Code:
2014-03-18 14:31 - 2014-03-18 18:55 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-18 14:31 - 2014-03-18 18:55 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-18 14:31 - 2014-03-18 14:31 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-18 14:31 - 2014-03-18 14:31 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-18 14:31 - 2014-03-18 14:31 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-18 14:30 - 2014-03-18 14:30 - 00000000 ____D () C:\Users\Nadine\AppData\Roaming\Security System 2
2014-03-18 14:30 - 2014-03-18 14:30 - 00000000 ____D () C:\Users\Nadine\AppData\Roaming\BupSystem
2014-03-18 14:30 - 2014-03-18 14:30 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-18 14:29 - 2014-03-18 15:32 - 00000000 ____D () C:\Program Files (x86)\ResultsAlpha
2014-03-18 14:29 - 2014-03-18 14:29 - 00125440 _____ () C:\Windows\system32\DlProtectSvc.exe
2014-03-18 14:29 - 2014-03-18 14:29 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-03-18 14:25 - 2012-02-17 07:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-03-18 14:25 - 2012-02-17 06:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-03-18 14:25 - 2012-02-17 05:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-03-18 14:25 - 2012-02-17 05:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-03-18 14:23 - 2014-03-18 18:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-18 14:23 - 2014-03-18 14:28 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-18 14:22 - 2014-03-18 18:57 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-18 14:22 - 2014-03-18 14:28 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-18 14:19 - 2014-03-18 14:28 - 00000000 ____D () C:\Users\Nadine\AppData\Local\Google
2014-03-18 14:19 - 2014-03-18 14:19 - 00000000 ____D () C:\Users\Nadine\AppData\Roaming\Intel Corporation
2014-03-18 14:19 - 2014-03-18 14:19 - 00000000 ____D () C:\Users\Nadine\AppData\Roaming\Google
2014-03-18 14:19 - 2014-03-18 14:19 - 00000000 ____D () C:\Users\Nadine\AppData\Roaming\Adobe
2014-03-18 14:18 - 2014-03-18 18:06 - 00000000 ___RD () C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-18 14:18 - 2014-03-18 18:06 - 00000000 ___RD () C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-18 14:18 - 2014-03-18 15:15 - 00000000 ____D () C:\Users\Nadine\AppData\Local\VirtualStore
2014-03-18 14:18 - 2014-03-18 14:18 - 00001444 _____ () C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-18 14:18 - 2014-03-18 14:18 - 00001410 _____ () C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-03-18 14:18 - 2014-03-18 14:18 - 00000000 ____D () C:\Users\Nadine\AppData\Roaming\Macromedia
2014-03-18 14:17 - 2014-03-18 14:17 - 00057560 _____ () C:\Users\Nadine\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-18 14:17 - 2014-03-18 14:17 - 00000020 ___SH () C:\Users\Nadine\ntuser.ini
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 _SHDL () C:\Users\Nadine\Vorlagen
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 _SHDL () C:\Users\Nadine\Startmenü
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 _SHDL () C:\Users\Nadine\Netzwerkumgebung
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 _SHDL () C:\Users\Nadine\Lokale Einstellungen
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 _SHDL () C:\Users\Nadine\Eigene Dateien
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 _SHDL () C:\Users\Nadine\Druckumgebung
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 _SHDL () C:\Users\Nadine\Documents\Eigene Musik
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 _SHDL () C:\Users\Nadine\Documents\Eigene Bilder
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 _SHDL () C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 _SHDL () C:\Users\Nadine\AppData\Local\Verlauf
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 _SHDL () C:\Users\Nadine\AppData\Local\Anwendungsdaten
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 _SHDL () C:\Users\Nadine\Anwendungsdaten
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 ____D () C:\Users\Public\Symantec
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 ____D () C:\Program Files\eMachines Accessory Store
2014-03-18 14:17 - 2012-06-02 23:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-03-18 14:17 - 2012-06-02 23:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-03-18 14:17 - 2012-06-02 23:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-03-18 14:17 - 2012-06-02 23:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-03-18 14:17 - 2012-06-02 23:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-03-18 14:17 - 2012-06-02 23:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-03-18 14:17 - 2012-06-02 23:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-03-18 14:17 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-03-18 14:17 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-03-18 14:17 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-18 14:17 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-18 14:16 - 2014-03-18 19:04 - 00000000 ____D () C:\Users\Nadine
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Programme
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 __SHD () C:\Recovery
2014-03-18 14:01 - 2014-03-18 14:01 - 00031419 _____ () C:\Windows\DirectX.log
2014-03-18 14:01 - 2014-03-18 14:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-03-18 14:01 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-03-18 14:01 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-03-18 14:00 - 2014-03-18 14:01 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Windows\PCHEALTH
