| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: G Data meldet wiederholt Problem mit rpcnetp.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.05.2015, 10:33
| #1 |
 |  G Data meldet wiederholt Problem mit rpcnetp.exe Hallo zusammen, ich habe hier einen neuen Lenovo-PC stehen (E73, i5-4460s, 10DR001DGE, W7Prof. 64). Als Schutzsoftware läuft G DATA Internet Security. Die Verhaltensüberwachung von G DATA meldet wiederholt einen vermeintlichen Befall der Datei rpcnetp.exe. Hier das Log-File: Code:
ATTFilter *** Prozess ***
Prozess: 2200
Dateiname: rpcnetp.exe
Pfad: c:\windows\system32\rpcnetp.exe
Herausgeber: Unbekannter Herausgeber
Erstelldatum: 04/22/15 17:40:06
Änderungsdatum: 05/01/15 18:06:34
Gestartet von: services.exe
Herausgeber: Microsoft Windows
*** Aktionen ***
Das Programm hat Aktionen im Namen eines anderen Programmes ausgeführt.
Das Programm stellt eine Verbindung über ein Netzwerk her.
Das Programm hat Dateien im Systemordner gespeichert.
Das Programm hat eine ausführbare Datei angelegt oder manipuliert.
Eine Netzwerkverbindung wurde im Kontext eines anderen Programmes geöffnet.
Das Programm hat eine Kopie von sich selbst angelegt.
Das Programm hat versucht die eigene Programmdatei zu löschen.
Das Programm hat sich selbst gelöscht indem es die Kontrolle über ein anderes Programm übernimmt.
Das Programm hat sich in den Windows Ordner kopiert.
Das Programm hat eine ausführbare Datei im Windows-Ordner angelegt oder manipuliert.
*** Quarantäne ***
Folgende Dateien wurden in Quarantäne verschoben:
C:\Windows\System32\rpcnetp.exe
c:\windows\system32\rpcnetp.exe
c:\windows\syswow64\config\systemprofile\appdata\local\intel\icls client\iclsclient.log
c:\windows\syswow64\ntagent.exe
c:\windows\syswow64\rpcnet.dll
c:\windows\syswow64\upgrd.bat
c:\windows\temp\instb64.sys
Folgende Registry Einträge wurden gelöscht:
\REGISTRY\MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
\REGISTRY\USER\S-1-5-21-1668834982-245352921-3405046034-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-12-bf-d7-ef-e4 || WpadDetectedUrl
YGLR2rLPCSsn++1ygtkoJ8nGwHJyLSctJ2fQcnIpJy0nDC4nvycn1ysn3QynQicndHJiYnArJycnJyYGuHJycnJiYpArFq0tdw7pcpIrJiYnuaAmJyonKScHynKCYmJygqAtJyonKCcI7HJyJycsJwv8ctJyonKS0CgnKCYmJwidcpIqJycnmdAqJ63gLCcqJygnCI9ycmJicnLwLCcoJiYnCGcmJycmJicHZygnJyYmJwd3KScoJiYnCHcvJygnJycHhysnd3LCcrJw2HKCcnJycnD5cnItJy0nZ3CKcrJiYnKycLpy0VpjprJy0VpjpnJy0VpjpqJw2nKiYmJyonB7coJiYnKCcIty8nKycqJwm3KScnJygnCrcnIMxy8nuWJicpIL1yknKCcnJwfnKCeXcN5ygmJicoKAlnLCD2grJygnJycHeConCwA
Version der Regeln: 5.0.30
OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 64bit OS
Version der dll: 51504
C:\Windows\System32\rpcnetp.exe
MD5: 9A66E27C59C804A376A72831B5B771C5
C:\Windows\system32\services.exe
MD5:
Die betroffene Datei rpcnetp.exe scheint sogar vom System immer wieder neu erzeugt zu werden, zumindest kann ich über die Systemwiederherstellung nachvollziehen, dass es von der Datei immer wieder neue Versionen zu geben scheint. Inzwischen sind mehrere Versionen der Datei in Quarantäne. Eine der in Quarantäne verschobenen Dateien hat etwas mit dem icls Client zu tun. Dieser ist lt. Web Bestandteil der Intel Management Engine, die auf meinem System installiert ist. Möglicherweise handelt es sich um einen Fehlalarm, aber ich würde gerne auf Nummer sicher gehen, bevor ich Aktivitäten dauerhaft erlaube, die G Data beanstandet. Natürlich habe ich zuerst den Kontakt zu G Data gesucht. Die haben mir gestern auch bestätigt, dass sie alle erforderlichen Informationen vor einer Woche erhalten haben. Allerdings gibt es bei den Kollegen so viel zu tun, dass man mir nicht sagen kann, bis wann man sich mit meinem Problem beschäftigen wird. Darum bitte ich Euch, mir Eure Unterstützung zu gewähren, damit ich in der Sache weiter komme und ein mögliches Risiko beseitigen kann. Vielen Dank vorab für Eure Hilfe. writeoff Geändert von writeoff (02.05.2015 um 11:15 Uhr) |
|
02.05.2015, 22:49
| #2 |
| /// the machine /// TB-Ausbilder    | G Data meldet wiederholt Problem mit rpcnetp.exe hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
03.05.2015, 08:53
| #3 |
| | G Data meldet wiederholt Problem mit rpcnetp.exe Hi schrauber,
__________________danke, dass Du mir hilfst. Der Download hat geklappt. Beim Start von FRST meldete die GData VErhaltensüberwachung ein neues Problem Code:
ATTFilter *** Prozess ***
Prozess: 4852
Dateiname: erunt.exe
Pfad: c:\windows\erunt.exe
Herausgeber: Unbekannter Herausgeber
Erstelldatum: 02/22/13 15:05:21
Änderungsdatum: 02/22/13 02:04:50
Gestartet von: cmd.exe
Herausgeber: Microsoft Windows
*** Aktionen ***
Ein Packer wurde auf die Programmdatei angewandt. Möglicherweise um schädliche Inhalte zu verbergen.
Das Programm hat in Dateien oder Ordnern geschrieben, die genutzt werden können, um das System zu gefährden.
Das Programm hat Werte in der System-Registrierung verändert die genutzt werden können um das System zu gefährden.
YGLRtuLAcnJycmJi0HJycnJiYuByciYnZ2JicCp0ckInJyYGt3JycnJiYnAsJycnJyYGaHJycnJiYoArJycnJyYGmXJykCsWbSsJyXJycKdycnB4cnJycmJicJlycnJyYmJwunKxXmO2cnKxXmO2cmJicI5ycgAA
Version der Regeln: 5.0.30
OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 64bit OS
Version der dll: 51504
ERUNT.exe C:\FRST\HIVES silent sysreg curuser /noconfirmdelete /noprogresswindow
MD5: 2E0323A94915FAAB10A25F3BABF82584
C:\Windows\system32\cmd.exe /c ERUNT.exe C:\FRST\HIVES silent sysreg curuser /noconfirmdelete /noprogresswindow
MD5:
Hier die Ergebnisse: 1. Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015
Ran by XXXXXX XXXXXX at 2015-05-03 09:43:02
Running from C:\Users\XXXXXX XXXXXX\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1668834982-245352921-3405046034-500 - Administrator - Disabled)
Backup (S-1-5-21-1668834982-245352921-3405046034-1004 - Limited - Enabled)
Gast (S-1-5-21-1668834982-245352921-3405046034-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1668834982-245352921-3405046034-1003 - Limited - Enabled)
XXXXXX XXXXXX (S-1-5-21-1668834982-245352921-3405046034-1001 - Administrator - Enabled) => C:\Users\XXXXXX XXXXXX
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: G DATA INTERNET SECURITY (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA INTERNET SECURITY (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G*DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
DisplayLink Core Software (HKLM\...\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}) (Version: 7.5.54609.0 - DisplayLink Corp.)
Elevated Installer (x32 Version: 4.0.17.0 - Garmin Ltd or its subsidiaries) Hidden
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}_is1) (Version: 3.20.0008 - Lenovo Group Limited)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
G DATA INTERNET SECURITY (HKLM-x32\...\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}) (Version: 25.1.0.4 - G DATA Software AG)
Garmin Express (HKLM-x32\...\{9e8d8fbd-a697-491e-b887-99b98b6463e4}) (Version: 4.0.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.17.0 - Garmin Ltd or its subsidiaries) Hidden
GTR 2 (HKLM-x32\...\GTR 2_is1) (Version: - SimBin)
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{0A8BEF69-0DD7-4A8F-9AED-0CB91BEBCB58}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Hilfe (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.0.1098 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.3 - Lenovo Inc.)
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 1.0.10.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{1CA74803-5CB2-4C03-BDBE-061EDC81CC7F}) (Version: 2.8.004.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0034 - Lenovo)
Lenovo USB Graphics (HKLM\...\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}) (Version: 7.5.54614.0 - Lenovo)
Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.17 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM-x32\...\Office14.PRJPROR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mindjet (HKLM-x32\...\{EAFBFF2D-5553-474A-85FA-863A82F00900}) (Version: 11.3.305 - Mindjet)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
Nitro Pro 9 (HKLM\...\{237990BC-415C-4CE8-B279-37892516D9F2}) (Version: 9.0.6.20 - Nitro)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OBELISK top2 (HKLM-x32\...\OBELISK top2_is1) (Version: - Theben AG)
PDF-XChange 2012 (HKLM\...\{504022CD-6A58-42D5-ACC9-966F695AAD93}_is1) (Version: 5.0.266.0 - Tracker Software Products Ltd)
Personal Backup 5.6 (HKLM\...\Personal Backup 5_is1) (Version: 5.6.8.2 - Dr. J. Rathlev)
PowerDVD Create (HKLM-x32\...\InstallShield_{DE485075-8CD3-4A1E-9ABC-6412EBA44872}) (Version: 10.0 - CyberLink Corp.)
PowerDVD Create 10 (x32 Version: 10.0.1.3710 - CyberLink Corp.) Hidden
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30158 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7116 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version: - Microsoft)
Simple Sudoku 4.2 (HKLM-x32\...\Simple Sudoku_is1) (Version: - )
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.32.155 - Akademische Arbeitsgemeinschaft)
Synergy (64-bit) (HKLM\...\{FDD88467-9C61-4E2D-BA69-2A89735A21CC}) (Version: 1.5.0 - The Synergy Project)
Teachmaster 4.3 (nur Entfernen) (HKLM-x32\...\Teachmaster 4.3) (Version: - )
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.42.0 - Lenovo)
USB Enhanced Performance Keyboard (HKLM\...\{989DC5D9-A776-430D-9E16-D36E5B81CD86}) (Version: 2.0.2.2 - Lenovo)
View Management Utility (HKLM\...\View Management Utility_is1) (Version: 3.0.1.20120921 - Lenovo Inc.)
WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.4514 - CyberLink Corp.)
WaveEditor (x32 Version: 1.0.1.4514 - CyberLink Corp.) Hidden
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - NVIDIA (nvlddmkm) Display (01/10/2014 9.18.13.3238) (HKLM\...\E9A4B47F71DBAB00739515AD85C58A7593BACBEA) (Version: 01/10/2014 9.18.13.3238 - NVIDIA)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
16-04-2015 09:11:49 20150417 vor lenovo updates
16-04-2015 10:56:47 20150417 nach lenovo, nvidia, firefox, g25 vor gtr2
16-04-2015 10:59:22 DirectX wurde installiert
16-04-2015 11:16:38 20150417 nach gtr2 vor syncmaster
16-04-2015 11:40:12 20150417 nach syncmaster
16-04-2015 11:42:44 Installed Microsoft Office Professional Plus 2010
16-04-2015 11:52:51 Removed Microsoft Office
16-04-2015 11:55:28 20150417 nach office vor project
16-04-2015 11:57:50 Installed Microsoft Project Professional 2010
16-04-2015 12:03:59 Installed Microsoft Visio Premium 2010
16-04-2015 12:07:49 20150417nach Project, VIsio vor Windows update
16-04-2015 12:37:09 Windows Update
16-04-2015 13:13:41 Windows Update
16-04-2015 13:24:16 20150417 office komplett
16-04-2015 13:34:02 Windows Update
16-04-2015 14:18:23 20150417nach skype, silverlight, mouse vor mindmanager
16-04-2015 14:20:34 Installed Mindjet.
16-04-2015 14:51:23 20150417 nach MIndmanager
16-04-2015 18:26:39 20150417 nach MIndmanager vor Drucker
16-04-2015 18:57:13 SteuerSparErklärung 2015 wurde installiert.
16-04-2015 18:58:38 Installed AAVUpdateManager.
16-04-2015 19:06:59 20150417 nach drucker, keepass und steuer; vor adobe
16-04-2015 19:10:04 Removed Adobe Reader X (10.1.7) MUI.
16-04-2015 19:58:08 20150417 nach adobe vor kleinzeugs
16-04-2015 19:59:14 Installed Synergy (64-bit)
16-04-2015 20:00:42 Windows Modules Installer
16-04-2015 20:07:36 Installed 7-Zip 9.20 (x64 edition)
16-04-2015 20:24:09 20150417 nach kleinzeugs vor garmin
16-04-2015 20:57:55 20150417 Basisrechner ohne GArmin
16-04-2015 21:12:33 Windows-Sicherung
17-04-2015 15:04:28 20150418 nach Outlook und firefox vor garmin
17-04-2015 15:29:13 Sprachpaketdeinstallation
17-04-2015 16:08:04 Garmin Express
17-04-2015 21:07:58 20150417 Komplette Installation
17-04-2015 22:25:41 Windows Update
22-04-2015 19:08:10 20150421 vor virus quarantäne
02-05-2015 12:49:06 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {028D016B-AEB9-401C-AF9F-041A2C4D6DDF} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {0D4E6746-882E-42C0-B262-2B3BDC76C667} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {2F2FF5A7-4EB8-479D-B8B9-6A377DAE7DB8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {397C821B-11B3-4230-AB0F-5E51B33EA316} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2013-11-13] (Realtek Semiconductor)
Task: {3C09831B-FAF8-4FF1-A0B1-81D5A3838EAA} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2015-03-27] ()
Task: {3DD7CAC4-43A3-4E37-AFBA-19FCDAA6B7CA} - System32\Tasks\{5C755EAB-2069-42B3-82FA-14707930F6C8} => pcalua.exe -a "C:\Users\XXXXXX XXXXXX\Downloads\Games\lgs510.exe" -d "C:\Users\XXXXXX XXXXXX\Downloads\Games"
Task: {3ED8BCAD-0D52-4509-B2A1-0E9909C0D53A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {4BEFA616-F68B-46C6-BA77-1E2D5BF8CCFF} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {4E391E70-CF01-4931-BF8B-70F07E113667} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {5DE76225-9DAB-4A21-849B-8503B39F3939} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-03-09] (Lenovo)
Task: {70E0B315-E816-4A44-90A1-2F11695D676D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {7CEB4B03-13B6-4AF4-AD41-9FBD91A8FC00} - System32\Tasks\PMTask => C:\Program Files (x86)\Lenovo\PowerMgr\PwmIdTsv.exe [2014-03-05] (Lenovo Group Limited)
Task: {85C4DEBE-C483-40A8-8AAE-87DFBA4EA8FB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {8D3BF5B1-7D64-49AA-B4ED-3454953828CE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {9E064A0C-B6B6-446B-B5D3-466238EAD512} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {A04A2D3B-C1E8-4D38-9AC0-9FC61F1C34CB} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2015-03-09] (Lenovo)
Task: {ABCF8661-794A-4238-86BD-A368B2EFC154} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {B7F3A3B4-8EAC-46A9-92A5-4446D0D61218} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {BC490265-B4E6-4636-AEB2-4980CDEF3F8E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {BC78E8EB-863E-41DA-B5CC-658FB042B54F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-12-17] (Realtek Semiconductor)
Task: {C199D663-3941-4551-9F4E-E8E127F9600A} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-03-09] (Lenovo)
Task: {CC6B33CF-9DAC-4FE1-BA71-88723C5766EC} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2015-04-12] ()
Task: {D0647402-7FCD-4A93-9F8A-15DC1C65754B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {DD947DFE-4912-4E97-AE7D-91F8DF5CB124} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2013-03-06] (CyberLink)
Task: {DF20D329-10B6-40FA-9B46-C66BB493A2ED} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {F0DBCA59-82C7-4205-A499-3CFB5995872F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2014-08-14 17:51 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Programme (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2014-05-23 17:02 - 2014-05-23 17:02 - 00298496 _____ () C:\Program Files\Synergy\synergyd.exe
2015-02-20 05:42 - 2015-02-20 05:42 - 00382072 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2014-05-23 17:02 - 2014-05-23 17:02 - 00011264 _____ () C:\Program Files\Synergy\synwinhk.DLL
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-05-23 17:02 - 2014-05-23 17:02 - 01050112 _____ () C:\Program Files\Synergy\synergys.exe
2013-03-06 21:49 - 2013-03-06 21:49 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2013-03-06 21:52 - 2013-03-06 21:52 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1668834982-245352921-3405046034-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\XXXXXX XXXXXX\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: DisplayLinkService => 2
MSCONFIG\Services: Garmin Device Interaction Service => 3
MSCONFIG\Services: Lenovo EasyPlus Hotspot => 3
MSCONFIG\Services: LENOVO.CAMMUTE => 2
MSCONFIG\Services: LENOVO.TPKNRSVC => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: LSCWinService => 3
MSCONFIG\Services: nlsX86cc => 2
MSCONFIG\Services: Power Manager DBC Service => 3
MSCONFIG\Services: PwmEWSvc => 3
MSCONFIG\Services: rpcnet => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SUService => 3
MSCONFIG\startupfolder: C:^Users^XXXXXX XXXXXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk => C:\Windows\pss\Logitech . Produktregistrierung.lnk.Startup
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Enhanced Performance Keyboard => C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\tray.exe"
MSCONFIG\startupreg: HP Officejet Pro 8500 A910 (NET) => "C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe" -deviceID "CN0BCAM1Q6:NW" -scfn "HP Officejet Pro 8500 A910 (NET)" -AutoStart 1
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: Lenovo Registration => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
MSCONFIG\startupreg: LENOVO.TPKNRRES => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: MMReminderService => C:\Program Files (x86)\Mindjet\MindManager 11\MMReminderService.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Power Manager Startup Utility => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe
MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [{91E39B68-F022-4A9C-A064-B5BAB3BC84C0}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E9DD5C50-86FE-4C73-AE97-CFCF0EAFAA09}] => (Allow) C:\Program Files (x86)\lenovo\SHAREit\SHAREit.exe
FirewallRules: [{94157D23-2C86-46BA-B0D9-DC484CAAB162}] => (Allow) C:\Program Files (x86)\lenovo\SHAREit\SHAREit.exe
FirewallRules: [{373615F2-BA43-4D57-AACE-4B0B494C99A9}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{B1FA88B5-2D43-411E-8BD8-F8ED6AF3E1DF}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{9BF9D313-D91F-4953-837E-511FFE5676E1}] => (Allow) C:\Users\XXXXXX XXXXXX\AppData\Local\Temp\7zS6EF7.tmp\SymNRT.exe
FirewallRules: [{F0CD1910-BEE8-48D6-A4B9-9A16D446EA2E}] => (Allow) C:\Users\XXXXXX XXXXXX\AppData\Local\Temp\7zS6EF7.tmp\SymNRT.exe
FirewallRules: [{6BA94245-AA81-48A4-81F1-81A9B6AE88E7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F7597BA0-363F-4B8B-A447-19C8626F7BAE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EF2F5E02-DE9A-42A0-8A80-0C7925B68A9B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{0CFB4973-F2BD-4AF6-A264-B3CE5DBA3913}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{AF9AD2B1-51F4-4EA5-9A44-D9BAC22D269F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{DD2012EF-5FC9-4F7C-9DA5-619BDE2F7F4F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{BDC2BDD1-7CD2-4B5D-B1D6-19859297AA9E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office14\outlook.exe
FirewallRules: [{750F24C1-681B-461B-AFC5-75466901F70E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A42D7995-E6BA-4329-9B45-BFDEFE5BB783}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\FaxApplications.exe
FirewallRules: [{117646AB-E3F1-49DF-9DB1-EB3C52C8F312}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\DigitalWizards.exe
FirewallRules: [{264F3E4C-D8E6-4807-AEF0-BBDD110FD559}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\SendAFax.exe
FirewallRules: [{CB4B6D53-93C7-47CF-A060-F8E2A33E6AC2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe
FirewallRules: [{DCE64E96-91BB-497B-8C85-070E65F6460D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
FirewallRules: [{82EE2663-F1E9-42AE-8520-CD8177EB0BFC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{9BCFC4BC-EEA9-457F-927D-F491844477E7}] => (Allow) C:\Program Files\Synergy\synergys.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/03/2015 09:32:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/02/2015 10:48:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/02/2015 10:39:16 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (05/02/2015 10:32:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/02/2015 09:57:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/02/2015 09:46:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/01/2015 09:47:57 PM) (Source: Microsoft Office 14) (EventID: 2000) (User: )
Description: Microsoft Outlook: Accepted Safe Mode action : Schwerwiegender Fehler in Outlook beim g data outlook add-in-Add-In. Falls diese Fehlermeldung mehrmals angezeigt wurde, sollten Sie dieses Add-In deaktivieren und überprüfen, ob ein Update verfügbar ist. Möchten Sie dieses Add-In deaktivieren?.
