust
Code:
ATTFilter Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Bin langsam echt ein wenig am Verzweifeln.  Geändert von DanteHasta (17.03.2015 um 09:50 Uhr) |
|
17.03.2015, 10:37
| #5 |
| > MalwareDB | Wie Windows 7 64 mit häufigen Bluescreens Lass uns doch mal vorne anfangen Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ If every computer is running a diverse ecosystem, crackers will have no choice but to resort to small-scale, targetted attacks, and the days of mass-market malware will be over[...]. Stuart Udall |
|
17.03.2015, 12:14
| #6 |
| | Wo Windows 7 64 mit häufigen Bluescreens Lösung! FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by mathiaswolfgang (administrator) on DANTE_HASTA_PC on 17-03-2015 11:59:54
Running from C:\Users\mathiaswolfgang\Desktop
Loaded Profiles: mathiaswolfgang & UpdatusUser (Available profiles: mathiaswolfgang & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rps.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360sd.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rp.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\safemon\360Tray.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.40\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.40\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.40\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.40\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.40\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.40\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.40\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.40\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.40\opera.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.40\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.40\opera.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [360sd] => C:\Program Files\360\360 Internet Security\360sdrun.exe [287560 2014-04-16] (Qihu 360 Software Co., Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: D - D:\cbs.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: E - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {38241b26-a857-11e4-abbb-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {4d6118ff-6d56-11e4-89d7-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {4d611902-6d56-11e4-89d7-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {4d611962-6d56-11e4-89d7-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {4d611965-6d56-11e4-89d7-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {5d3367e2-d2c9-11e3-8b1b-001966aa7536} - E:\AutoRun.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {6aa04554-e2f5-11e3-bf51-001e101fb681} - E:\AutoRun.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {6b4f9a42-3c02-11e4-b851-001966aa7536} - E:\AutoRun.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {6b4f9a82-3c02-11e4-b851-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {6b4f9a88-3c02-11e4-b851-001966aa7536} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {b2aed7e2-072a-11e4-9f5e-001e101f36d9} - E:\AutoRun.exe
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {f119d995-83b4-11e4-b98e-001966aa7536} - D:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\MountPoints2: {f8bb63f8-d2c5-11e3-b105-806e6f6e6963} - D:\AutoRun.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3460778114-2026053698-264934852-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files\360\360 Internet Security\safemon\safemon64.dll [2014-04-23] (Qihu 360 Software Co., Ltd.)
Tcpip\..\Interfaces\{148F12C9-CC71-405B-BE8A-70ED4434AA54}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{76108A4C-C895-41B9-A577-9559AA994DA9}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{CAC29905-FA43-4477-AF51-7DADB5C4FC11}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{F7C25C63-B387-451C-A625-92C5A522EEFE}: [NameServer] 193.189.244.206 193.189.244.225
FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-3460778114-2026053698-264934852-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\mathiaswolfgang\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-07] (Unity Technologies ApS)
Chrome:
=======
CHR Plugin: (Shockwave Flash) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll No File
CHR Plugin: (Wajam) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Adobe Acrobat) - F:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - F:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll No File
CHR Plugin: (2007 Microsoft Office system) - F:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - F:\Program Files\Mozilla Firefox\plugins\npwachk.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npdrmv2.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npwmsdrm.dll No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - F:\Program Files\Windows Media Player\npdsplay.dll No File
CHR Plugin: (Google Update) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Google Earth Plugin) - F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Panda ActiveScan 2.0) - F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll No File
CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Ma-Config.com plugin) - F:\Program Files\ma-config.com\nphardwaredetection.dll No File
CHR Plugin: (Silverlight Plug-In) - f:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-03]
CHR Extension: (Google Drive) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27]
CHR Extension: (YouTube) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-03]
CHR Extension: (Google Search) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-03]
CHR Extension: (AdBlock) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-03]
CHR Extension: (Google Wallet) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-03]
CHR Extension: (NotScripts) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn [2014-06-08]
CHR Extension: (Sothink Flash Downloader for Chrome) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeiadippkbacigpadnembcfclhmmbifb [2014-05-22]
CHR Extension: (Gmail) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-03]
CHR Extension: (360 WebShield Plug-in) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppagaglfkmlpgobnlenhknilehpmcbo [2014-05-05]
CHR HKLM-x32\...\Chrome\Extension: [pppagaglfkmlpgobnlenhknilehpmcbo] - C:\Program Files\360\360 Internet Security\safemon\360webshield.crx [2014-05-05]
Opera:
=======
OPR Extension: (AdBlock) - C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2014-12-25]
OPR Extension: (DuckDuckGo for Opera) - C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfbekbndggmbdkfhjandenfihkdkndil [2014-11-10]
OPR Extension: (WOT) - C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2014-12-29]
OPR Extension: (Adblock Plus) - C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-06-12]
OPR Extension: (FastestTube - YouTube Video Downloader) - C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software\Opera Stable\Extensions\phahnhbgfdhgobenebnjbgmacgpbfaag [2015-01-20]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 360rp; C:\Program Files\360\360 Internet Security\360rps.exe [310352 2014-04-16] (Qihu 360 Software Co., Ltd.)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [243880 2015-02-13] (Foxit Software Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2014-05-03] ()
S3 scan; C:\Program Files\360\360 Internet Security\scan.dll [423144 2013-02-20] (S.C. BitDefender S.R.L)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZhuDongFangYu; C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe [236360 2014-04-23] (Qihu 360 Software Co., Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [97872 2014-04-21] (Qihu 360 Software Co., Ltd.)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [67664 2014-04-23] (Qihu 360 Software Co., Ltd.)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305744 2014-04-29] (Qihu 360 Software Co., Ltd.)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [41552 2014-04-29] (Qihu 360 Software Co., Ltd.)
R1 360fsflt; C:\Windows\System32\DRIVERS\360FsFlt.sys [304208 2014-05-07] (Qihu 360 Software Co., Ltd.)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [181080 2014-04-18] (Qihu 360 Software Co., Ltd.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 ALSysIO; \??\C:\Users\MATHIA~1\AppData\Local\Temp\ALSysIO64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-17 11:59 - 2015-03-17 12:00 - 00017041 _____ () C:\Users\mathiaswolfgang\Desktop\FRST.txt
2015-03-17 11:59 - 2015-03-17 11:59 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\FRST-OlderVersion
2015-03-14 15:43 - 2015-03-14 15:43 - 00290744 _____ () C:\Windows\Minidump\031415-27312-01.dmp
2015-03-14 12:37 - 2015-03-14 12:38 - 00000000 ____D () C:\Program Files\OpenTTD
2015-03-14 12:37 - 2015-03-14 12:37 - 00000805 _____ () C:\Users\Public\Desktop\OpenTTD.lnk
2015-03-14 12:37 - 2015-03-14 12:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenTTD
2015-03-14 12:35 - 2015-03-14 12:36 - 08160170 _____ (OpenTTD Developers) C:\Users\mathiaswolfgang\Downloads\openttd-1.5.0-beta2-windows-win64.exe
2015-03-13 22:39 - 2015-03-13 22:39 - 01295141 _____ () C:\Users\mathiaswolfgang\Downloads\mm3.zip
2015-03-13 22:08 - 2015-03-13 22:08 - 01051215 _____ () C:\Users\mathiaswolfgang\Downloads\povs.zip
2015-03-13 22:03 - 2015-03-13 22:03 - 00269824 _____ (Microsoft Corporation) C:\Users\mathiaswolfgang\Downloads\Adrian.EXE
2015-03-13 22:00 - 2015-03-13 22:00 - 00201925 _____ () C:\Users\mathiaswolfgang\Downloads\break.zip
2015-03-13 21:49 - 2015-03-13 21:49 - 00370712 _____ () C:\Users\mathiaswolfgang\Downloads\adventur.zip
2015-03-13 21:22 - 2015-03-13 21:21 - 00054912 _____ () C:\Users\mathiaswolfgang\Downloads\scigame - Kopie.exe
2015-03-13 21:21 - 2015-03-13 21:21 - 00054912 _____ () C:\Users\mathiaswolfgang\Downloads\scigame.exe
2015-03-13 14:37 - 2015-03-13 14:37 - 00290784 _____ () C:\Windows\Minidump\031315-23453-01.dmp
2015-03-11 23:09 - 2015-03-11 23:18 - 00000000 ____D () C:\Users\mathiaswolfgang\Documents\warblade
2015-03-11 23:07 - 2015-03-11 23:07 - 15202917 _____ (EMV Software ) C:\Users\mathiaswolfgang\Downloads\warblade_demo.exe
2015-03-11 23:04 - 2015-03-11 23:04 - 01046598 _____ () C:\Users\mathiaswolfgang\Downloads\DeluxeGalaga_A.lha
2015-03-11 13:02 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 13:02 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 13:02 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 13:02 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 13:02 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 13:02 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 13:02 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 13:02 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 13:02 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 13:02 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 13:02 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 13:02 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 13:02 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 13:02 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 13:02 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 13:02 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 13:02 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 13:02 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 13:02 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 13:02 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 13:02 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 13:01 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 13:01 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 13:01 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 13:01 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 13:01 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 13:01 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 13:01 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 13:01 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 13:01 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 13:01 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 13:01 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 13:01 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 13:01 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 13:01 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 13:01 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 13:01 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 13:01 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 13:01 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 13:01 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 13:01 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 13:01 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 13:01 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 13:01 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 13:01 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 13:01 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 13:01 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 13:01 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 13:01 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 13:01 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 13:01 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 13:01 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 13:01 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 13:01 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 13:01 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 13:00 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 13:00 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 13:00 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 13:00 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 13:00 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 13:00 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 13:00 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 13:00 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 13:00 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 13:00 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 13:00 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 13:00 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 13:00 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 13:00 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 13:00 