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Program Files (x86)\Windows Live SkyDrive
2014-03-18 13:58 - 2014-03-18 13:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-18 13:56 - 2014-03-18 13:56 - 00015610 _____ () C:\Windows\devices.txt
2014-03-18 13:53 - 2014-03-18 13:53 - 00000000 ____D () C:\Program Files (x86)\Video Web Camera
2014-03-18 13:52 - 2014-03-18 13:52 - 00002282 _____ () C:\RHDSetup.log
2014-03-18 13:52 - 2014-03-18 13:52 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-03-18 13:52 - 2014-03-18 13:52 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-03-18 13:52 - 2014-03-18 13:52 - 00000000 ____D () C:\Program Files\Synaptics
2014-03-18 13:52 - 2014-03-18 13:52 - 00000000 ____D () C:\Program Files\Realtek
2014-03-18 13:52 - 2014-03-18 13:52 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-03-18 13:52 - 2010-07-13 10:27 - 02424040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-03-18 13:52 - 2010-07-13 10:27 - 02018920 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-03-18 13:52 - 2010-07-13 10:27 - 01146984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-03-18 13:52 - 2010-07-13 10:27 - 00332392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2014-03-18 13:52 - 2010-07-13 10:27 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2014-03-18 13:52 - 2010-07-13 10:26 - 02624616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2014-03-18 13:52 - 2010-07-13 10:26 - 01210984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-03-18 13:52 - 2010-07-13 10:26 - 00476264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-03-18 13:52 - 2010-07-13 10:26 - 00233064 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-03-18 13:52 - 2010-07-13 10:26 - 00076904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInst64.dll
2014-03-18 13:52 - 2010-07-12 08:31 - 00196704 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-03-18 13:52 - 2010-07-01 06:44 - 00124128 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2014-03-18 13:52 - 2010-07-01 06:44 - 00124128 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2014-03-18 13:52 - 2010-07-01 06:44 - 00123104 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2014-03-18 13:52 - 2010-06-25 06:18 - 00220496 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\system32\SFNHK64.dll
2014-03-18 13:52 - 2010-06-25 06:18 - 00080720 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\system32\SFCOM64.dll
2014-03-18 13:52 - 2010-06-25 06:18 - 00078672 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\system32\SFAPO64.dll
2014-03-18 13:52 - 2010-06-25 06:18 - 00073552 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2014-03-18 13:52 - 2010-06-24 04:13 - 01251944 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2014-03-18 13:52 - 2010-06-10 06:44 - 00037468 _____ () C:\Windows\system32\Drivers\RtPCEE3.DAT
2014-03-18 13:52 - 2010-05-06 10:34 - 00335192 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2014-03-18 13:52 - 2010-05-06 10:34 - 00334680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2014-03-18 13:52 - 2010-05-06 09:43 - 02601816 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2014-03-18 13:52 - 2010-05-06 09:43 - 01736536 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2014-03-18 13:52 - 2010-04-27 06:50 - 00330656 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-03-18 13:52 - 2010-04-14 10:56 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2014-03-18 13:52 - 2010-03-22 06:21 - 00247560 _____ () C:\Windows\system32\Drivers\RTConvEQ.dat
2014-03-18 13:52 - 2010-03-22 06:21 - 00001448 _____ () C:\Windows\system32\Drivers\RtHdatEx.dat
2014-03-18 13:52 - 2010-03-15 09:59 - 00000024 _____ () C:\Windows\system32\Drivers\rtkhdaud.dat
2014-03-18 13:52 - 2010-02-11 08:45 - 00000176 _____ () C:\Windows\system32\Drivers\RTHDAEQ1.dat
2014-03-18 13:52 - 2010-01-26 14:52 - 00000520 _____ () C:\Windows\system32\Drivers\RTEQEX3.dat
2014-03-18 13:52 - 2010-01-05 06:41 - 01325328 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2014-03-18 13:52 - 2010-01-05 06:41 - 00489744 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2014-03-18 13:52 - 2010-01-05 06:41 - 00474896 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2014-03-18 13:52 - 2010-01-05 06:40 - 01178384 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2014-03-18 13:52 - 2010-01-05 06:40 - 01110800 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2014-03-18 13:52 - 2010-01-05 06:40 - 00504592 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2014-03-18 13:52 - 2010-01-05 06:40 - 00315152 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2014-03-18 13:52 - 2010-01-05 06:40 - 00268560 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2014-03-18 13:52 - 2010-01-05 06:40 - 00265488 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2014-03-18 13:52 - 2009-12-15 11:26 - 00372936 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2014-03-18 13:52 - 2009-12-15 11:26 - 00201928 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2014-03-18 13:52 - 2009-12-15 11:26 - 00099016 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2014-03-18 13:52 - 2009-12-15 11:26 - 00076488 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2014-03-18 13:52 - 2009-12-11 02:55 - 00307920 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2014-03-18 13:52 - 2009-12-11 02:55 - 00307920 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2014-03-18 13:52 - 2009-11-24 02:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2014-03-18 13:52 - 2009-11-24 02:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2014-03-18 13:52 - 2009-11-24 02:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2014-03-18 13:52 - 2009-11-24 02:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2014-03-18 13:52 - 2009-11-18 11:42 - 02197264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2014-03-18 13:52 - 2009-11-17 11:12 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2014-03-18 13:52 - 2008-08-21 06:43 - 00000520 _____ () C:\Windows\system32\Drivers\RTEQEX2.dat