Accepted Safe Mode action : Microsoft Outlook.
Error: (05/01/2015 09:47:51 PM) (Source: Microsoft Office 14) (EventID: 2000) (User: )
Description: Microsoft Outlook: Accepted Safe Mode action : Schwerwiegender Fehler in Outlook beim g data outlook add-in-Add-In. Falls diese Fehlermeldung mehrmals angezeigt wurde, sollten Sie dieses Add-In deaktivieren und überprüfen, ob ein Update verfügbar ist. Möchten Sie dieses Add-In deaktivieren?.
Accepted Safe Mode action : Microsoft Outlook.
Error: (05/01/2015 08:36:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/01/2015 08:09:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GTR2.exe, Version: 1.1.0.0, Zeitstempel: 0x452c9f16
Name des fehlerhaften Moduls: GTR2.exe, Version: 1.1.0.0, Zeitstempel: 0x452c9f16
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001fde06
ID des fehlerhaften Prozesses: 0x14a4
Startzeit der fehlerhaften Anwendung: 0xGTR2.exe0
Pfad der fehlerhaften Anwendung: GTR2.exe1
Pfad des fehlerhaften Moduls: GTR2.exe2
Berichtskennung: GTR2.exe3
System errors:
=============
Error: (05/02/2015 03:27:05 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (05/02/2015 03:27:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Modules Installer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/02/2015 03:27:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Modules Installer erreicht.
Error: (05/02/2015 09:55:48 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147014847
Error: (05/01/2015 08:35:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "rpcnetp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (04/27/2015 07:16:48 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:
%%-2147467243
Error: (04/27/2015 07:14:03 AM) (Source: Application Popup) (EventID: 877) (User: )
Description: Fehler [DATABASE OPEN FAILED] beim Verarbeiten der Treiberdatenbank.
Error: (04/26/2015 06:45:59 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
Error: (04/19/2015 00:53:16 PM) (Source: Microsoft-Windows-Time-Service) (EventID: 34) (User: NT-AUTORITÄT)
Description: Der Zeitdienst hat festgestellt, dass die Systemzeit um 86392 Sekunden geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal 54000 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone richtig sind und dass die Zeitquelle time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->23.99.222.162:123) ordnungsgemäß ausgeführt wird.
Error: (04/17/2015 08:23:06 PM) (Source: srv) (EventID: 2017) (User: )
Description: Der Server konnte keinen nicht-ausgelagerten Poolspeicher reservieren, da die konfigurierte Grenze für die Reservierung von nicht-ausgelagertem Poolspeicher erreicht wurde.
Microsoft Office Sessions:
=========================
Error: (05/03/2015 09:32:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/02/2015 10:48:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/02/2015 10:39:16 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:
Error: (05/02/2015 10:32:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/02/2015 09:57:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/02/2015 09:46:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/01/2015 09:47:57 PM) (Source: Microsoft Office 14) (EventID: 2000) (User: )
Description: Microsoft OutlookSchwerwiegender Fehler in Outlook beim g data outlook add-in-Add-In. Falls diese Fehlermeldung mehrmals angezeigt wurde, sollten Sie dieses Add-In deaktivieren und überprüfen, ob ein Update verfügbar ist. Möchten Sie dieses Add-In deaktivieren?
Error: (05/01/2015 09:47:51 PM) (Source: Microsoft Office 14) (EventID: 2000) (User: )
Description: Microsoft OutlookSchwerwiegender Fehler in Outlook beim g data outlook add-in-Add-In. Falls diese Fehlermeldung mehrmals angezeigt wurde, sollten Sie dieses Add-In deaktivieren und überprüfen, ob ein Update verfügbar ist. Möchten Sie dieses Add-In deaktivieren?
Error: (05/01/2015 08:36:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/01/2015 08:09:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GTR2.exe1.1.0.0452c9f16GTR2.exe1.1.0.0452c9f16c0000005001fde0614a401d0843947160262C:\SimBin\P&G 3.1\GTR2.exeC:\SimBin\P&G 3.1\GTR2.exe40446a0f-f02d-11e4-b7fa-448a5bc5dc44
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4460S CPU @ 2.90GHz
Percentage of memory in use: 44%
Total physical RAM: 4043.07 MB
Available physical RAM: 2234.04 MB
Total Pagefile: 8084.34 MB
Available Pagefile: 5685.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:910.52 GB) (Free:543.96 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:19.53 GB) (Free:7.69 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 81F2BA25)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=910.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST.txt kommt in weiterem Post. Beste Grüße writeoff |
|
03.05.2015, 08:56
| #4 |
| | G Data meldet wiederholt Problem mit rpcnetp.exe ... und jetzt der erste Teil der FRST.txt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by XXXXXX XXXXXX (administrator) on E73 on 03-05-2015 09:42:11
Running from C:\Users\XXXXXX XXXXXX\Desktop
Loaded Profiles: XXXXXX XXXXXX (Available profiles: XXXXXX XXXXXX)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Programme (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
() C:\Program Files\Synergy\synergyd.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(G DATA Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\Synergy\synergys.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe [1855608 2015-02-20] (G DATA Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe
HKU\S-1-5-21-1668834982-245352921-3405046034-1001\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-1668834982-245352921-3405046034-1001\...\MountPoints2: {a438ebc5-e483-11e4-b50f-806e6f6e6963} - Q:\LenovoQDrive.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1668834982-245352921-3405046034-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-1668834982-245352921-3405046034-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-1668834982-245352921-3405046034-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkcentre
HKU\S-1-5-21-1668834982-245352921-3405046034-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkcentre
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1668834982-245352921-3405046034-1001 -> DefaultScope {7EF566CC-A607-4F01-A850-3B859A49212D} URL =
SearchScopes: HKU\S-1-5-21-1668834982-245352921-3405046034-1001 -> {7EF566CC-A607-4F01-A850-3B859A49212D} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 11\Mm8InternetExplorer.dll [2013-05-14] (Mindjet)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\qa1my9yv.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-02-14] (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\qa1my9yv.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-04-16]
FF Extension: Ghostery - C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\qa1my9yv.default\Extensions\firefox@ghostery.com.xpi [2015-04-16]
FF Extension: NoScript - C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\qa1my9yv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-04-16]
FF Extension: Adblock Plus - C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\qa1my9yv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-16]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Programme (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2528888 2015-04-16] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe [965240 2015-02-20] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe [3672560 2015-04-07] (G Data Software AG)
S4 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-03-31] (DisplayLink Corp.)
S4 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708104 2015-04-12] (Garmin Ltd. or its subsidiaries)
R3 GDFwSvc; C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe [3193080 2015-02-20] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [789112 2015-03-04] (G Data Software AG)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S4 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [532224 2014-04-22] (Lenovo)
S4 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-02-14] (Nitro PDF Software)
S4 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [63848 2014-03-05] (Lenovo)
S4 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [186728 2014-03-05] (Lenovo Group Limited)
S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [49136 2015-03-27] ()
R2 Synergy; C:\Program Files\Synergy\synergyd.exe [298496 2014-05-23] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [150016 2015-04-16] (G Data Software AG)
R3 GDKBB; C:\Windows\system32\drivers\GDKBB64.sys [27648 2015-04-16] (G Data Software AG)
R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2015-04-16] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [230400 2015-04-16] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [75776 2015-04-16] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2015-04-22] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2015-05-02] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [124928 2015-04-16] (G Data Software AG)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-02-06] (Intel Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-03 09:42 - 2015-05-03 09:42 - 00013216 _____ () C:\Users\XXXXXX XXXXXX\Desktop\FRST.txt
2015-05-03 09:34 - 2015-05-03 09:42 - 00000000 ____D () C:\FRST
2015-05-03 09:32 - 2015-05-03 09:33 - 02101248 _____ (Farbar) C:\Users\XXXXXX XXXXXX\Desktop\FRST64.exe
2015-05-02 14:06 - 2015-05-02 14:06 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2015-05-02 14:06 - 2015-05-02 14:06 - 00018160 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2015-05-02 11:14 - 2015-05-02 11:14 - 00002322 _____ () C:\Users\XXXXXX XXXXXX\Documents\G*DATA Protokoll ID 110.txt
2015-04-23 10:57 - 2015-04-23 10:57 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\CyberLink
2015-04-23 10:55 - 2015-04-23 10:57 - 00000000 ____D () C:\Users\Public\CyberLink
2015-04-23 10:19 - 2015-04-23 10:19 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Intel Corporation
2015-04-23 09:23 - 2015-04-23 09:23 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-04-23 09:16 - 2015-04-23 09:21 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\Microsoft Games
2015-04-22 19:48 - 2015-04-22 19:48 - 00623208 _____ () C:\Users\XXXXXX XXXXXX\Downloads\FP.exe
2015-04-22 19:48 - 2015-04-22 19:48 - 00002035 _____ () C:\Users\XXXXXX XXXXXX\Documents\G*DATA Protokoll ID 69.txt
2015-04-22 18:37 - 2015-04-22 18:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-22 18:34 - 2015-04-22 18:34 - 00003530 _____ () C:\Users\XXXXXX XXXXXX\Desktop\Stromverbrauchssteuerung - Verknüpfung.lnk
2015-04-22 18:31 - 2015-04-22 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY
2015-04-19 17:47 - 2015-03-24 19:10 - 00027371 _____ () C:\Users\XXXXXX XXXXXX\Documents\config(1).bin
2015-04-19 17:47 - 2013-12-20 19:03 - 00008704 ___SH () C:\Users\XXXXXX XXXXXX\Documents\Thumbs.db
2015-04-19 15:59 - 2015-04-19 16:04 - 417659040 _____ () C:\Users\XXXXXX XXXXXX\Downloads\br2014Free101.exe
2015-04-19 12:53 - 2015-04-19 12:53 - 00000000 ____D () C:\Backups
2015-04-17 18:13 - 2015-04-17 18:13 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\Garmin
2015-04-17 16:09 - 2015-04-17 16:09 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Garmin
2015-04-17 16:09 - 2015-04-17 16:09 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\Garmin_Ltd._or_its_subsid
2015-04-17 16:08 - 2015-04-22 20:05 - 00003558 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2015-04-17 16:08 - 2015-04-17 16:09 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-04-17 16:08 - 2015-04-17 16:08 - 00001901 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2015-04-17 16:08 - 2015-04-17 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-04-17 16:08 - 2015-04-17 16:08 - 00000000 ____D () C:\ProgramData\Garmin
2015-04-17 16:07 - 2015-04-17 16:07 - 40383568 _____ (Garmin Ltd or its subsidiaries) C:\Users\XXXXXX XXXXXX\Downloads\GarminExpressInstaller.exe
2015-04-17 16:05 - 2015-04-17 16:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-04-17 14:13 - 2015-04-17 14:13 - 00153777 _____ () C:\Users\XXXXXX XXXXXX\Downloads\bookmarks-2015-04-18.json
2015-04-17 13:16 - 2015-05-03 09:35 - 00049536 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\agremove.exe
2015-04-17 13:14 - 2015-04-17 13:14 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\G DATA
2015-04-17 13:12 - 2015-04-17 13:12 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\G Data
2015-04-17 00:41 - 2015-04-17 00:42 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\Steuerfälle
2015-04-17 00:34 - 2015-04-20 18:24 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\PRIVAT
2015-04-17 00:05 - 2015-05-02 15:16 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\Outlook-Dateien
2015-04-17 00:05 - 2015-04-17 00:05 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\OneNote-Notizbücher
2015-04-17 00:05 - 2015-04-17 00:05 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\MoTeC Projects
2015-04-17 00:04 - 2015-04-17 00:05 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\LEGO Creations
2015-04-16 23:59 - 2015-04-16 23:59 - 00000000 ____D () C:\Windows\CSC
2015-04-16 23:36 - 2015-04-17 00:01 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\JOB
2015-04-16 23:36 - 2015-04-16 23:36 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\Englisch_Basis_v02
2015-04-16 23:32 - 2015-04-08 09:32 - 00020862 _____ () C:\Users\XXXXXX XXXXXX\Documents\NewDatabase.kdbx
2015-04-16 23:32 - 2015-01-23 15:30 - 00019502 _____ () C:\Users\XXXXXX XXXXXX\Documents\NewDatabase.old
2015-04-16 22:53 - 2015-04-17 22:52 - 00300488 _____ () C:\Users\XXXXXX XXXXXX\Downloads\outlook.reg
2015-04-16 20:39 - 2015-05-01 20:09 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\CrashDumps
2015-04-16 20:35 - 2015-04-16 20:37 - 00001900 _____ () C:\Users\XXXXXX XXXXXX\Desktop\P&G 3.1.lnk
2015-04-16 20:35 - 2015-04-16 20:35 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\GTR2
2015-04-16 20:26 - 2015-04-16 20:26 - 00000000 ____D () C:\Windows\pss
