TR/Dropper.Gen in C:Windows/Temp/.....
Hallo,
antivir hat auch bei mit den TR/Dropper.Gen gefunden.
Könnt ihr mir helfen ihn schnellst möglich los zu werden bitte, bin nämlich eigentlich gerade dabei mein abschluss arbeit zu schreiben.... :(
:dankeschoen:
und sobald ich auf einen weiterführenden link klicke, öffnet sich ein weiters firefox fenster und von avast kommt diese meldung:
infektion blockiert:
URL:
hxxp://canadaalltax.com/z/f=pjsKrTwFvTk4vTw4px1FqdaFrjC7qds9&eid=313&hid=17612962708237281132&pid=1481&rf=http%3A%2F%2Fwww.trojaner-board.de%2F69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html&s=px.pluginh&r=0.9361056213782601
Infektion:
URL:Mal
FRST editor: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Admin L (administrator) on ADMINL-PC on 28-05-2014 03:38:50
Running from C:\Users\Admin L\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-07] (Intel Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-27] (AVAST Software)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-13] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [183376 2014-05-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\RunOnce: [20140526] - C:\Program Files\AVAST Software\Avast\setup\emupdate\52760e9e-1874-4535-bf22-37d959bf5300.exe /check [182720 2014-05-28] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1022563546-1782848626-2376987420-1000\...\MountPoints2: {59ab83c7-b3d7-11e3-b62c-806e6f6e6963} - E:\InstAll.exe
AppInit_DLLs: C:\PROGRA~2\SN_X64~1.BOO => C:\Program Files (x86)\SN_x64.Booster [4210176 2014-05-21] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEEA960F2F548CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Admin L\AppData\Roaming\Mozilla\Firefox\Profiles\8x1rsdc4.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Admin L\AppData\Roaming\Mozilla\Firefox\Profiles\8x1rsdc4.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: SSavee! net - C:\Users\Admin L\AppData\Roaming\Mozilla\Firefox\Profiles\8x1rsdc4.default\Extensions\0spueou@xls.org [2014-05-21]
FF Extension: Avira Browser Safety - C:\Users\Admin L\AppData\Roaming\Mozilla\Firefox\Profiles\8x1rsdc4.default\Extensions\abs@avira.com [2014-05-28]
FF Extension: YoutubeAdblocker - C:\Users\Admin L\AppData\Roaming\Mozilla\Firefox\Profiles\8x1rsdc4.default\Extensions\wf5ecai@raoa-aoy.com [2014-05-21]
FF Extension: Adblock Plus - C:\Users\Admin L\AppData\Roaming\Mozilla\Firefox\Profiles\8x1rsdc4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-26]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-26]
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (YoutubeAdblocker) - C:\Users\Admin L\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiodpijiceefjlolkcgadihfikhbpgdj [2014-05-21]
CHR Extension: (Social Face) - C:\Users\Admin L\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoodoglhbmpafkajmlggnjnngdclnie [2014-05-21]
CHR Extension: (SSavee! net) - C:\Users\Admin L\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcnieppaifbappmeimkdkacpdapbpnh [2014-05-21]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-20] (AVAST Software)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [123984 2014-05-14] (Avira Operations GmbH & Co. KG)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-20] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-20] ()
R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [65784 2013-01-16] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [17280 2012-08-05] ( )
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104560 2012-04-25] (Qualcomm Atheros Co., Ltd.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc.)