2014-03-18 13:52 - 2005-06-26 22:29 - 00000520 _____ () C:\Windows\system32\Drivers\RTEQEX1.dat
2014-03-18 13:52 - 2005-06-26 22:29 - 00000520 _____ () C:\Windows\system32\Drivers\RTEQEX0.dat
2014-03-18 13:51 - 2014-03-18 13:52 - 00004844 _____ () C:\Windows\DPINST.LOG
2014-03-18 13:50 - 2014-03-18 13:50 - 00000184 _____ () C:\Windows\LMv4.UNI
2014-03-18 13:50 - 2014-03-18 13:50 - 00000000 ____D () C:\Program Files (x86)\Launch Manager
2014-03-18 13:49 - 2014-03-18 13:49 - 00000000 ____D () C:\book
2014-03-18 13:47 - 2014-03-18 13:47 - 00000003 _____ () C:\Windows\system32\PLD_Framework.cmd
2014-03-18 13:47 - 2014-03-18 13:47 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-03-18 13:46 - 2014-03-18 19:00 - 00447279 _____ () C:\Windows\WindowsUpdate.log
2014-03-18 13:46 - 2010-04-29 11:43 - 00002137 _____ () C:\Windows\SysWOW64\atipblup.dat
2014-03-18 13:46 - 2010-04-29 11:43 - 00002137 _____ () C:\Windows\system32\atipblup.dat
2014-03-18 13:45 - 2014-03-18 13:46 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-03-18 13:45 - 2014-03-18 13:45 - 00000000 ____D () C:\Program Files\ATI
==================== One Month Modified Files and Folders =======
2014-03-18 22:40 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2014-03-18 22:40 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2014-03-18 22:40 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
2014-03-18 22:40 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2014-03-18 22:40 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\system32\winrm
2014-03-18 22:40 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\system32\WCN
2014-03-18 22:40 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\system32\slmgr
2014-03-18 22:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-03-18 22:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-03-18 22:37 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-18 22:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-03-18 22:36 - 2014-03-18 22:37 - 00295922 _____ () C:\Windows\system32\perfi007.dat
2014-03-18 22:36 - 2014-03-18 22:37 - 00038104 _____ () C:\Windows\system32\perfd007.dat
2014-03-18 22:36 - 2014-03-18 22:36 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-03-18 22:36 - 2014-03-18 22:36 - 00000000 ____D () C:\Windows\SysWOW64\de
2014-03-18 22:36 - 2014-03-18 22:36 - 00000000 ____D () C:\Windows\SysWOW64\0407
2014-03-18 22:36 - 2014-03-18 22:36 - 00000000 ____D () C:\Windows\system32\de
2014-03-18 22:36 - 2014-03-18 22:36 - 00000000 ____D () C:\Windows\system32\0407
2014-03-18 22:36 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2014-03-18 22:36 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-03-18 22:36 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-03-18 22:36 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2014-03-18 22:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2014-03-18 22:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\com
2014-03-18 22:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\IME
2014-03-18 22:31 - 2014-03-18 22:31 - 00000000 ____D () C:\Windows\NAPP_Dism_Log
2014-03-18 22:21 - 2009-07-14 06:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-03-18 22:21 - 2009-07-14 06:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-03-18 19:09 - 2014-03-18 19:05 - 00012544 _____ () C:\Users\Nadine\Downloads\FRST.txt
2014-03-18 19:09 - 2014-03-18 19:05 - 00000000 ____D () C:\FRST
2014-03-18 19:07 - 2014-03-18 19:07 - 00024260 _____ () C:\Users\Nadine\Downloads\Addition.txt
2014-03-18 19:05 - 2014-03-18 19:05 - 02157056 _____ (Farbar) C:\Users\Nadine\Downloads\FRST64.exe
2014-03-18 19:04 - 2014-03-18 19:04 - 00000474 _____ () C:\Users\Nadine\Downloads\defogger_disable.log
2014-03-18 19:04 - 2014-03-18 19:04 - 00000000 _____ () C:\Users\Nadine\defogger_reenable
2014-03-18 19:04 - 2014-03-18 14:16 - 00000000 ____D () C:\Users\Nadine
2014-03-18 19:04 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-18 19:04 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-18 19:03 - 2014-03-18 19:03 - 00050477 _____ () C:\Users\Nadine\Downloads\Defogger.exe
2014-03-18 19:00 - 2014-03-18 13:46 - 00447279 _____ () C:\Windows\WindowsUpdate.log
2014-03-18 18:57 - 2014-03-18 14:22 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-18 18:57 - 2010-07-26 03:22 - 00267964 _____ () C:\Windows\PFRO.log
2014-03-18 18:57 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-18 18:57 - 2009-07-14 05:51 - 00032676 _____ () C:\Windows\setupact.log