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 13:00 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 13:00 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 13:00 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 13:00 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 13:00 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 13:00 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 13:00 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 13:00 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 13:00 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 13:00 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 13:00 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 13:00 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 13:00 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 13:00 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 13:00 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 13:00 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 13:00 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 13:00 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 13:00 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 13:00 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 13:00 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 13:00 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 13:00 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 13:00 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 13:00 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 13:00 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 13:00 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 13:00 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 13:00 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 13:00 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 13:00 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 13:00 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 13:00 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 13:00 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 13:00 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 13:00 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 13:00 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 13:00 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 13:00 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 13:00 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 13:00 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 13:00 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 12:59 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 12:59 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 12:59 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 12:59 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 12:59 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 12:59 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 12:59 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 12:59 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 12:59 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 12:59 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 12:59 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 12:59 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 12:59 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 12:59 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 12:59 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 12:59 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 12:59 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 12:59 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 12:59 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 12:59 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 12:59 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 12:59 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 12:59 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 12:59 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 12:59 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 12:59 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 12:59 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 12:59 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 12:59 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 12:59 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 12:59 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 12:59 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 12:59 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 12:59 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 12:59 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 12:59 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 12:59 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 12:59 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 12:59 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 12:59 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 12:58 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 12:58 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 22:09 - 2015-03-16 11:11 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Lord Bot
2015-03-10 22:09 - 2015-03-10 22:09 - 00003089 _____ () C:\Users\mathiaswolfgang\Desktop\Lord Bot.lnk
2015-03-10 22:09 - 2015-03-10 22:09 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lord Bot
2015-03-10 22:09 - 2015-03-10 22:09 - 00000000 ____D () C:\Program Files (x86)\falknhayn
2015-03-10 22:07 - 2015-03-10 22:07 - 01659309 _____ () C:\Users\mathiaswolfgang\Downloads\LordBotSetup.zip
2015-03-10 16:54 - 2015-03-10 16:54 - 00289412 _____ () C:\Users\mathiaswolfgang\Downloads\baffledandbruised25.zip
2015-03-10 15:05 - 2015-03-10 15:59 - 00000000 ____D () C:\Program Files (x86)\MUSHclient
2015-03-10 15:05 - 2015-03-10 15:05 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MUSHclient
2015-03-10 15:05 - 2015-03-10 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MUSHclient
2015-03-10 15:04 - 2015-03-10 15:04 - 03563775 _____ () C:\Users\mathiaswolfgang\Downloads\mushclient494.exe
2015-03-10 15:00 - 2015-03-10 15:00 - 00000600 _____ () C:\Users\mathiaswolfgang\AppData\Local\PUTTY.RND
2015-03-10 14:33 - 2015-03-10 14:33 - 00799260 _____ () C:\Users\mathiaswolfgang\Downloads\tm421.zip
2015-03-10 12:25 - 2015-03-10 12:25 - 00724618 _____ () C:\Users\mathiaswolfgang\Downloads\telix-3.51.zip
2015-03-10 09:02 - 2015-03-10 09:02 - 03713772 _____ () C:\Users\mathiaswolfgang\Downloads\MS-DOS-6.22.zip
2015-03-10 08:25 - 2015-03-10 08:28 - 04790039 _____ () C:\Users\mathiaswolfgang\Downloads\sbbs230b.zip
2015-03-09 22:54 - 2015-03-09 22:55 - 08880923 _____ () C:\Users\mathiaswolfgang\Downloads\Mr Palin on the sport of Fish Slapping.mp4
2015-03-09 18:45 - 2015-03-09 18:45 - 00002048 _____ () C:\Users\Public\Desktop\Heroes of Might and Magic IV.lnk
2015-03-09 18:44 - 2015-03-09 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DO
2015-03-09 18:39 - 2015-03-09 18:39 - 00000000 ____D () C:\Program Files (x86)\3DO
2015-03-09 03:29 - 2015-03-09 03:30 - 28656799 _____ () C:\Users\mathiaswolfgang\Downloads\Mindestlohn - die perfiden Tricks der Arbeitgeber_ Monitor _ Das Erste _ WDR.mp4
2015-03-08 18:29 - 2015-03-08 18:35 - 34318798 _____ () C:\Users\mathiaswolfgang\Downloads\Volker Pispers ....es wird sich nichts mehr ändern !! USA im Endstadium des Kapitalismus.mp4
2015-03-08 13:06 - 2015-03-08 13:07 - 01152300 _____ () C:\Users\mathiaswolfgang\Downloads\sim-city-future_ancient_addon.zip
2015-03-08 13:06 - 2015-03-08 13:06 - 00674870 _____ () C:\Users\mathiaswolfgang\Downloads\simcity.zip
2015-03-07 12:47 - 2015-03-07 12:47 - 00244436 _____ () C:\Users\mathiaswolfgang\Downloads\player_manager_(1990)(anco)[cr_ocl]-amiga.zip
2015-03-07 12:44 - 2015-03-07 12:44 - 00367508 _____ () C:\Users\mathiaswolfgang\Downloads\player_manager_(1990)(anco)(it)-amiga.zip
2015-03-07 11:45 - 2015-03-07 11:45 - 00246544 _____ () C:\Users\mathiaswolfgang\Downloads\K.H. Rummenigge's Player Manager.zip
2015-03-07 11:32 - 2015-03-07 11:32 - 02738022 _____ () C:\Users\mathiaswolfgang\Downloads\Superheroines The Trap Trailer.mp4
2015-03-07 11:16 - 2015-03-07 11:16 - 00854361 _____ () C:\Users\mathiaswolfgang\Downloads\Wizardry V - Heart of the Maelstrom.zip
2015-03-07 10:20 - 2015-03-07 10:20 - 00655897 _____ () C:\Users\mathiaswolfgang\Downloads\Ultima - Runes of Virtue II.zip
2015-03-07 10:13 - 2015-03-07 10:13 - 00867785 _____ () C:\Users\mathiaswolfgang\Downloads\zsnesw151.zip
2015-03-07 09:45 - 2015-03-07 09:45 - 00530465 _____ () C:\Users\mathiaswolfgang\Downloads\DBQuest.zip
2015-03-07 01:30 - 2015-03-07 01:31 - 03149814 _____ () C:\Users\mathiaswolfgang\Downloads\warriors-of-legend.zip
2015-03-06 23:14 - 2015-03-06 23:14 - 00174323 _____ () C:\Users\mathiaswolfgang\Downloads\the-rescue-of-lorri-in-lorrinitron.zip
2015-03-06 22:46 - 2015-03-06 22:47 - 05906030 _____ () C:\Users\mathiaswolfgang\Downloads\Superheroines White Angel part 5.mp4
2015-03-06 20:10 - 2015-03-06 20:10 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\madpara
2015-03-06 20:08 - 2015-03-06 20:09 - 03079518 _____ () C:\Users\mathiaswolfgang\Downloads\mad-paradox.zip
2015-03-06 17:41 - 2015-03-06 17:43 - 36332290 _____ () C:\Users\mathiaswolfgang\Downloads\Volker Pispers Schluss mit lustig _ Ebola _ Skandale _ Medien 08.11.2014 - Bananenrepublik.mp4
2015-03-06 17:09 - 2015-03-06 17:09 - 00080612 _____ () C:\Users\mathiaswolfgang\Downloads\adventurewriter.zip
2015-03-06 15:36 - 2015-03-06 15:36 - 00325215 _____ () C:\Users\mathiaswolfgang\Downloads\legend-of-the-red-dragon.zip
2015-03-05 15:59 - 2015-03-05 16:00 - 01167872 _____ (Microsoft Corporation) C:\Users\mathiaswolfgang\Downloads\bgammon.exe
2015-03-05 12:21 - 2015-03-17 11:59 - 00000000 ____D () C:\FRST
2015-03-05 12:20 - 2015-03-17 11:59 - 02095616 _____ (Farbar) C:\Users\mathiaswolfgang\Desktop\FRST64.exe
2015-03-05 11:40 - 2015-03-05 11:40 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\MMFApplications
2015-03-05 11:38 - 2015-03-05 11:39 - 02675314 _____ () C:\Users\mathiaswolfgang\Downloads\lyle1.10.zip
2015-03-05 10:44 - 2015-03-05 10:45 - 00000000 ____D () C:\Program Files\Unlocker
2015-03-05 10:44 - 2015-03-05 10:44 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2015-03-05 10:44 - 2015-03-05 10:44 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Babylon
2015-03-05 10:44 - 2015-03-05 10:44 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\Babylon
2015-03-05 10:44 - 2015-03-05 10:44 - 00000000 ____D () C:\ProgramData\Babylon
2015-03-05 10:08 - 2015-03-05 10:08 - 02969817 _____ () C:\Users\mathiaswolfgang\Downloads\SB16W3X.ZIP
2015-03-05 09:36 - 2015-03-05 10:00 - 00000000 ____D () C:\w311
2015-03-05 08:38 - 2015-03-05 08:38 - 00613620 _____ () C:\Users\mathiaswolfgang\Downloads\S3DRIVERS.ZIP
2015-03-05 08:23 - 2015-03-05 08:23 - 00096238 _____ () C:\Users\mathiaswolfgang\Downloads\svga.zip
2015-03-05 07:25 - 2015-03-05 07:26 - 10836253 _____ () C:\Users\mathiaswolfgang\Downloads\WfW-3.11-unpacked.zip
2015-03-05 07:23 - 2015-03-13 21:54 - 00000000 ____D () C:\C
2015-03-05 07:20 - 2015-03-05 07:20 - 10787758 _____ () C:\Users\mathiaswolfgang\Downloads\WfW-3.11.zip
2015-03-05 07:09 - 2015-03-05 07:09 - 00002994 _____ () C:\Windows\System32\Tasks\{8FBCA9FA-E0E7-464A-9886-90001973BDFC}
2015-03-05 07:08 - 2015-03-05 07:08 - 00002994 _____ () C:\Windows\System32\Tasks\{F24780C1-2D59-48E8-B860-424F21626768}
2015-03-05 07:04 - 2015-03-05 07:06 - 05062817 _____ () C:\Users\mathiaswolfgang\Downloads\kpschool.zip
2015-03-05 05:50 - 2015-03-05 05:50 - 01448809 _____ (DOSBox Team) C:\Users\mathiaswolfgang\Downloads\DOSBox0.74-win32-installer.exe
2015-03-05 05:28 - 2015-03-05 06:37 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\DC Games
2015-03-05 05:27 - 2015-03-05 05:28 - 01439340 _____ () C:\Users\mathiaswolfgang\Downloads\dcg409.zip
2015-03-05 04:03 - 2015-03-05 04:03 - 00290672 _____ () C:\Windows\Minidump\030515-25875-01.dmp
2015-03-04 16:48 - 2015-03-04 16:49 - 08713978 _____ () C:\Users\mathiaswolfgang\Downloads\DarkSun2.zip
2015-03-04 16:07 - 2015-03-04 16:08 - 03282925 _____ () C:\Users\mathiaswolfgang\Downloads\Indiana_Jones_And_The_Last_Crusade.zip
2015-03-04 14:27 - 2015-03-04 16:02 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\BMP
2015-03-04 14:26 - 2015-03-04 14:26 - 00920522 _____ () C:\Users\mathiaswolfgang\Downloads\BMP_MS_DOS.zip
2015-03-04 14:24 - 2015-03-04 14:24 - 00564718 _____ () C:\Users\mathiaswolfgang\Downloads\BMP0607bab.rar
2015-03-03 20:47 - 2015-03-03 20:47 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2K Games
2015-03-03 20:47 - 2015-03-03 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
2015-03-03 20:47 - 2015-03-03 20:47 - 00000000 ____D () C:\Program Files (x86)\2K Games
2015-03-03 20:45 - 2015-03-03 20:46 - 14981420 _____ () C:\Users\mathiaswolfgang\Downloads\Railroad_Tycoon.zip
2015-03-03 19:04 - 2015-03-03 19:06 - 08759047 _____ () C:\Users\mathiaswolfgang\Downloads\transport-tycoon-deluxe.zip
2015-03-03 18:29 - 2015-03-03 18:29 - 09099710 _____ () C:\Users\mathiaswolfgang\Downloads\Minetest-0.4.10-android-armeabi.apk.zip
2015-03-03 17:13 - 2015-03-03 17:13 - 00164887 _____ () C:\Users\mathiaswolfgang\Downloads\football-manager.zip
2015-03-03 04:02 - 2015-03-03 04:02 - 00290720 _____ () C:\Windows\Minidump\030315-29140-01.dmp
2015-03-03 03:29 - 2015-03-03 03:29 - 00000112 _____ () C:\Users\mathiaswolfgang\Downloads\reader.url
2015-03-03 02:25 - 2015-03-03 02:25 - 00353240 _____ () C:\Users\mathiaswolfgang\Downloads\Huckleberry-Finns-Abenteuer-Mark-Twain.epub
2015-03-03 02:21 - 2015-03-03 02:21 - 00461474 _____ () C:\Users\mathiaswolfgang\Downloads\Huckleberry-Finns-Abenteuer-Mark-Twain.mobi
2015-03-03 01:42 - 2015-03-03 01:43 - 27129674 _____ () C:\Users\mathiaswolfgang\Downloads\Sahra Wagenknecht sagt die Wahrheit über Ukraine und Deutschland.mp4
2015-03-01 17:00 - 2015-03-01 17:00 - 00071941 _____ () C:\Users\mathiaswolfgang\Downloads\12-2014_ranking_angebote_Einzelmonat_if2014_12.xlsx
2015-02-26 14:05 - 2015-02-26 14:05 - 00001291 _____ () C:\Users\mathiaswolfgang\Documents\meine daten.txt