2015-04-16 20:14 - 2015-04-16 20:14 - 00933622 _____ () C:\Users\XXXXXX XXXXXX\Downloads\teachmaster_4-3_setup.exe
2015-04-16 20:14 - 2015-04-16 20:14 - 00001114 _____ () C:\Users\XXXXXX XXXXXX\Desktop\Teachmaster 4.3.lnk
2015-04-16 20:14 - 2015-04-16 20:14 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Teachmaster 4.3
2015-04-16 20:14 - 2015-04-16 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Teachmaster 4.3
2015-04-16 20:14 - 2015-04-16 20:14 - 00000000 ____D () C:\Program Files (x86)\Teachmaster 4.3
2015-04-16 20:11 - 2015-05-02 17:04 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\PersBackup
2015-04-16 20:11 - 2015-05-02 16:12 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\PersBackup5
2015-04-16 20:11 - 2015-04-16 20:11 - 00000896 _____ () C:\Users\Public\Desktop\Personal Backup 5.lnk
2015-04-16 20:11 - 2015-04-16 20:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup
2015-04-16 20:11 - 2015-04-16 20:11 - 00000000 ____D () C:\Program Files\Personal Backup 5
2015-04-16 20:10 - 2015-04-16 20:10 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Downloads\pb5682
2015-04-16 20:09 - 2015-04-16 20:10 - 22355444 _____ () C:\Users\XXXXXX XXXXXX\Downloads\pb5682.zip
2015-04-16 20:08 - 2015-04-16 20:08 - 00001039 _____ () C:\Users\XXXXXX XXXXXX\Desktop\OBELISK top2.lnk
2015-04-16 20:08 - 2015-04-16 20:08 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Theben
2015-04-16 20:08 - 2015-04-16 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBELISK top2
2015-04-16 20:08 - 2015-04-16 20:08 - 00000000 ____D () C:\Program Files (x86)\OBELISK top2
2015-04-16 20:07 - 2015-04-16 20:07 - 01376768 _____ () C:\Users\XXXXXX XXXXXX\Downloads\7z920-x64.msi
2015-04-16 20:07 - 2015-04-16 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-04-16 20:07 - 2015-04-16 20:07 - 00000000 ____D () C:\Program Files\7-Zip
2015-04-16 20:06 - 2015-04-27 18:32 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Simple Sudoku
2015-04-16 20:06 - 2015-04-16 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simple Sudoku
2015-04-16 20:06 - 2015-04-16 20:06 - 00000000 ____D () C:\Program Files (x86)\Simple Sudoku
2015-04-16 20:01 - 2015-04-16 20:01 - 00000000 ____D () C:\Program Files\Microsoft Games
2015-04-16 19:59 - 2015-04-17 19:10 - 00000000 ____D () C:\Program Files\Synergy
2015-04-16 19:59 - 2015-04-16 19:59 - 00002427 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synergy.lnk
2015-04-16 19:22 - 2015-04-22 20:06 - 00002798 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-04-16 19:22 - 2015-04-16 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-16 19:22 - 2015-04-16 19:22 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-16 19:21 - 2015-04-16 19:21 - 04218880 _____ (Piriform Ltd) C:\Users\XXXXXX XXXXXX\Downloads\ccsetup504_slim.exe
2015-04-16 19:20 - 2015-04-16 19:20 - 00000000 ____D () C:\ProgramData\Sun
2015-04-16 19:20 - 2015-04-16 19:19 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-04-16 19:19 - 2015-04-16 19:19 - 43159464 _____ (Oracle Corporation) C:\Users\XXXXXX XXXXXX\Downloads\jre-8u45-windows-x64.exe
2015-04-16 19:19 - 2015-04-16 19:19 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-16 19:19 - 2015-04-16 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-16 19:19 - 2015-04-16 19:19 - 00000000 ____D () C:\Program Files\Java
2015-04-16 19:18 - 2015-04-16 19:18 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\Macromedia
2015-04-16 19:17 - 2015-05-02 17:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-16 19:17 - 2015-04-16 19:18 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-16 19:17 - 2015-04-16 19:18 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-16 19:17 - 2015-04-16 19:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-16 19:17 - 2015-04-16 19:17 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-04-16 19:17 - 2015-04-16 19:17 - 00000000 ____D () C:\Windows\system32\Macromed
2015-04-16 19:15 - 2015-04-22 20:04 - 00003888 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-04-16 19:14 - 2015-04-16 19:14 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-04-16 18:58 - 2015-04-16 18:58 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\AAV
2015-04-16 18:58 - 2015-04-16 18:58 - 00000000 ____D () C:\Programme (x86)
2015-04-16 18:58 - 2015-04-16 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuertipps
2015-04-16 18:50 - 2015-04-16 18:59 - 00000000 ____D () C:\ProgramData\AAV
2015-04-16 18:45 - 2015-04-16 18:45 - 00000968 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
2015-04-16 18:45 - 2015-04-16 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-04-16 18:45 - 2015-04-16 18:45 - 00000000 ____D () C:\ProgramData\HP
2015-04-16 18:45 - 2015-04-16 18:45 - 00000000 ____D () C:\Program Files\HP
2015-04-16 18:45 - 2015-04-16 18:45 - 00000000 ____D () C:\Program Files (x86)\HP
2015-04-16 18:45 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5312.dll
2015-04-16 18:44 - 2015-04-16 18:45 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\HP
2015-04-16 18:44 - 2015-04-16 18:44 - 00000057 _____ () C:\ProgramData\Ament.ini
2015-04-16 18:42 - 2015-05-02 09:47 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\KeePass
2015-04-16 18:41 - 2015-04-16 18:41 - 00001128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2015-04-16 18:41 - 2015-04-16 18:41 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2015-04-16 18:21 - 2015-04-16 18:21 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Tracing
2015-04-16 14:58 - 2015-04-16 14:58 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\Logitech® Webcam-Software
2015-04-16 14:56 - 2015-04-16 14:56 - 00000000 ____D () C:\ProgramData\LogiShrd
2015-04-16 14:54 - 2015-04-19 12:49 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2015-04-16 14:54 - 2015-04-16 14:55 - 00017119 _____ () C:\Windows\system32\lvcoinst.log
2015-04-16 14:54 - 2015-04-16 14:55 - 00004758 _____ () C:\Windows\LDPINST.LOG
2015-04-16 14:54 - 2015-04-16 14:55 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2015-04-16 14:54 - 2015-04-16 14:55 - 00000000 ____D () C:\Program Files (x86)\Logitech
2015-04-16 14:22 - 2015-04-16 14:22 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\Mindjet
2015-04-16 14:21 - 2015-04-16 14:22 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Documents\Eigene Maps
2015-04-16 14:21 - 2015-04-16 14:21 - 00002898 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Mindjet.lnk
2015-04-16 14:21 - 2015-04-16 14:21 - 00000000 ____D () C:\ProgramData\Mindjet
2015-04-16 14:21 - 2015-04-16 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mindjet
2015-04-16 14:21 - 2015-04-16 14:21 - 00000000 ____D () C:\Program Files (x86)\Mindjet
2015-04-16 14:21 - 2012-11-12 22:00 - 00057472 _____ (Tracker Software Products (Canada) Ltd.) C:\Windows\system32\pxc50pm.dll
2015-04-16 14:20 - 2015-04-16 14:20 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\{943B7A3D-5366-460D-8966-748D70185DF7}
2015-04-16 13:38 - 2015-04-16 13:38 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\Skype
2015-04-16 13:38 - 2015-04-16 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-04-16 13:38 - 2015-04-16 13:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-04-16 13:38 - 2015-04-16 13:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-04-16 13:37 - 2015-04-16 18:25 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Skype
2015-04-16 13:37 - 2015-04-16 18:21 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-16 13:37 - 2015-04-16 18:21 - 00000000 ____D () C:\ProgramData\Skype
2015-04-16 13:37 - 2015-04-16 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-16 13:36 - 2015-04-16 13:36 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2015-04-16 13:36 - 2015-04-16 13:36 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2015-04-16 13:36 - 2015-04-16 13:36 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2015-04-16 13:36 - 2015-04-16 13:36 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2015-04-16 13:36 - 2015-04-16 13:36 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2015-04-16 13:36 - 2015-04-16 13:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2015-04-16 13:36 - 2015-04-16 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
2015-04-16 13:36 - 2015-04-16 13:36 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2015-04-16 13:35 - 2015-04-16 13:35 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2015-04-16 13:34 - 2015-04-16 13:34 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2015-04-16 13:19 - 2015-04-16 13:19 - 02118222 _____ () C:\Users\XXXXXX XXXXXX\Downloads\AnyBurn_v2.7.zip
2015-04-16 13:18 - 2015-04-16 13:18 - 00303239 _____ () C:\Users\XXXXXX XXXXXX\Downloads\ZoomIt_4.5.zip
2015-04-16 12:41 - 2015-04-16 12:41 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-04-16 12:41 - 2015-04-16 12:41 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-04-16 12:29 - 2014-11-30 19:28 - 23652676 _____ () C:\Users\XXXXXX XXXXXX\Downloads\Software_OBELISK_top2_V3.6.1_de.ZIP
2015-04-16 12:29 - 2013-07-11 10:09 - 129180128 _____ () C:\Users\XXXXXX XXXXXX\Downloads\Mindjet_11.3.305_DE.exe
2015-04-16 12:28 - 2013-12-20 23:33 - 122415248 _____ () C:\Users\XXXXXX XXXXXX\Downloads\OJ8500_A910_1315.exe
2015-04-16 12:22 - 2015-04-16 12:22 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\WindowsUpdate
2015-04-16 12:06 - 2015-04-17 00:31 - 00000000 ___SD () C:\Users\XXXXXX XXXXXX\Documents\Meine Shapes
2015-04-16 12:05 - 2015-04-16 13:17 - 00000039 _____ () C:\Windows\vbaddin.ini
2015-04-16 12:01 - 2015-04-16 12:01 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Downloads\Visio
2015-04-16 11:53 - 2015-04-16 11:53 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-04-16 11:46 - 2015-04-16 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-04-16 11:46 - 2015-04-16 11:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-04-16 11:46 - 2015-04-16 11:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2015-04-16 11:45 - 2015-04-16 11:45 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-04-16 11:45 - 2015-04-16 11:45 - 00000000 ____D () C:\Windows\PCHEALTH
2015-04-16 11:45 - 2015-04-16 11:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2015-04-16 11:45 - 2015-04-16 11:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-04-16 11:44 - 2015-04-16 11:44 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-04-16 11:44 - 2015-04-16 11:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2015-04-16 11:43 - 2015-04-16 13:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 11:43 - 2015-04-16 12:12 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\Microsoft Help
2015-04-16 11:43 - 2015-04-16 11:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-04-16 11:42 - 2015-04-16 11:42 - 00000000 __RHD () C:\MSOCache
2015-04-16 11:05 - 2015-04-17 21:21 - 00000764 _____ () C:\Users\XXXXXX XXXXXX\Desktop\GTR 2.lnk
2015-04-16 11:05 - 2015-04-16 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimBin
2015-04-16 11:01 - 2015-04-16 11:01 - 00000000 ____D () C:\Program Files (x86)\SimBin
2015-04-16 11:01 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-04-16 11:01 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-04-16 11:01 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-04-16 11:01 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-04-16 11:01 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-04-16 11:01 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-04-16 11:01 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-04-16 11:01 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-04-16 11:01 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-04-16 11:01 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-04-16 11:01 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-04-16 11:01 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-04-16 11:01 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-04-16 11:01 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-04-16 11:01 - 2008-07-30 06:20 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-04-16 11:01 - 2008-07-30 06:20 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-04-16 11:01 - 2008-07-30 06:20 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-04-16 11:01 - 2008-07-30 06:20 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-04-16 11:01 - 2008-07-30 06:20 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-04-16 11:01 - 2008-07-30 06:20 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-04-16 11:01 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-04-16 11:01 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-04-16 11:01 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-04-16 11:01 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-04-16 11:01 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-04-16 11:01 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-04-16 11:01 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-04-16 11:01 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-04-16 11:01 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-04-16 11:01 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-04-16 11:01 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-04-16 11:01 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-04-16 11:01 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-04-16 11:01 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-04-16 11:01 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-04-16 11:01 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-04-16 11:01 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-04-16 11:01 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-04-16 11:01 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-04-16 11:01 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-04-16 11:01 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-04-16 11:01 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-04-16 11:01 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-04-16 11:01 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-04-16 11:01 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-04-16 11:01 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-04-16 