2014-03-18 18:56 - 2014-03-18 18:56 - 00001975 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-18 18:55 - 2014-03-18 18:55 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-18 18:55 - 2014-03-18 14:35 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-18 18:55 - 2014-03-18 14:31 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-18 18:55 - 2014-03-18 14:31 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-03-18 18:55 - 2014-03-18 14:31 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-18 18:55 - 2014-03-18 14:31 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-18 18:55 - 2014-03-18 14:31 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-18 18:55 - 2014-03-18 14:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-18 18:53 - 2014-03-18 22:37 - 00643866 _____ () C:\Windows\system32\perfh007.dat
2014-03-18 18:53 - 2014-03-18 22:37 - 00126394 _____ () C:\Windows\system32\perfc007.dat
2014-03-18 18:53 - 2009-07-14 06:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-18 18:50 - 2014-03-18 18:50 - 00688992 ____R (Swearware) C:\Users\Nadine\Downloads\dds.exe
2014-03-18 18:45 - 2014-03-18 18:44 - 00000000 ____D () C:\AdwCleaner
2014-03-18 18:42 - 2014-03-18 18:42 - 01950720 _____ () C:\Users\Nadine\Downloads\adwcleaner.exe
2014-03-18 18:42 - 2014-03-18 15:13 - 00000000 ____D () C:\Users\Nadine\AppData\Local\Battle.net
2014-03-18 18:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-03-18 18:33 - 2014-03-18 14:23 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-18 18:25 - 2014-03-18 18:24 - 00613200 _____ (Chip Digital GmbH) C:\Users\Nadine\Downloads\TeamSpeak 3 32 Bit - CHIP-Downloader.exe
2014-03-18 18:25 - 2014-03-18 17:24 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-03-18 18:06 - 2014-03-18 14:18 - 00000000 ___RD () C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-18 18:06 - 2014-03-18 14:18 - 00000000 ___RD () C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-18 18:03 - 2009-07-14 05:45 - 00274464 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-18 18:00 - 2009-07-14 08:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-03-18 18:00 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-03-18 18:00 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-03-18 18:00 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-03-18 18:00 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-18 18:00 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-03-18 18:00 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-03-18 18:00 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2014-03-18 18:00 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-03-18 18:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\sppui
2014-03-18 18:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2014-03-18 18:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-03-18 18:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-03-18 18:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\manifeststore
2014-03-18 18:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-03-18 18:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\AdvancedInstallers
2014-03-18 18:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sppui
2014-03-18 18:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Setup
2014-03-18 18:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-03-18 18:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\migwiz
2014-03-18 18:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\manifeststore
2014-03-18 18:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-03-18 18:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2014-03-18 18:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\servicing
2014-03-18 18:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-03-18 17:59 - 2014-03-18 17:59 - 00000000 ____D () C:\Windows\system32\SPReview
2014-03-18 17:53 - 2009-07-14 03:36 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2014-03-18 17:53 - 2009-07-14 03:36 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2014-03-18 17:23 - 2014-03-18 17:23 - 00000000 ____D () C:\Windows\system32\EventProviders
2014-03-18 16:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-03-18 15:54 - 2014-03-18 14:38 - 947070088 _____ (Microsoft Corporation) C:\Users\Nadine\Downloads\windows6.1-KB976932-X64.exe
2014-03-18 15:45 - 2014-03-18 15:18 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-03-18 15:33 - 2014-03-18 15:33 - 00000000 ____D () C:\Users\Nadine\AppData\Local\Blizzard Entertainment
2014-03-18 15:32 - 2014-03-18 14:29 - 00000000 ____D () C:\Program Files (x86)\ResultsAlpha
2014-03-18 15:15 - 2014-03-18 14:18 - 00000000 ____D () C:\Users\Nadine\AppData\Local\VirtualStore
2014-03-18 15:14 - 2014-03-18 15:13 - 00000000 ____D () C:\Users\Nadine\AppData\Roaming\Battle.net
2014-03-18 15:13 - 2014-03-18 15:13 - 00001125 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-03-18 15:13 - 2014-03-18 15:13 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-03-18 15:13 - 2014-03-18 15:13 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-18 15:11 - 2014-03-18 15:10 - 00389488 _____ (Softonic ) C:\Users\Nadine\Downloads\SoftonicDownloader_fuer_mcafee-rootkit-detective.exe
2014-03-18 15:09 - 2014-03-18 15:09 - 00000000 ____D () C:\ProgramData\Battle.net
2014-03-18 15:04 - 2014-03-18 15:03 - 07056680 _____ (Blizzard Entertainment) C:\Users\Nadine\Downloads\Hearthstone-Setup-deDE.exe
2014-03-18 14:37 - 2014-03-18 14:37 - 00000000 ____D () C:\Users\Nadine\AppData\Roaming\Mozilla
2014-03-18 14:37 - 2014-03-18 14:37 - 00000000 ____D () C:\Users\Nadine\AppData\Local\Mozilla