2015-02-26 10:22 - 2015-02-26 10:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-02-25 19:32 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-25 19:32 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-25 19:32 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-25 19:32 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-25 03:00 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 03:00 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-24 00:00 - 2015-02-24 00:00 - 00642746 _____ () C:\Users\mathiaswolfgang\Downloads\hill-street-blues.zip
2015-02-22 21:30 - 2015-02-22 21:34 - 01907525 _____ () C:\Users\mathiaswolfgang\Downloads\pools-of-darkness.zip
2015-02-22 21:12 - 2015-02-22 21:12 - 00466939 _____ () C:\Users\mathiaswolfgang\Downloads\safari_guns_(1989)(infogrames)(fr)(disk_2_of_2)[cr_qtx][h_newbit]-amiga.zip
2015-02-22 21:12 - 2015-02-22 21:12 - 00410718 _____ () C:\Users\mathiaswolfgang\Downloads\safari_guns_(1989)(infogrames)(fr)(disk_1_of_2)[cr_qtx][h_newbit]-amiga.zip
2015-02-22 19:40 - 2015-02-22 19:46 - 14086761 _____ () C:\Users\mathiaswolfgang\Downloads\the-settlers-ii-gold-edition.zip
2015-02-22 19:12 - 2015-02-22 19:12 - 00640812 _____ () C:\Users\mathiaswolfgang\Downloads\traps_n_treasures_(1993)(starbyte)(de)(disk_2_of_2)[o]-amiga.zip
2015-02-22 19:12 - 2015-02-22 19:12 - 00303003 _____ () C:\Users\mathiaswolfgang\Downloads\traps_n_treasures_(1993)(starbyte)(de)(disk_1_of_2)[o]-amiga.zip
2015-02-21 20:21 - 2015-02-21 20:23 - 30420913 _____ () C:\Users\mathiaswolfgang\Downloads\Volker Pispers - Scheiße, ich habe ja gar kein Hotel - Neues aus der Anstalt 32.mp4
2015-02-18 04:05 - 2015-02-18 04:05 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Sahmon Games
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-17 11:47 - 2014-05-03 14:55 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-17 11:42 - 2014-05-03 14:26 - 01118337 _____ () C:\Windows\WindowsUpdate.log
2015-03-17 09:38 - 2009-07-14 05:45 - 00033904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-17 09:38 - 2009-07-14 05:45 - 00033904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-17 09:31 - 2014-12-19 12:29 - 00008065 _____ () C:\Windows\setupact.log
2015-03-17 09:31 - 2014-05-29 13:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-17 09:31 - 2014-05-03 14:55 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-17 09:31 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-17 09:23 - 2010-11-21 04:47 - 00775160 _____ () C:\Windows\PFRO.log
2015-03-16 23:43 - 2014-05-05 16:53 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\XnView
2015-03-16 20:45 - 2014-05-05 00:38 - 00000000 ____D () C:\ProgramData\360SD
2015-03-16 10:22 - 2014-05-05 00:38 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\360safe
2015-03-16 10:21 - 2014-05-05 13:06 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\Paint.NET
2015-03-15 10:20 - 2011-04-12 08:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2015-03-15 10:20 - 2011-04-12 08:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2015-03-15 10:20 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-14 18:21 - 2015-01-06 02:38 - 00000000 ____D () C:\Users\mathiaswolfgang\Documents\OpenTTD
2015-03-14 15:43 - 2015-01-20 15:53 - 253040994 _____ () C:\Windows\MEMORY.DMP
2015-03-14 15:43 - 2014-05-12 20:23 - 00000000 ____D () C:\Windows\Minidump
2015-03-14 05:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-03-13 23:02 - 2014-12-01 11:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-13 22:05 - 2014-10-03 13:33 - 00000000 __SHD () C:\360Rec
2015-03-13 14:37 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-12 08:34 - 2009-07-14 05:45 - 00321936 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 08:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 08:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 00:20 - 2014-12-22 14:38 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 00:18 - 2014-12-22 14:38 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-10 14:31 - 2014-08-11 12:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-10 14:25 - 2014-06-03 12:16 - 00003864 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1400603381
2015-03-10 14:25 - 2014-05-20 17:29 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-09 18:35 - 2015-01-03 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call To Power 2
2015-03-09 18:24 - 2014-05-05 00:37 - 00000000 _RSHD () C:\360SANDBOX
2015-03-09 18:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2015-03-09 18:03 - 2014-07-07 08:07 - 00000000 ____D () C:\SPIELE
2015-03-05 11:06 - 2014-06-11 06:46 - 00000000 ____D () C:\Backups
2015-03-05 05:51 - 2014-05-05 11:50 - 00001927 _____ () C:\Users\Public\Desktop\DOSBox 0.74.lnk
2015-02-26 06:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-24 03:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-23 02:28 - 2014-05-03 15:18 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-02-21 03:03 - 2014-06-30 08:28 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-02-20 22:52 - 2014-07-05 18:09 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Skype
2015-02-19 15:41 - 2014-12-10 19:54 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-17 06:25 - 2015-01-19 18:11 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Clonk Rage
==================== Files in the root of some directories =======
2015-03-10 15:00 - 2015-03-10 15:00 - 0000600 _____ () C:\Users\mathiaswolfgang\AppData\Local\PUTTY.RND
2014-06-04 20:11 - 2014-07-01 14:36 - 0007609 _____ () C:\Users\mathiaswolfgang\AppData\Local\Resmon.ResmonCfg
Some content of TEMP:
====================
C:\Users\mathiaswolfgang\AppData\Local\Temp\7704000a.exe
C:\Users\mathiaswolfgang\AppData\Local\Temp\f0fb00be.exe
C:\Users\mathiaswolfgang\AppData\Local\Temp\f38c00b4.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-15 00:24
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by mathiaswolfgang at 2015-03-17 12:02:16
Running from C:\Users\mathiaswolfgang\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: 360 Internet Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Internet Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
360 Internet Security (HKLM-x32\...\360 Internet Security) (Version: 4.9.0.4900 - Qihu 360 Software Co., Ltd.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Blitz3D 1.108 (HKLM-x32\...\Blitz3D_is1) (Version: - Blitz Research Ltd)
Cotschigotschi 2 (HKLM-x32\...\ST6UNST #1) (Version: - )
Creatures DeLuxe (HKLM-x32\...\Creatures DeLuxe) (Version: - )
CrystalDiskInfo 6.1.14 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.1.14 - Crystal Dew World)
Das Fussball Studio 8.5.2 (Beta) (HKLM-x32\...\{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1) (Version: 8.5.2 - vmLOGIC - Volker Mallmann)
Die Siedler IV (HKLM-x32\...\S4Uninst) (Version: - )
Die Völker Gold Edition (HKLM-x32\...\{24ECFEDB-6CE0-48D0-8C34-EE4C5BC275BF}) (Version: 3.0 - JoWooD Studio Vienna)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.8.49.213 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Golden Wipf Edition 4 (remove only) (HKLM-x32\...\Golden Wipf Edition 4) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Heroes of Might and Magic® IV (HKLM-x32\...\Heroes of Might and Magic IV) (Version: - )
Hot-Poker 1.10 (HKLM-x32\...\Hot-Poker_is1) (Version: 1.10 - )
Lazarus 1.2.6 (HKLM\...\lazarus_is1) (Version: 1.2.6 - Lazarus Team)
Lord Bot (HKLM-x32\...\{3C00D2E1-C8EC-4194-9598-57065645182D}) (Version: 2.0.1 - falknhayn)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.02.382 - Huawei Technologies Co.,Ltd)
MUSHclient (remove only) (HKLM-x32\...\MUSHclient) (Version: - )
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
OpenTTD 1.5.0-beta2 (HKLM-x32\...\OpenTTD) (Version: 1.5.0-beta2 - OpenTTD)
Opera Stable 28.0.1750.40 (HKLM-x32\...\Opera 28.0.1750.40) (Version: 28.0.1750.40 - Opera Software ASA)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Seven Kingdoms AA (HKLM-x32\...\7kaa) (Version: - )
Sid Meier's Railroad Tycoon (HKLM-x32\...\Sid Meier's Railroad Tycoon) (Version: 1.0 - 2K Games)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Sword (HKLM-x32\...\Sword) (Version: - )
Unity Web Player (HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis)
Windows Media Player 5.2 (HKLM-x32\...\MPlayer2) (Version: - )
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinUAE (HKLM-x32\...\{DFDB22DC-2CE2-434B-8BF3-2B9C2BA4845B}) (Version: 3.0.0.0 - Arabuusimiehet)
XnView 2.22 (HKLM-x32\...\XnView_is1) (Version: 2.22 - Gougelet Pierre-e)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
09-03-2015 17:34:00 Installiert Locomotion
10-03-2015 14:26:21 Installiert Locomotion
10-03-2015 17:23:07 Windows Update
10-03-2015 22:08:24 Installed Lord Bot
12-03-2015 00:15:44 Windows Update
17-03-2015 11:39:31 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {103CA69D-71EA-4879-8C1B-B33A9435BA2E} - System32\Tasks\{4D0958FC-8AF8-4B4D-8952-A526B9634B1F} => D:\SEAFGT.EXE
Task: {11BE90E8-4730-4E68-B35A-851FF64F2615} - System32\Tasks\{F24780C1-2D59-48E8-B860-424F21626768} => C:\Program Files (x86)\Neuer Ordner\kpschool.exe
Task: {14759DF3-7312-4CBF-AC68-E618F5150B6C} - System32\Tasks\{5F49EADF-C2C2-47EF-87E5-9B6E10C34CAC} => D:\Dream_dt\SETUP.EXE
Task: {1FC4984D-3C8A-4985-A542-F36D1A07D116} - System32\Tasks\{006D70BB-ECED-4F93-AB60-01163E21710D} => D:\Sword\SwordTe.exe
Task: {2245BC46-0388-42D6-AB87-0768023CB171} - System32\Tasks\{3AE04FD0-6EE9-403B-87CF-D014C95FADB5} => C:\Program Files (x86)\Clonk Planet\Planet.exe
Task: {224A13A1-F8EE-4881-9B6B-2CFB2FD4259B} - System32\Tasks\{9CDB3321-E3BA-4283-BD73-8FFD21BE17AF} => C:\I-Magic\Vangers\road.exe
Task: {277AF161-C08E-45F4-8795-37A0A787DA55} - System32\Tasks\{E0D2FC71-2C21-46FF-9BDB-D5CA7EEC0296} => C:\I-Magic\Vangers\road.exe
Task: {30836FD8-978F-48F8-BFF8-AD0BCBA7AD64} - System32\Tasks\{FF462C85-3920-4910-871F-1C2EC6863927} => C:\SPIELE\Clonk 3 Radikal\CLONK.EXE
Task: {33E9FA45-81A0-4A64-A5CC-8F9C068790F6} - System32\Tasks\{3FC4F284-82F6-4A11-B433-948210E9E3F2} => D:\MEDIA1.EXE
Task: {34EE2922-C999-462A-9563-9D050D445B1A} - System32\Tasks\{26B8FE32-186D-4842-A901-F4081FE7B812} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {39AD6171-BFA6-452F-AC19-CEC9BBB6199B} - System32\Tasks\{F39CADE0-2891-457C-A8D1-B04F90F978A0} => C:\Users\mathiaswolfgang\Desktop\Neuer Ordner (2)\install.exe
Task: {3E9F29C0-E5B1-4E19-A412-8756D8717487} - System32\Tasks\{8FBCA9FA-E0E7-464A-9886-90001973BDFC} => C:\Program Files (x86)\Neuer Ordner\kpschool.exe
Task: {4336ABF0-3907-4B52-A69B-CF48377E974F} - System32\Tasks\{C4C0A2E8-0E08-4761-B2F1-29DC4A910901} => C:\Users\mathiaswolfgang\Desktop\Neuer Ordner (2)\SoMX.exe
Task: {4AB4B796-41D8-493A-AB71-378D409CAFA7} - System32\Tasks\{F6C9D31A-CB1B-4EA6-86BD-310E6AB1DB6F} => pcalua.exe -a D:\Install\Install.exe -d D:\Install
Task: {56E6FEAD-41BA-4361-8CA8-CD5392AA0E41} - \{B74DDCF5-CAC6-4139-9FF5-06659E17E212} No Task File <==== ATTENTION
Task: {5F27719C-61FF-44BE-835E-1A3EE1A36DF0} - System32\Tasks\{70346F41-F98B-467C-9A93-40C4A8C9AC67} => C:\Program Files (x86)\JEliza\JElizaGtk.exe
Task: {60159C16-C7E5-4757-AEC3-EE882B1A363B} - System32\Tasks\{6394D897-7E0D-420D-883E-D9B134FA6619} => D:\Sword\Sword.exe
Task: {6039C3EF-BDA2-4AAF-9F7A-324060F43AC8} - System32\Tasks\{6A3B89AA-285D-46DB-BEB2-096D88AFEDB1} => C:\Users\mathiaswolfgang\Desktop\traumfra.exe
Task: {6312C131-5BC9-4899-BE0A-77AA826F27DF} - System32\Tasks\{3EE3C452-E5E3-483D-B559-372AE53DC331} => C:\Users\mathiaswolfgang\Downloads\KOTCDemoVersion115.exe
Task: {63B9FC30-572A-465A-B556-0CA2CEF4CCE5} - System32\Tasks\{585F4A47-9843-4995-9415-B6BC24375FA3} => D:\SETUP.EXE
Task: {68E328C7-0CCB-4122-B645-F84FF4122B61} - System32\Tasks\{D5C943D5-8E47-49C7-9864-5825532A965F} => D:\exe\Stx.exe
Task: {6FFA9207-9300-4966-A3E0-3686CA2A9429} - System32\Tasks\{C04DCB75-EEA5-4E3D-8897-E68E0A5C7205} => D:\start31.exe
Task: {7F413531-4747-4187-A02A-C009B66C01B2} - System32\Tasks\{42B8E2D9-5649-4EE7-945C-4D2905790FD5} => C:\Users\mathiaswolfgang\Desktop\Blue Remake\BLUE.EXE
Task: {85141D60-C255-4537-991D-2D9F888653EF} - System32\Tasks\{173269E1-DB92-4BC7-A7F5-3E195645AC79} => D:\3DXWD\3DXWD.EXE
Task: {8A534365-EC81-46A4-BB3D-B47BD0E87F1B} - System32\Tasks\{9F52D3D2-EC42-4F1C-AF45-23F6F743CB52} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {94326EB9-655C-479C-A64B-7C825ADBDB78} - System32\Tasks\Opera scheduled Autoupdate 1400603381 => C:\Program Files (x86)\Opera\launcher.exe [2015-03-05] (Opera Software)
Task: {9A84E65E-215C-4F69-816D-9119E1F13732} - System32\Tasks\{9DF6BE12-B8DC-42CB-9DEA-39E621FA85DD} => C:\Users\mathiaswolfgang\Eigene Spiele\TTD Win\Transport Tycoon Deluxe.exe
Task: {A2389745-078B-4AAA-8842-9E0976199393} - System32\Tasks\{CD26E032-ACA3-4BCE-94AC-1E58D25641C6} => pcalua.exe -a C:\Users\mathiaswolfgang\Desktop\My\Mythruna-20120627.exe -d C:\Users\mathiaswolfgang\Desktop\My
Task: {A6E69830-0C1D-4F7A-B76C-39FECF286A64} - System32\Tasks\{57D4D9F1-00C5-4DCA-80ED-C98358789A0C} => C:\Users\mathiaswolfgang\Desktop\Blue Remake\BLUE.EXE
Task: {AA53B750-E789-425D-85EB-469C6C0D1964} - System32\Tasks\{1D5E208F-1715-4B64-BD80-FDB73055025F} => D:\Autorun.exe
Task: {AED6060A-020B-4744-878C-0F35F761B657} - System32\Tasks\{06879CE2-18CC-44CD-9514-05BB7788BF13} => C:\SPIELE\abandoned-places-a-time-for-heroes\START.EXE
Task: {B0F2FEFB-EE88-4056-81CC-89A5B8E54388} - System32\Tasks\{40AB0AC0-D60D-405F-A423-51F08F6CC298} => C:\Users\mathiaswolfgang\Eigene Spiele\Neuer Ordner\LORD.EXE
Task: {BB09B646-6673-40E5-88B9-7D99E1D3BD66} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-03] (Google Inc.)
Task: {BD068070-8542-4A0D-81B4-FA4D386FC677} - System32\Tasks\{616F63CC-AB51-49F0-956C-BF81443F17BB} => C:\I-Magic\Vangers\road.exe
Task: {BE73A315-FE20-4B10-8DB2-6273D4C4BD54} - System32\Tasks\{7BD56DB0-213F-4D63-A263-922A87837671} => C:\Users\mathiaswolfgang\Desktop\Blue Remake\BLUE.EXE
Task: {C4F577FA-57C4-4CBD-8456-1BEF8AFFDA1F} - System32\Tasks\{9F68762D-9895-4ED1-B0B3-9D003EBC0746} => C:\Program Files (x86)\Pennsylvania State University CSE420W Project Group\AIBuddy\AIBuddy.exe
Task: {C7EDA68B-64E5-46E5-B8A5-64945B23E1BE} - System32\Tasks\{3AEB7961-D36D-4EBC-995D-E9EBB9764E37} => C:\SPIELE\Clonk 3 Radikal\CLONK.EXE
Task: {C9FFCEB4-FFC1-47A4-87E6-FB0410791F25} - System32\Tasks\{3B295F15-D02F-463C-8F98-E34FD7AB049E} => D:\Sword\SwordTe.exe
Task: {D48A42A4-68CC-4A0F-8758-2A5E7EE524C3} - System32\Tasks\{EF76FD33-39D9-44D1-87DB-4B480049FA1B} => C:\Program Files (x86)\ForgottenWorld\fw.exe
Task: {D889E863-625A-442E-A94A-6B09FB5127B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-03] (Google Inc.)