11:01 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-04-16 11:01 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-04-16 11:01 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-04-16 11:01 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-04-16 11:01 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-04-16 11:01 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-04-16 11:01 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-04-16 11:01 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-04-16 11:01 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-04-16 11:01 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-04-16 11:01 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-04-16 11:01 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-04-16 11:01 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-04-16 11:01 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-04-16 11:01 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-04-16 11:01 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-04-16 11:01 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-04-16 11:01 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-04-16 11:01 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-04-16 11:01 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-04-16 11:01 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-04-16 11:01 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-04-16 11:01 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-04-16 11:01 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-04-16 11:01 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-04-16 11:01 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-04-16 11:01 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-04-16 11:01 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-04-16 11:01 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-04-16 11:01 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-04-16 11:01 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-04-16 11:01 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-04-16 11:01 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-04-16 11:01 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-04-16 11:01 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-04-16 11:01 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-04-16 11:01 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-04-16 11:01 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-04-16 11:01 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-04-16 11:01 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-04-16 11:01 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-04-16 11:01 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-04-16 11:01 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-04-16 11:01 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-04-16 11:01 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-04-16 11:01 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-04-16 11:01 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-04-16 11:01 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-04-16 11:01 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-04-16 11:01 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-04-16 11:01 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-04-16 11:01 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-04-16 11:01 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-04-16 11:01 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-04-16 11:01 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-04-16 11:01 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-04-16 11:01 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-04-16 11:01 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-04-16 11:01 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-04-16 11:01 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-04-16 11:01 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-04-16 11:01 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-04-16 11:01 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-04-16 11:01 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-04-16 11:01 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-04-16 11:01 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-04-16 11:00 - 2015-04-16 11:01 - 00010123 _____ () C:\Windows\DirectX.log
2015-04-16 11:00 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-04-16 11:00 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-04-16 11:00 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-04-16 11:00 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-04-16 11:00 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-04-16 11:00 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-04-16 11:00 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-04-16 11:00 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-04-16 11:00 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-04-16 11:00 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-04-16 11:00 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-04-16 11:00 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-04-16 11:00 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-04-16 11:00 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-04-16 11:00 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-04-16 11:00 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-04-16 11:00 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-04-16 11:00 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-04-16 10:53 - 2015-04-16 10:53 - 00024250 _____ () C:\Users\XXXXXX XXXXXX\Downloads\Ghostery-Backup-4-17-2015.ghost
2015-04-16 10:52 - 2015-04-16 10:52 - 00028171 _____ () C:\Users\XXXXXX XXXXXX\Downloads\noscr.txt
2015-04-16 10:51 - 2015-04-16 10:51 - 00000058 _____ () C:\Users\XXXXXX XXXXXX\Downloads\adblpopu.txt
2015-04-16 10:49 - 2015-04-16 10:49 - 01913304 _____ () C:\Users\XXXXXX XXXXXX\Downloads\adbl.ini
2015-04-16 10:47 - 2015-04-22 19:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-16 10:47 - 2015-04-16 10:47 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-16 10:47 - 2015-04-16 10:47 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Mozilla
2015-04-16 10:47 - 2015-04-16 10:47 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\Mozilla
2015-04-16 10:47 - 2015-04-16 10:47 - 00000000 ____D () C:\ProgramData\Mozilla
2015-04-16 10:46 - 2015-04-16 10:46 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\Logitech
2015-04-16 10:41 - 2015-04-16 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-04-16 10:41 - 2015-04-16 10:41 - 00000000 ____D () C:\Program Files\Logitech
2015-04-16 10:41 - 2015-04-16 10:41 - 00000000 ____D () C:\Program Files\Common Files\Logitech
2015-04-16 10:40 - 2015-04-16 10:40 - 00003190 _____ () C:\Windows\System32\Tasks\{5C755EAB-2069-42B3-82FA-14707930F6C8}
2015-04-16 10:40 - 2010-11-14 11:58 - 17276616 _____ (Logitech ) C:\Users\XXXXXX XXXXXX\Downloads\lgs510_x64.exe
2015-04-16 10:39 - 2015-04-16 10:39 - 00000000 __SHD () C:\Users\XXXXXX XXXXXX\AppData\Local\EmieUserList
2015-04-16 10:39 - 2015-04-16 10:39 - 00000000 __SHD () C:\Users\XXXXXX XXXXXX\AppData\Local\EmieSiteList
2015-04-16 10:39 - 2015-04-16 10:39 - 00000000 __SHD () C:\Users\XXXXXX XXXXXX\AppData\Local\EmieBrowserModeList
2015-04-16 10:22 - 2015-04-16 11:10 - 00000000 ____D () C:\SimBin
2015-04-16 09:32 - 2015-04-16 09:32 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\NVIDIA
2015-04-16 09:32 - 2015-04-16 09:32 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-04-16 09:30 - 2015-02-06 05:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-16 09:30 - 2015-02-06 05:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-16 09:30 - 2015-02-06 05:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-16 09:30 - 2015-02-06 05:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-16 09:30 - 2015-02-06 05:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-16 09:30 - 2015-02-06 05:01 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-16 09:30 - 2015-02-06 05:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-16 09:30 - 2015-02-06 05:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-16 09:30 - 2015-02-06 05:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-16 09:30 - 2015-02-06 05:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-16 09:30 - 2015-02-06 05:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-16 09:30 - 2015-02-06 05:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-16 09:30 - 2015-02-06 05:01 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-16 09:30 - 2015-02-06 05:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-16 09:30 - 2015-02-06 05:01 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-16 09:30 - 2015-02-06 05:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-04-16 09:30 - 2015-02-06 05:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-04-16 09:30 - 2015-02-06 05:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-04-16 09:30 - 2015-02-06 05:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-16 09:30 - 2015-02-06 05:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-16 09:30 - 2015-02-06 05:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-16 09:30 - 2015-02-06 05:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-16 09:30 - 2015-02-06 05:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-04-16 09:30 - 2015-02-06 05:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-16 09:30 - 2015-02-06 05:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-16 09:30 - 2015-02-06 05:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-16 09:30 - 2015-02-06 05:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-16 09:30 - 2014-10-10 01:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-04-16 09:30 - 2014-10-10 01:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-04-16 09:20 - 2015-04-16 09:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2015-04-16 09:20 - 2015-04-16 09:20 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\LSC
2015-04-16 09:17 - 2015-04-16 09:17 - 00002002 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2015-04-16 09:15 - 2015-04-16 09:15 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\Tvsukernel
2015-04-16 08:58 - 2015-01-09 05:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-04-16 08:58 - 2015-01-09 05:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-04-16 08:58 - 2015-01-09 05:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-04-16 08:58 - 2015-01-09 04:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-04-16 08:51 - 2015-04-16 08:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 08:51 - 2015-04-16 08:51 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 08:40 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-16 08:40 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-16 08:40 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-16 08:40 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-16 08:40 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-16 08:40 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-16 08:40 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-16 08:40 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-16 08:40 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-16 08:40 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-16 08:40 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-16 08:40 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-16 08:40 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-16 08:40 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-16 08:40 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-16 08:40 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-16 08:40 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-16 08:40 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-16 08:40 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-16 08:40 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-16 08:40 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-16 08:40 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-16 08:40 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-16 08:40 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-16 08:40 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-04-16 08:40 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-16 08:40 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-04-16 08:40 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-04-16 08:40 - 2015-01-28 01:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-04-16 08:40 - 2014-12-19 03:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-04-16 08:40 - 2014-11-11 03:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-04-16 08:40 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-04-16 08:40 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-04-16 08:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-04-16 08:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-04-16 08:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-04-16 08:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-04-16 08:40 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-04-16 08:40 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-04-16 08:40 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-04-16 08:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-04-16 08:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-04-16 08:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-04-16 08:40 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-04-16 08:40 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-04-16 08:40 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-04-16 08:40 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-04-16 08:40 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-04-16 08:40 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-04-16 08:40 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-04-16 08:39 - 2014-10-03 04:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-04-16 