2014-03-18 14:36 - 2014-03-18 14:36 - 00001152 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-18 14:36 - 2014-03-18 14:36 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-18 14:36 - 2014-03-18 14:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-18 14:36 - 2014-03-18 14:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-18 14:36 - 2010-07-26 03:13 - 00000000 ____D () C:\Program Files (x86)\eMachines
2014-03-18 14:35 - 2010-07-26 03:21 - 00000000 ____D () C:\ProgramData\Norton
2014-03-18 14:32 - 2014-03-18 14:32 - 00000000 ____D () C:\Users\Nadine\AppData\Roaming\AVAST Software
2014-03-18 14:31 - 2014-03-18 14:31 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-18 14:31 - 2014-03-18 14:31 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-18 14:31 - 2014-03-18 14:31 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-18 14:30 - 2014-03-18 14:30 - 00000000 ____D () C:\Users\Nadine\AppData\Roaming\Security System 2
2014-03-18 14:30 - 2014-03-18 14:30 - 00000000 ____D () C:\Users\Nadine\AppData\Roaming\BupSystem
2014-03-18 14:30 - 2014-03-18 14:30 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-18 14:29 - 2014-03-18 14:29 - 00125440 _____ () C:\Windows\system32\DlProtectSvc.exe
2014-03-18 14:29 - 2014-03-18 14:29 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-03-18 14:28 - 2014-03-18 14:23 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-18 14:28 - 2014-03-18 14:22 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-18 14:28 - 2014-03-18 14:19 - 00000000 ____D () C:\Users\Nadine\AppData\Local\Google
2014-03-18 14:22 - 2010-07-26 03:15 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-18 14:19 - 2014-03-18 14:19 - 00000000 ____D () C:\Users\Nadine\AppData\Roaming\Intel Corporation
2014-03-18 14:19 - 2014-03-18 14:19 - 00000000 ____D () C:\Users\Nadine\AppData\Roaming\Google
2014-03-18 14:19 - 2014-03-18 14:19 - 00000000 ____D () C:\Users\Nadine\AppData\Roaming\Adobe
2014-03-18 14:19 - 2010-07-26 03:24 - 00018374 _____ () C:\Windows\Patch.log
2014-03-18 14:18 - 2014-03-18 14:18 - 00001444 _____ () C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-18 14:18 - 2014-03-18 14:18 - 00001410 _____ () C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-03-18 14:18 - 2014-03-18 14:18 - 00000000 ____D () C:\Users\Nadine\AppData\Roaming\Macromedia
2014-03-18 14:18 - 2010-07-26 03:45 - 00000000 ___HD () C:\OEM
2014-03-18 14:18 - 2010-07-26 03:19 - 00000000 ____D () C:\ProgramData\oem
2014-03-18 14:17 - 2014-03-18 14:17 - 00057560 _____ () C:\Users\Nadine\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-18 14:17 - 2014-03-18 14:17 - 00000020 ___SH () C:\Users\Nadine\ntuser.ini
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 _SHDL () C:\Users\Nadine\Vorlagen
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 _SHDL () C:\Users\Nadine\Startmenü
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 _SHDL () C:\Users\Nadine\Netzwerkumgebung
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 _SHDL () C:\Users\Nadine\Lokale Einstellungen
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 _SHDL () C:\Users\Nadine\Eigene Dateien
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 _SHDL () C:\Users\Nadine\Druckumgebung
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 _SHDL () C:\Users\Nadine\Documents\Eigene Musik
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 _SHDL () C:\Users\Nadine\Documents\Eigene Bilder
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 _SHDL () C:\Users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 _SHDL () C:\Users\Nadine\AppData\Local\Verlauf
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 _SHDL () C:\Users\Nadine\AppData\Local\Anwendungsdaten
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 _SHDL () C:\Users\Nadine\Anwendungsdaten
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 ____D () C:\Users\Public\Symantec
2014-03-18 14:17 - 2014-03-18 14:17 - 00000000 ____D () C:\Program Files\eMachines Accessory Store
2014-03-18 14:17 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\restore
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Programme
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-03-18 14:16 - 2014-03-18 14:16 - 00000000 __SHD () C:\Recovery
2014-03-18 14:16 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-03-18 14:16 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-03-18 14:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-03-18 14:14 - 2009-07-14 05:46 - 00003043 _____ () C:\Windows\DtcInstall.log
2014-03-18 14:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-03-18 14:14 - 2007-07-12 02:49 - 00000000 ____D () C:\Windows\Panther
2014-03-18 14:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2014-03-18 14:01 - 2014-03-18 14:01 - 00031419 _____ () C:\Windows\DirectX.log
2014-03-18 14:01 - 2014-03-18 14:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-03-18 14:01 - 2014-03-18 14:00 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Windows\PCHEALTH
2014-03-18 14:00 - 2014-03-18 14:00 - 00000000 ____D () C:\Program Files (x86)\Windows Live SkyDrive
2014-03-18 14:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-18 13:58 - 2014-03-18 13:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-18 13:57 - 2010-07-26 03:14 - 00000000 ____D () C:\Program Files\eMachines
2014-03-18 13:57 - 2010-07-26 02:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-18 13:56 - 2014-03-18 13:56 - 00015610 _____ () C:\Windows\devices.txt