S3 ASUSProcObsrv; \??\E:\I386\AsPrOb64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-28 03:38 - 2014-05-28 03:39 - 00013384 _____ () C:\Users\Admin L\Downloads\FRST.txt
2014-05-28 03:38 - 2014-05-28 03:38 - 02066944 _____ (Farbar) C:\Users\Admin L\Downloads\FRST64.exe
2014-05-28 03:38 - 2014-05-28 03:38 - 00000000 ____D () C:\FRST
2014-05-28 03:37 - 2014-05-28 03:37 - 01056256 _____ (Farbar) C:\Users\Admin L\Downloads\FRST.exe
2014-05-28 03:21 - 2014-05-28 03:21 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-28 03:21 - 2014-05-28 03:21 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-28 03:21 - 2014-05-28 03:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-28 03:17 - 2014-05-28 03:17 - 00000000 __SHD () C:\Users\Admin L\AppData\Local\EmieUserList
2014-05-28 03:17 - 2014-05-28 03:17 - 00000000 __SHD () C:\Users\Admin L\AppData\Local\EmieSiteList
2014-05-28 03:16 - 2014-05-28 03:16 - 00002161 _____ () C:\Users\Admin L\Desktop\CCleaner - CHIP Downloader.lnk
2014-05-28 02:04 - 2014-05-28 02:04 - 00000000 ____D () C:\Users\Admin L\AppData\Roaming\Avira
2014-05-28 02:01 - 2014-05-09 11:16 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-28 02:01 - 2014-05-09 11:16 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-28 02:01 - 2014-05-09 11:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-05-28 01:58 - 2014-05-28 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-28 01:58 - 2014-05-28 02:01 - 00000000 ____D () C:\ProgramData\Avira
2014-05-28 01:58 - 2014-05-28 02:01 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-28 01:58 - 2014-05-28 01:58 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-05-28 01:58 - 2014-05-28 01:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-28 01:57 - 2014-05-28 01:57 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\Admin L\Downloads\avira_de_av_4001967932__ws.exe
2014-05-28 01:47 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-27 09:57 - 2014-05-27 09:58 - 01121374 _____ () C:\Users\Admin L\Downloads\Derivate-5603.zip
2014-05-21 07:57 - 2014-05-21 07:57 - 04210176 _____ () C:\Program Files (x86)\SN_x64.Booster
2014-05-21 07:56 - 2014-05-27 10:43 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker
2014-05-21 07:56 - 2014-05-27 10:31 - 00000000 ____D () C:\ProgramData\Savei, net
2014-05-21 07:56 - 2014-05-21 07:56 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdblocker
2014-05-21 07:56 - 2014-05-21 07:56 - 00000000 ____D () C:\Program Files (x86)\Savei, net
2014-05-21 07:55 - 2014-05-21 07:57 - 00000000 ____D () C:\ProgramData\24c72037cd6373cb
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Gast
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Administrator
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Admin L\AppData\Local\Torch
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Admin L\AppData\Local\Google
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Admin L\AppData\Local\Comodo
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Admin L\AppData\Local\Chromatic Browser
2014-05-21 07:53 - 2014-05-21 07:53 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-21 05:55 - 2014-05-21 05:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-05-21 05:22 - 2014-05-21 07:03 - 00000000 ____D () C:\Program Files\Recuva
2014-05-21 05:22 - 2014-05-21 05:22 - 00001658 _____ () C:\Users\Public\Desktop\Recuva.lnk
2014-05-21 05:22 - 2014-05-21 05:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2014-05-19 05:50 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-05-19 05:39 - 2014-05-19 05:39 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-19 05:39 - 2014-05-19 05:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-19 05:39 - 2014-05-19 05:39 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-19 05:39 - 2014-05-19 05:39 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-19 05:39 - 2014-05-19 05:39 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-19 05:39 - 2014-05-19 05:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-19 05:39 - 2014-05-19 05:39 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-19 05:39 - 2014-05-19 05:39 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-19 05:39 - 2014-05-19 05:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-19 05:39 - 2014-05-19 05:39 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-19 05:39 - 2014-05-19 05:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-19 05:37 - 2014-05-19 05:50 - 00009928 _____ () C:\Windows\IE11_main.log
2014-05-19 05:26 - 2010-02-23 10:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-05-19 05:20 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-19 05:19 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-19 05:18 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-19 05:18 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-19 05:18 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-19 05:18 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-19 05:18 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-19 05:18 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-19 05:18 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-19 05:18 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-19 05:18 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-19 05:18 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-19 05:18 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-19 05:18 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-19 05:18 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-19 05:18 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-19 05:18 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-19 05:18 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-19 05:18 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-19 05:18 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-19 05:18 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-19 05:18 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-19 05:18 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-19 