Task: {DB6B0351-2489-4014-A3D9-C7BF1380BBF6} - System32\Tasks\{441E379D-BE8D-43C9-8F73-E0E8CDA6F803} => C:\Program Files (x86)\Opera\launcher.exe [2015-03-05] (Opera Software)
Task: {EE76073B-E183-4DCD-85A6-53FC4034B5C1} - System32\Tasks\{8812DAEE-5A73-40C6-9E95-ABCD73746618} => C:\SPIELE\Clonk 3 Radikal\CLONK.EXE
Task: {F03A26BD-080E-464D-80C2-135690D7FE84} - System32\Tasks\{A81AE87E-602B-4B31-8637-3F6F9BB1868B} => C:\Users\mathiaswolfgang\Eigene Spiele\TTD Win\Transport Tycoon Deluxe.exe
Task: {F09F4A6A-4B58-4DB7-AE8B-552E2D94AEE7} - System32\Tasks\{F2A810EA-B5FB-4E21-B49B-324741F9167A} => Chrome.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar
Task: {FF9B7148-56E2-414D-9D0C-B559B77D373D} - System32\Tasks\{74E225D2-9EA1-4D95-AE1F-620A7F08833C} => C:\Program Files (x86)\Clonk Planet\Planet.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-05-29 13:04 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-05-03 14:50 - 2014-05-03 14:49 - 00239968 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2014-05-03 14:49 - 2014-05-03 14:49 - 00514048 _____ () C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 193.189.244.225 - 193.189.244.206
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-3460778114-2026053698-264934852-500 - Administrator - Disabled)
Gast (S-1-5-21-3460778114-2026053698-264934852-501 - Limited - Disabled)
mathiaswolfgang (S-1-5-21-3460778114-2026053698-264934852-1000 - Administrator - Enabled) => C:\Users\mathiaswolfgang
UpdatusUser (S-1-5-21-3460778114-2026053698-264934852-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/17/2015 09:32:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2015 08:59:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/16/2015 06:06:56 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={6D1963C3-DA6D-4CB5-B7F0-2E232AFD0435}: Der Benutzer "dante_hasta_pc\mathiaswolfgang" hat eine Verbindung mit dem Namen "Tchibo mobil" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.
Error: (03/16/2015 00:41:31 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={59E96290-8EAB-4EB3-9DBA-A4A34B3254CB}: Der Benutzer "dante_hasta_pc\mathiaswolfgang" hat eine Verbindung mit dem Namen "Tchibo mobil" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 628.
Error: (03/16/2015 00:41:10 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={EDAAE87A-99A5-4622-A28C-A2AC049DB4ED}: Der Benutzer "dante_hasta_pc\mathiaswolfgang" hat eine Verbindung mit dem Namen "Tchibo mobil" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 628.
Error: (03/16/2015 00:40:41 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={1D9FB518-A9D7-4000-9235-350C640CD7D9}: Der Benutzer "dante_hasta_pc\mathiaswolfgang" hat eine Verbindung mit dem Namen "Tchibo mobil" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 628.
Error: (03/16/2015 02:27:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/15/2015 07:00:04 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (03/15/2015 10:18:28 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={22F449A5-FFD6-496C-9526-2EDE6921D7C4}: Der Benutzer "dante_hasta_pc\mathiaswolfgang" hat eine Verbindung mit dem Namen "Tchibo mobil" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 628.
Error: (03/14/2015 03:45:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (03/17/2015 09:31:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/17/2015 09:31:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (03/17/2015 09:31:01 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error: (03/17/2015 09:31:18 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 17.03.2015 um 09:24:29 unerwartet heruntergefahren.
Error: (03/17/2015 09:23:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/17/2015 09:23:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (03/17/2015 09:23:29 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error: (03/17/2015 09:23:39 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 17.03.2015 um 09:20:15 unerwartet heruntergefahren.
Error: (03/17/2015 08:57:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/17/2015 08:57:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Microsoft Office Sessions:
=========================
Error: (03/17/2015 09:32:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2015 08:59:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/16/2015 06:06:56 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {6D1963C3-DA6D-4CB5-B7F0-2E232AFD0435}dante_hasta_pc\mathiaswolfgangTchibo mobil0
Error: (03/16/2015 00:41:31 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {59E96290-8EAB-4EB3-9DBA-A4A34B3254CB}dante_hasta_pc\mathiaswolfgangTchibo mobil628
Error: (03/16/2015 00:41:10 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {EDAAE87A-99A5-4622-A28C-A2AC049DB4ED}dante_hasta_pc\mathiaswolfgangTchibo mobil628
Error: (03/16/2015 00:40:41 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {1D9FB518-A9D7-4000-9235-350C640CD7D9}dante_hasta_pc\mathiaswolfgangTchibo mobil628
Error: (03/16/2015 02:27:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/15/2015 07:00:04 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (03/15/2015 10:18:28 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {22F449A5-FFD6-496C-9526-2EDE6921D7C4}dante_hasta_pc\mathiaswolfgangTchibo mobil628
Error: (03/14/2015 03:45:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+
Percentage of memory in use: 42%
Total physical RAM: 2047.3 MB
Available physical RAM: 1178.27 MB
Total Pagefile: 4094.61 MB
Available Pagefile: 2329.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Win7 Prof) (Fixed) (Total:149.05 GB) (Free:115.3 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Vodafone MCInsta) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS
Drive h: (Volume) (Fixed) (Total:223.56 GB) (Free:223.28 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 372.6 GB) (Disk ID: BA1BD3DB)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Und das bekam ich während des Scans zu lesen. Mein Antivirenprogramm mal wieder.   Wie schlimm steht es um den Patienten bitte, Herr Doktor? |
|
17.03.2015, 12:20
| #7 |
| > MalwareDB | Windows 7 64 mit häufigen Bluescreens Dein AntiVirenProgramm mal im Moment ignorieren, bzw. ausschalten, wenn nötig. Ist auf jeden Fall was zu holen, vielleicht hilft das ja Deine Bluescreens zu heilen.  Scan mit Combofix
__________________ If every computer is running a diverse ecosystem, crackers will have no choice but to resort to small-scale, targetted attacks, and the days of mass-market malware will be over[...]. Stuart Udall |
|
17.03.2015, 13:28
| #8 |
| | Windows 7 64 mit häufigen Bluescreens Irgendwie hängt das Combofix jetzt gerade scheinbar. Hat den Autoscan gemacht. Fertigstellung Stufe 4 wurde abgeschlossen? Und jetzt passiert schon sehr langer Zeit nichts mehr. Soll ich das Programm abbrechen und noch mal neu starten? Korrektur: Nehme alles zurück und behaupte das Gegenteil. Scheint ja einiges im Argen dann zu sein. Geändert von DanteHasta (17.03.2015 um 13:41 Uhr) |
|
17.03.2015, 13:46
| #9 | |
| > MalwareDB | Windows 7 64 mit häufigen BluescreensZitat:
__________________ If every computer is running a diverse ecosystem, crackers will have no choice but to resort to small-scale, targetted attacks, and the days of mass-market malware will be over[...]. Stuart Udall |
|
17.03.2015, 14:36
| #10 |
| | Windows 7 64 mit häufigen Bluescreens [gelöst]Code:
ATTFilter ComboFix 15-03-14.03 - mathiaswolfgang 17.03.2015 12:38:04.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2047.908 [GMT 1:00]
ausgeführt von:: c:\users\mathiaswolfgang\Desktop\ComboFix.exe
AV: 360 Internet Security *Disabled/Updated* {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
SP: 360 Internet Security *Disabled/Updated* {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\360Rec
c:\360rec\20141003\143A87.vir
c:\360rec\20141003\143C57E.vir
c:\360rec\20141006\202483F.vir
c:\360rec\20141006\20261E5.vir
c:\360rec\20141104\104173B.vir
c:\360rec\20141113\00392F1.vir
c:\360rec\20141124\022C63A.vir
c:\360rec\20141130\0823F7B.vir
c:\360rec\20141203\0434739.vir
c:\360rec\20141203\0439EBC.vir
c:\360rec\20141208\155E87F.vir
c:\360rec\20141214\1805B7E.vir
c:\360rec\20141214\181E477.vir
c:\360rec\20141222\13224B5.vir
c:\360rec\20141222\1326B16.vir
c:\360rec\20141224\0034C00.vir
c:\360rec\20141224\2203111.vir
c:\360rec\20150127\17334DC.vir
c:\360rec\20150212\23378A1.vir
c:\360rec\20150212\2337C20.vir
c:\360rec\20150313\2207B7E.vir
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\SETFFD4.tmp
c:\windows\SysWow64\tmpBBFB.tmp
c:\windows\SysWow64\tmpBC2B.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-02-17 bis 2015-03-17 ))))))))))))))))))))))))))))))
.
.
2015-03-17 13:27 . 2015-03-17 13:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-03-17 13:27 . 2015-03-17 13:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-17 11:41 . 2015-03-17 11:41 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48F10BB6-87CA-4AA6-B7B0-B950416C8AAB}\offreg.dll
2015-03-17 10:40 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48F10BB6-87CA-4AA6-B7B0-B950416C8AAB}\mpengine.dll
2015-03-14 11:37 . 2015-03-14 11:38 -------- d-----w- c:\program files\OpenTTD
2015-03-11 12:01 . 2015-02-03 03:30 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-03-11 12:00 . 2015-02-03 03:31 215552 ----a-w- c:\windows\system32\ubpm.dll
2015-03-11 11:59 . 2015-02-20 02:22 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-03-11 11:58 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-11 11:58 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-03-10 21:09 . 2015-03-16 10:11 -------- d-----w- c:\users\mathiaswolfgang\AppData\Roaming\Lord Bot
2015-03-10 21:09 . 2015-03-10 21:09 -------- d-----w- c:\program files (x86)\falknhayn
2015-03-10 14:05 . 2015-03-10 14:59 -------- d-----w- c:\program files (x86)\MUSHclient
2015-03-09 17:39 . 2015-03-09 17:40 -------- d-----w- c:\program files (x86)\Common Files\3DO Shared
2015-03-09 17:39 . 2015-03-09 17:39 -------- d-----w- c:\program files (x86)\3DO
2015-03-09 16:32 . 2002-12-02 12:33 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2015-03-09 16:32 . 2002-12-05 13:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2015-03-09 16:32 . 2002-12-02 14:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2015-03-09 16:32 . 2002-12-02 12:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2015-03-09 16:32 . 2002-12-02 12:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2015-03-09 16:32 . 2015-03-09 16:32 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2015-03-09 16:32 . 2015-03-09 16:32 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2015-03-09 16:32 . 2003-02-27 15:12 696320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2015-03-05 11:21 . 2015-03-17 11:03 -------- d-----w- C:\FRST
2015-03-05 10:40 . 2015-03-05 10:40 -------- d-----w- c:\users\mathiaswolfgang\AppData\Roaming\MMFApplications
2015-03-05 09:44 . 2015-03-05 09:44 -------- d-----w- c:\users\mathiaswolfgang\AppData\Local\Babylon
2015-03-05 09:44 . 2015-03-05 09:45 -------- d-----w- c:\program files\Unlocker
2015-03-05 09:44 . 2015-03-05 09:44 -------- d-----w- c:\programdata\Babylon
2015-03-05 09:44 . 2015-03-05 09:44 -------- d-----w- c:\users\mathiaswolfgang\AppData\Roaming\Babylon
2015-03-05 08:36 . 2015-03-05 09:00 -------- d-----w- C:\w311
2015-03-05 06:23 . 2015-03-13 20:54 -------- d-----w- C:\C
2015-03-03 19:47 . 2015-03-03 19:47 -------- d-----w- c:\program files (x86)\2K Games
2015-02-25 18:32 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-02-25 18:32 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-02-25 18:32 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-02-25 18:32 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-02-18 03:05 . 2015-02-18 03:05 -------- d-----w- c:\users\mathiaswolfgang\AppData\Roaming\Sahmon Games
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-13 22:02 . 2014-12-01 10:11 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-11 23:18 . 2014-12-22 13:38 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-02-24 02:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-01-25 14:58 . 2014-09-17 10:53 290816 ------w- c:\windows\Setup1.exe
2014-12-19 03:06 . 2015-01-13 20:43 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-13 20:44 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 360Camera;360Safe Camera Filter Service;c:\windows\system32\Drivers\360Camera64.sys;c:\windows\SYSNATIVE\Drivers\360Camera64.sys [x]
R3 ALSysIO;ALSysIO;c:\users\MATHIA~1\AppData\Local\Temp\ALSysIO64.sys;c:\users\MATHIA~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S1 360AntiHacker;360Safe Anti Hacker Service;c:\windows\system32\Drivers\360AntiHacker64.sys;c:\windows\SYSNATIVE\Drivers\360AntiHacker64.sys [x]
S1 360Box64;360Box mini-filter driver;c:\windows\system32\DRIVERS\360Box64.sys;c:\windows\SYSNATIVE\DRIVERS\360Box64.sys [x]
S1 360fsflt;360FsFlt mini-filter driver;c:\windows\system32\DRIVERS\360FsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360FsFlt.sys [x]
S1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV64.sys;c:\windows\SYSNATIVE\DRIVERS\BAPIDRV64.sys [x]
S2 360rp;360 Internet Security Real-time Protection Loading Service;c:\program files\360\360 Internet Security\360rps.exe;c:\program files\360\360 Internet Security\360rps.exe [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 ZhuDongFangYu;Proactive Defence;c:\program files\360\360 Internet Security\deepscan\QHActiveDefense.exe;c:\program files\360\360 Internet Security\deepscan\QHActiveDefense.exe [x]
S3 360AvFlt;360AvFlt mini-filter driver;c:\windows\system32\DRIVERS\360AvFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360AvFlt.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-12 22:48 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-03 13:55]
.