2014-03-18 13:54 - 2010-07-26 02:59 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-03-18 13:53 - 2014-03-18 13:53 - 00000000 ____D () C:\Program Files (x86)\Video Web Camera
2014-03-18 13:52 - 2014-03-18 13:52 - 00002282 _____ () C:\RHDSetup.log
2014-03-18 13:52 - 2014-03-18 13:52 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-03-18 13:52 - 2014-03-18 13:52 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-03-18 13:52 - 2014-03-18 13:52 - 00000000 ____D () C:\Program Files\Synaptics
2014-03-18 13:52 - 2014-03-18 13:52 - 00000000 ____D () C:\Program Files\Realtek
2014-03-18 13:52 - 2014-03-18 13:52 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-03-18 13:52 - 2014-03-18 13:51 - 00004844 _____ () C:\Windows\DPINST.LOG
2014-03-18 13:50 - 2014-03-18 13:50 - 00000184 _____ () C:\Windows\LMv4.UNI
2014-03-18 13:50 - 2014-03-18 13:50 - 00000000 ____D () C:\Program Files (x86)\Launch Manager
2014-03-18 13:49 - 2014-03-18 13:49 - 00000000 ____D () C:\book
2014-03-18 13:49 - 2009-10-05 22:35 - 00000000 ____D () C:\Windows\DeployWinRE2
2014-03-18 13:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-03-18 13:47 - 2014-03-18 13:47 - 00000003 _____ () C:\Windows\system32\PLD_Framework.cmd
2014-03-18 13:47 - 2014-03-18 13:47 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-03-18 13:46 - 2014-03-18 13:45 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-03-18 13:45 - 2014-03-18 13:45 - 00000000 ____D () C:\Program Files\ATI
2014-03-18 13:44 - 2010-07-26 02:53 - 00003540 _____ () C:\Windows\TSSysprep.log
Files to move or delete:
====================
C:\ProgramData\dlprotect.exe
Some content of TEMP:
====================
C:\Users\Nadine\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Nadine\AppData\Local\Temp\nsj4D97.exe
C:\Users\Nadine\AppData\Local\Temp\nso715E.exe
C:\Users\Nadine\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-18 16:13
==================== End Of Log ============================ Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Nadine at 2014-03-18 19:09:36
Running from C:\Users\Nadine\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.53.64 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}) (Version: 1.9.17.06019 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.9.17.06019 - Alcor Micro Corp.) Hidden
ATI Catalyst Install Manager (HKLM\...\{D8DACA27-C2D9-9E8E-A8A5-A10E0C670D01}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2013 - Avast Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.2.4.2 - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0527.1242.20909 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0527.1242.20909 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0527.1242.20909 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help English (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help French (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help German (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0527.1242.20909 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0527.1242.20909 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Download Protect (HKCU\...\{132401a7-2006-4342-b43c-ccf5f02c2b01}) (Version: - Download Protect)
eMachines Game Console (x32 Version: - WildTangent) Hidden
eMachines Games (HKLM-x32\...\WildTangent emachines Master Uninstall) (Version: 1.0.1.3 - WildTangent)
eMachines Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.03.3003 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0806.2010 - Acer Incorporated)
eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - eMachines)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Protegere (HKLM-x32\...\Protegere) (Version: - )
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6156 - Realtek Semiconductor Corp.)
ResultsAlpha (HKLM\...\ResultsAlpha) (Version: 2014.03.15.013120 - ResultsAlpha)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - Synaptics Incorporated)
Video Web Camera (HKLM-x32\...\{62D1C755-74C9-4BA0-841B-B7D795DEA9C7}) (Version: 1.0.4.2 - Liteon)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Restore Points =========================
18-03-2014 16:24:35 Windows 7 Service Pack 1
18-03-2014 17:54:26 avast! antivirus system restore point
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {00B43537-AC70-4CBC-A490-FDBF59D8FCA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-18] (Google Inc.)
Task: {05B42CA7-1C57-4EC6-BD40-0064A83D28B4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-18] (AVAST Software)
Task: {1848077B-C9BA-4043-AF8F-FA20FFD1FC4E} - \addplushd-enabler No Task File
Task: {5BB48929-C93D-4970-8967-0093F7FE33DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-18] (Google Inc.)
Task: {8E043607-CC62-42E0-B647-22CD318CACA8} - \addplushd-firefoxinstaller No Task File
Task: {C4E00EEA-05AA-4AB0-B6C2-90AFF2B7F1CD} - \addplushd-codedownloader No Task File
Task: {C9E1ECFD-0725-4FC9-A047-53F7B5823525} - \addplushd-chromeinstaller No Task File
Task: {DE609904-FBF1-406B-8970-FEF7051E7691} - \addplushd-updater No Task File
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-03-18 14:30 - 2014-03-18 14:30 - 01005056 _____ () C:\Users\Nadine\AppData\Roaming\BupSystem\bup.exe
2014-03-18 14:29 - 2014-03-18 14:29 - 00125440 _____ () C:\Windows\System32\DlProtectSvc.exe
2014-03-18 14:29 - 2014-03-18 14:29 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-03-18 14:35 - 2014-03-18 12:03 - 02188800 _____ () C:\Program Files\AVAST Software\Avast\defs\14031801\algo.dll
2010-07-26 03:47 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-03-18 14:30 - 2014-03-18 14:30 - 00374272 _____ () C:\Users\Nadine\AppData\Roaming\BupSystem\sub\default.dll
2014-03-18 14:31 - 2014-03-18 14:31 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-18 14:36 - 2014-02-13 01:36 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2010-07-26 02:59 - 2010-03-04 04:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/18/2014 06:02:01 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: utilResultsAlpha.exe, Version: 1.0.5186.20146, Zeitstempel: 0x5322f205
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x701d6cc4
ID des fehlerhaften Prozesses: 0xa90
Startzeit der fehlerhaften Anwendung: 0xutilResultsAlpha.exe0
Pfad der fehlerhaften Anwendung: utilResultsAlpha.exe1
Pfad des fehlerhaften Moduls: utilResultsAlpha.exe2
Berichtskennung: utilResultsAlpha.exe3
Error: (03/18/2014 06:02:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: UNS.exe, Version: 6.0.0.1202, Zeitstempel: 0x4b203de1
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x701d6cc4
ID des fehlerhaften Prozesses: 0xad4
Startzeit der fehlerhaften Anwendung: 0xUNS.exe0
Pfad der fehlerhaften Anwendung: UNS.exe1
Pfad des fehlerhaften Moduls: UNS.exe2
Berichtskennung: UNS.exe3
Error: (03/18/2014 06:01:58 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IAStorDataMgrSvc.exe, Version: 9.6.0.1014, Zeitstempel: 0x4b8f244b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x701d6cc4
ID des fehlerhaften Prozesses: 0xfd4
Startzeit der fehlerhaften Anwendung: 0xIAStorDataMgrSvc.exe0
Pfad der fehlerhaften Anwendung: IAStorDataMgrSvc.exe1
Pfad des fehlerhaften Moduls: IAStorDataMgrSvc.exe2
Berichtskennung: IAStorDataMgrSvc.exe3
Error: (03/18/2014 06:01:58 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CltMngSvc.exe, Version: 2.11.11.7, Zeitstempel: 0x5314838b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x701d6cc4
ID des fehlerhaften Prozesses: 0x958
Startzeit der fehlerhaften Anwendung: 0xCltMngSvc.exe0
Pfad der fehlerhaften Anwendung: CltMngSvc.exe1
Pfad des fehlerhaften Moduls: CltMngSvc.exe2
Berichtskennung: CltMngSvc.exe3
Error: (03/18/2014 06:01:57 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: UpdaterService.exe, Version: 1.0.0.8, Zeitstempel: 0x4b614046
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x701d6cc4
ID des fehlerhaften Prozesses: 0x8cc
Startzeit der fehlerhaften Anwendung: 0xUpdaterService.exe0
Pfad der fehlerhaften Anwendung: UpdaterService.exe1
Pfad des fehlerhaften Moduls: UpdaterService.exe2
Berichtskennung: UpdaterService.exe3
Error: (03/18/2014 06:01:55 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: updateResultsAlpha.exe, Version: 1.0.5186.20146, Zeitstempel: 0x5322f205
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x701d6cc4
ID des fehlerhaften Prozesses: 0x860
Startzeit der fehlerhaften Anwendung: 0xupdateResultsAlpha.exe0
Pfad der fehlerhaften Anwendung: updateResultsAlpha.exe1
Pfad des fehlerhaften Moduls: updateResultsAlpha.exe2
Berichtskennung: updateResultsAlpha.exe3
Error: (03/18/2014 06:01:55 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: LMS.exe, Version: 6.0.30.1202, Zeitstempel: 0x4b203d8b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x701d6cc4
ID des fehlerhaften Prozesses: 0x798
Startzeit der fehlerhaften Anwendung: 0xLMS.exe0
Pfad der fehlerhaften Anwendung: LMS.exe1
Pfad des fehlerhaften Moduls: LMS.exe2
Berichtskennung: LMS.exe3
Error: (03/18/2014 06:01:55 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: GREGsvc.exe, Version: 1.0.0.1, Zeitstempel: 0x4afbd2e4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x701d6cc4
ID des fehlerhaften Prozesses: 0x570
Startzeit der fehlerhaften Anwendung: 0xGREGsvc.exe0
Pfad der fehlerhaften Anwendung: GREGsvc.exe1
Pfad des fehlerhaften Moduls: GREGsvc.exe2
Berichtskennung: GREGsvc.exe3
Error: (03/18/2014 06:01:53 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: dsiwmis.exe, Version: 2.8.0.708, Zeitstempel: 0x4c205915
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x701d6cc4
ID des fehlerhaften Prozesses: 0x744
Startzeit der fehlerhaften Anwendung: 0xdsiwmis.exe0
Pfad der fehlerhaften Anwendung: dsiwmis.exe1
Pfad des fehlerhaften Moduls: dsiwmis.exe2
Berichtskennung: dsiwmis.exe3
Error: (03/18/2014 06:01:53 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: bup.exe, Version: 1.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x701d6cc4
ID des fehlerhaften Prozesses: 0x6a4
Startzeit der fehlerhaften Anwendung: 0xbup.exe0
Pfad der fehlerhaften Anwendung: bup.exe1
Pfad des fehlerhaften Moduls: bup.exe2
Berichtskennung: bup.exe3
System errors:
=============
Error: (03/18/2014 06:02:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Util ResultsAlpha" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/18/2014 06:02:10 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Util ResultsAlpha erreicht.
Error: (03/18/2014 06:02:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Intel(R) Management and Security Application Local Management Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%109
Error: (03/18/2014 06:02:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Update ResultsAlpha" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/18/2014 06:02:09 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Update ResultsAlpha erreicht.