05:18 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-19 05:18 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-19 05:18 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-19 05:18 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-19 05:18 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-19 05:18 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-19 05:18 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-19 05:18 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-19 05:18 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-19 05:18 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-19 05:18 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-19 05:18 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-19 05:18 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-19 05:18 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-19 05:18 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-19 05:18 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-19 05:18 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-19 05:18 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-19 05:18 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-19 05:18 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-19 05:16 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-05-19 05:16 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-05-19 05:16 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-05-19 05:16 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-05-19 05:13 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-19 05:13 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-05-19 05:13 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-05-19 05:13 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-05-19 05:13 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-05-19 05:13 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-05-19 05:13 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-19 05:13 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-05-19 05:13 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-05-19 05:13 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-05-19 05:13 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-05-17 15:12 - 2014-05-17 15:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
==================== One Month Modified Files and Folders =======
2014-05-28 03:39 - 2014-05-28 03:38 - 00013384 _____ () C:\Users\Admin L\Downloads\FRST.txt
2014-05-28 03:38 - 2014-05-28 03:38 - 02066944 _____ (Farbar) C:\Users\Admin L\Downloads\FRST64.exe
2014-05-28 03:38 - 2014-05-28 03:38 - 00000000 ____D () C:\FRST
2014-05-28 03:37 - 2014-05-28 03:37 - 01056256 _____ (Farbar) C:\Users\Admin L\Downloads\FRST.exe
2014-05-28 03:21 - 2014-05-28 03:21 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-28 03:21 - 2014-05-28 03:21 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-28 03:21 - 2014-05-28 03:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-28 03:21 - 2014-03-26 15:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-28 03:17 - 2014-05-28 03:17 - 00000000 __SHD () C:\Users\Admin L\AppData\Local\EmieUserList
2014-05-28 03:17 - 2014-05-28 03:17 - 00000000 __SHD () C:\Users\Admin L\AppData\Local\EmieSiteList
2014-05-28 03:16 - 2014-05-28 03:16 - 00002161 _____ () C:\Users\Admin L\Desktop\CCleaner - CHIP Downloader.lnk
2014-05-28 02:18 - 2011-04-12 09:43 - 00698926 _____ () C:\Windows\system32\perfh007.dat
2014-05-28 02:18 - 2011-04-12 09:43 - 00149034 _____ () C:\Windows\system32\perfc007.dat
2014-05-28 02:18 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-28 02:17 - 2014-03-25 06:43 - 01954794 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 02:17 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-28 02:17 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 02:12 - 2014-03-26 16:34 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-05-28 02:10 - 2014-03-26 17:13 - 00004930 _____ () C:\Windows\setupact.log
2014-05-28 02:10 - 2014-03-26 17:12 - 00104026 _____ () C:\Windows\PFRO.log
2014-05-28 02:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-28 02:04 - 2014-05-28 02:04 - 00000000 ____D () C:\Users\Admin L\AppData\Roaming\Avira
2014-05-28 02:02 - 2014-05-28 01:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-28 02:01 - 2014-05-28 01:58 - 00000000 ____D () C:\ProgramData\Avira
2014-05-28 02:01 - 2014-05-28 01:58 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-28 01:58 - 2014-05-28 01:58 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-05-28 01:58 - 2014-05-28 01:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-28 01:57 - 2014-05-28 01:57 - 04536336 _____ (Avira Operations GmbH & Co. KG) C:\Users\Admin L\Downloads\avira_de_av_4001967932__ws.exe
2014-05-28 01:41 - 2014-03-25 23:53 - 00001413 _____ () C:\Users\Admin L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-28 01:41 - 2014-03-25 23:53 - 00000000 ___RD () C:\Users\Admin L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-28 01:41 - 2014-03-25 23:53 - 00000000 ___RD () C:\Users\Admin L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-28 01:40 - 2014-03-25 06:38 - 00000000 ____D () C:\Windows\Panther
2014-05-28 01:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-27 10:43 - 2014-05-21 07:56 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker
2014-05-27 10:31 - 2014-05-21 07:56 - 00000000 ____D () C:\ProgramData\Savei, net
2014-05-27 09:58 - 2014-05-27 09:57 - 01121374 _____ () C:\Users\Admin L\Downloads\Derivate-5603.zip
2014-05-23 08:29 - 2014-03-26 16:57 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-21 07:57 - 2014-05-21 07:57 - 04210176 _____ () C:\Program Files (x86)\SN_x64.Booster
2014-05-21 07:57 - 2014-05-21 07:55 - 00000000 ____D () C:\ProgramData\24c72037cd6373cb
2014-05-21 07:56 - 2014-05-21 07:56 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdblocker
2014-05-21 07:56 - 2014-05-21 07:56 - 00000000 ____D () C:\Program Files (x86)\Savei, net