2015-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-03 13:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"360sd"="c:\program files\360\360 Internet Security\360sdrun.exe" [2014-04-16 287560]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-08-19 1796056]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{148F12C9-CC71-405B-BE8A-70ED4434AA54}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{76108A4C-C895-41B9-A577-9559AA994DA9}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{CAC29905-FA43-4477-AF51-7DADB5C4FC11}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{F7C25C63-B387-451C-A625-92C5A522EEFE}: NameServer = 193.189.244.206 193.189.244.225
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-7kaa - c:\seven kingdoms aa\uninstall.exe
AddRemove-Creatures DeLuxe - c:\windows\IsUn0407.exe
AddRemove-Golden Wipf Edition 4 - c:\program files (x86)\Clonk GWE\GWE4uninst.exe
AddRemove-Heroes of Might and Magic IV - c:\windows\IsUn0407.exe
AddRemove-S4Uninst - c:\windows\IsUn0407.exe
AddRemove-WinCDEmu - c:\program files (x86)\WinCDEmu\uninstall64.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-17 14:33:38
ComboFix-quarantined-files.txt 2015-03-17 13:33
.
Vor Suchlauf: 14 Verzeichnis(se), 123.784.761.344 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 123.370.954.752 Bytes frei
.
- - End Of File - - 82E38B7F9592D7B6699C7375189BE66F
A36C5E4F47E84449FF07ED3517B43A31
|
|
17.03.2015, 21:04
| #11 |
| > MalwareDB | Windows 7 64 mit häufigen Bluescreens [gelöst] Bitte mal untenstehendes ausführen: Combofix-Skript
__________________ If every computer is running a diverse ecosystem, crackers will have no choice but to resort to small-scale, targetted attacks, and the days of mass-market malware will be over[...]. Stuart Udall |
|
18.03.2015, 09:49
| #12 |
| | Windows 7 64 mit häufigen Bluescreens [gelöst]Code:
ATTFilter ComboFix 15-03-14.03 - mathiaswolfgang 18.03.2015 9:27.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2047.1286 [GMT 1:00]
ausgeführt von:: c:\users\mathiaswolfgang\Desktop\ComboFix.exe
AV: 360 Internet Security *Disabled/Updated* {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
SP: 360 Internet Security *Disabled/Updated* {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-02-18 bis 2015-03-18 ))))))))))))))))))))))))))))))
.
.
2015-03-18 08:35 . 2015-03-18 08:35 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-03-18 08:35 . 2015-03-18 08:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-17 10:40 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48F10BB6-87CA-4AA6-B7B0-B950416C8AAB}\mpengine.dll
2015-03-14 11:37 . 2015-03-14 11:38 -------- d-----w- c:\program files\OpenTTD
2015-03-11 12:01 . 2015-02-03 03:30 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-03-11 12:00 . 2015-02-03 03:31 215552 ----a-w- c:\windows\system32\ubpm.dll
2015-03-11 11:59 . 2015-02-20 02:22 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-03-11 11:58 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-11 11:58 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-03-10 21:09 . 2015-03-16 10:11 -------- d-----w- c:\users\mathiaswolfgang\AppData\Roaming\Lord Bot
2015-03-10 21:09 . 2015-03-10 21:09 -------- d-----w- c:\program files (x86)\falknhayn
2015-03-10 14:05 . 2015-03-10 14:59 -------- d-----w- c:\program files (x86)\MUSHclient
2015-03-09 17:39 . 2015-03-09 17:40 -------- d-----w- c:\program files (x86)\Common Files\3DO Shared
2015-03-09 17:39 . 2015-03-09 17:39 -------- d-----w- c:\program files (x86)\3DO
2015-03-09 16:32 . 2002-12-02 12:33 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2015-03-09 16:32 . 2002-12-05 13:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2015-03-09 16:32 . 2002-12-02 14:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2015-03-09 16:32 . 2002-12-02 12:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2015-03-09 16:32 . 2002-12-02 12:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2015-03-09 16:32 . 2015-03-09 16:32 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2015-03-09 16:32 . 2015-03-09 16:32 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2015-03-09 16:32 . 2003-02-27 15:12 696320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2015-03-05 11:21 . 2015-03-17 11:03 -------- d-----w- C:\FRST
2015-03-05 10:40 . 2015-03-05 10:40 -------- d-----w- c:\users\mathiaswolfgang\AppData\Roaming\MMFApplications
2015-03-05 09:44 . 2015-03-05 09:44 -------- d-----w- c:\users\mathiaswolfgang\AppData\Local\Babylon
2015-03-05 09:44 . 2015-03-05 09:45 -------- d-----w- c:\program files\Unlocker
2015-03-05 09:44 . 2015-03-05 09:44 -------- d-----w- c:\programdata\Babylon
2015-03-05 09:44 . 2015-03-05 09:44 -------- d-----w- c:\users\mathiaswolfgang\AppData\Roaming\Babylon
2015-03-05 08:36 . 2015-03-05 09:00 -------- d-----w- C:\w311
2015-03-05 06:23 . 2015-03-13 20:54 -------- d-----w- C:\C
2015-03-03 19:47 . 2015-03-03 19:47 -------- d-----w- c:\program files (x86)\2K Games
2015-02-25 18:32 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-02-25 18:32 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-02-25 18:32 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-02-25 18:32 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-02-18 03:05 . 2015-02-18 03:05 -------- d-----w- c:\users\mathiaswolfgang\AppData\Roaming\Sahmon Games
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-13 22:02 . 2014-12-01 10:11 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-11 23:18 . 2014-12-22 13:38 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-02-24 02:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-01-25 14:58 . 2014-09-17 10:53 290816 ------w- c:\windows\Setup1.exe
2014-12-19 03:06 . 2015-01-13 20:43 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-13 20:44 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 360Camera;360Safe Camera Filter Service;c:\windows\system32\Drivers\360Camera64.sys;c:\windows\SYSNATIVE\Drivers\360Camera64.sys [x]
R3 ALSysIO;ALSysIO;c:\users\MATHIA~1\AppData\Local\Temp\ALSysIO64.sys;c:\users\MATHIA~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S1 360AntiHacker;360Safe Anti Hacker Service;c:\windows\system32\Drivers\360AntiHacker64.sys;c:\windows\SYSNATIVE\Drivers\360AntiHacker64.sys [x]
S1 360Box64;360Box mini-filter driver;c:\windows\system32\DRIVERS\360Box64.sys;c:\windows\SYSNATIVE\DRIVERS\360Box64.sys [x]
S1 360fsflt;360FsFlt mini-filter driver;c:\windows\system32\DRIVERS\360FsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360FsFlt.sys [x]
S1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV64.sys;c:\windows\SYSNATIVE\DRIVERS\BAPIDRV64.sys [x]
S2 360rp;360 Internet Security Real-time Protection Loading Service;c:\program files\360\360 Internet Security\360rps.exe;c:\program files\360\360 Internet Security\360rps.exe [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 ZhuDongFangYu;Proactive Defence;c:\program files\360\360 Internet Security\deepscan\QHActiveDefense.exe;c:\program files\360\360 Internet Security\deepscan\QHActiveDefense.exe [x]
S3 360AvFlt;360AvFlt mini-filter driver;c:\windows\system32\DRIVERS\360AvFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360AvFlt.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-12 22:48 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-03 13:55]
.
2015-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-03 13:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"360sd"="c:\program files\360\360 Internet Security\360sdrun.exe" [2014-04-16 287560]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-08-19 1796056]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{148F12C9-CC71-405B-BE8A-70ED4434AA54}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{76108A4C-C895-41B9-A577-9559AA994DA9}: NameServer = 193.189.244.206 193.189.244.225
TCP: Interfaces\{CAC29905-FA43-4477-AF51-7DADB5C4FC11}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{F7C25C63-B387-451C-A625-92C5A522EEFE}: NameServer = 193.189.244.206 193.189.244.225
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-7kaa - c:\seven kingdoms aa\uninstall.exe
AddRemove-Creatures DeLuxe - c:\windows\IsUn0407.exe
AddRemove-Golden Wipf Edition 4 - c:\program files (x86)\Clonk GWE\GWE4uninst.exe
AddRemove-Heroes of Might and Magic IV - c:\windows\IsUn0407.exe
AddRemove-S4Uninst - c:\windows\IsUn0407.exe
AddRemove-WinCDEmu - c:\program files (x86)\WinCDEmu\uninstall64.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-18 09:40:11
ComboFix-quarantined-files.txt 2015-03-18 08:40
ComboFix2.txt 2015-03-17 13:33
.
Vor Suchlauf: 17 Verzeichnis(se), 123.046.359.040 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 122.974.027.776 Bytes frei
.
- - End Of File - - DBA4132F78ED32DBC34B4099D4E8AE68
A36C5E4F47E84449FF07ED3517B43A31
Eine neue auf dem Desktop platziert habe genau den vorgegebenen Code in die entsprechende Datei kopiert und auf dem Desktop unter dem Namen CFScript.txt Die ComboFix.exe gestartet und... das ganze sah aus wie beim letzten mal. Ich glaube, da hat etwas nicht richtig funktioniert. |
|
22.03.2015, 11:17
| #13 |
| /// the machine /// TB-Ausbilder  | Windows 7 64 mit häufigen Bluescreens [gelöst] hi, poste bitte mal ein frisches FRST log und eine aktuelle Problembeschreibung.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.03.2015, 09:33
| #14 |
| | Windows 7 64 mit häufigen Bluescreens [gelöst] Hallo @schrauber, schön Dich hier im Thread zu lesen. Also es sieht nicht gut aus. Der Computer ist im Grunde so nicht mehr nutzbar. Alle Programm die ich nutze, zeigen die gleichen Symptome. Nach kurzer, oder längerer Zeit, werden sie einfach beendet. (Absturz?) Opera: Es fiel schon häufig auf, dass einzelne Tabs abstürzten. Mittlerweile stürzt es aber auch selber gerne mal komplett ab. Dosbox: Stürzt auch häufig ab. HOMM IV: Stürzt auch häufig ab. Open TTD: Stürzt auch häufig ab. Nur um Beispiel zu nennen... Ich glaube Vorgestern war es. Zuerst war Opera abgestürzt, dann war Mobile Partner abgestürzt und zuletzt gab es einen erneuten Bluescreen. Diesmal mit der Überschrift, wie es bisher sonst nicht der Fall war. "Memory Management" Zum lesen des übrigen verbleibt ja meist keine Zeit. Gestern habe ich fast gar nichts mit dem PC gemacht, weil es wie gesagt kaum noch Sinn macht. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by mathiaswolfgang (administrator) on DANTE_HASTA_PC on 23-03-2015 09:18:28
Running from C:\Users\mathiaswolfgang\Desktop
Loaded Profiles: mathiaswolfgang & UpdatusUser (Available profiles: mathiaswolfgang & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rps.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360sd.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rp.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\safemon\360Tray.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.48\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.48\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.48\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.48\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.48\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.48\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.48\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.48\opera.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.48\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\28.0.1750.48\opera.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [360sd] => C:\Program Files\360\360 Internet Security\360sdrun.exe [287560 2014-04-16] (Qihu 360 Software Co., Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3460778114-2026053698-264934852-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3460778114-2026053698-264934852-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files\360\360 Internet Security\safemon\safemon64.dll [2014-04-23] (Qihu 360 Software Co., Ltd.)
Tcpip\..\Interfaces\{148F12C9-CC71-405B-BE8A-70ED4434AA54}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{76108A4C-C895-41B9-A577-9559AA994DA9}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{CAC29905-FA43-4477-AF51-7DADB5C4FC11}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{F7C25C63-B387-451C-A625-92C5A522EEFE}: [NameServer] 193.189.244.206 193.189.244.225
FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-3460778114-2026053698-264934852-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\mathiaswolfgang\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-07] (Unity Technologies ApS)
Chrome:
=======
CHR Plugin: (Shockwave Flash) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll No File
CHR Plugin: (Wajam) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Adobe Acrobat) - F:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - F:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll No File
CHR Plugin: (2007 Microsoft Office system) - F:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - F:\Program Files\Mozilla Firefox\plugins\npwachk.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npdrmv2.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npwmsdrm.dll No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - F:\Program Files\Windows Media Player\npdsplay.dll No File
CHR Plugin: (Google Update) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Google Earth Plugin) - F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Panda ActiveScan 2.0) - F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll No File
CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Ma-Config.com plugin) - F:\Program Files\ma-config.com\nphardwaredetection.dll No File
CHR Plugin: (Silverlight Plug-In) - f:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-03]
CHR Extension: (Google Drive) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27]
CHR Extension: (YouTube) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-03]
CHR Extension: (Google Search) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-03]
CHR Extension: (AdBlock) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-03]
CHR Extension: (Google Wallet) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-03]
CHR Extension: (NotScripts) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn [2014-06-08]
CHR Extension: (Sothink Flash Downloader for Chrome) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeiadippkbacigpadnembcfclhmmbifb [2014-05-22]
CHR Extension: (Gmail) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-03]
CHR Extension: (360 WebShield Plug-in) - C:\Users\mathiaswolfgang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppagaglfkmlpgobnlenhknilehpmcbo [2014-05-05]
CHR HKLM-x32\...\Chrome\Extension: [pppagaglfkmlpgobnlenhknilehpmcbo] - C:\Program Files\360\360 Internet Security\safemon\360webshield.crx [2014-05-05]
Opera:
=======
OPR Extension: (AdBlock) - C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2014-12-25]
OPR Extension: (DuckDuckGo for Opera) - C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software\Opera Stable\Extensions\cfbekbndggmbdkfhjandenfihkdkndil [2014-11-10]
OPR Extension: (WOT) - C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2014-12-29]
OPR Extension: (Adblock Plus) - C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-06-12]
OPR Extension: (FastestTube - YouTube Video Downloader) - C:\Users\mathiaswolfgang\AppData\Roaming\Opera Software\Opera Stable\Extensions\phahnhbgfdhgobenebnjbgmacgpbfaag [2015-01-20]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 360rp; C:\Program Files\360\360 Internet Security\360rps.exe [310352 2014-04-16] (Qihu 360 Software Co., Ltd.)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [243880 2015-02-13] (Foxit Software Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2014-05-03] ()
S3 scan; C:\Program Files\360\360 Internet Security\scan.dll [423144 2013-02-20] (S.C. BitDefender S.R.L)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZhuDongFangYu; C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe [236360 2014-04-23] (Qihu 360 Software Co., Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [97872 2014-04-21] (Qihu 360 Software Co., Ltd.)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [67664 2014-04-23] (Qihu 360 Software Co., Ltd.)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305744 2014-04-29] (Qihu 360 Software Co., Ltd.)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [41552 2014-04-29] (Qihu 360 Software Co., Ltd.)