Error: (03/18/2014 06:02:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Util ResultsAlpha" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/18/2014 06:02:01 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Intel(R) Management & Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/18/2014 06:02:00 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/18/2014 06:01:58 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Search Protect by Conduit Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/18/2014 06:01:58 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Updater Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (03/18/2014 06:02:01 PM) (Source: Application Error)(User: )
Description: utilResultsAlpha.exe1.0.5186.201465322f205unknown0.0.0.000000000c0000005701d6cc4a9001cf42b6f178ca3eC:\Program Files (x86)\ResultsAlpha\bin\utilResultsAlpha.exeunknown053e5e37-aebf-11e3-8890-60eb69684271
Error: (03/18/2014 06:02:00 PM) (Source: Application Error)(User: )
Description: UNS.exe6.0.0.12024b203de1unknown0.0.0.000000000c0000005701d6cc4ad401cf42b08af8f4f1C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exeunknown04f6f4ef-aebf-11e3-8890-60eb69684271
Error: (03/18/2014 06:01:58 PM) (Source: Application Error)(User: )
Description: IAStorDataMgrSvc.exe9.6.0.10144b8f244bunknown0.0.0.000000000c0000005701d6cc4fd401cf42b08999fc0eC:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exeunknown03d94fce-aebf-11e3-8890-60eb69684271
Error: (03/18/2014 06:01:58 PM) (Source: Application Error)(User: )
Description: CltMngSvc.exe2.11.11.75314838bunknown0.0.0.000000000c0000005701d6cc495801cf42b03e33d710C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exeunknown0396a946-aebf-11e3-8890-60eb69684271
Error: (03/18/2014 06:01:57 PM) (Source: Application Error)(User: )
Description: UpdaterService.exe1.0.0.84b614046unknown0.0.0.000000000c0000005701d6cc48cc01cf42b03ce8f7caC:\Program Files\eMachines\eMachines Updater\UpdaterService.exeunknown0356641f-aebf-11e3-8890-60eb69684271
Error: (03/18/2014 06:01:55 PM) (Source: Application Error)(User: )
Description: updateResultsAlpha.exe1.0.5186.201465322f205unknown0.0.0.000000000c0000005701d6cc486001cf42b039274bdbC:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.exeunknown022a76bd-aebf-11e3-8890-60eb69684271
Error: (03/18/2014 06:01:55 PM) (Source: Application Error)(User: )
Description: LMS.exe6.0.30.12024b203d8bunknown0.0.0.000000000c0000005701d6cc479801cf42b0382d5b5eC:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exeunknown01f61877-aebf-11e3-8890-60eb69684271
Error: (03/18/2014 06:01:55 PM) (Source: Application Error)(User: )
Description: GREGsvc.exe1.0.0.14afbd2e4unknown0.0.0.000000000c0000005701d6cc457001cf42b0378ddf2cC:\Program Files (x86)\eMachines\Registration\GREGsvc.exeunknown01b5d34f-aebf-11e3-8890-60eb69684271
Error: (03/18/2014 06:01:53 PM) (Source: Application Error)(User: )
Description: dsiwmis.exe2.8.0.7084c205915unknown0.0.0.000000000c0000005701d6cc474401cf42b0334e0a4fC:\Program Files (x86)\Launch Manager\dsiwmis.exeunknown00c306f3-aebf-11e3-8890-60eb69684271
Error: (03/18/2014 06:01:53 PM) (Source: Application Error)(User: )
Description: bup.exe1.0.0.02a425e19unknown0.0.0.000000000c0000005701d6cc46a401cf42b031e8fbe6C:\Users\Nadine\AppData\Roaming\BupSystem\bup.exeunknown00c0a593-aebf-11e3-8890-60eb69684271
==================== Memory info ===========================
Percentage of memory in use: 35%
Total physical RAM: 3958.81 MB
Available physical RAM: 2535.22 MB
Total Pagefile: 7915.82 MB
Available Pagefile: 6312.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (eMachines) (Fixed) (Total:452.66 GB) (Free:401.3 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: F03F3415)
Partition: GPT Partition Type.
==================== End Of Log ============================ Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-18 19:25:26
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Nadine\AppData\Local\Temp\pgriqpog.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[592] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Windows\system32\services.exe[652] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[696] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[836] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Windows\system32\atiesrxx.exe[992] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[312] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[416] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[460] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[912] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1080] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1160] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Windows\system32\Dwm.exe[1468] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Windows\Explorer.EXE[1500] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[1644] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1656] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1664] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe[1672] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1880] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007657a322 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1920] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007657a322 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1332] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1484] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[1560] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Users\Nadine\AppData\Roaming\BupSystem\bup.exe[1388] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007657a322 1 byte [62]
.text C:\Windows\System32\DlProtectSvc.exe[1380] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\dsiwmis.exe[2080] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007657a322 1 byte [62]
.text C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe[2112] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe[2164] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007657a322 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[2288] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[2304] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007657a322 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2312] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007657a322 1 byte [62]
.text C:\ProgramData\dlprotect.exe[2488] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007657a322 1 byte [62]
.text C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe[2504] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007657a322 1 byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[2676] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2844] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe[2024] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3992] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2132] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007657a322 1 byte [62]
.text C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe[1708] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2668] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007657a322 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2208] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007657a322 1 byte [62]
.text C:\Windows\System32\svchost.exe[4136] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000776deecd 1 byte [62]
.text C:\Users\Nadine\Downloads\Gmer-19357.exe[4732] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007657a322 1 byte [62]
---- Processes - GMER 2.1 ----
Process C:\Users\Nadine\AppData\Roaming\BupSystem\bup.exe (*** suspicious ***) @ C:\Users\Nadine\AppData\Roaming\BupSystem\bup.exe [1388](2 0000000000400000
Library C:\Users\Nadine\AppData\Roaming\BupSystem\sub\default.dll (*** suspicious ***) @ C:\Users\Nadine\AppData\Roaming\BupSystem\bup.exe [1388](2014-03-18 13:30:17) 0000000002890000
Process C:\ProgramData\dlprotect.exe (*** suspicious ***) @ C:\ProgramData\dlprotect.exe [2488](2014-03-18 13:29:05) 0000000000400000
---- EOF - GMER 2.1 ---- Das war dann der letzte Log. :kaffee: |