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Gast
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Administrator
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Admin L\AppData\Local\Torch
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Admin L\AppData\Local\Google
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Admin L\AppData\Local\Comodo
2014-05-21 07:55 - 2014-05-21 07:55 - 00000000 ____D () C:\Users\Admin L\AppData\Local\Chromatic Browser
2014-05-21 07:53 - 2014-05-21 07:53 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-21 07:03 - 2014-05-21 05:22 - 00000000 ____D () C:\Program Files\Recuva
2014-05-21 05:55 - 2014-05-21 05:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-05-21 05:22 - 2014-05-21 05:22 - 00001658 _____ () C:\Users\Public\Desktop\Recuva.lnk
2014-05-21 05:22 - 2014-05-21 05:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2014-05-21 00:20 - 2014-03-26 15:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-21 00:20 - 2014-03-26 15:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-21 00:17 - 2014-03-26 15:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-19 05:50 - 2014-05-19 05:37 - 00009928 _____ () C:\Windows\IE11_main.log
2014-05-19 05:39 - 2014-05-19 05:39 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-19 05:39 - 2014-05-19 05:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-19 05:39 - 2014-05-19 05:39 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-19 05:39 - 2014-05-19 05:39 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-19 05:39 - 2014-05-19 05:39 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-19 05:39 - 2014-05-19 05:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-19 05:39 - 2014-05-19 05:39 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-19 05:39 - 2014-05-19 05:39 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-19 05:39 - 2014-05-19 05:39 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-19 05:39 - 2014-05-19 05:39 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-19 05:39 - 2014-05-19 05:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-19 05:39 - 2014-05-19 05:39 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-19 05:39 - 2014-05-19 05:39 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-19 05:28 - 2014-03-26 02:30 - 01592784 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-19 05:26 - 2014-03-26 02:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-17 15:12 - 2014-05-17 15:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-05-16 03:30 - 2014-03-26 16:56 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-16 03:30 - 2014-03-26 16:56 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-16 03:30 - 2014-03-26 16:56 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-09 16:25 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-05-09 11:16 - 2014-05-28 02:01 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-09 11:16 - 2014-05-28 02:01 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-09 11:16 - 2014-05-28 02:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-05-06 02:52 - 2014-04-11 03:42 - 00000000 ____D () C:\Users\Admin L\AppData\Local\Microsoft Games
2014-05-04 17:12 - 2014-03-26 02:33 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-28 16:57 - 2011-04-12 09:54 - 00000000 ___RD () C:\Users\Public\Recorded TV
Some content of TEMP:
====================
C:\Users\Admin L\AppData\Local\Temp\avgnt.exe
C:\Users\Admin L\AppData\Local\Temp\TsuC9368B12.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-10 20:30
==================== End Of Log ============================
frst addition: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Admin L at 2014-05-28 03:39:43
Running from C:\Users\Admin L\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.1.3 - ASUS)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.15.16 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0020 - ASUS)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Avira (HKLM-x32\...\{68e29fba-92b1-4f6f-a604-1d8679da3a9f}) (Version: 1.1.13.24161 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.13.24161 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05152 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05152 - Cisco Systems, Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero Burning Core (x32 Version: 15.0.19000 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 15.0.19000 - Nero AG) Hidden
Nero Burning ROM 2014 (HKLM-x32\...\{326AD556-E540-4C3F-B197-4A9456DABCF3}) (Version: 15.0.01300 - Nero AG)
Nero Burning ROM Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.16700 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.22500 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.15003 - Nero AG) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Savei, net (HKLM-x32\...\{7DD5E91C-3864-77EC-7635-D14910C2A03E}) (Version: 4.3.0.1718 - save Net) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SN.Sustainer 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{1a34a8e0}) (Version: - Certified Publisher) <==== ATTENTION
Windows-Treiberpaket - ASUS (ATP) Mouse (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.38 - ASUS)
YoutubeAdblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: 3.2.0.1472 - YoutubeAdblocker) <==== ATTENTION
==================== Restore Points =========================
27-05-2014 23:48:28 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0AB609F3-66E2-49E1-926F-94B95522191F} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-03-26] ()
Task: {22B769A1-65FB-4779-8EDF-8B98E13D7E63} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-15] (ASUS)
Task: {7921F42C-CAD0-459E-B8D2-FB3B23816EDF} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-01-16] (AsusTek)
Task: {CE369B90-EFB2-4794-B6BE-D6244150C92A} - System32\Tasks\ASUS Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2012-11-28] (ASUSTeK Computer Inc.)
Task: {E4CCC46F-8352-46C1-820C-513C70ED2E41} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-06-25] (ASUSTek Computer Inc.)