R1 360fsflt; C:\Windows\System32\DRIVERS\360FsFlt.sys [304208 2014-05-07] (Qihu 360 Software Co., Ltd.)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [181080 2014-04-18] (Qihu 360 Software Co., Ltd.)
S3 ALSysIO; \??\C:\Users\MATHIA~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-23 09:18 - 2015-03-23 09:19 - 00014889 _____ () C:\Users\mathiaswolfgang\Desktop\FRST.txt
2015-03-23 09:17 - 2015-03-23 09:17 - 02095616 _____ (Farbar) C:\Users\mathiaswolfgang\Downloads\FRST64.exe
2015-03-23 09:17 - 2015-03-23 09:17 - 02095616 _____ (Farbar) C:\Users\mathiaswolfgang\Desktop\FRST64.exe
2015-03-22 13:13 - 2015-03-22 13:14 - 13081247 _____ () C:\Users\mathiaswolfgang\Downloads\Minetest-0.4.12.11-android.apk
2015-03-22 12:43 - 2015-03-22 12:46 - 03547881 _____ () C:\Users\mathiaswolfgang\Downloads\adblockplusandroid-1.3.apk
2015-03-21 21:58 - 2015-03-21 21:58 - 00003190 _____ () C:\Windows\System32\Tasks\{4E33F64D-DCD6-4824-B709-26736271FDB4}
2015-03-21 21:05 - 2015-03-21 21:05 - 05615380 _____ (Swearware) C:\Users\mathiaswolfgang\Downloads\ComboFix (1).exe
2015-03-21 20:54 - 2015-03-21 20:54 - 00290768 _____ () C:\Windows\Minidump\032115-30390-01.dmp
2015-03-21 12:35 - 2015-03-21 12:36 - 22209470 _____ () C:\Users\mathiaswolfgang\Downloads\Nina Hagen am 25.07.2009 vor dem Brandenburger Tor in Berlin - Unite the Nation Friedensfestival.mp4
2015-03-21 00:39 - 2015-03-21 00:40 - 05234170 _____ () C:\Users\mathiaswolfgang\Downloads\Die sinnlose Kanzlerin Merkel.mp4
2015-03-18 09:21 - 2015-03-18 09:22 - 05615380 _____ (Swearware) C:\Users\mathiaswolfgang\Downloads\ComboFix.exe
2015-03-17 21:32 - 2015-03-17 21:32 - 03601803 _____ () C:\Users\mathiaswolfgang\Downloads\Tina, was kosten die Kondome.mp4
2015-03-17 21:22 - 2015-03-17 21:22 - 04424540 _____ () C:\Users\mathiaswolfgang\Downloads\Official 2015 FIAT 500X Super Bowl Commercial _ The FIAT Blue Pill _ 500X.mp4
2015-03-17 12:32 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-17 12:32 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-17 12:32 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-17 12:32 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-17 12:32 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-17 12:32 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-17 12:32 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-17 12:32 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-17 12:31 - 2015-03-21 21:10 - 00000000 ____D () C:\Qoobox
2015-03-17 12:30 - 2015-03-17 14:28 - 00000000 ____D () C:\Windows\erdnt
2015-03-17 12:28 - 2015-03-18 09:22 - 05615380 ____R (Swearware) C:\Users\mathiaswolfgang\Desktop\ComboFix.exe
2015-03-17 11:59 - 2015-03-17 11:59 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\FRST-OlderVersion
2015-03-14 15:43 - 2015-03-14 15:43 - 00290744 _____ () C:\Windows\Minidump\031415-27312-01.dmp
2015-03-14 12:35 - 2015-03-14 12:36 - 08160170 _____ (OpenTTD Developers) C:\Users\mathiaswolfgang\Downloads\openttd-1.5.0-beta2-windows-win64.exe
2015-03-13 22:39 - 2015-03-13 22:39 - 01295141 _____ () C:\Users\mathiaswolfgang\Downloads\mm3.zip
2015-03-13 22:08 - 2015-03-13 22:08 - 01051215 _____ () C:\Users\mathiaswolfgang\Downloads\povs.zip
2015-03-13 22:03 - 2015-03-13 22:03 - 00269824 _____ (Microsoft Corporation) C:\Users\mathiaswolfgang\Downloads\Adrian.EXE
2015-03-13 22:00 - 2015-03-13 22:00 - 00201925 _____ () C:\Users\mathiaswolfgang\Downloads\break.zip
2015-03-13 21:49 - 2015-03-13 21:49 - 00370712 _____ () C:\Users\mathiaswolfgang\Downloads\adventur.zip
2015-03-13 21:22 - 2015-03-13 21:21 - 00054912 _____ () C:\Users\mathiaswolfgang\Downloads\scigame - Kopie.exe
2015-03-13 21:21 - 2015-03-13 21:21 - 00054912 _____ () C:\Users\mathiaswolfgang\Downloads\scigame.exe
2015-03-13 14:37 - 2015-03-13 14:37 - 00290784 _____ () C:\Windows\Minidump\031315-23453-01.dmp
2015-03-11 23:09 - 2015-03-11 23:18 - 00000000 ____D () C:\Users\mathiaswolfgang\Documents\warblade
2015-03-11 23:07 - 2015-03-11 23:07 - 15202917 _____ (EMV Software ) C:\Users\mathiaswolfgang\Downloads\warblade_demo.exe
2015-03-11 23:04 - 2015-03-11 23:04 - 01046598 _____ () C:\Users\mathiaswolfgang\Downloads\DeluxeGalaga_A.lha
2015-03-11 13:02 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 13:02 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 13:02 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 13:02 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 13:02 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 13:02 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 13:02 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 13:02 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 13:02 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 13:02 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 13:02 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 13:02 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 13:02 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 13:02 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 13:02 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 13:02 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 13:02 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 13:02 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 13:02 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 13:02 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 13:02 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 13:01 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 13:01 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 13:01 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 13:01 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 13:01 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 13:01 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 13:01 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 13:01 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 13:01 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 13:01 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 13:01 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 13:01 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 13:01 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 13:01 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 13:01 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 13:01 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 13:01 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 13:01 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 13:01 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 13:01 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 13:01 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 13:01 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 13:01 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 13:01 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 13:01 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 13:01 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 13:01 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 13:01 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 13:01 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 13:01 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 13:01 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 13:01 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 13:01 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 13:01 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 13:01 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 13:01 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 13:01 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 13:00 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 13:00 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 13:00 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 13:00 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 13:00 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 13:00 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 13:00 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 13:00 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 13:00 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 13:00 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 13:00 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 13:00 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 13:00 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 13:00 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 13:00 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 13:00 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 13:00 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 13:00 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 13:00 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 13:00 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 13:00 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 13:00 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 13:00 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 13:00 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 13:00 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 13:00 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 13:00 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 13:00 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 13:00 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 13:00 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 13:00 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 13:00 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 13:00 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 13:00 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 13:00 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 13:00 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 13:00 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 13:00 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 13:00 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 13:00 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 13:00 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 13:00 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 13:00 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 13:00 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 13:00 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 13:00 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 13:00 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 13:00 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 13:00 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 13:00 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 13:00 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 13:00 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 13:00 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 13:00 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 13:00 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 13:00 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 13:00 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 12:59 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 12:59 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 12:59 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 12:59 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 12:59 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 12:59 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 12:59 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 12:59 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 12:59 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 12:59 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 12:59 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 12:59 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 12:59 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 12:59 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 12:59 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 12:59 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 12:59 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 12:59 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 12:59 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 12:59 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 12:59 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 12:59 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 12:59 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 12:59 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 12:59 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 12:59 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 12:59 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 12:59 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 12:59 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 12:59 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 12:59 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 12:59 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 12:59 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 12:59 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 12:59 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 12:59 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 12:59 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 12:59 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 12:59 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 12:59 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 12:58 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 12:58 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 22:09 - 2015-03-20 14:03 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Lord Bot
2015-03-10 22:09 - 2015-03-10 22:09 - 00003089 _____ () C:\Users\mathiaswolfgang\Desktop\Lord Bot.lnk
2015-03-10 22:09 - 2015-03-10 22:09 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lord Bot
2015-03-10 22:09 - 2015-03-10 22:09 - 00000000 ____D () C:\Program Files (x86)\falknhayn
2015-03-10 22:07 - 2015-03-10 22:07 - 01659309 _____ () C:\Users\mathiaswolfgang\Downloads\LordBotSetup.zip
2015-03-10 16:54 - 2015-03-10 16:54 - 00289412 _____ () C:\Users\mathiaswolfgang\Downloads\baffledandbruised25.zip
2015-03-10 15:05 - 2015-03-10 15:59 - 00000000 ____D () C:\Program Files (x86)\MUSHclient
2015-03-10 15:05 - 2015-03-10 15:05 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MUSHclient
2015-03-10 15:05 - 2015-03-10 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MUSHclient
2015-03-10 15:04 - 2015-03-10 15:04 - 03563775 _____ () C:\Users\mathiaswolfgang\Downloads\mushclient494.exe
2015-03-10 15:00 - 2015-03-10 15:00 - 00000600 _____ () C:\Users\mathiaswolfgang\AppData\Local\PUTTY.RND
2015-03-10 14:33 - 2015-03-10 14:33 - 00799260 _____ () C:\Users\mathiaswolfgang\Downloads\tm421.zip
2015-03-10 12:25 - 2015-03-10 12:25 - 00724618 _____ () C:\Users\mathiaswolfgang\Downloads\telix-3.51.zip
2015-03-10 09:02 - 2015-03-10 09:02 - 03713772 _____ () C:\Users\mathiaswolfgang\Downloads\MS-DOS-6.22.zip
2015-03-10 08:25 - 2015-03-10 08:28 - 04790039 _____ () C:\Users\mathiaswolfgang\Downloads\sbbs230b.zip
2015-03-09 22:54 - 2015-03-09 22:55 - 08880923 _____ () C:\Users\mathiaswolfgang\Downloads\Mr Palin on the sport of Fish Slapping.mp4
2015-03-09 18:45 - 2015-03-09 18:45 - 00002048 _____ () C:\Users\Public\Desktop\Heroes of Might and Magic IV.lnk
2015-03-09 18:44 - 2015-03-09 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DO
2015-03-09 18:39 - 2015-03-09 18:39 - 00000000 ____D () C:\Program Files (x86)\3DO
2015-03-09 03:29 - 2015-03-09 03:30 - 28656799 _____ () C:\Users\mathiaswolfgang\Downloads\Mindestlohn - die perfiden Tricks der Arbeitgeber_ Monitor _ Das Erste _ WDR.mp4
2015-03-08 18:29 - 2015-03-08 18:35 - 34318798 _____ () C:\Users\mathiaswolfgang\Downloads\Volker Pispers ....es wird sich nichts mehr ändern !! USA im Endstadium des Kapitalismus.mp4
2015-03-08 13:06 - 2015-03-08 13:07 - 01152300 _____ () C:\Users\mathiaswolfgang\Downloads\sim-city-future_ancient_addon.zip
2015-03-08 13:06 - 2015-03-08 13:06 - 00674870 _____ () C:\Users\mathiaswolfgang\Downloads\simcity.zip
2015-03-07 12:47 - 2015-03-07 12:47 - 00244436 _____ () C:\Users\mathiaswolfgang\Downloads\player_manager_(1990)(anco)[cr_ocl]-amiga.zip
2015-03-07 12:44 - 2015-03-07 12:44 - 00367508 _____ () C:\Users\mathiaswolfgang\Downloads\player_manager_(1990)(anco)(it)-amiga.zip
2015-03-07 11:45 - 2015-03-07 11:45 - 00246544 _____ () C:\Users\mathiaswolfgang\Downloads\K.H. Rummenigge's Player Manager.zip
2015-03-07 11:32 - 2015-03-07 11:32 - 02738022 _____ () C:\Users\mathiaswolfgang\Downloads\Superheroines The Trap Trailer.mp4
2015-03-07 11:16 - 2015-03-07 11:16 - 00854361 _____ () C:\Users\mathiaswolfgang\Downloads\Wizardry V - Heart of the Maelstrom.zip
2015-03-07 10:20 - 2015-03-07 10:20 - 00655897 _____ () C:\Users\mathiaswolfgang\Downloads\Ultima - Runes of Virtue II.zip
2015-03-07 10:13 - 2015-03-07 10:13 - 00867785 _____ () C:\Users\mathiaswolfgang\Downloads\zsnesw151.zip
2015-03-07 09:45 - 2015-03-07 09:45 - 00530465 _____ () C:\Users\mathiaswolfgang\Downloads\DBQuest.zip
2015-03-07 01:30 - 2015-03-07 01:31 - 03149814 _____ () C:\Users\mathiaswolfgang\Downloads\warriors-of-legend.zip
2015-03-06 23:14 - 2015-03-06 23:14 - 00174323 _____ () C:\Users\mathiaswolfgang\Downloads\the-rescue-of-lorri-in-lorrinitron.zip
2015-03-06 22:46 - 2015-03-06 22:47 - 05906030 _____ () C:\Users\mathiaswolfgang\Downloads\Superheroines White Angel part 5.mp4
2015-03-06 20:10 - 2015-03-06 20:10 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\madpara
2015-03-06 20:08 - 2015-03-06 20:09 - 03079518 _____ () C:\Users\mathiaswolfgang\Downloads\mad-paradox.zip
2015-03-06 17:41 - 2015-03-06 17:43 - 36332290 _____ () C:\Users\mathiaswolfgang\Downloads\Volker Pispers Schluss mit lustig _ Ebola _ Skandale _ Medien 08.11.2014 - Bananenrepublik.mp4
2015-03-06 17:09 - 2015-03-06 17:09 - 00080612 _____ () C:\Users\mathiaswolfgang\Downloads\adventurewriter.zip
2015-03-06 15:36 - 2015-03-06 15:36 - 00325215 _____ () C:\Users\mathiaswolfgang\Downloads\legend-of-the-red-dragon.zip
2015-03-05 15:59 - 2015-03-05 16:00 - 01167872 _____ (Microsoft Corporation) C:\Users\mathiaswolfgang\Downloads\bgammon.exe
2015-03-05 12:21 - 2015-03-23 09:18 - 00000000 ____D () C:\FRST
2015-03-05 11:40 - 2015-03-05 11:40 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\MMFApplications
2015-03-05 11:38 - 2015-03-05 11:39 - 02675314 _____ () C:\Users\mathiaswolfgang\Downloads\lyle1.10.zip
2015-03-05 10:44 - 2015-03-05 10:45 - 00000000 ____D () C:\Program Files\Unlocker
2015-03-05 10:44 - 2015-03-05 10:44 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2015-03-05 10:44 - 2015-03-05 10:44 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Babylon
2015-03-05 10:44 - 2015-03-05 10:44 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\Babylon
2015-03-05 10:44 - 2015-03-05 10:44 - 00000000 ____D () C:\ProgramData\Babylon
2015-03-05 10:08 - 2015-03-05 10:08 - 02969817 _____ () C:\Users\mathiaswolfgang\Downloads\SB16W3X.ZIP
2015-03-05 08:38 - 2015-03-05 08:38 - 00613620 _____ () C:\Users\mathiaswolfgang\Downloads\S3DRIVERS.ZIP
2015-03-05 08:23 - 2015-03-05 08:23 - 00096238 _____ () C:\Users\mathiaswolfgang\Downloads\svga.zip
2015-03-05 07:25 - 2015-03-05 07:26 - 10836253 _____ () C:\Users\mathiaswolfgang\Downloads\WfW-3.11-unpacked.zip
2015-03-05 07:23 - 2015-03-13 21:54 - 00000000 ____D () C:\C
2015-03-05 07:20 - 2015-03-05 07:20 - 10787758 _____ () C:\Users\mathiaswolfgang\Downloads\WfW-3.11.zip
2015-03-05 07:09 - 2015-03-05 07:09 - 00002994 _____ () C:\Windows\System32\Tasks\{8FBCA9FA-E0E7-464A-9886-90001973BDFC}
2015-03-05 07:08 - 2015-03-05 07:08 - 00002994 _____ () C:\Windows\System32\Tasks\{F24780C1-2D59-48E8-B860-424F21626768}
2015-03-05 07:04 - 2015-03-05 07:06 - 05062817 _____ () C:\Users\mathiaswolfgang\Downloads\kpschool.zip
2015-03-05 05:50 - 2015-03-05 05:50 - 01448809 _____ (DOSBox Team) C:\Users\mathiaswolfgang\Downloads\DOSBox0.74-win32-installer.exe
2015-03-05 05:28 - 2015-03-05 06:37 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\DC Games
2015-03-05 05:27 - 2015-03-05 05:28 - 01439340 _____ () C:\Users\mathiaswolfgang\Downloads\dcg409.zip
2015-03-05 04:03 - 2015-03-05 04:03 - 00290672 _____ () C:\Windows\Minidump\030515-25875-01.dmp
2015-03-04 16:48 - 2015-03-04 16:49 - 08713978 _____ () C:\Users\mathiaswolfgang\Downloads\DarkSun2.zip
2015-03-04 16:07 - 2015-03-04 16:08 - 03282925 _____ () C:\Users\mathiaswolfgang\Downloads\Indiana_Jones_And_The_Last_Crusade.zip
2015-03-04 14:27 - 2015-03-04 16:02 - 00000000 ____D () C:\Users\mathiaswolfgang\Desktop\BMP
2015-03-04 14:26 - 2015-03-04 14:26 - 00920522 _____ () C:\Users\mathiaswolfgang\Downloads\BMP_MS_DOS.zip
2015-03-04 14:24 - 2015-03-04 14:24 - 00564718 _____ () C:\Users\mathiaswolfgang\Downloads\BMP0607bab.rar
2015-03-03 20:47 - 2015-03-03 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
2015-03-03 20:45 - 2015-03-03 20:46 - 14981420 _____ () C:\Users\mathiaswolfgang\Downloads\Railroad_Tycoon.zip
2015-03-03 19:04 - 2015-03-03 19:06 - 08759047 _____ () C:\Users\mathiaswolfgang\Downloads\transport-tycoon-deluxe.zip
2015-03-03 18:29 - 2015-03-03 18:29 - 09099710 _____ () C:\Users\mathiaswolfgang\Downloads\Minetest-0.4.10-android-armeabi.apk.zip
2015-03-03 17:13 - 2015-03-03 17:13 - 00164887 _____ () C:\Users\mathiaswolfgang\Downloads\football-manager.zip
2015-03-03 04:02 - 2015-03-03 04:02 - 00290720 _____ () C:\Windows\Minidump\030315-29140-01.dmp
2015-03-03 03:29 - 2015-03-03 03:29 - 00000112 _____ () C:\Users\mathiaswolfgang\Downloads\reader.url
2015-03-03 02:25 - 2015-03-03 02:25 - 00353240 _____ () C:\Users\mathiaswolfgang\Downloads\Huckleberry-Finns-Abenteuer-Mark-Twain.epub
2015-03-03 02:21 - 2015-03-03 02:21 - 00461474 _____ () C:\Users\mathiaswolfgang\Downloads\Huckleberry-Finns-Abenteuer-Mark-Twain.mobi
2015-03-03 01:42 - 2015-03-03 01:43 - 27129674 _____ () C:\Users\mathiaswolfgang\Downloads\Sahra Wagenknecht sagt die Wahrheit über Ukraine und Deutschland.mp4
2015-03-01 17:00 - 2015-03-01 17:00 - 00071941 _____ () C:\Users\mathiaswolfgang\Downloads\12-2014_ranking_angebote_Einzelmonat_if2014_12.xlsx
2015-02-26 14:05 - 2015-02-26 14:05 - 00001291 _____ () C:\Users\mathiaswolfgang\Documents\meine daten.txt
2015-02-26 10:22 - 2015-02-26 10:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-02-25 19:32 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-25 19:32 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-25 19:32 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-25 19:32 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-25 03:00 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 03:00 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-24 00:00 - 2015-02-24 00:00 - 00642746 _____ () C:\Users\mathiaswolfgang\Downloads\hill-street-blues.zip
2015-02-22 21:30 - 2015-02-22 21:34 - 01907525 _____ () C:\Users\mathiaswolfgang\Downloads\pools-of-darkness.zip
2015-02-22 21:12 - 2015-02-22 21:12 - 00466939 _____ () C:\Users\mathiaswolfgang\Downloads\safari_guns_(1989)(infogrames)(fr)(disk_2_of_2)[cr_qtx][h_newbit]-amiga.zip
2015-02-22 21:12 - 2015-02-22 21:12 - 00410718 _____ () C:\Users\mathiaswolfgang\Downloads\safari_guns_(1989)(infogrames)(fr)(disk_1_of_2)[cr_qtx][h_newbit]-amiga.zip
2015-02-22 19:40 - 2015-02-22 19:46 - 14086761 _____ () C:\Users\mathiaswolfgang\Downloads\the-settlers-ii-gold-edition.zip
2015-02-22 19:12 - 2015-02-22 19:12 - 00640812 _____ () C:\Users\mathiaswolfgang\Downloads\traps_n_treasures_(1993)(starbyte)(de)(disk_2_of_2)[o]-amiga.zip
2015-02-22 19:12 - 2015-02-22 19:12 - 00303003 _____ () C:\Users\mathiaswolfgang\Downloads\traps_n_treasures_(1993)(starbyte)(de)(disk_1_of_2)[o]-amiga.zip
2015-02-21 20:21 - 2015-02-21 20:23 - 30420913 _____ () C:\Users\mathiaswolfgang\Downloads\Volker Pispers - Scheiße, ich habe ja gar kein Hotel - Neues aus der Anstalt 32.mp4
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-23 09:18 - 2009-07-14 05:45 - 00033904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-23 09:18 - 2009-07-14 05:45 - 00033904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-23 09:17 - 2014-05-05 00:38 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\360safe
2015-03-23 09:16 - 2014-05-03 14:26 - 01519198 _____ () C:\Windows\WindowsUpdate.log
2015-03-23 09:11 - 2014-12-19 12:29 - 00008513 _____ () C:\Windows\setupact.log
2015-03-23 09:11 - 2014-05-29 13:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-23 09:11 - 2014-05-03 14:55 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-23 09:11 - 2010-11-21 04:47 - 00798674 _____ () C:\Windows\PFRO.log
2015-03-23 09:11 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-23 07:49 - 2014-05-03 14:55 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-22 20:45 - 2014-05-05 00:38 - 00000000 ____D () C:\ProgramData\360SD
2015-03-22 14:26 - 2014-05-20 17:29 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-21 21:55 - 2015-01-06 02:38 - 00000000 ____D () C:\Users\mathiaswolfgang\Documents\OpenTTD
2015-03-21 21:17 - 2014-05-05 16:53 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\XnView
2015-03-21 20:54 - 2015-01-20 15:53 - 252518242 _____ () C:\Windows\MEMORY.DMP
2015-03-21 20:54 - 2014-05-12 20:23 - 00000000 ____D () C:\Windows\Minidump
2015-03-19 11:43 - 2014-05-05 13:06 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Local\Paint.NET
2015-03-19 01:28 - 2011-04-12 08:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2015-03-19 01:28 - 2011-04-12 08:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2015-03-19 01:28 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-18 14:26 - 2014-06-03 12:16 - 00003864 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1400603381
2015-03-18 09:36 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-17 14:33 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-03-17 14:16 - 2014-12-10 19:54 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-14 05:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-03-13 23:02 - 2014-12-01 11:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-13 14:37 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-12 08:34 - 2009-07-14 05:45 - 00321936 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 08:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 08:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 00:20 - 2014-12-22 14:38 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 00:18 - 2014-12-22 14:38 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-10 14:31 - 2014-08-11 12:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-09 18:35 - 2015-01-03 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call To Power 2
2015-03-09 18:24 - 2014-05-05 00:37 - 00000000 _RSHD () C:\360SANDBOX
2015-03-09 18:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2015-03-09 18:03 - 2014-07-07 08:07 - 00000000 ____D () C:\SPIELE
2015-03-05 11:06 - 2014-06-11 06:46 - 00000000 ____D () C:\Backups
2015-03-05 05:51 - 2014-05-05 11:50 - 00001927 _____ () C:\Users\Public\Desktop\DOSBox 0.74.lnk
2015-02-26 06:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-24 03:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-23 02:28 - 2014-05-03 15:18 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-02-21 03:03 - 2014-06-30 08:28 - 00000000 ____D () C:\Users\mathiaswolfgang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
==================== Files in the root of some directories =======
2015-03-10 15:00 - 2015-03-10 15:00 - 0000600 _____ () C:\Users\mathiaswolfgang\AppData\Local\PUTTY.RND
2014-06-04 20:11 - 2014-07-01 14:36 - 0007609 _____ () C:\Users\mathiaswolfgang\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by mathiaswolfgang at 2015-03-23 09:20:54
Running from C:\Users\mathiaswolfgang\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: 360 Internet Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Internet Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
360 Internet Security (HKLM-x32\...\360 Internet Security) (Version: 4.9.0.4900 - Qihu 360 Software Co., Ltd.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Blitz3D 1.108 (HKLM-x32\...\Blitz3D_is1) (Version: - Blitz Research Ltd)
Cotschigotschi 2 (HKLM-x32\...\ST6UNST #1) (Version: - )
CrystalDiskInfo 6.1.14 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.1.14 - Crystal Dew World)
Das Fussball Studio 8.5.2 (Beta) (HKLM-x32\...\{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1) (Version: 8.5.2 - vmLOGIC - Volker Mallmann)
Die Siedler IV (HKLM-x32\...\S4Uninst) (Version: - )
Die Völker Gold Edition (HKLM-x32\...\{24ECFEDB-6CE0-48D0-8C34-EE4C5BC275BF}) (Version: 3.0 - JoWooD Studio Vienna)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.8.49.213 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Golden Wipf Edition 4 (remove only) (HKLM-x32\...\Golden Wipf Edition 4) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Heroes of Might and Magic® IV (HKLM-x32\...\Heroes of Might and Magic IV) (Version: - )
Hot-Poker 1.10 (HKLM-x32\...\Hot-Poker_is1) (Version: 1.10 - )
Lazarus 1.2.6 (HKLM\...\lazarus_is1) (Version: 1.2.6 - Lazarus Team)
Lord Bot (HKLM-x32\...\{3C00D2E1-C8EC-4194-9598-57065645182D}) (Version: 2.0.1 - falknhayn)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.02.382 - Huawei Technologies Co.,Ltd)
MUSHclient (remove only) (HKLM-x32\...\MUSHclient) (Version: - )
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Opera Stable 28.0.1750.48 (HKLM-x32\...\Opera 28.0.1750.48) (Version: 28.0.1750.48 - Opera Software ASA)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Seven Kingdoms AA (HKLM-x32\...\7kaa) (Version: - )
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Sword (HKLM-x32\...\Sword) (Version: - )
Unity Web Player (HKU\S-1-5-21-3460778114-2026053698-264934852-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Windows Media Player 5.2 (HKLM-x32\...\MPlayer2) (Version: - )
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinUAE (HKLM-x32\...\{DFDB22DC-2CE2-434B-8BF3-2B9C2BA4845B}) (Version: 3.0.0.0 - Arabuusimiehet)
XnView 2.22 (HKLM-x32\...\XnView_is1) (Version: 2.22 - Gougelet Pierre-e)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
09-03-2015 17:34:00 Installiert Locomotion
10-03-2015 14:26:21 Installiert Locomotion
10-03-2015 17:23:07 Windows Update
10-03-2015 22:08:24 Installed Lord Bot
12-03-2015 00:15:44 Windows Update
17-03-2015 11:39:31 Windows Update
21-03-2015 21:10:23 ComboFix created restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-03-17 14:27 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {103CA69D-71EA-4879-8C1B-B33A9435BA2E} - System32\Tasks\{4D0958FC-8AF8-4B4D-8952-A526B9634B1F} => D:\SEAFGT.EXE
Task: {11BE90E8-4730-4E68-B35A-851FF64F2615} - System32\Tasks\{F24780C1-2D59-48E8-B860-424F21626768} => C:\Program Files (x86)\Neuer Ordner\kpschool.exe
Task: {14759DF3-7312-4CBF-AC68-E618F5150B6C} - System32\Tasks\{5F49EADF-C2C2-47EF-87E5-9B6E10C34CAC} => D:\Dream_dt\SETUP.EXE
Task: {1FC4984D-3C8A-4985-A542-F36D1A07D116} - System32\Tasks\{006D70BB-ECED-4F93-AB60-01163E21710D} => D:\Sword\SwordTe.exe
Task: {2245BC46-0388-42D6-AB87-0768023CB171} - System32\Tasks\{3AE04FD0-6EE9-403B-87CF-D014C95FADB5} => C:\Program Files (x86)\Clonk Planet\Planet.exe
Task: {224A13A1-F8EE-4881-9B6B-2CFB2FD4259B} - System32\Tasks\{9CDB3321-E3BA-4283-BD73-8FFD21BE17AF} => C:\I-Magic\Vangers\road.exe
Task: {277AF161-C08E-45F4-8795-37A0A787DA55} - System32\Tasks\{E0D2FC71-2C21-46FF-9BDB-D5CA7EEC0296} => C:\I-Magic\Vangers\road.exe
Task: {30836FD8-978F-48F8-BFF8-AD0BCBA7AD64} - System32\Tasks\{FF462C85-3920-4910-871F-1C2EC6863927} => C:\SPIELE\Clonk 3 Radikal\CLONK.EXE
Task: {33E9FA45-81A0-4A64-A5CC-8F9C068790F6} - System32\Tasks\{3FC4F284-82F6-4A11-B433-948210E9E3F2} => D:\MEDIA1.EXE
Task: {34EE2922-C999-462A-9563-9D050D445B1A} - System32\Tasks\{26B8FE32-186D-4842-A901-F4081FE7B812} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {39AD6171-BFA6-452F-AC19-CEC9BBB6199B} - System32\Tasks\{F39CADE0-2891-457C-A8D1-B04F90F978A0} => C:\Users\mathiaswolfgang\Desktop\Neuer Ordner (2)\install.exe
Task: {3CE5D6EC-1186-445D-A037-D1F84524D0FC} - System32\Tasks\Opera scheduled Autoupdate 1400603381 => C:\Program Files (x86)\Opera\launcher.exe [2015-03-16] (Opera Software)
Task: {3E9F29C0-E5B1-4E19-A412-8756D8717487} - System32\Tasks\{8FBCA9FA-E0E7-464A-9886-90001973BDFC} => C:\Program Files (x86)\Neuer Ordner\kpschool.exe
Task: {4336ABF0-3907-4B52-A69B-CF48377E974F} - System32\Tasks\{C4C0A2E8-0E08-4761-B2F1-29DC4A910901} => C:\Users\mathiaswolfgang\Desktop\Neuer Ordner (2)\SoMX.exe
Task: {4AB4B796-41D8-493A-AB71-378D409CAFA7} - System32\Tasks\{F6C9D31A-CB1B-4EA6-86BD-310E6AB1DB6F} => pcalua.exe -a D:\Install\Install.exe -d D:\Install
Task: {56E6FEAD-41BA-4361-8CA8-CD5392AA0E41} - \{B74DDCF5-CAC6-4139-9FF5-06659E17E212} No Task File <==== ATTENTION
Task: {5F27719C-61FF-44BE-835E-1A3EE1A36DF0} - System32\Tasks\{70346F41-F98B-467C-9A93-40C4A8C9AC67} => C:\Program Files (x86)\JEliza\JElizaGtk.exe
Task: {60159C16-C7E5-4757-AEC3-EE882B1A363B} - System32\Tasks\{6394D897-7E0D-420D-883E-D9B134FA6619} => D:\Sword\Sword.exe
Task: {6039C3EF-BDA2-4AAF-9F7A-324060F43AC8} - System32\Tasks\{6A3B89AA-285D-46DB-BEB2-096D88AFEDB1} => C:\Users\mathiaswolfgang\Desktop\traumfra.exe
Task: {6312C131-5BC9-4899-BE0A-77AA826F27DF} - System32\Tasks\{3EE3C452-E5E3-483D-B559-372AE53DC331} => C:\Users\mathiaswolfgang\Downloads\KOTCDemoVersion115.exe
Task: {63B9FC30-572A-465A-B556-0CA2CEF4CCE5} - System32\Tasks\{585F4A47-9843-4995-9415-B6BC24375FA3} => D:\SETUP.EXE
Task: {68E328C7-0CCB-4122-B645-F84FF4122B61} - System32\Tasks\{D5C943D5-8E47-49C7-9864-5825532A965F} => D:\exe\Stx.exe
Task: {6FFA9207-9300-4966-A3E0-3686CA2A9429} - System32\Tasks\{C04DCB75-EEA5-4E3D-8897-E68E0A5C7205} => D:\start31.exe
Task: {7F413531-4747-4187-A02A-C009B66C01B2} - System32\Tasks\{42B8E2D9-5649-4EE7-945C-4D2905790FD5} => C:\Users\mathiaswolfgang\Desktop\Blue Remake\BLUE.EXE
Task: {85141D60-C255-4537-991D-2D9F888653EF} - System32\Tasks\{173269E1-DB92-4BC7-A7F5-3E195645AC79} => D:\3DXWD\3DXWD.EXE
Task: {8A534365-EC81-46A4-BB3D-B47BD0E87F1B} - System32\Tasks\{9F52D3D2-EC42-4F1C-AF45-23F6F743CB52} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {9A84E65E-215C-4F69-816D-9119E1F13732} - System32\Tasks\{9DF6BE12-B8DC-42CB-9DEA-39E621FA85DD} => C:\Users\mathiaswolfgang\Eigene Spiele\TTD Win\Transport Tycoon Deluxe.exe
Task: {A2389745-078B-4AAA-8842-9E0976199393} - System32\Tasks\{CD26E032-ACA3-4BCE-94AC-1E58D25641C6} => pcalua.exe -a C:\Users\mathiaswolfgang\Desktop\My\Mythruna-20120627.exe -d C:\Users\mathiaswolfgang\Desktop\My
Task: {A6E69830-0C1D-4F7A-B76C-39FECF286A64} - System32\Tasks\{57D4D9F1-00C5-4DCA-80ED-C98358789A0C} => C:\Users\mathiaswolfgang\Desktop\Blue Remake\BLUE.EXE
Task: {AA53B750-E789-425D-85EB-469C6C0D1964} - System32\Tasks\{1D5E208F-1715-4B64-BD80-FDB73055025F} => D:\Autorun.exe
Task: {AED6060A-020B-4744-878C-0F35F761B657} - System32\Tasks\{06879CE2-18CC-44CD-9514-05BB7788BF13} => C:\SPIELE\abandoned-places-a-time-for-heroes\START.EXE
Task: {B0F2FEFB-EE88-4056-81CC-89A5B8E54388} - System32\Tasks\{40AB0AC0-D60D-405F-A423-51F08F6CC298} => C:\Users\mathiaswolfgang\Eigene Spiele\Neuer Ordner\LORD.EXE
Task: {BB09B646-6673-40E5-88B9-7D99E1D3BD66} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-03] (Google Inc.)
Task: {BD068070-8542-4A0D-81B4-FA4D386FC677} - System32\Tasks\{616F63CC-AB51-49F0-956C-BF81443F17BB} => C:\I-Magic\Vangers\road.exe
Task: {BE73A315-FE20-4B10-8DB2-6273D4C4BD54} - System32\Tasks\{7BD56DB0-213F-4D63-A263-922A87837671} => C:\Users\mathiaswolfgang\Desktop\Blue Remake\BLUE.EXE
Task: {C4F577FA-57C4-4CBD-8456-1BEF8AFFDA1F} - System32\Tasks\{9F68762D-9895-4ED1-B0B3-9D003EBC0746} => C:\Program Files (x86)\Pennsylvania State University CSE420W Project Group\AIBuddy\AIBuddy.exe
Task: {C7EDA68B-64E5-46E5-B8A5-64945B23E1BE} - System32\Tasks\{3AEB7961-D36D-4EBC-995D-E9EBB9764E37} => C:\SPIELE\Clonk 3 Radikal\CLONK.EXE
Task: {C9FFCEB4-FFC1-47A4-87E6-FB0410791F25} - System32\Tasks\{3B295F15-D02F-463C-8F98-E34FD7AB049E} => D:\Sword\SwordTe.exe
Task: {D48A42A4-68CC-4A0F-8758-2A5E7EE524C3} - System32\Tasks\{EF76FD33-39D9-44D1-87DB-4B480049FA1B} => C:\Program Files (x86)\ForgottenWorld\fw.exe
Task: {D889E863-625A-442E-A94A-6B09FB5127B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-03] (Google Inc.)
Task: {DB6B0351-2489-4014-A3D9-C7BF1380BBF6} - System32\Tasks\{441E379D-BE8D-43C9-8F73-E0E8CDA6F803} => C:\Program Files (x86)\Opera\launcher.exe [2015-03-16] (Opera Software)
Task: {E0C95ECE-CA13-404F-ADF6-462113001285} - System32\Tasks\{4E33F64D-DCD6-4824-B709-26736271FDB4} => pcalua.exe -a C:\WINDOWS\st6unst.exe -c -n "C:\Program Files (x86)\Cotschigotschi 2\ST6UNST.LOG"
Task: {EE76073B-E183-4DCD-85A6-53FC4034B5C1} - System32\Tasks\{8812DAEE-5A73-40C6-9E95-ABCD73746618} => C:\SPIELE\Clonk 3 Radikal\CLONK.EXE
Task: {F03A26BD-080E-464D-80C2-135690D7FE84} - System32\Tasks\{A81AE87E-602B-4B31-8637-3F6F9BB1868B} => C:\Users\mathiaswolfgang\Eigene Spiele\TTD Win\Transport Tycoon Deluxe.exe
Task: {F09F4A6A-4B58-4DB7-AE8B-552E2D94AEE7} - System32\Tasks\{F2A810EA-B5FB-4E21-B49B-324741F9167A} => Chrome.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar
Task: {FF9B7148-56E2-414D-9D0C-B559B77D373D} - System32\Tasks\{74E225D2-9EA1-4D95-AE1F-620A7F08833C} => C:\Program Files (x86)\Clonk Planet\Planet.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
Code:
ATTFilter Programm XY funktioniert nicht mehr und muss beendet werden.
|
|
23.03.2015, 15:55
| #15 |
| /// the machine /// TB-Ausbilder | Windows 7 64 mit häufigen Bluescreens [gelöst] Von dem aktuellen Bluescreen bitte mal einen Bericht mit Bluescreenview machen: Windows Bluescreen Absturz analysieren und beheben - so geht's - Anleitungen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7 64 mit häufigen Bluescreens |
| absturz, anderen, anwendung, bluescreen, bluescreens, c:\windows, computer, driver, fehlercode, fehlercode 0x5, fehlercode 0x81000006, fehlercode 0xc0000005, fehlercode windows, fehlermeldung, folgende, memory.dmp, memory_management 0x0000001a, neustart, problem gelöst, prozessor, schnell, system, version, windows, windows 7 |
WARNUNG an die MITLESER: 
Linear-Darstellung