08:39 - 2014-10-03 04:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-04-16 08:39 - 2014-10-03 04:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-04-16 08:39 - 2014-10-03 04:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-04-16 08:39 - 2014-10-03 04:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-04-16 08:39 - 2014-10-03 03:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-04-16 08:39 - 2014-10-03 03:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-04-16 08:39 - 2014-10-03 03:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-04-16 08:39 - 2014-10-03 03:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-04-16 08:39 - 2014-10-03 03:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-04-16 08:38 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-16 08:38 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-16 08:38 - 2014-10-04 04:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-04-16 08:38 - 2014-10-04 03:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-04-16 08:38 - 2014-10-04 03:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-04-16 08:38 - 2014-08-12 04:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-04-16 08:38 - 2014-08-12 03:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-04-16 08:36 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-16 08:36 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-04-16 08:36 - 2014-11-08 05:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-04-16 08:36 - 2014-11-08 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-04-16 08:36 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-04-16 08:36 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-04-16 08:24 - 2015-01-09 01:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-04-16 08:24 - 2015-01-09 01:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-04-16 08:07 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2015-04-16 08:07 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2015-04-16 08:07 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2015-04-16 08:07 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2015-04-16 08:07 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2015-04-16 08:07 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2015-04-16 08:07 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2015-04-16 08:07 - 2012-06-02 16:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-04-16 08:06 - 2015-04-17 22:29 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 08:06 - 2015-04-17 22:26 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-16 08:02 - 2015-04-16 08:02 - 40676944 _____ () C:\Users\XXXXXX XXXXXX\Downloads\Firefox_Setup_37.0.1.exe
2015-04-16 08:02 - 2014-10-14 04:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-04-16 08:01 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-04-16 08:01 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-04-16 08:01 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-04-16 08:01 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-04-16 08:01 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-04-16 08:01 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-04-16 08:01 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-04-16 08:01 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-04-16 08:01 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-04-16 08:01 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-04-16 08:01 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-04-16 08:01 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-04-16 08:01 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-04-16 08:01 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-04-16 08:01 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-04-16 08:01 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-04-16 08:01 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-04-16 08:01 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-04-16 08:01 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-04-16 08:01 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-04-16 08:01 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-04-16 08:01 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-04-16 08:01 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-04-16 08:01 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-04-16 08:01 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-04-16 08:01 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-04-16 08:01 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-04-16 08:01 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-04-16 08:01 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-04-16 08:01 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-04-16 08:01 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-04-16 08:01 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-04-16 08:01 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-04-16 08:01 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-04-16 08:01 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-04-16 08:01 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-04-16 08:01 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-04-16 08:01 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-04-16 08:01 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-04-16 08:01 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-04-16 08:01 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-04-16 08:01 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-04-16 08:01 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-04-16 08:01 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-04-16 08:01 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-04-16 08:01 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-04-16 08:01 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-04-16 08:01 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-04-16 08:01 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-04-16 08:01 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-04-16 08:01 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-04-16 08:01 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-04-16 08:01 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-04-16 08:01 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-04-16 08:01 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-04-16 08:01 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-04-16 08:01 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-04-16 08:01 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-04-16 08:01 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-04-16 08:01 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-04-16 08:01 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-04-16 08:01 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-04-16 08:01 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-04-16 08:01 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-04-16 08:01 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-04-16 08:01 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-04-16 08:01 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-04-16 08:01 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-04-16 08:01 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-04-16 08:01 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-04-16 08:01 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-04-16 08:01 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-04-16 08:01 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-04-16 08:01 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-04-16 08:01 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-04-16 08:01 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-04-16 08:01 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-04-16 08:01 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-04-16 08:01 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-04-16 08:01 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-04-16 08:01 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-04-16 08:01 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-04-16 08:01 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-04-16 08:01 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-04-16 08:01 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-04-16 08:01 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-04-16 08:01 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-04-16 08:01 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-04-16 08:01 - 2014-12-19 05:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-04-16 08:01 - 2014-12-11 19:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-04-16 08:01 - 2014-12-06 06:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-04-16 08:01 - 2014-12-06 05:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-04-16 08:01 - 2014-12-06 05:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-04-16 08:01 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-04-16 08:01 - 2014-06-28 02:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-04-16 08:01 - 2014-06-28 02:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-04-16 08:01 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-04-16 08:01 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-04-16 08:01 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-04-16 08:01 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-04-16 08:01 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-04-16 08:01 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-04-16 08:01 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-04-16 08:01 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-04-16 08:01 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-04-16 08:01 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-04-16 08:01 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-04-16 08:01 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-04-16 08:01 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-04-16 08:01 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-04-16 08:01 - 2011-11-17 08:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2015-04-16 08:01 - 2011-11-17 07:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2015-04-16 08:01 - 2011-04-09 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-04-16 08:01 - 2011-04-09 07:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-04-16 08:00 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-16 08:00 - 2014-11-11 05:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-16 08:00 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-16 08:00 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-04-16 07:53 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-16 07:53 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-16 07:53 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-16 07:53 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-16 07:53 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-16 07:53 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-16 07:53 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-16 07:53 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-16 07:53 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-16 07:53 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-16 07:53 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-16 07:53 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-16 07:53 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-16 07:53 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-16 07:53 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-16 07:53 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-16 07:53 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-16 07:53 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-16 07:53 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-16 07:53 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-16 07:53 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-16 07:53 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-16 07:53 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-16 07:53 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-16 07:53 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-16 07:53 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-16 07:53 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-16 07:53 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-16 07:53 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-16 07:53 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-16 07:53 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-16 07:53 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-16 07:53 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-16 07:53 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-16 07:53 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-16 07:53 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-16 07:53 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-16 07:53 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-16 07:53 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-16 07:53 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-16 07:53 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-16 07:53 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-16 07:53 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-16 07:53 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-16 07:53 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-16 07:53 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-16 07:53 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-16 07:53 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-16 07:53 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-16 07:53 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-16 07:53 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-16 07:53 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-16 07:53 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-16 07:53 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-16 07:53 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-16 07:53 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-16 07:53 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 07:53 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-16 07:53 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-04-16 07:53 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-04-16 07:53 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-04-16 07:53 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-04-16 07:53 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-04-16 07:53 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-04-16 07:53 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-04-16 07:53 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-04-16 07:53 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-04-16 07:53 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-04-16 07:53 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-04-16 07:53 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-04-16 07:53 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-04-16 07:53 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-04-16 07:53 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-04-16 07:52 - 2014-07-17 04:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-04-16 07:52 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-04-16 07:52 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-04-16 07:52 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-04-16 07:52 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-04-16 07:52 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-04-16 07:52 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-04-16 07:52 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-04-16 07:50 - 2014-11-26 05:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-04-16 07:50 - 2014-11-26 05:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-04-16 07:50 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-04-16 07:50 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-04-16 07:49 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-16 07:49 - 2014-12-08 05:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-04-16 07:49 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-04-16 07:49 - 2014-10-25 03:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-04-16 07:49 - 2014-10-25 03:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-04-16 07:47 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-16 07:47 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-16 07:47 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-16 07:47 - 2011-02-23 06:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2015-04-16 07:41 - 2015-04-16 07:46 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Downloads\Games
2015-04-16 07:40 - 2015-04-16 07:40 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\Downloads\ProLite B2776HDS
2015-04-16 07:40 - 2014-10-20 20:19 - 02536151 _____ (Dominik Reichl ) C:\Users\XXXXXX XXXXXX\Downloads\KeePass-2.28-Setup.exe
2015-04-16 07:40 - 2012-11-28 08:29 - 74637872 _____ (Logitech, Inc.) C:\Users\XXXXXX XXXXXX\Downloads\lws251.exe
2015-04-16 07:39 - 2015-04-04 20:59 - 15024516 _____ () C:\Users\XXXXXX XXXXXX\Downloads\synergy15.zip
2015-04-16 07:34 - 2015-04-22 18:31 - 00001989 _____ () C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk
2015-04-16 07:34 - 2015-04-16 07:34 - 00075776 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2015-04-16 07:34 - 2015-04-16 07:34 - 00027648 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBB64.sys
2015-04-16 07:34 - 2015-04-16 07:34 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_GDKBB64_01007.Wdf
2015-04-16 07:33 - 2015-04-22 18:31 - 00064512 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2015-04-16 07:33 - 2015-04-16 07:33 - 00230400 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2015-04-16 07:33 - 2015-04-16 07:33 - 00150016 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2015-04-16 07:33 - 2015-04-16 07:33 - 00124928 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2015-04-16 07:33 - 2015-04-16 07:33 - 00020992 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys
2015-04-16 07:33 - 2015-04-16 07:33 - 00000779 _____ () C:\Users\XXXXXX XXXXXX\AppData\Roaming\gdscan.log
2015-04-16 07:33 - 2015-04-16 07:33 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_GDKBFlt64_01007.Wdf
2015-04-16 07:33 - 2015-04-16 07:33 - 00000000 ____D () C:\Program Files (x86)\G DATA
2015-04-16 07:33 - 2015-04-16 07:33 - 00000000 _____ () C:\Users\XXXXXX XXXXXX\AppData\Roaming\gdfw.log
2015-04-16 07:31 - 2015-04-16 08:26 - 00000000 ____D () C:\ProgramData\G Data
2015-04-16 07:27 - 2015-04-16 07:27 - 00896048 _____ () C:\Users\XXXXXX XXXXXX\Downloads\Norton_Removal_Tool.exe
2015-04-16 07:25 - 2015-04-04 15:40 - 475698480 _____ (G Data Software AG) C:\Users\XXXXXX XXXXXX\Downloads\INT_R_FUL_IS.exe
2015-04-16 07:21 - 2015-04-16 07:23 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-16 07:21 - 2015-04-16 07:21 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-16 07:18 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-04-16 07:18 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-04-16 07:12 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-04-16 07:12 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-04-16 07:12 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-04-16 07:12 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-04-16 07:12 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-04-16 07:12 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-04-16 07:12 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-04-16 07:12 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-04-16 07:08 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-16 07:08 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-04-16 07:07 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-04-16 07:07 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-04-16 07:02 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-16 07:02 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-16 06:57 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-16 06:57 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-16 06:57 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-16 06:57 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-16 06:57 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-16 06:57 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-16 06:57 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-16 06:57 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-16 06:57 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-16 06:57 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-16 06:57 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-16 06:57 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-16 06:57 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-16 06:57 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-16 06:57 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-16 06:57 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-16 06:57 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-16 06:57 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-16 06:57 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-16 06:57 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-16 06:57 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-16 06:57 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-16 06:57 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-16 06:57 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-16 06:57 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-16 06:57 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-16 06:57 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-16 06:57 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-16 06:57 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-16 06:57 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-16 06:57 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-16 06:57 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-16 06:57 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-16 06:57 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-16 06:57 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-16 06:57 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-16 06:57 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-16 06:57 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-16 06:57 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-16 06:57 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-16 06:57 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-16 06:57 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-16 06:57 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-16 06:57 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-16 06:57 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-16 06:57 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-16 06:57 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-16 06:57 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-16 06:57 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-16 06:57 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-16 06:57 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-16 06:57 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-16 06:57 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-16 06:57 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-16 06:57 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-16 06:57 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-16 06:57 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-16 06:57 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-16 06:57 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-16 06:57 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-16 06:57 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-16 06:57 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-16 06:57 - 2014-10-14 04:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-04-16 06:57 - 2014-10-14 03:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-04-16 06:57 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-04-16 06:57 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-04-16 06:57 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-04-16 06:57 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-04-16 06:57 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-04-16 06:56 - 2014-10-30 04:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-04-16 06:56 - 2014-10-30 03:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-04-16 06:45 - 2015-04-16 06:59 - 00007605 _____ () C:\Users\XXXXXX XXXXXX\AppData\Local\Resmon.ResmonCfg
2015-04-16 00:11 - 2015-04-19 13:15 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\Adobe
2015-04-16 00:10 - 2015-05-02 10:35 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Nitro PDF
2015-04-16 00:10 - 2015-04-16 00:10 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\Lenovo
2015-04-16 00:08 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2015-04-16 00:08 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2015-04-16 00:08 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2015-04-16 00:03 - 2015-04-16 19:56 - 00115456 _____ () C:\Users\XXXXXX XXXXXX\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-16 00:03 - 2015-04-16 00:03 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Leadertech
2015-04-16 00:02 - 2015-04-19 13:15 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Adobe
2015-04-16 00:02 - 2015-04-16 20:15 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\VirtualStore
2015-04-16 00:02 - 2015-04-16 00:02 - 00001432 _____ () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-16 00:01 - 2015-04-16 00:01 - 00000010 _____ () C:\Windows\getvol.scp
2015-04-16 00:01 - 2015-04-16 00:01 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Local\Power2Go
2015-04-16 00:00 - 2015-05-03 09:34 - 01633980 _____ () C:\Windows\WindowsUpdate.log
2015-04-16 00:00 - 2015-04-16 18:21 - 00000000 ____D () C:\Users\XXXXXX XXXXXX
2015-04-16 00:00 - 2015-04-16 00:00 - 00000020 ___SH () C:\Users\XXXXXX XXXXXX\ntuser.ini
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\XXXXXX XXXXXX\Vorlagen
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\XXXXXX XXXXXX\Startmenü
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\XXXXXX XXXXXX\Netzwerkumgebung
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\XXXXXX XXXXXX\Lokale Einstellungen
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\XXXXXX XXXXXX\Eigene Dateien
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\XXXXXX XXXXXX\Druckumgebung
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\XXXXXX XXXXXX\Documents\Eigene Musik
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\XXXXXX XXXXXX\Documents\Eigene Bilder
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\XXXXXX XXXXXX\AppData\Local\Verlauf
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\XXXXXX XXXXXX\AppData\Local\Anwendungsdaten
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\XXXXXX XXXXXX\Anwendungsdaten
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Programme
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\ProgramData\Favoriten
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2015-04-16 00:00 - 2015-04-16 00:00 - 00000000 _____ () C:\Windows\firstboot.dat
2015-04-16 00:00 - 2014-08-14 18:01 - 00000000 ____D () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Macromedia
2015-04-16 00:00 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-16 00:00 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\XXXXXX XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
writeoff |
|
03.05.2015, 12:09
| #5 |
| | G Data meldet wiederholt Problem mit rpcnetp.exe ...und der Rest der FRST.txt Code:
ATTFilter ==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-03 09:38 - 2009-07-14 06:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-03 09:38 - 2009-07-14 06:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-03 09:31 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-03 09:31 - 2009-07-14 06:51 - 00051570 _____ () C:\Windows\setupact.log
2015-05-02 10:30 - 2010-11-21 05:47 - 00140778 _____ () C:\Windows\PFRO.log
2015-04-23 10:55 - 2014-08-14 18:04 - 00000000 ____D () C:\ProgramData\CyberLink
2015-04-22 18:31 - 2014-08-14 17:50 - 00011610 _____ () C:\Windows\DPINST.LOG
2015-04-19 12:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-17 23:13 - 2014-02-03 16:34 - 00000000 ____D () C:\Program Files\Windows Journal
2015-04-17 23:13 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2015-04-17 23:13 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
2015-04-17 23:13 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2015-04-17 23:13 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-04-17 23:13 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-04-17 23:13 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-17 23:13 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\DVD Maker
2015-04-17 23:13 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2015-04-17 23:13 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-04-17 23:13 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-17 23:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2015-04-17 23:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-04-17 23:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2015-04-17 23:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-17 23:12 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2015-04-17 23:12 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2015-04-17 23:12 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\system32\winrm
2015-04-17 23:12 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\system32\WCN
2015-04-17 23:12 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\system32\slmgr
2015-04-17 23:12 - 2010-11-21 09:06 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2015-04-17 23:12 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-04-17 23:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-04-17 23:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-04-17 23:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2015-04-17 23:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-04-17 23:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Setup
2015-04-17 23:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\oobe
2015-04-17 23:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\MUI
2015-04-17 23:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\migwiz
2015-04-17 23:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-04-17 23:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\com
2015-04-17 23:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2015-04-17 16:09 - 2014-08-14 17:51 - 00000000 ____D () C:\Program Files\DIFX
2015-04-17 16:08 - 2014-08-14 17:55 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-17 15:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 21:10 - 2014-08-15 03:29 - 00700130 _____ () C:\Windows\system32\perfh007.dat
2015-04-16 21:10 - 2014-08-15 03:29 - 00149768 _____ () C:\Windows\system32\perfc007.dat
2015-04-16 21:10 - 2009-07-14 07:13 - 01622706 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-16 20:29 - 2009-07-14 06:45 - 00413096 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-16 20:01 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-16 19:14 - 2014-08-14 18:01 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-16 19:14 - 2014-08-14 18:01 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-16 13:16 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini
2015-04-16 11:58 - 2014-02-03 16:34 - 00000000 ____D () C:\Windows\ShellNew
2015-04-16 11:53 - 2014-08-14 18:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-04-16 11:46 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-04-16 11:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-16 09:32 - 2014-08-14 17:51 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-16 09:32 - 2014-08-14 17:51 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-16 09:31 - 2014-08-14 17:59 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-16 09:17 - 2014-08-14 18:01 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2015-04-16 09:17 - 2014-08-14 17:56 - 00000000 ____D () C:\Program Files\Lenovo
2015-04-16 09:16 - 2014-08-14 18:01 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-04-16 09:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2015-04-16 09:01 - 2014-01-30 23:46 - 01596050 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-16 08:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-16 07:29 - 2014-08-14 18:08 - 00000000 ____D () C:\ProgramData\Norton
2015-04-16 07:24 - 2014-08-14 18:08 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2015-04-16 00:10 - 2014-08-15 03:04 - 00000000 ____D () C:\ProgramData\Lenovo
2015-04-16 00:08 - 2014-08-14 18:09 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2015-04-16 00:08 - 2014-08-14 18:01 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-04-16 00:08 - 2014-08-14 17:56 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2015-04-16 00:01 - 2014-08-14 17:54 - 00000042 _____ () C:\Windows\SysWOW64\Drivers\17AA_Lenovo_ThinkCentre_E73_10DR001DGE.MRK
2015-04-16 00:01 - 2014-01-30 21:47 - 00000000 ____D () C:\Windows\Panther
2015-04-16 00:01 - 2014-01-30 21:47 - 00000000 ____D () C:\SWTOOLS
2015-04-16 00:00 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\restore
2015-04-16 00:00 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-16 00:00 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-16 00:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Windows NT
==================== Files in the root of some directories =======
2015-04-16 07:33 - 2015-04-16 07:33 - 0000000 _____ () C:\Users\XXXXXX XXXXXX\AppData\Roaming\gdfw.log
2015-04-16 07:33 - 2015-04-16 07:33 - 0000779 _____ () C:\Users\XXXXXX XXXXXX\AppData\Roaming\gdscan.log
2015-04-16 06:45 - 2015-04-16 06:59 - 0007605 _____ () C:\Users\XXXXXX XXXXXX\AppData\Local\Resmon.ResmonCfg
2015-04-16 18:44 - 2015-04-16 18:44 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-08-14 17:58 - 2014-08-14 17:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-08-14 18:06 - 2014-08-14 18:06 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2014-08-14 18:04 - 2014-08-14 18:05 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-08-14 18:05 - 2014-08-14 18:05 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2014-08-14 18:05 - 2014-08-14 18:06 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log
Some content of TEMP:
====================
C:\Users\XXXXXX XXXXXX\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\XXXXXX XXXXXX\AppData\Local\Temp\ose00000.exe
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-24 14:50
==================== End Of Log ============================
Beste Grüße writeoff Hi schrauber, mir ist beim Lesen der Addition.txt etwas aufgefallen. Da ich mir nicht sicher bin, ob es für unser Thema relevant ist, teile ich es Dir lieber mit. Aus dem log im ersten Post kann man sehen, dass G Data auch eine Datei des iclsclient in Quarantäne verschoben hat. "c:\windows\syswow64\config\systemprofile\appdata\local\intel\icls client\iclsclient.log" Der iclsclient gehört zur Intel Management Engine. In der Addition.txt steht unter disabled services unter anderem "MSCONFIG\Services: LMS => 2" . Auch dieser Service hat mit der Intel Management Engine zu tun. Ich hatte eine Reihe von Services und Autostarteinträgen deaktiviert, weil Lenovo den Rechner derart vollgeknallt hat mit allem möglichen unnützen Kram, dass der Rechner ewig lange zum Booten benötigt hat. Ist es denkbar, dass ich mir dabei selber ins Knie geschossen hab? Das Booten geht jetzt zwar superschnell, aber möglicherweise fehlt einer der services und das führt zur besagten Meldung. Dann müsste ich mich zwar ganz schön schämen, aber wenn wir dadurch den Fehler hätten und uns weitere Suchen ersparen könnten, dann wäre Schämen für mich ok. Sofern das alles Quatsch ist --> nichts für Ungut, ich freue mich auf Deine nächsten Anweisungen. Beste Grüße writeoff |
|
03.05.2015, 17:16
| #6 |
| /// the machine /// TB-Ausbilder | G Data meldet wiederholt Problem mit rpcnetp.exe Öffne mal bitte FRST, in die Search Box folgendes kopieren: rpcnetp.exe und auf Search Files klicken.
__________________ --> G Data meldet wiederholt Problem mit rpcnetp.exe |
|
03.05.2015, 17:22
| #7 |
| | G Data meldet wiederholt Problem mit rpcnetp.exe das Ergebnis search.txt Code:
ATTFilter Farbar Recovery Scan Tool (x64) Version: 02-05-2015
Ran by XXXXXX XXXXXX at 2015-05-03 18:18:52
Running from C:\Users\XXXXXX XXXXXX\Desktop
Boot Mode: Normal
================== Search Files: "rpcnetp.exe" =============
C:\Windows\System32\rpcnetp.exe
[2015-05-03 13:31][2015-05-03 13:34] 0017408 ____A () 9A66E27C59C804A376A72831B5B771C5
====== End Of Search ======
Geändert von writeoff (03.05.2015 um 17:27 Uhr) |
|
04.05.2015, 11:42
| #8 |
| /// the machine /// TB-Ausbilder | G Data meldet wiederholt Problem mit rpcnetp.exe Suche bitte wiederholen, diesmal damit: rpcnetp.*
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.05.2015, 11:46
| #9 |
| | G Data meldet wiederholt Problem mit rpcnetp.exe ... das Ergebnis Code:
ATTFilter Farbar Recovery Scan Tool (x64) Version: 02-05-2015
Ran by XXXXXX XXXXXX at 2015-05-04 12:43:13
Running from C:\Users\XXXXXX XXXXXX\Desktop
Boot Mode: Normal
================== Search Files: "rpcnetp.*" =============
C:\Windows\System32\rpcnetp.exe
[2015-05-03 13:31][2015-05-03 13:34] 0017408 ____A () 0C496AAF56C73DA7B93D1432FBEB5BCD
====== End Of Search ======
|
|
05.05.2015, 07:30
| #10 |
| /// the machine /// TB-Ausbilder | G Data meldet wiederholt Problem mit rpcnetp.exe Tolle Wurst, kein Replacement da. Bitte Windows Repair laufen lassen: Windows reparieren - so geht's - Anleitungen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.05.2015, 08:27
| #11 |
| | G Data meldet wiederholt Problem mit rpcnetp.exe Hallo Schrauber, danke, bin schon am downloaden von tweaking.com. Gestern tauchte das Problem übrigens den ganzen Tag trotz mehrfachem Boot nicht auf. Heute wieder das gewohnte Bild: Rechner bootet ok, nach einigen Minuten schlägt die Verhaltensüberwachung dann wieder an und meldet rpcnetp.exe als verdächtig. Was auch immer da tätig wird, es findet nicht jeden Tag statt. Noch eine Hinweis: das Problem ist zum ersten Mal aufgetaucht an Tag der Installation einer neuen Version (25.1.0.4) von G Data. Mit der 25.1.0.3 gab es keine Meldungen. Beste Grüße writeoff |
|
05.05.2015, 10:43
| #12 |
| /// the machine /// TB-Ausbilder | G Data meldet wiederholt Problem mit rpcnetp.exe Zur Not fragen wir mal beim GDATA Support an 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.05.2015, 11:33
| #13 |
| | G Data meldet wiederholt Problem mit rpcnetp.exe Mein erster Anruf bei G Data war am 22.4.. An diesem Tag hatte ich um 18:32 G Data upgedatet auf die 25.1.0.4 und um 19:28 kam das Problem zum ersten Mal. Habe alle Infos an G Data hochgeladen, wie vom Support gefordert. Am 1.5. (also nach 9 Tagen) habe ich nachgefragt, wie denn der Stand wäre. Meine Uploads lagen vor und waren beim 2nd Level zur Untersuchung. Heute habe ich wieder angerufen, aber immer noch keine Antwort vom 2nd Level. Habt Ihr da einen besseren Draht? Über meine Kanäle komme ich da nicht weiter. Beste Grüße writeoff Noch ein paar Infos 1. Auch bevor das Problem am 22.4. das erste Mal gemeldet wurde, hat mein Rechner immer wieder die rpcnetp.exe modifiziert. Ich habe 7 Wiederherstellungspunkte, vor dem 22.4., bei denen immer eine Dateiversion mit anderem Änderungsdatum gespeichert ist. Vor dem 22.4. hat sich G Data daran aber nicht gestört. 2. Der zeitliche Verlauf der Meldungen ist merkwürdig: vor 22.4.: Rechner läuft ohne Problem; 22.4.: Problem taucht auf; 23.-24.4.: Rechner läuft ohne Problem; 26.-27.4.: Rechner läuft ohne Problem; 30.4.: Rechner läuft ohne Problem; 1.5.: Problem taucht auf; 2.5.: Problem taucht auf; 3.5.: Problem taucht auf; 4.5.: Rechner läuft ohne Problem; 5.5.: Problem taucht auf; Beste Grüße writeoff |
|
05.05.2015, 15:31
| #14 |
| /// the machine /// TB-Ausbilder | G Data meldet wiederholt Problem mit rpcnetp.exe Nee, bei GDATA kenn ich leider keinen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.05.2015, 17:31
| #15 |
| | G Data meldet wiederholt Problem mit rpcnetp.exe Da wir anscheinend beide das G Data Update als Ursache in Erwägung ziehen und da G Data noch nicht geantwortet hat, könnte ich doch die Wartezeit auf die Antwort nutzen, um einfach mal via Systemwiederherstellung auf den Status vor dem Update zurückgehen. Wenn der Fehler verschwunden sein sollte, hätten wir ja das Ziel erreicht. Wenn nicht, ist nichts versaut. Daten sind mehrfach gesichert, das Risiko ist also überschaubar. Davon unabhängig wäre es natürlich schön zu wissen, welche Task/welcher Prozess immer wieder die rpcnetp.exe ändert und warum das nicht jeden Tag passiert, sondern dem oben beschriebenen merkwürdigen Muster folgt. Da das schon lange vor dem ersten Auftreten der Problemmeldung passierte, ist es möglicherweise völlig ok und harmlos. Die Verhaltensüberwachung hat ja auch FRST angemeckert, ohne dass FRST bösartig wäre (hoffe ich zumindest  ).Sollen wir das so machen? Ich würde mich sofort wieder melden, wenn einer der folgenden Bedingungen erfüllt wäre: 1. Antwort von GData liegt vor 2. Fehler taucht wieder wieder auf (dann wäre die Idee mit der Wiederherstellung geplatzt) 3. Fehler taucht mindestens eine Woche nicht auf (das wäre ein deutlich längerer fehlerfreier Zeitraum und damit ein Hinweis, dass an der Idee etwas dran sein könnte.) Beste Grüße writeoff |
|
| Themen zu G Data meldet wiederholt Problem mit rpcnetp.exe |
| befall, beseitigen, client, data, datei, dateien, fehlalarm, hallo zusammen, installiert, intel, internet, log, meldet, nachvollziehen, neue, neuen, problem, quarantäne, schutzsoftware, system, systemwiederherstellung, web, wiederholt, woche, zusammen |
Linear-Darstellung