Task: {E912B2B4-3819-464D-B37B-E15279DB2BBE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {EFAF8DEC-1AE3-432A-B00D-B6944BD91A4E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-20] (AVAST Software)
==================== Loaded Modules (whitelisted) =============
2009-09-01 06:31 - 2009-09-01 06:31 - 00022016 _____ () C:\Windows\System32\ssp2ml6.dll
2010-07-14 17:11 - 2010-07-14 17:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-03-26 00:16 - 2012-02-22 09:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-12-13 00:36 - 2013-12-13 00:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-05-28 01:40 - 2014-05-28 01:40 - 02256384 _____ () C:\Program Files\AVAST Software\Avast\defs\14052701\algo.dll
2012-01-31 10:25 - 2012-01-31 10:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2014-05-14 14:27 - 2014-05-14 14:27 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-05-14 14:27 - 2014-05-14 14:27 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-03-26 16:56 - 2014-03-26 16:56 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-28 02:03 - 2014-05-14 14:27 - 00049744 _____ () C:\Users\Admin L\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-03-26 00:23 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-05-28 03:21 - 2014-05-07 04:27 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-21 00:19 - 2014-05-21 00:20 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/28/2014 02:12:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/28/2014 01:41:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/23/2014 09:16:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 29.0.1.5239, Zeitstempel: 0x536995c2
Name des fehlerhaften Moduls: mozalloc.dll, Version: 29.0.1.5239, Zeitstempel: 0x536968fa
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000119c
ID des fehlerhaften Prozesses: 0x1414
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (05/23/2014 09:16:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 29.0.1.5239 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 17f4
Startzeit: 01cf76b99b64c26e
Endzeit: 30
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: ac760f1b-e2ae-11e3-b069-e03f49cf4586
Error: (05/21/2014 07:58:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Kontrolle öffentlicher Räume pdf.exe, Version 2014.5.18.1727 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: f10
Startzeit: 01cf74b90cf37541
Endzeit: 0
Anwendungspfad: C:\Users\Admin L\Downloads\Kontrolle öffentlicher Räume pdf.exe
Berichts-ID:
Error: (05/14/2014 07:28:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 29.0.1.5239 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: a8c
Startzeit: 01cf6f3325b55a42
Endzeit: 30
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: 16b17c3d-db8d-11e3-b069-e03f49cf4586
Error: (05/13/2014 04:51:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a144
Name des fehlerhaften Moduls: UIAnimation.dll, Version: 6.2.9200.16492, Zeitstempel: 0x50f309ee
Ausnahmecode: 0xc000041d
Fehleroffset: 0x00000000000068cc
ID des fehlerhaften Prozesses: 0x55c
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (05/13/2014 10:11:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a144
Name des fehlerhaften Moduls: UIAnimation.dll, Version: 6.2.9200.16492, Zeitstempel: 0x50f309ee
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000068cc
ID des fehlerhaften Prozesses: 0x55c
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (05/09/2014 04:26:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/06/2014 09:26:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bca54
Name des fehlerhaften Moduls: igdumd64.dll, Version: 8.15.10.2653, Zeitstempel: 0x4f3aac44
Ausnahmecode: 0xc000041d
Fehleroffset: 0x000000000030eb06
ID des fehlerhaften Prozesses: 0x1250
Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0
Pfad der fehlerhaften Anwendung: DllHost.exe1
Pfad des fehlerhaften Moduls: DllHost.exe2
Berichtskennung: DllHost.exe3
System errors:
=============
Error: (05/28/2014 01:43:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Sicherheitsupdate für Internet Explorer 8 für Windows 7 für x64-Systeme (KB2953522)
Error: (05/28/2014 01:34:18 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}
Error: (05/13/2014 06:28:35 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (05/08/2014 06:56:00 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (05/08/2014 06:55:53 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (05/08/2014 06:55:45 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (05/08/2014 06:55:37 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (05/08/2014 06:55:29 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (05/08/2014 06:55:21 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Error: (05/08/2014 06:55:13 AM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.
Microsoft Office Sessions:
=========================
Error: (05/28/2014 02:12:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/28/2014 01:41:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/23/2014 09:16:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe29.0.1.5239536995c2mozalloc.dll29.0.1.5239536968fa800000030000119c141401cf76b99c424978C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllaf9159e7-e2ae-11e3-b069-e03f49cf4586
Error: (05/23/2014 09:16:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe29.0.1.523917f401cf76b99b64c26e30C:\Program Files (x86)\Mozilla Firefox\firefox.exeac760f1b-e2ae-11e3-b069-e03f49cf4586
Error: (05/21/2014 07:58:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Kontrolle öffentlicher Räume pdf.exe2014.5.18.1727f1001cf74b90cf375410C:\Users\Admin L\Downloads\Kontrolle öffentlicher Räume pdf.exe
Error: (05/14/2014 07:28:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe29.0.1.5239a8c01cf6f3325b55a4230C:\Program Files (x86)\Mozilla Firefox\firefox.exe16b17c3d-db8d-11e3-b069-e03f49cf4586
Error: (05/13/2014 04:51:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175144ce7a144UIAnimation.dll6.2.9200.1649250f309eec000041d00000000000068cc55c01cf6b9276aca306C:\Windows\Explorer.EXEC:\Windows\System32\UIAnimation.dll1e9170e8-daae-11e3-b069-e03f49cf4586
Error: (05/13/2014 10:11:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175144ce7a144UIAnimation.dll6.2.9200.1649250f309eec000000500000000000068cc55c01cf6b9276aca306C:\Windows\Explorer.EXEC:\Windows\System32\UIAnimation.dll34105749-da76-11e3-b069-e03f49cf4586
Error: (05/09/2014 04:26:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/06/2014 09:26:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.1.7600.163854a5bca54igdumd64.dll8.15.10.26534f3aac44c000041d000000000030eb06125001cf68fc5cfedf91C:\Windows\system32\DllHost.exeC:\Windows\system32\igdumd64.dllaca97123-d4ef-11e3-920a-e03f49cf4586
==================== Memory info ===========================
Percentage of memory in use: 53%
Total physical RAM: 3981.67 MB
Available physical RAM: 1867.6 MB
Total Pagefile: 7961.52 MB
Available Pagefile: 5639.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:64.27 GB) (Free:36.5 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:401.49 GB) (Free:400.7 GB) NTFS
Drive e: (PRIDE_AND_PREJUDICE) (CDROM) (Total:7.53 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 0007E1F7)
Partition 1: (Active) - (Size=64 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=401 GB) - (Type=07 NTFS)
==================== End Of Log ============================
gmer: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-28 04:40:15
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.AX00 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\ADMINL~1\AppData\Local\Temp\awdiqpod.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[628] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a0ef8d 1 byte [62]
.text C:\Windows\system32\services.exe[684] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a0ef8d 1 byte [62]
.text C:\Windows\system32\winlogon.exe[740] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a0ef8d 1 byte [62]
.text C:\Windows\System32\svchost.exe[588] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a0ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[820] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a0ef8d 1 byte [62]
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe[1252] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075d4a2fd 1 byte [62]
.text C:\Windows\Explorer.EXE[1476] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a0ef8d 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1496] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075d4a2fd 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1532] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075d4a2fd 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1540] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075d4a2fd 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[1856] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075d4a2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1148] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075d4a2fd 1 byte [62]
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[1828] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075d4a2fd 1 byte [62]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2024] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075d4a2fd 1 byte [62]
.text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe[2092] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a0ef8d 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2456] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075d4a2fd 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2476] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075d4a2fd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2632] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075d4a2fd 1 byte [62]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2808] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075d4a2fd 1 byte [62]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075741465 2 bytes [74, 75]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757414bb 2 bytes [74, 75]
.text ... * 2
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe[3016] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a0ef8d 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3944] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075d4a2fd 1 byte [62]
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[3580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a0ef8d 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3252] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a0ef8d 1 byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3716] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a0ef8d 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3104] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075d4a2fd 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4076] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075d4a2fd 1 byte [62]
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3496] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075d4a2fd 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3144] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075d28791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3144] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075d4a2fd 1 byte [62]
.text C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe[3136] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075d4a2fd 1 byte [62]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4044] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075d4a2fd 1 byte [62]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4044] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075741465 2 bytes [74, 75]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[4044] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000757414bb 2 bytes [74, 75]
.text ... * 2
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2528] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075d4a2fd 1 byte [62]
.text C:\Users\Admin L\Downloads\Gmer-19357.exe[4588] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075d4a2fd 1 byte [62]
---- EOF - GMER 2.1 ----
|
WARNUNG an die MITLESER: